Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

C: drive filling up by itself with nothing downloading


  • This topic is locked This topic is locked
10 replies to this topic

#1 Tr1pL1ek1D0

Tr1pL1ek1D0

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 27 May 2015 - 05:50 PM

I have noticed as of late that the C drive to my computer is filling up rapidly to the point to where I cannot view simple pictures on my desktop. I have scanned my computer numerous times with my anti-virus (ESET Smart Security) as well as Malwarebytes. I have also used Disk Cleanup and Disk Defragmenter to no avail. I am not a computer genius by any means, but I believe I have been infected by malware on worse. Posted below are the FRST and Addition Logs. I appreciate the help!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by Zack (administrator) on ZACK-PC on 27-05-2015 18:42:44
Running from C:\Users\Zack\Desktop
Loaded Profiles: Zack (Available Profiles: Zack)
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Spotify Ltd) C:\Users\Zack\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Windows\DAODx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
(Malwarebytes Corporation) F:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) F:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) F:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Zack\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Zack\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Zack\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Zack\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Zack\Desktop\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11842152 2011-05-03] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [4035152 2011-09-22] (ESET)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2685072 2015-05-01] (NVIDIA Corporation)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [BCSSync] => F:\Program Files\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2394089000-3205729760-2471657723-1000\...\Run: [DAEMON Tools Lite] => "F:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-2394089000-3205729760-2471657723-1000\...\Run: [Spotify Web Helper] => C:\Users\Zack\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-19] (Spotify Ltd)
HKU\S-1-5-21-2394089000-3205729760-2471657723-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-2394089000-3205729760-2471657723-1000\...\Run: [SteelSeries Engine] => F:\Program Files\SteelSeries Engine\SteelSeriesEngine.exe [242688 2013-11-05] (SteelSeries ApS)
HKU\S-1-5-21-2394089000-3205729760-2471657723-1000\...\Run: [Spotify] => C:\Users\Zack\AppData\Roaming\Spotify\Spotify.exe [7298616 2015-05-19] (Spotify Ltd)
HKU\S-1-5-21-2394089000-3205729760-2471657723-1000\...\MountPoints2: {a9188a0c-6a58-11e2-9b41-5404a63c6854} - H:\unlock.exe autoplay=true
HKU\S-1-5-21-2394089000-3205729760-2471657723-1000\...\MountPoints2: {c9404ea4-647a-11e1-93c7-806e6f6e6963} - E:\autorun.exe -auto
HKU\S-1-5-21-2394089000-3205729760-2471657723-1000\...\MountPoints2: {cb80269c-6489-11e1-9a1c-806e6f6e6963} - E:\.\Bin\ASSETUP.exe
Startup: C:\Users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-03-28] ()
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => F:\Program Files\OFFICE14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => F:\Program Files\OFFICE14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => F:\Program Files\OFFICE14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => F:\Program Files\OFFICE14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => F:\Program Files\OFFICE14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2394089000-3205729760-2471657723-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {66409F3B-7B69-4A11-849F-BA554003CCE1} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2394089000-3205729760-2471657723-1000 -> {E94C5CBC-5BC1-4ECA-8CE0-61BB08DEB1E8} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> F:\Program Files\Toolbars\Internet Explorer x64\skypeieplugin.dll No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> F:\Program Files\OFFICE14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> F:\Program Files\OFFICE14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-03-01] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2012-03-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> F:\PROGRA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> F:\PROGRA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-11] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Playtopus  - C:\Users\Zack\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@playtopus.com [2013-06-27]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-03-06]
StartMenuInternet: FIREFOX.EXE - F:\Program Files\firefox.exe
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-14]
CHR Extension: (Google Search) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-14]
CHR Extension: (Bookmark Manager DEV) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-07]
CHR Extension: (Gmail) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [974944 2011-09-22] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-01] (NVIDIA Corporation)
