Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

item cannot be accessed...may not have appropriate permissions


  • This topic is locked This topic is locked
4 replies to this topic

#1 JustGetBent

JustGetBent

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 04 October 2016 - 05:48 PM

Hello, I am having great difficulty with my roommate's computer.  I'll list some of the various problems that have appeared over the last few days: 
 
1)  Various programs will no longer open, such as Internet Explorer, Google Chrome, Ccleaner, and various others.  I get the error message:  "The item referred to by this shortcut cannot be accessed.  You may not have the appropriate permissions."  I have tried opening up the file containing the program to bypass the shortcut, but I cannot open the files.  I then get the error message:  "C:\Program Files\Internet Explorer is not accessible.  Access is denied".   I get all the same error messages while in safe mode as well.
 
2)  I have tried to do a System Restore to a point before the trouble began, but every point I tried ends up failing.  I even tried all the restore points in Safe Mode with no luck.
 
3)  I went through the steps to allow the administrator profile to be shown on the user screen, and proceeded to use that profile.  I ended up having all the same problems I did with my roommate's personal profile.
 
4)  I've used a flash drive to take "fixer" programs from my computer to my roommate's to see if I could solve the problem.  I was able to use any that didn't require installation, such as HitmanPro, TDSSKiller, and Trend Micro’s HouseCall, but none of them found any viruses or malware.  The programs requiring installation, like Malwarebytes, always gave me an error message when attempting installation.
 
I will not post the FRST logs.  Thank you for your attention!
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-10-2016
Ran by bestway (administrator) on BESTWAY-PC (04-10-2016 17:21:36)
Running from F:\
Loaded Profiles: bestway (Available Profiles: bestway)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Windows\System32\idle-Threads.exe
() C:\Windows\System32\semaphore-Threads.exe
() C:\Windows\PLFSetI.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-12-05] ()
HKLM\...\Run: [MSC] => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
HKLM-x32\...\Run: [Microsoft Default Manager] => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe
HKLM-x32\...\Run: [InboxAce AppIntegrator 64-bit] => C:\PROGRA~2\INBOXA~2\bar\1.bin\AppIntegrator64.exe
HKLM-x32\...\Run: [InboxAce AppIntegrator 32-bit] => C:\PROGRA~2\INBOXA~2\bar\1.bin\AppIntegrator.exe
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
HKLM\...\Winlogon: [LegalNoticeCaption] Notice:
HKLM\...\Winlogon: [LegalNoticeText] This Computer is subject to a Property Agreement. F3 Active

You understand that you are allowed to use this computer under the terms of the Property Agreement that you signed as long as you are within good standing.

This computer is the property of:Bestway Rent to Own - 001 Shelbyville
401 N. Cannon Blvd
Shelbyville, TN 37162
(931) 684-5212
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1226209367-3714121686-1386727356-1000\...\Run: [CCleaner Monitoring] => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
HKU\S-1-5-21-1226209367-3714121686-1386727356-1000\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-1226209367-3714121686-1386727356-1000\...\MountPoints2: {5699749d-bcec-11e0-a517-1c7508454bda} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1226209367-3714121686-1386727356-1000\...\MountPoints2: {71900377-ca01-11e3-8226-1c7508454bda} - E:\TL_Bootstrap.exe
HKU\S-1-5-21-1226209367-3714121686-1386727356-1000\...\MountPoints2: {949ba988-0ab1-11e2-923a-1c7508454bda} - E:\TL_Bootstrap.exe
HKU\S-1-5-21-1226209367-3714121686-1386727356-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{6B7EF4B7-CA56-4B16-B708-606B8E2CFDA5}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{D747AF61-235A-408F-B6DB-FA996DA02779}: [DhcpNameServer] 24.159.64.23 24.217.201.67 66.189.0.100

