Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something is filling my hard drive up with empty files...?


  • This topic is locked This topic is locked
52 replies to this topic

#1 FasrFifty

FasrFifty

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:05:38 PM

Posted 26 January 2016 - 07:25 PM

Hello everyone. First of all I want to say you guys are great! I was able to rid my mom's desktop of an annoying virus thanks to you guys. I hope you are able to help me with my laptop now as well.

Somehow, there are random files being created on my hard drive and I have no idea how or why. They are always empty. The names are just a random string of letters and numbers. I have googled my problem and have been unable to find anything helpful relating to the issue I am having. 

I recently ran into the issue of my hard drive being too full to download a program. This doesn't make sense. I have my hard drive split into 2 partitions, my c: is 110 gigs and my d: is 110 gigs. I use the d: for all my movies and everything else is on my c:. When I check the properties of my user account it is taking up 45 gigs of space. I know the OS and program files take up some room but it doesnt make sense for them to take up the rest of the hard drive. I have had this computer for years and it was never an issue. I don't understand how it could be full.

The only reason I noticed these empty files is because on my d: when i open it up it is just a list of movies. There's not a bunch of files leading to files, or complex pathways or however you say it. (Sorry i am not very technologically inclined so I am having a hard time trying to describe what i mean.) So anyway, on my D: is where i first noticed these weird named files showing up randomly. Now, i think the same thing is what has used up all the space on my C:, but the problem is I have to idea where abouts on the drive these files are being made.

 

Also I use AVG Free and it is not detecting any viruses.

 

So first question is, would it be a virus or something making these files? 

 

Second, is there any point in even trying to remove the virus (if applicable), or should I just do a factory reset. Because right now, I have no room left on my hard drive anyway. So I either need to fix whatever is making these files, AND find out where they all are and delete them all...it sounds like a big order because I'm certain there is thousands of them. It would probably be easier and far quicker to restore it back to factory settings.

 

I appreciate any help or advice anyone can give me, Thanks.

 

Lora

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by Lora (administrator) on NOT-PC (15-01-2016 22:54:22)
Running from C:\Users\Lora\FrostWire\Desktop\Downloads
Loaded Profiles: Lora (Available Profiles: Lora & Jaedyn & Clarence)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TorchMedia Inc.) C:\Users\Lora\AppData\Local\Torch\Update\TorchCrashHandler.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\loggingserver.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(BitTorrent Inc.) C:\Users\Lora\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\Lora\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(BitTorrent Inc.) C:\Users\Lora\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officec2rclient.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriver.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11780712 2011-02-26] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2149160 2010-05-20] (Synaptics Incorporated)
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-01] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe [87336 2010-09-19] (CyberLink Corp.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780008 2015-10-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2814864 2015-12-31] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKU\S-1-5-21-3165291254-1560408694-3473088485-1001\...\Run: [ProxifyTrayApp] => C:\Program Files (x86)\Proxify Tray Application\Proxify Tray Application.exe
HKU\S-1-5-21-3165291254-1560408694-3473088485-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3165291254-1560408694-3473088485-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3165291254-1560408694-3473088485-1001\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3165291254-1560408694-3473088485-1001\...\MountPoints2: {30255918-081d-11e4-aeb0-e811326f0c49} - F:\Startme.exe
HKU\S-1-5-21-3165291254-1560408694-3473088485-1001\...\MountPoints2: {8d2fff55-ffd5-11e3-aa6c-e811326f0c49} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3165291254-1560408694-3473088485-1001\...\MountPoints2: {8d2fff65-ffd5-11e3-aa6c-e811326f0c49} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3165291254-1560408694-3473088485-1001\...\MountPoints2: {a4f6e548-f62f-11e3-a89a-e811326f0c49} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3165291254-1560408694-3473088485-1001\...\MountPoints2: {ae7ac6e4-0e92-11e4-a3d8-e811326f0c49} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\start.exe
HKU\S-1-5-21-3165291254-1560408694-3473088485-1001\...\MountPoints2: {b7c8dc44-08cf-11e1-a12f-e811326f0c49} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL iexplore http://www.mgae.com/keylauncher/?code=3654334281982601
HKU\S-1-5-21-3165291254-1560408694-3473088485-1001\...\MountPoints2: {e34b2984-a20b-11e3-b988-e811326f0c49} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3165291254-1560408694-3473088485-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2012-08-28]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Jaedyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-05-01]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Lora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-05-06]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Lora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-04-12]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicyUsers\S-1-5-21-3165291254-1560408694-3473088485-1003\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-3165291254-1560408694-3473088485-1001] => 71.195.28.168:11069
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.9
Tcpip\..\Interfaces\{6B4CA48A-FB17-4A82-8839-FF7E0735E125}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{C1A6C780-A351-44F6-A9E0-E5A74A66CD39}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{E87D4AE6-A54E-4666-BFEC-1C7C05A84E01}: [DhcpNameServer] 192.168.1.254 75.153.176.9
 