R2 MBAMScheduler; F:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; F:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; F:\Program Files\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22997648 2015-05-01] (NVIDIA Corporation)
S2 SkypeUpdate; F:\Program Files\Updater\Updater.exe [315488 2015-02-18] (Skype Technologies)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 apmwinsrv; "C:\Program Files (x86)\Paragon Software\HFS+ for Windows  9.0\apmwinsrv.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [36448 2011-03-23] (Asmedia Technology)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-11-06] (DT Soft Ltd)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202576 2011-08-09] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [146432 2011-08-04] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [187632 2011-08-04] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [38288 2011-08-04] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62496 2011-08-04] (ESET)
S3 GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [119680 2009-08-10] (Gemalto)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [115200 2010-10-15] (Razer USA Ltd) [File not signed]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-27 18:42 - 2015-05-27 18:42 - 00016368 _____ () C:\Users\Zack\Desktop\FRST.txt
2015-05-27 18:42 - 2015-05-27 18:42 - 00000000 ____D () C:\FRST
2015-05-27 18:41 - 2015-05-27 18:42 - 02108928 _____ (Farbar) C:\Users\Zack\Desktop\FRST64 (1).exe
2015-05-27 18:27 - 2015-05-27 18:27 - 00000656 _____ () C:\Users\Zack\Documents\Uninstall STAR WARS The Old Republic.log
2015-05-27 18:22 - 2015-05-27 18:22 - 05251060 _____ () C:\Windows\system32\PerfStringBackup.TMP
2015-05-26 18:55 - 2015-05-26 18:55 - 00000000 ____D () C:\ProgramData\SUPERSetup
2015-05-25 23:09 - 2015-05-27 18:22 - 00659630 _____ () C:\Windows\system32\perfh01D.dat
2015-05-25 23:09 - 2015-05-27 18:22 - 00142762 _____ () C:\Windows\system32\perfc01D.dat
2015-05-25 23:09 - 2015-05-25 23:09 - 00294764 _____ () C:\Windows\system32\perfi01D.dat
2015-05-25 23:09 - 2015-05-25 23:09 - 00037052 _____ () C:\Windows\system32\perfd01D.dat
2015-05-25 23:09 - 2015-05-25 23:09 - 00000000 ____D () C:\Windows\SysWOW64\sv
2015-05-25 23:09 - 2015-05-25 23:09 - 00000000 ____D () C:\Windows\system32\sv
2015-05-25 23:02 - 2015-05-27 18:22 - 00420570 _____ () C:\Windows\system32\perfh012.dat
2015-05-25 23:02 - 2015-05-27 18:22 - 00120148 _____ () C:\Windows\system32\perfc012.dat
2015-05-25 23:02 - 2015-05-25 23:01 - 00157694 _____ () C:\Windows\system32\perfi012.dat
2015-05-25 23:02 - 2015-05-25 23:01 - 00031548 _____ () C:\Windows\system32\perfd012.dat
2015-05-25 23:01 - 2015-05-25 23:01 - 00000000 ____D () C:\Windows\SysWOW64\ko
2015-05-25 23:01 - 2015-05-25 23:01 - 00000000 ____D () C:\Windows\system32\ko
2015-05-25 22:54 - 2015-05-27 18:22 - 00664970 _____ () C:\Windows\system32\perfh005.dat
2015-05-25 22:54 - 2015-05-27 18:22 - 00142090 _____ () C:\Windows\system32\perfc005.dat
2015-05-25 22:54 - 2015-05-25 22:54 - 00292004 _____ () C:\Windows\system32\perfi005.dat
2015-05-25 22:54 - 2015-05-25 22:54 - 00036232 _____ () C:\Windows\system32\perfd005.dat
2015-05-25 22:54 - 2015-05-25 22:54 - 00000000 ____D () C:\Windows\SysWOW64\cs
2015-05-25 22:54 - 2015-05-25 22:54 - 00000000 ____D () C:\Windows\system32\cs
2015-05-25 22:47 - 2015-05-25 22:47 - 00000000 ____D () C:\Windows\th-TH
2015-05-25 22:47 - 2015-05-25 22:47 - 00000000 ____D () C:\Windows\SysWOW64\Drivers\th-TH
2015-05-25 22:47 - 2015-05-25 22:47 - 00000000 ____D () C:\Windows\system32\Drivers\th-TH
2015-05-25 22:34 - 2015-05-27 18:22 - 00740974 _____ () C:\Windows\system32\perfh013.dat
2015-05-25 22:34 - 2015-05-27 18:22 - 00153796 _____ () C:\Windows\system32\perfc013.dat
2015-05-25 22:34 - 2015-05-25 22:33 - 00341322 _____ () C:\Windows\system32\perfi013.dat
2015-05-25 22:34 - 2015-05-25 22:33 - 00043068 _____ () C:\Windows\system32\perfd013.dat
2015-05-25 22:33 - 2015-05-25 22:33 - 00000000 ____D () C:\Windows\SysWOW64\nl
2015-05-25 22:33 - 2015-05-25 22:33 - 00000000 ____D () C:\Windows\SysWOW64\0413
2015-05-25 22:33 - 2015-05-25 22:33 - 00000000 ____D () C:\Windows\system32\nl
2015-05-25 22:33 - 2015-05-25 22:33 - 00000000 ____D () C:\Windows\system32\0413
2015-05-25 22:27 - 2015-05-25 22:27 - 00000000 ____D () C:\Windows\SysWOW64\Drivers\lv-LV
2015-05-25 22:27 - 2015-05-25 22:27 - 00000000 ____D () C:\Windows\system32\Drivers\lv-LV
2015-05-25 22:27 - 2015-05-25 22:27 - 00000000 ____D () C:\Windows\lv-LV
2015-05-25 22:22 - 2015-05-27 18:22 - 00477824 _____ () C:\Windows\system32\perfh00B.dat
2015-05-25 22:22 - 2015-05-27 18:22 - 00102320 _____ () C:\Windows\system32\perfc00B.dat
2015-05-25 22:22 - 2015-05-25 22:21 - 00279790 _____ () C:\Windows\system32\perfi00B.dat
2015-05-25 22:22 - 2015-05-25 22:21 - 00038258 _____ () C:\Windows\system32\perfd00B.dat
2015-05-25 22:21 - 2015-05-25 22:21 - 00000000 ____D () C:\Windows\SysWOW64\fi
2015-05-25 22:21 - 2015-05-25 22:21 - 00000000 ____D () C:\Windows\system32\fi