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1226209367-3714121686-1386727356-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-1226209367-3714121686-1386727356-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1226209367-3714121686-1386727356-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com?fr=hp-avast&type=avastbcl
URLSearchHook: HKU\S-1-5-21-1226209367-3714121686-1386727356-1000 - (No Name) - {08f9937e-0a4f-48cf-94e7-827223daec1d} - No File
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm002^S03897^us&si=CKrp-PyAnLQCFQ3nnAodfnwANg&ptb=B83F7D1E-249A-49CD-ABB7-A8308BC8DA2F&psa=&ind=2013032406&st=sb&n=77fc6fd6&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1226209367-3714121686-1386727356-1000 -> {9CE906A1-EB11-4AF0-A236-51F78226B524} URL = hxxp://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120939,17118,0,18,0
SearchScopes: HKU\S-1-5-21-1226209367-3714121686-1386727356-1000 -> {C2893E3F-1B48-4FFB-8FF8-1A19A5F61FE2} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll => No File
BHO-x32: No Name -> {433ae6bf-a1fd-4a51-858e-6c26c7cd64db} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll => No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
BHO-x32: No Name -> {9c8de6c1-88f6-4515-9e81-6a280bb35349} -> No File
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll => No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - No Name - {8f61e414-ea79-4559-8bb6-61d956f70306} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1226209367-3714121686-1386727356-1000 -> No Name - {8F61E414-EA79-4559-8BB6-61D956F70306} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox => not found
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [No File]
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-1226209367-3714121686-1386727356-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [No File]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\bestway\AppData\Local\Google\Chrome\User Data\Default [2016-08-16]
CHR Extension: (Google Slides) - C:\Users\bestway\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-25]
CHR Extension: (Google Docs) - C:\Users\bestway\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-12]
CHR Extension: (Google Drive) - C:\Users\bestway\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-25]
CHR Extension: (YouTube) - C:\Users\bestway\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-12]
CHR Extension: (Google Search) - C:\Users\bestway\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-12]
CHR Extension: (Google Docs Offline) - C:\Users\bestway\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-25]
CHR Extension: (Avast Online Security) - C:\Users\bestway\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-08-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\bestway\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-25]
CHR Extension: (Gmail) - C:\Users\bestway\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-25]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U2 .Net Crypt; C:\Windows\System32\mutex-Threads.exe [5367272 2016-10-02] () [File not signed]
U2 .Net Main; C:\Windows\System32\idle-Threads.exe [8112104 2016-10-02] () [File not signed]
U2 .Net Security; C:\Windows\System32\latch-Threads.exe [6100968 2016-10-02] () [File not signed]
U2 .Net Semaphore; C:\Windows\System32\semaphore-Threads.exe [1801704 2016-08-14] () [File not signed]
S2 DsiWMIService; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [X]
S2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [X]
S3 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [X]
S2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" [X]
S2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [X]
S3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [X]
S2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [X]
S2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [X]
S4 wlcrasvc; "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" [X]
S2 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [X]
S2 WMPNetworkSvc; "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Beep; no ImagePath
S3 exfat; no ImagePath
R3 fastfat; no ImagePath
U0 Fs_Rec; no ImagePath
R1 Msfs; no ImagePath
S3 MsRPC; no ImagePath
R3 NDProxy; no ImagePath
R1 Npfs; no ImagePath
R3 Ntfs; no ImagePath
R1 Null; no ImagePath
S3 RDPWD; no ImagePath
S4 secdrv; no ImagePath
R0 spldr; no ImagePath
S3 1394ohci; \SystemRoot\system32\drivers\1394ohci.sys [X]
R0 ACPI; system32\drivers\ACPI.sys [X]
S3 AcpiPmi; \SystemRoot\system32\drivers\acpipmi.sys [X]
S3 adp94xx; \SystemRoot\system32\DRIVERS\adp94xx.sys [X]
S3 adpahci; \SystemRoot\system32\DRIVERS\adpahci.sys [X]
S3 adpu320; \SystemRoot\system32\DRIVERS\adpu320.sys [X]
R1 AFD; \SystemRoot\system32\drivers\afd.sys [X]
S3 agp440; \SystemRoot\system32\drivers\agp440.sys [X]
S3 aliide; \SystemRoot\system32\drivers\aliide.sys [X]
S3 amdide; \SystemRoot\system32\drivers\amdide.sys [X]
S3 AmdK8; \SystemRoot\system32\DRIVERS\amdk8.sys [X]
S3 AmdPPM; \SystemRoot\system32\DRIVERS\amdppm.sys [X]
S3 amdsata; \SystemRoot\system32\drivers\amdsata.sys [X]
S3 amdsbs; \SystemRoot\system32\DRIVERS\amdsbs.sys [X]
R0 amdxata; system32\drivers\amdxata.sys [X]
S3 AppID; \SystemRoot\system32\drivers\appid.sys [X]
S3 arc; \SystemRoot\system32\DRIVERS\arc.sys [X]
S3 arcsas; \SystemRoot\system32\DRIVERS\arcsas.sys [X]
U0 aswVmm; no ImagePath
S3 AsyncMac; system32\DRIVERS\asyncmac.sys [X]
R0 atapi; system32\drivers\atapi.sys [X]
R3 athr; system32\DRIVERS\athrx.sys [X]
S3 b06bdrv; \SystemRoot\system32\DRIVERS\bxvbda.sys [X]
S3 b57nd60a; system32\DRIVERS\b57nd60a.sys [X]
R1 blbdrive; \SystemRoot\system32\DRIVERS\blbdrive.sys [X]
R3 bowser; system32\DRIVERS\bowser.sys [X]
S3 BrFiltLo; \SystemRoot\system32\DRIVERS\BrFiltLo.sys [X]
S3 BrFiltUp; \SystemRoot\system32\DRIVERS\BrFiltUp.sys [X]
S3 Brserid; \SystemRoot\System32\Drivers\Brserid.sys [X]
S3 BrSerWdm; \SystemRoot\System32\Drivers\BrSerWdm.sys [X]