Internet Explorer:
==================
HKU\S-1-5-21-3165291254-1560408694-3473088485-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={AAB3C300-648A-449E-8926-0B53D4800B4C}&mid=cc5a47c1d54447d19aac3958748be5ba-04ffadc6659463e53e0e2cc680e54f2367b75294&lang=en&ds=AVG&coid=avgtbavg&cmpid=0915wt&pr=sa&d=2015-09-10 22:39:41&v=4.1.6.294&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-3165291254-1560408694-3473088485-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3165291254-1560408694-3473088485-1001 -> {3385B5F7-542B-413E-9066-9E8AD00864BD} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-3165291254-1560408694-3473088485-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={AAB3C300-648A-449E-8926-0B53D4800B4C}&mid=cc5a47c1d54447d19aac3958748be5ba-04ffadc6659463e53e0e2cc680e54f2367b75294&lang=en&ds=AVG&coid=avgtbavg&cmpid=0915wt&pr=sa&d=2015-09-10 22:39:41&v=4.1.6.294&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll [2012-10-15] (AVG Technologies CZ, s.r.o.)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-10-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll [2012-10-15] (AVG Technologies CZ, s.r.o.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-03] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.2.4.155\AVG Web TuneUp.dll [2015-12-31] (AVG)
BHO-x32: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [2010-10-25] ()
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-03] (Oracle Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-3165291254-1560408694-3473088485-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll [2012-03-27] (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll [2012-03-27] (AVG Technologies CZ, s.r.o.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-06] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-01] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll [2013-12-04] (Skype)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-01] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.4\\npsitesafety.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll [2013-12-04] (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @unity3d.com/UnityPlayer,version=1.0 -> C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-27] (Unity Technologies ApS)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin-x32: TorchVLC -> C:\Users\Lora\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF Plugin HKU\S-1-5-21-3165291254-1560408694-3473088485-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-03-24] (Sony Network Entertainment International LLC)
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\Firefox4 [2013-05-22] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.ca/
CHR StartupUrls: Default -> "hxxp://www.google.ca/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL => No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 6 U33) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.330.3) - C:\windows\SysWOW64\npdeployJava1.dll => No File
CHR Profile: C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2015-04-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lora\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-31]
CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx [2012-07-26]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2797752 2015-10-13] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-11-30] () [File not signed]
R2 TorchCrashHandler; C:\Users\Lora\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217032 2014-10-29] (TorchMedia Inc.) <==== ATTENTION
R2 vToolbarUpdater40.2.4; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe [1923984 2015-12-31] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1164688 2015-12-31] ()
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2010-12-07] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2010-12-07] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2010-12-07] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2010-12-07] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29696 2010-11-29] (LG Electronics Inc.)