2015-05-25 22:15 - 2015-04-10 23:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-05-25 22:15 - 2015-03-13 23:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-25 22:15 - 2015-03-13 23:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-05-25 22:15 - 2015-03-13 23:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-25 22:15 - 2015-03-13 23:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-05-24 16:24 - 2015-05-25 15:00 - 00000633 _____ () C:\Users\Zack\Desktop\Heroes leveling.txt
2015-05-21 16:31 - 2015-05-21 16:31 - 00000000 ____D () C:\Users\Zack\AppData\Roaming\Command and Conquer 3 Tiberium Wars
2015-05-19 19:21 - 2015-05-11 22:34 - 00571024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-05-19 19:19 - 2015-05-13 02:52 - 00195912 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-05-19 19:19 - 2015-05-13 02:52 - 00031552 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-05-19 19:19 - 2015-05-12 02:27 - 42718864 _____ () C:\Windows\system32\nvcompiler.dll
2015-05-19 19:19 - 2015-05-12 02:27 - 37741712 _____ () C:\Windows\SysWOW64\nvcompiler.dll
2015-05-19 19:19 - 2015-05-12 02:27 - 30478992 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-05-19 19:19 - 2015-05-12 02:27 - 22945424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-05-19 19:19 - 2015-05-12 02:27 - 16145176 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-05-19 19:19 - 2015-05-12 02:27 - 14455296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-05-19 19:19 - 2015-05-12 02:27 - 11790144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-05-19 19:19 - 2015-05-12 02:27 - 10972304 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-05-19 19:19 - 2015-05-12 02:27 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-05-19 19:19 - 2015-05-12 02:27 - 02599056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-05-19 19:19 - 2015-05-12 02:27 - 01898312 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435286.dll
2015-05-19 19:19 - 2015-05-12 02:27 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435286.dll
2015-05-19 19:19 - 2015-05-12 02:27 - 01099808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-05-19 19:19 - 2015-05-12 02:27 - 01059984 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-05-19 19:19 - 2015-05-12 02:27 - 01050256 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-05-19 19:19 - 2015-05-12 02:27 - 00982672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-05-19 19:19 - 2015-05-12 02:27 - 00974480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-05-19 19:19 - 2015-05-12 02:27 - 00939080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-05-19 19:19 - 2015-05-12 02:27 - 00176064 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-05-19 19:19 - 2015-05-12 02:27 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-05-19 19:19 - 2015-05-12 02:27 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-05-19 19:19 - 2015-05-12 02:27 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-05-13 06:20 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 06:20 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 06:03 - 2015-05-04 21:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 06:03 - 2015-05-04 21:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 06:03 - 2015-04-27 15:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 06:03 - 2015-04-27 15:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 06:03 - 2015-04-27 15:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 06:03 - 2015-04-27 15:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 06:03 - 2015-04-27 15:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 06:03 - 2015-04-27 15:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 06:03 - 2015-04-27 15:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 06:03 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 06:03 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 06:03 - 2015-04-27 15:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 06:03 - 2015-04-27 15:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 06:03 - 2015-04-27 15:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 06:03 - 2015-04-27 15:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 06:03 - 2015-04-27 15:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 06:03 - 2015-04-27 15:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 06:03 - 2015-04-27 15:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 06:03 - 2015-04-27 15:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 06:03 - 2015-04-27 15:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 06:03 - 2015-04-27 15:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 06:03 - 2015-04-27 15:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 06:03 - 2015-04-27 15:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 06:03 - 2015-04-27 15:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 06:03 - 2015-04-27 15:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 06:03 - 2015-04-27 15:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 06:03 - 2015-04-27 15:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 06:03 - 2015-04-27 15:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 06:03 - 2015-04-27 15:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 06:03 - 2015-04-27 15:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 06:03 - 2015-04-27 15:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 06:03 - 2015-04-27 15:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 06:03 - 2015-04-27 15:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 06:03 - 2015-04-27 15:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 06:03 - 2015-04-27 15:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 06:03 - 2015-04-27 15:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 06:03 - 2015-04-27 15:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 06:03 - 2015-04-27 15:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 06:03 - 2015-04-27 15:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 06:03 - 2015-04-27 15:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 06:03 - 2015-04-27 15:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 06:03 - 2015-04-27 15:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 06:03 - 2015-04-27 15:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 06:03 - 2015-04-27 15:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 06:03 - 2015-04-27 15:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 15:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 15:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 06:03 - 2015-04-27 15:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 06:03 - 2015-04-27 15:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 06:03 - 2015-04-27 15:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 06:03 - 2015-04-27 15:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 06:03 - 2015-04-27 15:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 06:03 - 2015-04-27 15:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 06:03 - 2015-04-27 15:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 06:03 - 2015-04-27 15:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 06:03 - 2015-04-27 15:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 06:03 - 2015-04-27 15:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 06:03 - 2015-04-27 15:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 06:03 - 2015-04-27 15:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 06:03 - 2015-04-27 15:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 06:03 - 2015-04-27 15:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 06:03 - 2015-04-27 15:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 06:03 - 2015-04-27 15:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 06:03 - 2015-04-27 15:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 06:03 - 2015-04-27 15:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 06:03 - 2015-04-27 15:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 06:03 - 2015-04-27 15:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 06:03 - 2015-04-27 15:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 06:03 - 2015-04-27 15:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 06:03 - 2015-04-27 15:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 06:03 - 2015-04-27 15:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 06:03 - 2015-04-27 15:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 06:03 - 2015-04-27 15:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 06:03 - 2015-04-27 15:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 06:03 - 2015-04-27 14:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 06:03 - 2015-04-27 14:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 06:03 - 2015-04-27 14:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 14:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 14:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 06:03 - 2015-04-27 13:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 06:03 - 2015-04-27 13:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 06:03 - 2015-04-27 13:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 13:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 06:03 - 2015-04-27 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 06:03 - 2015-04-21 22:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 06:03 - 2015-04-21 21:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 06:03 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 06:03 - 2015-04-21 13:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 06:03 - 2015-04-21 13:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 06:03 - 2015-04-21 12:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 06:03 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 06:03 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 06:03 - 2015-04-21 12:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 06:03 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 06:03 - 2015-04-21 12:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 06:03 - 2015-04-21 12:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 06:03 - 2015-04-21 12:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 06:03 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 06:03 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 