S3 BrUsbMdm; \SystemRoot\System32\Drivers\BrUsbMdm.sys [X]
S3 BrUsbSer; \SystemRoot\System32\Drivers\BrUsbSer.sys [X]
S3 BTHMODEM; \SystemRoot\system32\DRIVERS\bthmodem.sys [X]
R4 cdfs; system32\DRIVERS\cdfs.sys [X]
R1 cdrom; system32\DRIVERS\cdrom.sys [X]
S3 circlass; \SystemRoot\system32\DRIVERS\circlass.sys [X]
R3 CmBatt; \SystemRoot\system32\DRIVERS\CmBatt.sys [X]
S3 cmdide; \SystemRoot\system32\drivers\cmdide.sys [X]
R0 CNG; System32\Drivers\cng.sys [X]
R0 Compbatt; system32\DRIVERS\compbatt.sys [X]
R3 CompositeBus; \SystemRoot\system32\drivers\CompositeBus.sys [X]
S4 crcdisk; \SystemRoot\system32\DRIVERS\crcdisk.sys [X]
S1 csxdnezi; \??\C:\Windows\system32\drivers\csxdnezi.sys [X]
R1 DfsC; System32\Drivers\dfsc.sys [X]
R1 discache; System32\drivers\discache.sys [X]
R0 Disk; system32\drivers\disk.sys [X]
S3 drmkaud; \SystemRoot\system32\drivers\drmkaud.sys [X]
R3 DXGKrnl; \SystemRoot\System32\drivers\dxgkrnl.sys [X]
S3 ebdrv; \SystemRoot\system32\DRIVERS\evbda.sys [X]
S3 elxstor; \SystemRoot\system32\DRIVERS\elxstor.sys [X]
S3 ErrDev; \SystemRoot\system32\drivers\errdev.sys [X]
S3 fdc; \SystemRoot\system32\DRIVERS\fdc.sys [X]
R0 FileInfo; system32\drivers\fileinfo.sys [X]
S3 Filetrace; system32\drivers\filetrace.sys [X]
S3 flpydisk; \SystemRoot\system32\DRIVERS\flpydisk.sys [X]
R0 FltMgr; system32\drivers\fltmgr.sys [X]
S3 FsDepends; System32\drivers\FsDepends.sys [X]
R0 fvevol; System32\DRIVERS\fvevol.sys [X]
S3 gagp30kx; \SystemRoot\system32\DRIVERS\gagp30kx.sys [X]
S3 hcw85cir; \SystemRoot\system32\drivers\hcw85cir.sys [X]
S3 HdAudAddService; \SystemRoot\system32\drivers\HdAudio.sys [X]
R3 HDAudBus; \SystemRoot\system32\drivers\HDAudBus.sys [X]
S3 HidBatt; \SystemRoot\system32\DRIVERS\HidBatt.sys [X]
S3 HidBth; \SystemRoot\system32\DRIVERS\hidbth.sys [X]
S3 HidIr; \SystemRoot\system32\DRIVERS\hidir.sys [X]
S3 HidUsb; system32\DRIVERS\hidusb.sys [X]
S3 HpSAMD; \SystemRoot\system32\drivers\HpSAMD.sys [X]
R3 HTTP; system32\drivers\HTTP.sys [X]
R0 hwpolicy; System32\drivers\hwpolicy.sys [X]
R3 i8042prt; \SystemRoot\system32\drivers\i8042prt.sys [X]
R0 iaStor; system32\DRIVERS\iaStor.sys [X]
S3 iaStorV; \SystemRoot\system32\drivers\iaStorV.sys [X]
R3 igfx; system32\DRIVERS\igdkmd64.sys [X]
S3 iirsp; \SystemRoot\system32\DRIVERS\iirsp.sys [X]
R3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
R3 IntcHdmiAddService; system32\drivers\IntcHdmi.sys [X]
S3 intelide; \SystemRoot\system32\drivers\intelide.sys [X]
R3 intelppm; system32\DRIVERS\intelppm.sys [X]
S3 IpFilterDriver; system32\DRIVERS\ipfltdrv.sys [X]
S3 IPMIDRV; \SystemRoot\system32\drivers\IPMIDrv.sys [X]
S3 IPNAT; System32\drivers\ipnat.sys [X]
S3 IRENUM; system32\drivers\irenum.sys [X]
S3 isapnp; \SystemRoot\system32\drivers\isapnp.sys [X]
S3 iScsiPrt; \SystemRoot\system32\drivers\msiscsi.sys [X]
R3 k57nd60a; system32\DRIVERS\k57nd60a.sys [X]
R3 kbdclass; \SystemRoot\system32\drivers\kbdclass.sys [X]
S3 kbdhid; \SystemRoot\system32\drivers\kbdhid.sys [X]
R0 KSecDD; System32\Drivers\ksecdd.sys [X]
R0 KSecPkg; System32\Drivers\ksecpkg.sys [X]
R3 ksthunk; \SystemRoot\system32\drivers\ksthunk.sys [X]
R2 lltdio; system32\DRIVERS\lltdio.sys [X]
S3 LSI_FC; \SystemRoot\system32\DRIVERS\lsi_fc.sys [X]
S3 LSI_SAS; \SystemRoot\system32\DRIVERS\lsi_sas.sys [X]
S3 LSI_SAS2; \SystemRoot\system32\DRIVERS\lsi_sas2.sys [X]
S3 LSI_SCSI; \SystemRoot\system32\DRIVERS\lsi_scsi.sys [X]
R2 luafv; \SystemRoot\system32\drivers\luafv.sys [X]
S3 megasas; \SystemRoot\system32\DRIVERS\megasas.sys [X]
S3 MegaSR; \SystemRoot\system32\DRIVERS\MegaSR.sys [X]
S3 Modem; system32\drivers\modem.sys [X]
R3 monitor; system32\DRIVERS\monitor.sys [X]
R3 mouclass; \SystemRoot\system32\drivers\mouclass.sys [X]
S3 mouhid; \SystemRoot\system32\DRIVERS\mouhid.sys [X]
R0 mountmgr; System32\drivers\mountmgr.sys [X]
R0 MpFilter; system32\DRIVERS\MpFilter.sys [X]
S3 mpio; \SystemRoot\system32\drivers\mpio.sys [X]
S3 mpsdrv; System32\drivers\mpsdrv.sys [X]
S3 MRxDAV; \SystemRoot\system32\drivers\mrxdav.sys [X]
R3 mrxsmb; system32\DRIVERS\mrxsmb.sys [X]
R3 mrxsmb10; system32\DRIVERS\mrxsmb10.sys [X]
R3 mrxsmb20; system32\DRIVERS\mrxsmb20.sys [X]
S3 msahci; \SystemRoot\system32\drivers\msahci.sys [X]
S3 msdsm; \SystemRoot\system32\drivers\msdsm.sys [X]
S3 mshidkmdf; \SystemRoot\System32\drivers\mshidkmdf.sys [X]
R0 msisadrv; system32\drivers\msisadrv.sys [X]
S3 MSKSSRV; system32\drivers\MSKSSRV.sys [X]
S3 MSPCLOCK; system32\drivers\MSPCLOCK.sys [X]
S3 MSPQM; system32\drivers\MSPQM.sys [X]
R1 mssmbios; \SystemRoot\system32\drivers\mssmbios.sys [X]
S3 MSTEE; system32\drivers\MSTEE.sys [X]
S3 MTConfig; \SystemRoot\system32\DRIVERS\MTConfig.sys [X]
R0 Mup; System32\Drivers\mup.sys [X]
R3 NativeWifiP; system32\DRIVERS\nwifi.sys [X]
R0 NDIS; system32\drivers\ndis.sys [X]
S3 NdisCap; system32\DRIVERS\ndiscap.sys [X]
R3 NdisTapi; system32\DRIVERS\ndistapi.sys [X]
R3 Ndisuio; system32\DRIVERS\ndisuio.sys [X]
R3 NdisWan; system32\DRIVERS\ndiswan.sys [X]
R1 NetBIOS; system32\DRIVERS\netbios.sys [X]
R1 NetBT; System32\DRIVERS\netbt.sys [X]
S3 nfrd960; \SystemRoot\system32\DRIVERS\nfrd960.sys [X]
S3 NisDrv; system32\DRIVERS\NisDrvWFP.sys [X]
R1 nsiproxy; system32\drivers\nsiproxy.sys [X]
R3 NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [X]
S3 nvraid; \SystemRoot\system32\drivers\nvraid.sys [X]
S3 nvstor; \SystemRoot\system32\drivers\nvstor.sys [X]
S3 nv_agp; \SystemRoot\system32\drivers\nv_agp.sys [X]
S3 ohci1394; \SystemRoot\system32\drivers\ohci1394.sys [X]
S3 Parport; \SystemRoot\system32\DRIVERS\parport.sys [X]
R0 partmgr; System32\drivers\partmgr.sys [X]
R0 pci; system32\drivers\pci.sys [X]
S3 pciide; \SystemRoot\system32\drivers\pciide.sys [X]
S3 pcmcia; \SystemRoot\system32\DRIVERS\pcmcia.sys [X]
R0 pcw; System32\drivers\pcw.sys [X]
R2 PEAUTH; system32\drivers\peauth.sys [X]
R3 PptpMiniport; system32\DRIVERS\raspptp.sys [X]
S3 Processor; \SystemRoot\system32\DRIVERS\processr.sys [X]
R1 Psched; system32\DRIVERS\pacer.sys [X]