S3 AndNetGps; C:\Windows\System32\DRIVERS\lgandnetgps64.sys [28672 2010-11-29] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2010-11-29] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [100352 2010-11-29] (LG Electronics Inc)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [36256 2009-11-13] (Google Inc) [File not signed]
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2014-09-06] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [300464 2015-08-04] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S3 Leapfrog-USBLAN; C:\Windows\System32\DRIVERS\btblan.sys [40320 2012-09-28] (Belcarra Technologies) [File not signed]
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2014-09-06] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-07-23] (Windows ® 2003 DDK 3790 provider)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2010-10-21] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2010-10-21] (LG Electronics Inc.)
S3 UsbGps; C:\Windows\System32\DRIVERS\lgx64gps.sys [27136 2010-10-21] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2010-10-21] (LG Electronics Inc.)
S3 easytether; system32\DRIVERS\easytthr.sys [X]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-15 22:53 - 2016-01-15 22:54 - 00000000 ____D C:\FRST
2016-01-15 22:26 - 2016-01-15 22:26 - 00002096 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2016-01-15 22:26 - 2016-01-15 22:26 - 00002084 _____ C:\Users\Public\Desktop\Belarc Advisor.lnk
2016-01-15 22:26 - 2016-01-15 22:26 - 00000000 ____D C:\Program Files (x86)\Belarc
2016-01-15 21:31 - 2016-01-15 21:31 - 00003196 _____ C:\windows\System32\Tasks\{3DEC3119-FAFD-4D92-941F-F9F8E26CD3CA}
2016-01-15 21:08 - 2016-01-15 21:08 - 00000000 ___HD C:\OneDriveTemp
2016-01-15 20:48 - 2016-01-15 20:48 - 00000000 _____ C:\windows\SysWOW64\sho9203.tmp
2016-01-12 19:29 - 2015-12-11 10:57 - 01164800 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-01-12 19:29 - 2015-12-08 13:53 - 00509952 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2016-01-12 19:29 - 2015-12-08 11:07 - 00624640 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2016-01-12 19:29 - 2015-11-13 15:09 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\mapistub.dll
2016-01-12 19:29 - 2015-11-13 15:09 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\mapi32.dll
2016-01-12 19:29 - 2015-11-13 15:08 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\fixmapi.exe
2016-01-12 19:29 - 2015-11-13 14:50 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mapistub.dll
2016-01-12 19:29 - 2015-11-13 14:50 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mapi32.dll
2016-01-12 19:29 - 2015-11-13 14:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\fixmapi.exe
2016-01-12 19:25 - 2015-12-08 13:54 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2016-01-12 19:25 - 2015-12-08 13:54 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2016-01-12 19:25 - 2015-12-08 13:54 - 01568768 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVENCOD.DLL
2016-01-12 19:25 - 2015-12-08 13:54 - 01325056 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOE.DLL
2016-01-12 19:25 - 2015-12-08 13:54 - 00902144 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOD.DLL
2016-01-12 19:25 - 2015-12-08 13:54 - 00815616 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOE.DLL
2016-01-12 19:25 - 2015-12-08 13:54 - 00740352 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmpmde.dll
2016-01-12 19:25 - 2015-12-08 13:54 - 00739328 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOD.DLL
2016-01-12 19:25 - 2015-12-08 13:54 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVXENCD.DLL
2016-01-12 19:25 - 2015-12-08 13:54 - 00541184 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSDECD.DLL
2016-01-12 19:25 - 2015-12-08 13:54 - 00358400 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSENCD.DLL
2016-01-12 19:25 - 2015-12-08 13:54 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\VIDRESZR.DLL
2016-01-12 19:25 - 2015-12-08 13:53 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2016-01-12 19:25 - 2015-12-08 13:53 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2016-01-12 19:25 - 2015-12-08 13:53 - 00970240 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2adec.dll