06:03 - 2015-04-21 12:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 06:03 - 2015-04-21 12:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 06:03 - 2015-04-21 12:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 06:03 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 06:03 - 2015-04-21 12:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 06:03 - 2015-04-21 12:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 06:03 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 06:03 - 2015-04-21 12:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 06:03 - 2015-04-21 12:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 06:03 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 06:03 - 2015-04-21 12:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 06:03 - 2015-04-21 12:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 06:03 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 06:03 - 2015-04-21 12:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 06:03 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 06:03 - 2015-04-21 12:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 06:03 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 06:03 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 06:03 - 2015-04-21 12:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 06:03 - 2015-04-21 12:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 06:03 - 2015-04-21 12:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 06:03 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 06:03 - 2015-04-21 11:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 06:03 - 2015-04-21 11:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 06:03 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 06:03 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 06:03 - 2015-04-21 11:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 06:03 - 2015-04-21 11:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 06:03 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 06:03 - 2015-04-21 11:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 06:03 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 06:03 - 2015-04-21 11:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 06:03 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 06:03 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 06:03 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 06:03 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 06:03 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 06:03 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 06:03 - 2015-04-21 11:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 06:03 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 06:03 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 06:03 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 06:03 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 06:03 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 06:03 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 06:03 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 06:03 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 06:03 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 06:03 - 2015-04-19 22:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 06:03 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 06:03 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 06:03 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 06:03 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 06:03 - 2015-04-07 23:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 06:03 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 06:03 - 2015-03-04 00:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 06:03 - 2015-03-04 00:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 06:03 - 2015-03-04 00:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 06:03 - 2015-03-04 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 06:03 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 06:03 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 06:03 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 06:03 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 06:03 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 06:03 - 2015-01-28 23:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 06:03 - 2015-01-28 23:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-27 18:31 - 2013-03-11 21:43 - 00000000 ____D () C:\Users\Zack\AppData\Local\Spotify
2015-05-27 18:31 - 2013-03-11 21:42 - 00000000 ____D () C:\Users\Zack\AppData\Roaming\Spotify
2015-05-27 18:26 - 2014-11-02 13:10 - 00000000 ____D () C:\Users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-05-27 18:26 - 2012-03-04 02:49 - 00000000 ____D () C:\ProgramData\Origin
2015-05-27 18:26 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-27 18:25 - 2015-03-22 16:56 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-27 18:25 - 2013-05-04 22:49 - 00000000 __SHD () C:\AI_RecycleBin
2015-05-27 18:24 - 2012-03-01 23:52 - 00000000 ____D () C:\Users\Zack\AppData\Local\Deployment
2015-05-27 18:22 - 2015-01-12 17:45 - 00742688 _____ () C:\Windows\system32\perfh00A.dat