S3 ql2300; \SystemRoot\system32\DRIVERS\ql2300.sys [X]
S3 ql40xx; \SystemRoot\system32\DRIVERS\ql40xx.sys [X]
S3 QWAVEdrv; \SystemRoot\system32\drivers\qwavedrv.sys [X]
S3 RasAcd; System32\DRIVERS\rasacd.sys [X]
R3 RasAgileVpn; system32\DRIVERS\AgileVpn.sys [X]
R3 Rasl2tp; system32\DRIVERS\rasl2tp.sys [X]
R3 RasPppoe; system32\DRIVERS\raspppoe.sys [X]
R3 RasSstp; system32\DRIVERS\rassstp.sys [X]
R1 rdbss; system32\DRIVERS\rdbss.sys [X]
S3 rdpbus; \SystemRoot\system32\DRIVERS\rdpbus.sys [X]
R1 RDPCDD; System32\DRIVERS\RDPCDD.sys [X]
R1 RDPENCDD; system32\drivers\rdpencdd.sys [X]
R1 RDPREFMP; system32\drivers\rdprefmp.sys [X]
R0 rdyboost; System32\drivers\rdyboost.sys [X]
R2 rspndr; system32\DRIVERS\rspndr.sys [X]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 sbp2port; \SystemRoot\system32\drivers\sbp2port.sys [X]
S3 scfilter; System32\DRIVERS\scfilter.sys [X]
R0 scssifilter; system32\Drivers\scssifilter64.sys [X]
S3 Serenum; \SystemRoot\system32\DRIVERS\serenum.sys [X]
S3 Serial; \SystemRoot\system32\DRIVERS\serial.sys [X]
S3 sermouse; \SystemRoot\system32\DRIVERS\sermouse.sys [X]
S3 sffdisk; \SystemRoot\system32\drivers\sffdisk.sys [X]
S3 sffp_mmc; \SystemRoot\system32\drivers\sffp_mmc.sys [X]
S3 sffp_sd; \SystemRoot\system32\drivers\sffp_sd.sys [X]
S3 sfloppy; \SystemRoot\system32\DRIVERS\sfloppy.sys [X]
S3 SiSRaid2; \SystemRoot\system32\DRIVERS\SiSRaid2.sys [X]
S3 SiSRaid4; \SystemRoot\system32\DRIVERS\sisraid4.sys [X]
S3 Smb; system32\DRIVERS\smb.sys [X]
R3 srv; System32\DRIVERS\srv.sys [X]
R3 srv2; System32\DRIVERS\srv2.sys [X]
R3 srvnet; System32\DRIVERS\srvnet.sys [X]
S3 stexstor; \SystemRoot\system32\DRIVERS\stexstor.sys [X]
S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]
R3 swenum; \SystemRoot\system32\drivers\swenum.sys [X]
R3 SynTP; system32\DRIVERS\SynTP.sys [X]
R0 Tcpip; System32\drivers\tcpip.sys [X]
S3 TCPIP6; system32\DRIVERS\tcpip.sys [X]
R2 tcpipreg; System32\drivers\tcpipreg.sys [X]
S3 TDPIPE; system32\drivers\tdpipe.sys [X]
S3 TDTCP; system32\drivers\tdtcp.sys [X]
R1 tdx; system32\DRIVERS\tdx.sys [X]
R1 TermDD; \SystemRoot\system32\drivers\termdd.sys [X]
R0 tpci; system32\Drivers\tpci64.sys [X]
S3 tssecsrv; System32\DRIVERS\tssecsrv.sys [X]
S3 TsUsbFlt; system32\drivers\tsusbflt.sys [X]
R3 tunnel; system32\DRIVERS\tunnel.sys [X]
S3 uagp35; \SystemRoot\system32\DRIVERS\uagp35.sys [X]
R3 UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [X]
R4 udfs; system32\DRIVERS\udfs.sys [X]
S3 uliagpkx; \SystemRoot\system32\drivers\uliagpkx.sys [X]
R3 umbus; \SystemRoot\system32\drivers\umbus.sys [X]
S3 UmPass; \SystemRoot\system32\DRIVERS\umpass.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
R3 usbccgp; system32\DRIVERS\usbccgp.sys [X]
S3 usbcir; \SystemRoot\system32\drivers\usbcir.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
R3 usbehci; system32\DRIVERS\usbehci.sys [X]
R3 usbhub; system32\DRIVERS\usbhub.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
R0 usbmp3; system32\Drivers\usbmp364.sys [X]
S3 usbohci; \SystemRoot\system32\drivers\usbohci.sys [X]
S3 usbprint; \SystemRoot\system32\DRIVERS\usbprint.sys [X]
R3 USBSTOR; \SystemRoot\system32\drivers\USBSTOR.SYS [X]
R3 usbuhci; system32\DRIVERS\usbuhci.sys [X]
R3 usbvideo; \SystemRoot\System32\Drivers\usbvideo.sys [X]
R0 usbvox; system32\Drivers\usbvox64.sys [X]
R0 usbwav; system32\Drivers\usbwav64.sys [X]
R0 vdrvroot; system32\drivers\vdrvroot.sys [X]
S3 vga; system32\DRIVERS\vgapnp.sys [X]
R1 VgaSave; \SystemRoot\System32\drivers\vga.sys [X]
S3 vhdmp; \SystemRoot\system32\drivers\vhdmp.sys [X]
S3 viaide; \SystemRoot\system32\drivers\viaide.sys [X]
R0 volmgr; system32\drivers\volmgr.sys [X]
R0 volmgrx; System32\drivers\volmgrx.sys [X]
R0 volsnap; system32\drivers\volsnap.sys [X]
S3 vsmraid; \SystemRoot\system32\DRIVERS\vsmraid.sys [X]
R3 vwifibus; system32\DRIVERS\vwifibus.sys [X]
R1 vwififlt; system32\DRIVERS\vwififlt.sys [X]
S3 WacomPen; \SystemRoot\system32\DRIVERS\wacompen.sys [X]
S3 WANARP; system32\DRIVERS\wanarp.sys [X]
R1 Wanarpv6; system32\DRIVERS\wanarp.sys [X]
S3 Wd; \SystemRoot\system32\DRIVERS\wd.sys [X]
R0 Wdf01000; system32\drivers\Wdf01000.sys [X]
R1 WfpLwf; system32\DRIVERS\wfplwf.sys [X]
R3 WmiAcpi; \SystemRoot\system32\drivers\wmiacpi.sys [X]
R1 ws2ifsl; \SystemRoot\system32\drivers\ws2ifsl.sys [X]
R3 WudfPf; system32\drivers\WudfPf.sys [X]
S3 WUDFRd; system32\DRIVERS\WUDFRd.sys [X]
S3 xusb21; system32\DRIVERS\xusb21.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-04 17:21 - 2016-10-04 17:21 - 00000000 ____D C:\FRST
2016-10-04 14:10 - 2016-10-04 14:10 - 00000000 ____D C:\ProgramData\RogueKiller
2016-10-04 13:51 - 2016-10-04 13:51 - 00000000 ____D C:\Malwarebytes
2016-10-03 19:13 - 2016-10-04 03:33 - 00792472 _____ C:\Users\bestway\AppData\Local\ars.cache
2016-10-03 19:13 - 2016-10-03 19:13 - 00435324 _____ C:\Users\bestway\AppData\Local\census.cache
2016-10-03 18:22 - 2016-10-03 19:04 - 00000010 _____ C:\Users\bestway\AppData\Local\sponge.last.runtime.cache
2016-10-03 18:14 - 2016-10-03 18:14 - 00000000 ____D C:\Windows\Trend Micro
2016-10-03 18:11 - 2016-10-03 18:11 - 00000036 _____ C:\Users\bestway\AppData\Local\housecall.guid.cache
2016-10-03 18:05 - 2016-10-03 18:11 - 00151410 _____ C:\Windows\ntbtlog.txt
2016-10-03 00:58 - 2016-10-03 00:58 - 00000017 _____ C:\Users\bestway\AppData\Local\resmon.resmoncfg
2016-10-02 23:49 - 2016-10-02 23:49 - 01118184 ___RH C:\Windows\system32\ProgramlicenseRequired.exe
2016-10-02 23:44 - 2016-10-02 23:44 - 08007680 ____R ( ) C:\Windows\system32\Microsoft.mshtml.dll
2016-10-02 23:44 - 2016-10-02 23:44 - 01592320 ___RH C:\Windows\system32\7z.dll
2016-10-02 23:44 - 2016-10-02 23:44 - 00200704 ____R C:\Windows\system32\ICSharpCode.SharpZipLib.dll
2016-10-02 23:44 - 2016-10-02 23:44 - 00151040 ___RH C:\Windows\system32\SevenZipSharp.dll
2016-10-02 23:44 - 2016-10-02 23:44 - 00126976 ____R ( ) C:\Windows\system32\Interop.SHDocVw.dll