2016-01-12 19:25 - 2015-12-08 13:53 - 00829952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-12 19:25 - 2015-12-08 13:53 - 00609280 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFWMAAEC.DLL
2016-01-12 19:25 - 2015-12-08 13:53 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2016-01-12 19:25 - 2015-12-08 13:53 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2016-01-12 19:25 - 2015-12-08 13:53 - 00415744 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP4SDECD.DLL
2016-01-12 19:25 - 2015-12-08 13:53 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2016-01-12 19:25 - 2015-12-08 13:53 - 00241152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MPG4DECD.DLL
2016-01-12 19:25 - 2015-12-08 13:53 - 00241152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP43DECD.DLL
2016-01-12 19:25 - 2015-12-08 13:53 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-12 19:25 - 2015-12-08 13:53 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\qasf.dll
2016-01-12 19:25 - 2015-12-08 13:53 - 00193536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksproxy.ax
2016-01-12 19:25 - 2015-12-08 13:53 - 00153600 _____ (Microsoft Corporation) C:\windows\SysWOW64\COLORCNV.DLL
2016-01-12 19:25 - 2015-12-08 13:53 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2016-01-12 19:25 - 2015-12-08 13:53 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP3DMOD.DLL
2016-01-12 19:25 - 2015-12-08 13:53 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\devenum.dll
2016-01-12 19:25 - 2015-12-08 13:53 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfvdsp.dll
2016-01-12 19:25 - 2015-12-08 13:53 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2016-01-12 19:25 - 2015-12-08 13:53 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2016-01-12 19:25 - 2015-12-08 13:53 - 00004608 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksuser.dll
2016-01-12 19:25 - 2015-12-08 13:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2016-01-12 19:25 - 2015-12-08 11:07 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2016-01-12 19:25 - 2015-12-08 11:07 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2016-01-12 19:25 - 2015-12-08 11:07 - 01955328 _____ (Microsoft Corporation) C:\windows\system32\WMVENCOD.DLL
2016-01-12 19:25 - 2015-12-08 11:07 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2016-01-12 19:25 - 2015-12-08 11:07 - 01575424 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOE.DLL
2016-01-12 19:25 - 2015-12-08 11:07 - 01573888 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2016-01-12 19:25 - 2015-12-08 11:07 - 01307136 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2adec.dll
2016-01-12 19:25 - 2015-12-08 11:07 - 01232896 _____ (Microsoft Corporation) C:\windows\system32\WMADMOD.DLL
2016-01-12 19:25 - 2015-12-08 11:07 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\MSMPEG2ENC.DLL
2016-01-12 19:25 - 2015-12-08 11:07 - 01153024 _____ (Microsoft Corporation) C:\windows\system32\WMADMOE.DLL
2016-01-12 19:25 - 2015-12-08 11:07 - 01026048 _____ (Microsoft Corporation) C:\windows\system32\wmpmde.dll
2016-01-12 19:25 - 2015-12-08 11:07 - 01010688 _____ (Microsoft Corporation) C:\windows\system32\mcmde.dll
2016-01-12 19:25 - 2015-12-08 11:07 - 00978944 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOD.DLL
2016-01-12 19:25 - 2015-12-08 11:07 - 00666112 _____ (Microsoft Corporation) C:\windows\system32\WMVSDECD.DLL
2016-01-12 19:25 - 2015-12-08 11:07 - 00653824 _____ (Microsoft Corporation) C:\windows\system32\MP4SDECD.DLL
2016-01-12 19:25 - 2015-12-08 11:07 - 00642048 _____ (Microsoft Corporation) C:\windows\system32\WMVXENCD.DLL
2016-01-12 19:25 - 2015-12-08 11:07 - 00632320 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2016-01-12 19:25 - 2015-12-08 11:07 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\MFWMAAEC.DLL
2016-01-12 19:25 - 2015-12-08 11:07 - 00447488 _____ (Microsoft Corporation) C:\windows\system32\WMVSENCD.DLL
2016-01-12 19:25 - 2015-12-08 11:07 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2016-01-12 19:25 - 2015-12-08 11:07 - 00378880 _____ (Microsoft Corporation) C:\windows\system32\SysFxUI.dll
2016-01-12 19:25 - 2015-12-08 11:07 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2016-01-12 19:25 - 2015-12-08 11:07 - 00292352 _____ (Microsoft Corporation) C:\windows\system32\VIDRESZR.DLL