2015-05-27 18:22 - 2015-01-12 17:45 - 00681432 _____ () C:\Windows\system32\perfh00E.dat
2015-05-27 18:22 - 2015-01-12 17:45 - 00387194 _____ () C:\Windows\system32\perfh00D.dat
2015-05-27 18:22 - 2015-01-12 17:45 - 00172882 _____ () C:\Windows\system32\perfc00E.dat
2015-05-27 18:22 - 2015-01-12 17:45 - 00159638 _____ () C:\Windows\system32\perfc00A.dat
2015-05-27 18:22 - 2015-01-12 17:45 - 00084522 _____ () C:\Windows\system32\perfc00D.dat
2015-05-27 18:22 - 2015-01-11 23:28 - 00742924 _____ () C:\Windows\system32\perfh00C.dat
2015-05-27 18:22 - 2015-01-11 23:28 - 00474964 _____ () C:\Windows\system32\perfh001.dat
2015-05-27 18:22 - 2015-01-11 23:28 - 00150102 _____ () C:\Windows\system32\perfc00C.dat
2015-05-27 18:22 - 2015-01-11 23:28 - 00000000 _____ () C:\Windows\system32\perfc001.dat
2015-05-27 18:22 - 2015-01-11 23:23 - 00695032 _____ () C:\Windows\system32\perfh007.dat
2015-05-27 18:22 - 2015-01-11 23:23 - 00149598 _____ () C:\Windows\system32\perfc007.dat
2015-05-27 18:22 - 2012-04-10 19:02 - 00738558 _____ () C:\Windows\system32\perfh010.dat
2015-05-27 18:22 - 2012-04-10 19:02 - 00148308 _____ () C:\Windows\system32\perfc010.dat
2015-05-27 18:18 - 2014-01-25 15:47 - 00000000 ____D () C:\Users\Zack\AppData\Local\Battle.net
2015-05-27 18:01 - 2009-07-14 00:45 - 00026336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-27 18:01 - 2009-07-14 00:45 - 00026336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-27 17:56 - 2012-04-11 16:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-27 17:56 - 2012-03-02 11:09 - 01213017 _____ () C:\Windows\WindowsUpdate.log
2015-05-27 17:55 - 2014-10-30 17:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-27 17:55 - 2013-10-03 15:08 - 00069411 _____ () C:\Windows\setupact.log
2015-05-27 17:55 - 2012-03-01 23:34 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-27 17:55 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-27 05:54 - 2014-10-30 17:32 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-26 19:04 - 2009-07-14 01:13 - 00249856 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-26 18:32 - 2015-01-12 18:41 - 00000000 ____D () C:\Users\Zack\AppData\Roaming\TS3Client
2015-05-26 15:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\th-TH
2015-05-26 15:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\lv-LV
2015-05-26 15:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\th-TH
2015-05-26 15:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\lv-LV
2015-05-26 13:09 - 2012-03-01 23:43 - 00109184 _____ () C:\Users\Zack\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-26 13:09 - 2009-07-14 00:45 - 00406672 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-26 13:08 - 2010-11-20 23:47 - 00202976 _____ () C:\Windows\PFRO.log
2015-05-26 12:50 - 2013-11-27 21:36 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-26 12:47 - 2015-04-20 21:30 - 00000000 ____D () C:\ProgramData\WinZip
2015-05-26 12:47 - 2012-03-02 11:09 - 00000000 ____D () C:\Users\Zack
2015-05-26 12:38 - 2015-03-22 12:52 - 00000000 ____D () C:\Users\Zack\AppData\Local\AirVPN
2015-05-26 10:22 - 2015-03-22 16:56 - 00000763 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-26 10:22 - 2015-03-22 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-25 23:20 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\uk-UA
2015-05-25 23:20 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA
2015-05-25 23:20 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\uk-UA
2015-05-25 23:20 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\ar-SA
2015-05-25 23:17 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\he-IL
2015-05-25 23:17 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\he-IL
2015-05-25 23:09 - 2012-04-10 19:02 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2015-05-25 23:09 - 2011-04-12 03:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-25 23:09 - 2011-04-12 03:38 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2015-05-25 23:09 - 2011-04-12 03:38 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2015-05-25 23:09 - 2011-04-12 03:38 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2015-05-25 23:09 - 2011-04-12 03:38 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2015-05-25 23:09 - 2011-04-12 03:38 - 00000000 ____D () C:\Windows\system32\winrm
2015-05-25 23:09 - 2011-04-12 03:38 - 00000000 ____D () C:\Windows\system32\WCN
2015-05-25 23:09 - 2011-04-12 03:38 - 00000000 ____D () C:\Windows\system32\slmgr
2015-05-25 23:09 - 2011-04-12 03:38 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2015-05-25 23:09 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-05-25 23:09 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-05-25 23:09 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\Windows Defender
2015-05-25 23:09 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\DVD Maker