2016-10-02 23:44 - 2016-10-02 23:44 - 00107496 __RSH C:\Windows\system32\bitget64.exe
2016-10-02 22:01 - 2016-10-02 23:42 - 00000000 ____D C:\Users\Administrator
2016-10-02 22:01 - 2016-10-02 22:01 - 00000000 _SHDL C:\Users\Administrator\My Documents
2016-10-02 22:01 - 2016-10-02 22:01 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2016-10-02 22:01 - 2016-10-02 22:01 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2016-10-02 22:01 - 2016-10-02 22:01 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2016-10-02 22:01 - 2016-10-02 22:01 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2016-10-02 22:01 - 2011-02-19 14:13 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2016-10-02 22:01 - 2009-07-14 05:44 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2016-10-02 15:42 - 2016-10-02 15:44 - 00686568 ___RH (Microsoft Windows) C:\Windows\system32\HardwareInfo.exe
2016-10-02 15:42 - 2016-10-02 15:43 - 05367272 __RSH C:\Windows\system32\mutex-Threads.exe
2016-09-29 01:04 - 2016-09-29 01:04 - 00000000 ____D C:\Users\bestway\AppData\Local\CEF
2016-09-21 01:57 - 2016-08-05 10:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-09-21 01:57 - 2016-08-05 10:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-09-18 16:31 - 2016-09-01 14:26 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-09-18 16:31 - 2016-09-01 13:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-09-18 16:31 - 2016-08-31 22:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-09-18 16:31 - 2016-08-31 22:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-09-18 16:31 - 2016-08-31 21:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-09-18 16:31 - 2016-08-31 21:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-09-18 16:31 - 2016-08-31 21:46 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-09-18 16:31 - 2016-08-31 21:34 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-09-18 16:31 - 2016-08-31 21:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-09-18 16:31 - 2016-08-31 21:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-09-18 16:31 - 2016-08-31 21:26 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-09-18 16:31 - 2016-08-31 21:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-09-18 16:31 - 2016-08-31 21:23 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-09-18 16:31 - 2016-08-31 21:08 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-09-18 16:31 - 2016-08-31 20:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-09-18 16:31 - 2016-08-31 20:57 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-09-18 16:31 - 2016-08-31 20:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-09-18 16:31 - 2016-08-31 20:48 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-09-18 16:31 - 2016-08-31 20:45 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-09-18 16:31 - 2016-08-31 20:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-09-18 16:31 - 2016-08-31 20:29 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-09-18 16:31 - 2016-08-31 20:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-09-18 16:31 - 2016-08-31 19:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-09-18 16:31 - 2016-08-31 19:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-09-18 16:31 - 2016-08-31 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-09-18 16:31 - 2016-08-31 19:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-09-18 16:31 - 2016-08-31 19:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-09-18 16:31 - 2016-08-31 19:15 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-09-18 16:31 - 2016-08-31 19:11 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-09-18 16:31 - 2016-08-31 19:03 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-09-18 16:31 - 2016-08-31 18:51 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-09-18 16:31 - 2016-08-31 18:50 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-09-18 16:31 - 2016-08-31 18:44 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-09-18 16:31 - 2016-08-31 18:42 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-09-18 16:31 - 2016-08-31 18:29 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-09-18 16:31 - 2016-08-31 18:28 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-18 16:31 - 2016-08-31 17:58 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-18 16:31 - 2016-08-16 12:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-18 16:31 - 2016-08-15 21:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-09-18 16:31 - 2016-08-15 21:35 - 03218432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-18 16:31 - 2016-08-06 10:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-18 16:31 - 2016-08-06 10:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-09-18 16:30 - 2016-08-31 21:46 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-09-18 16:30 - 2016-08-31 21:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-09-18 16:30 - 2016-08-31 21:24 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-09-18 16:30 - 2016-08-31 20:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-09-18 16:30 - 2016-08-31 20:34 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-09-18 16:30 - 2016-08-31 20:29 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-09-18 16:30 - 2016-08-31 20:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-09-18 16:30 - 2016-08-31 19:45 - 25770496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-18 16:30 - 2016-08-31 19:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-09-18 16:30 - 2016-08-31 19:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-09-18 16:30 - 2016-08-31 19:24 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-18 16:30 - 2016-08-31 19:24 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-18 16:30 - 2016-08-31 19:24 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-09-18 16:30 - 2016-08-31 19:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-09-18 16:30 - 2016-08-31 19:16 