2015-05-25 23:09 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2015-05-25 23:09 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-05-25 23:09 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-05-25 23:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2015-05-25 23:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2015-05-25 23:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-05-25 23:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2015-05-25 23:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\sysprep
2015-05-25 23:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\oobe
2015-05-25 23:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\MUI
2015-05-25 23:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\migwiz
2015-05-25 23:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-05-25 23:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\com
2015-05-25 23:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\servicing
2015-05-25 23:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-05-25 23:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\IME
2015-05-25 23:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-25 23:02 - 2015-04-18 10:48 - 00000000 ____D () C:\Windows\rescache
2015-05-25 22:41 - 2015-01-11 23:28 - 00000000 ____D () C:\Windows\SysWOW64\fr
2015-05-25 22:41 - 2015-01-11 23:28 - 00000000 ____D () C:\Windows\system32\fr
2015-05-25 22:33 - 2011-04-12 03:38 - 00000000 ____D () C:\Windows\SysWOW64\sysprep
2015-05-25 22:33 - 2009-07-14 01:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-05-25 22:33 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2015-05-25 22:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2015-05-25 22:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2015-05-25 22:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Setup
2015-05-25 20:55 - 2014-10-30 17:33 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-23 20:18 - 2015-02-07 19:38 - 00000000 ____D () C:\Users\Zack\Documents\BioWare
2015-05-23 20:18 - 2012-03-04 00:22 - 00452820 _____ () C:\Windows\DirectX.log
2015-05-19 19:21 - 2012-10-12 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-05-19 19:21 - 2012-03-01 23:34 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-05-19 19:20 - 2012-03-01 23:33 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-05-19 19:14 - 2013-12-02 19:20 - 00001381 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2015-05-17 18:49 - 2014-10-30 17:32 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-17 18:49 - 2014-10-30 17:32 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-16 21:25 - 2012-03-05 23:38 - 00000000 ____D () C:\Users\Zack\AppData\Roaming\Skype
2015-05-16 19:23 - 2012-03-05 23:38 - 00000000 ____D () C:\ProgramData\Skype
2015-05-13 07:35 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 06:30 - 2012-06-05 04:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 06:28 - 2013-08-14 05:35 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 06:22 - 2012-03-01 23:32 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 06:19 - 2014-11-03 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 06:19 - 2014-11-03 20:31 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 06:19 - 2014-11-03 20:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 02:52 - 2015-01-24 10:04 - 01558848 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-05-12 20:29 - 2014-10-30 17:04 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-12 02:27 - 2015-04-13 21:03 - 13263568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-05-12 02:27 - 2015-03-26 08:06 - 15048816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-05-12 02:27 - 2013-12-02 19:17 - 15858728 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-05-12 02:27 - 2012-10-12 18:38 - 12849056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-05-12 02:27 - 2012-10-12 18:38 - 02971776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-05-12 02:27 - 2011-05-21 08:01 - 17540416 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-05-12 02:27 - 2011-05-21 08:01 - 03363224 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-05-12 02:27 - 2011-05-21 08:01 - 00031710 _____ () C:\Windows\system32\nvinfo.pb
2015-05-11 23:30 - 2012-03-01 23:34 - 06872392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-05-11 23:30 - 2012-03-01 23:34 - 03490448 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-05-11 23:30 - 2012-03-01 23:34 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-05-11 23:30 - 2012-03-01 23:34 - 00937288 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-05-11 23:30 - 2012-03-01 23:34 - 00385352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-05-11 23:30 - 2012-03-01 23:34 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-05-11 13:01 - 2012-03-05 17:33 - 04391871 _____ () C:\Windows\system32\nvcoproc.bin
2015-05-03 19:25 - 2014-11-01 17:21 - 00000000 ____D () C:\Users\Zack\Documents\StarCraft II
2015-05-03 19:25 - 2014-10-31 15:43 - 00000000 ____D () C:\Users\Zack\Documents\Diablo III
2015-05-01 12:51 - 2014-10-30 15:23 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-05-01 12:51 - 2013-12-02 19:20 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-05-01 12:50 - 2014-10-30 15:23 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-05-01 12:50 - 2013-12-02 19:20 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
 
==================== Files in the root of some directories =======
 
2012-11-30 12:50 - 2012-11-30 13:04 - 0000292 _____ () C:\Users\Zack\AppData\Roaming\burnaware.ini
2013-07-27 01:29 - 2013-11-29 02:29 - 0000114 _____ () C:\Users\Zack\AppData\Roaming\WB.CFG
2013-11-19 07:04 - 2013-11-19 07:04 - 0000092 _____ () C:\Users\Zack\AppData\Local\fusioncache.dat
2008-02-05 16:28 - 2008-02-05 16:28 - 0000051 _____ () C:\Users\Zack\AppData\Local\setup.txt
 
Some files in TEMP:
====================
C:\Users\Zack\AppData\Local\Temp\ose00000.exe
C:\Users\Zack\AppData\Local\Temp\Quarantine.exe
C:\Users\Zack\AppData\Local\Temp\rootsupd.exe
C:\Users\Zack\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-24 20:05
 
==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:41 PM

Posted 29 May 2015 - 08:00 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Quoted from your Additon.txt file.
System errors:

=============
Error: (05/27/2015 05:55:08 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 7 for x64-based Systems (KB3061518).


This error often means that you dont have enough free space to install the new windows updates.
http://www.techstronaut.com/windows/fix-error-code-0x80070070/

===

Run this tool to clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> F:\Program Files\Toolbars\Internet Explorer x64\skypeieplugin.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
S2 apmwinsrv; "C:\Program Files (x86)\Paragon Software\HFS+ for Windows  9.0\apmwinsrv.exe" [X]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Zack\AppData\Local\Temp\ose00000.exe
C:\Users\Zack\AppData\Local\Temp\rootsupd.exe
C:\Windows\system32\perfh00A.dat
C:\Windows\system32\perfh00E.dat
C:\Windows\system32\perfh00D.dat
C:\Windows\system32\perfc00E.dat
C:\Windows\system32\perfc00A.dat
C:\Windows\system32\perfc00D.dat
C:\Windows\system32\perfh00C.dat
C:\Windows\system32\perfh001.dat
C:\Windows\system32\perfc00C.dat
C:\Windows\system32\perfc001.dat
C:\Windows\system32\perfh007.dat
C:\Windows\system32\perfc007.dat
C:\Windows\system32\perfh010.dat
C:\Windows\system32\perfc010.dat
C:\Windows\system32\perfh00B.dat
C:\Windows\system32\perfc00B.dat
C:\Windows\system32\perfi00B.dat
C:\Windows\system32\perfd00B.dat
C:\Windows\system32\perfh013.dat
C:\Windows\system32\perfc013.dat
C:\Windows\system32\perfi013.dat
C:\Windows\system32\perfd013.dat
C:\Windows\system32\perfh005.dat
C:\Windows\system32\perfc005.dat
C:\Windows\system32\perfi005.dat
C:\Windows\system32\perfd005.dat
C:\Windows\system32\perfh012.dat
C:\Windows\system32\perfc012.dat
C:\Windows\system32\perfi012.dat
C:\Windows\system32\perfd012.dat
C:\Windows\system32\perfh01D.dat
C:\Windows\system32\perfc01D.dat
C:\Windows\system32\perfi01D.dat
C:\Windows\system32\perfd01D.dat

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===
 

CHR dev: Chrome dev build detected! <======= ATTENTION


Your copy of Chrome has been compromised

Re-install Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants.


Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#3 Tr1pL1ek1D0

Tr1pL1ek1D0
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 29 May 2015 - 01:50 PM

 Results of screen317's Security Check version 1.002  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
ESET Smart Security 5.0   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 31  
 Java version 32-bit out of Date! 
 Adobe Flash Player 17.0.0.169  
 Adobe Reader XI  
 Google Chrome (43.0.2357.81) 
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 
Above is the checkup.txt that was asked for in the reply. I now have 3.68GB instead of +/- 25MB or less, I will continue to monitor the SSD for signs of abnormal filling up. Thank you very much for the help!
 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:41 PM

Posted 30 May 2015 - 07:26 AM

Let me know of any further issues.

#5 Tr1pL1ek1D0

Tr1pL1ek1D0
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 31 May 2015 - 07:13 PM

Hello again, still having the same issues as far as the C: drive filling up for apparently no reason. If I could get some help, I'd be much appreciated!



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:41 PM

Posted 01 June 2015 - 06:39 AM


Your addition.txt file shows some possible problems with Windows updates or your Restore point.

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

#7 Tr1pL1ek1D0

Tr1pL1ek1D0
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 01 June 2015 - 09:42 AM

As requested, the log is listed below.

 

Farbar Service Scanner Version: 17-01-2015
Ran by Zack (administrator) on 01-06-2015 at 10:41:28
Running from "C:\Users\Zack\Downloads"
Microsoft Windows 7 Enterprise  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:41 PM

Posted 01 June 2015 - 12:36 PM


Check the setting on your Windows restore points.

http://www.howtogeek.com/howto/windows-vista/change-how-often-system-restore-creates-restore-points-in-windows-vista/

Change it if the settings do not meet your needs.

Keep me posted.

#9 Tr1pL1ek1D0

Tr1pL1ek1D0
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 01 June 2015 - 01:26 PM

I have checked these settings, but nothing seems to be awry with them. 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:41 PM

Posted 02 June 2015 - 06:52 AM

I Googled this string ssd boot drive filling up

The best link I found was this one http://www.sevenforums.com/performance-maintenance/99862-ssd-boot-drive-filled-up-need-clean-up-3.html

After trying a few fixes and the situation is the same please start a new topic in the Hardware internal forum.
http://www.bleepingcomputer.com/forums/f/7/internal-hardware/

This is not caused by malware and is not my forte.

I will leave this topic open if you need to return please do.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:41 PM

Posted 08 June 2015 - 07:59 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users