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-09-18 16:30 - 2016-08-31 19:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-09-18 16:30 - 2016-08-31 19:11 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-09-18 16:30 - 2016-08-31 19:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-09-18 16:30 - 2016-08-31 19:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-09-18 16:30 - 2016-08-31 19:06 - 06047232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-18 16:30 - 2016-08-31 18:59 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-09-18 16:30 - 2016-08-31 18:47 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-09-18 16:30 - 2016-08-31 18:46 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-09-18 16:30 - 2016-08-31 18:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-09-18 16:30 - 2016-08-31 18:27 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-09-18 16:30 - 2016-08-31 18:26 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-09-18 16:30 - 2016-08-31 18:15 - 15411712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-18 16:30 - 2016-08-31 18:10 - 02921472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-18 16:30 - 2016-08-31 17:47 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-09-18 16:27 - 2016-09-02 10:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-09-18 16:27 - 2016-09-02 10:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-18 16:27 - 2016-09-02 10:35 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-09-18 16:27 - 2016-09-02 10:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-18 16:27 - 2016-09-02 10:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-09-18 16:27 - 2016-09-02 10:31 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-09-18 16:27 - 2016-09-02 10:31 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-09-18 16:27 - 2016-09-02 10:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-09-18 16:27 - 2016-09-02 10:31 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-09-18 16:27 - 2016-09-02 10:31 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-18 16:27 - 2016-09-02 10:31 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-09-18 16:27 - 2016-09-02 10:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-09-18 16:27 - 2016-09-02 10:31 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-09-18 16:27 - 2016-09-02 10:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:21 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-09-18 16:27 - 2016-09-02 10:21 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-09-18 16:27 - 2016-09-02 10:18 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 10:02 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-09-18 16:27 - 2016-09-02 10:02 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-09-18 16:27 - 2016-09-02 10:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-09-18 16:27 - 2016-09-02 09:58 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-09-18 16:27 - 2016-09-02 09:57 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-09-18 16:27 - 2016-09-02 09:53 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-09-18 16:27 - 2016-09-02 09:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-09-18 16:27 - 2016-09-02 09:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-09-18 16:27 - 2016-09-02 09:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-09-18 16:27 - 2016-09-02 09:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-09-18 16:27 - 2016-09-02 09:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-09-18 16:27 - 2016-09-02 09:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-09-18 16:27 - 2016-09-02 09:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-09-18 16:27 - 2016-09-02 09:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 09:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-09-18 16:27 - 2016-09-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-09-18 16:27 - 2016-06-06 11:50 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-09-18 16:27 - 2016-06-06 11:50 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-09-18 16:27 - 2016-06-06 11:50 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-09-18 16:27 - 2016-06-06 11:50 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-09-18 16:27 - 2016-06-06 10:23 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-09-18 16:27 - 2016-06-06 10:23 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-09-18 16:27 - 2016-06-06 10:23 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-09-18 16:27 - 2016-06-06 10:23 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-09-18 16:27 - 2016-05-13 17:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-09-18 16:27 - 2016-05-13 17:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-09-18 16:27 - 2016-05-13 17:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-09-18 16:27 - 2016-05-13 17:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-09-18 16:27 - 2016-05-13 16:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-09-18 16:27 - 2016-05-13 16:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-09-18 16:27 - 2016-05-13 16:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-09-18 16:27 - 2016-05-13 16:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-09-18 16:27 - 2016-05-13 16:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-09-18 16:27 - 2016-05-13 16:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-09-18 16:27 - 2016-05-13 16:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-09-18 16:27 - 2016-05-13 16:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-09-18 16:27 - 2016-05-13 16:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-09-18 16:27 - 2016-05-13 16:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-09-18 16:27 - 2016-05-13 16:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-09-18 16:27 - 2016-05-13 16:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-09-18 16:27 - 2016-05-12 12:14 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-09-18 16:27 - 2016-05-12 10:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-09-18 16:27 - 2016-05-12 10:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-09-18 16:27 - 2016-05-04 12:21 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-09-18 16:27 - 2016-05-04 12:17 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-09-18 16:27 - 2016-05-04 12:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-09-18 16:27 - 2016-05-04 12:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-09-18 16:27 - 2016-05-04 12:17 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-09-18 16:27 - 2016-05-04 12:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-09-18 16:27 - 2016-05-04 12:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-09-18 16:27 - 2016-05-04 12:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-09-18 16:27 - 2016-05-04 12:16 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-09-18 16:27 - 2016-05-04 12:16 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-09-18 16:27 - 2016-05-04 10:04 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-09-18 16:27 - 2016-05-04 09:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-09-18 16:25 - 2016-07-01 10:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-09-18 16:25 - 2016-07-01 10:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-09-18 16:25 - 2016-07-01 10:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-09-18 16:25 - 2016-07-01 10:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-04 17:17 - 2009-07-14 03:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-04 17:17 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf
2016-10-04 17:14 - 2012-07-15 14:08 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-04 17:14 - 2012-03-30 03:26 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-04 14:27 - 2009-07-14 02:45 - 00019056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-04 14:27 - 2009-07-14 02:45 - 00019056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-04 14:26 - 2011-11-07 17:13 - 00000106 ___RH C:\Windows\system32\masteraclbini.enu
2016-10-04 14:26 - 2011-05-31 20:47 - 00001043 __RSH C:\Windows\system32\masteraclini.enu
2016-10-04 06:02 - 2012-07-15 14:08 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-04 04:24 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-04 04:15 - 2012-01-11 20:23 - 00002141 _____ C:\Windows\epplauncher.mif
2016-10-03 02:22 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\rescache
2016-10-02 23:58 - 2010-11-22 04:42 - 00000000 ___HD C:\OEM
2016-10-02 23:57 - 2015-12-12 22:22 - 00000000 ____D C:\Users\bestway\Desktop\Fceux
2016-10-02 23:57 - 2015-12-12 14:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-10-02 23:57 - 2015-12-05 03:05 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-10-02 23:57 - 2015-05-21 03:01 - 00000000 ___SD C:\Windows\system32\GWX
2016-10-02 23:57 - 2014-12-12 23:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-02 23:57 - 2014-12-11 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-02 23:57 - 2014-05-26 01:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mPlayer
2016-10-02 23:57 - 2012-07-15 14:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-10-02 23:57 - 2012-07-06 02:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graboid Video
2016-10-02 23:57 - 2012-03-09 04:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
2016-10-02 23:57 - 2011-02-19 14:12 - 00000000 ____D C:\Users\bestway
2016-10-02 23:57 - 2011-02-19 12:24 - 00000000 _RSHD C:\PCRA
2016-10-02 23:57 - 2010-12-05 05:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2016-10-02 23:57 - 2010-12-05 05:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9
2016-10-02 23:57 - 2010-12-05 05:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam
2016-10-02 23:57 - 2010-12-05 05:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
2016-10-02 23:57 - 2010-11-22 05:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Backup Manager
2016-10-02 23:57 - 2010-11-22 05:29 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2016-10-02 23:57 - 2010-11-22 05:21 - 00000000 ____D C:\ProgramData\WildTangent
2016-10-02 23:57 - 2010-11-22 05:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-10-02 23:57 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\registration
2016-10-02 23:57 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\AppCompat
2016-10-02 23:44 - 2016-08-14 03:29 - 01653224 ___RH C:\Windows\system32\wLins.exe
2016-10-02 23:44 - 2016-08-14 03:29 - 01653224 ___RH C:\Windows\system32\wLin.exe
2016-10-02 23:44 - 2012-04-26 23:50 - 00507368 ___RH C:\Windows\system32\msgPop.exe
2016-10-02 23:42 - 2012-02-21 03:36 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-02 22:48 - 2012-03-23 22:31 - 00297984 ___SH C:\Users\bestway\Desktop\Thumbs.db
2016-10-02 15:44 - 2012-04-26 23:47 - 08112104 ___RH C:\Windows\system32\idle-Threads.exe
2016-10-02 15:43 - 2012-04-26 23:47 - 06100968 __RSH C:\Windows\system32\latch-Threads.exe
2016-10-02 13:32 - 2014-11-08 00:05 - 00000477 _____ C:\Users\bestway\Desktop\Netflix.website
2016-09-26 23:54 - 2012-07-05 18:24 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-09-19 05:34 - 2009-07-14 02:45 - 00291136 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-19 04:36 - 2013-07-27 04:04 - 00000000 ____D C:\Windows\system32\MRT
2016-09-19 04:26 - 2012-03-16 13:16 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-09-17 05:32 - 2012-07-15 14:08 - 00002078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-17 05:32 - 2012-07-15 14:08 - 00002066 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-14 03:36 - 2012-03-30 03:26 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-14 03:36 - 2012-03-30 03:26 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-09-14 03:36 - 2012-01-08 01:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-14 03:35 - 2010-11-22 05:34 - 00000000 ____D C:\Windows\SysWOW64\Macromed

==================== Files in the root of some directories =======

2016-10-03 19:13 - 2016-10-04 03:33 - 0792472 _____ () C:\Users\bestway\AppData\Local\ars.cache
2016-10-03 19:13 - 2016-10-03 19:13 - 0435324 _____ () C:\Users\bestway\AppData\Local\census.cache
2016-10-03 18:11 - 2016-10-03 18:11 - 0000036 _____ () C:\Users\bestway\AppData\Local\housecall.guid.cache
2016-10-03 00:58 - 2016-10-03 00:58 - 0000017 _____ () C:\Users\bestway\AppData\Local\resmon.resmoncfg
2016-10-03 18:22 - 2016-10-03 19:04 - 0000010 _____ () C:\Users\bestway\AppData\Local\sponge.last.runtime.cache

Some files in TEMP:
====================
C:\Users\bestway\AppData\Local\Temp\Quarantine.exe
C:\Users\bestway\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys IS MISSING <==== ATTENTION

==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


#2 JustGetBent

JustGetBent
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 04 October 2016 - 06:56 PM

Some additional relevent information:

 

1)  computer is running Windows 7

2)  my roommate allowed her Avast free anti-virus to lapse before letting me know.  All these problems began shortly after this happened.

3)  i'm not sure if addition.txt was added to the original post, so I will reattatch it here.

 

Thank you

Attached Files



#3 JustGetBent

JustGetBent
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 05 October 2016 - 01:06 AM

My roommate has decided to take her computer to a repair shop tomorrow.  If something changes, I will repost this and try again to help her fix it.  Thanks anyways.



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:56 AM

Posted 06 October 2016 - 08:02 AM

Thank you for letting us know.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:56 AM

Posted 06 October 2016 - 08:02 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users