2016-01-12 19:25 - 2015-12-08 11:07 - 00254464 _____ (Microsoft Corporation) C:\windows\system32\qasf.dll
2016-01-12 19:25 - 2015-12-08 11:07 - 00225792 _____ (Microsoft Corporation) C:\windows\system32\RESAMPLEDMO.DLL
2016-01-12 19:25 - 2015-12-08 11:07 - 00224768 _____ (Microsoft Corporation) C:\windows\system32\MPG4DECD.DLL
2016-01-12 19:25 - 2015-12-08 11:07 - 00223744 _____ (Microsoft Corporation) C:\windows\system32\MP43DECD.DLL
2016-01-12 19:25 - 2015-12-08 11:07 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2016-01-12 19:25 - 2015-12-08 11:07 - 00189952 _____ (Microsoft Corporation) C:\windows\system32\COLORCNV.DLL
2016-01-12 19:25 - 2015-12-08 11:07 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\MP3DMOD.DLL
2016-01-12 19:25 - 2015-12-08 11:07 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\devenum.dll
2016-01-12 19:25 - 2015-12-08 11:07 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\mfvdsp.dll
2016-01-12 19:25 - 2015-12-08 11:07 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2016-01-12 19:25 - 2015-12-08 11:07 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\ksuser.dll
2016-01-12 19:25 - 2015-12-08 11:06 - 00250880 _____ (Microsoft Corporation) C:\windows\system32\ksproxy.ax
2016-01-12 19:25 - 2015-12-08 11:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2016-01-12 19:25 - 2015-12-08 11:04 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2016-01-12 19:25 - 2015-12-08 10:54 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2016-01-12 19:25 - 2015-12-08 10:12 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2016-01-12 19:25 - 2015-12-08 10:11 - 00005632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmkaud.sys
2016-01-12 19:24 - 2015-12-23 15:13 - 00387784 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-01-12 19:24 - 2015-12-23 14:52 - 00341192 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-01-12 19:24 - 2015-12-12 10:54 - 25837568 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-01-12 19:24 - 2015-12-12 10:31 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-01-12 19:24 - 2015-12-12 10:30 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-01-12 19:24 - 2015-12-12 10:16 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-01-12 19:24 - 2015-12-12 10:15 - 02887168 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-01-12 19:24 - 2015-12-12 10:15 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-01-12 19:24 - 2015-12-12 10:15 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-01-12 19:24 - 2015-12-12 10:15 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-01-12 19:24 - 2015-12-12 10:14 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-01-12 19:24 - 2015-12-12 10:07 - 06051328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-01-12 19:24 - 2015-12-12 10:07 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-01-12 19:24 - 2015-12-12 10:07 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-01-12 19:24 - 2015-12-12 10:03 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-01-12 19:24 - 2015-12-12 10:02 - 20367360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-01-12 19:24 - 2015-12-12 10:02 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-01-12 19:24 - 2015-12-12 10:02 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-01-12 19:24 - 2015-12-12 10:02 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-01-12 19:24 - 2015-12-12 10:02 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-01-12 19:24 - 2015-12-12 09:55 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-01-12 19:24 - 2015-12-12 09:51 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-01-12 19:24 - 2015-12-12 09:49 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-01-12 19:24 - 2015-12-12 09:44 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-01-12 19:24 - 2015-12-12 09:40 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-01-12 19:24 - 2015-12-12 09:39 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-01-12 19:24 - 2015-12-12 09:37 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-01-12 19:24 - 2015-12-12 09:37 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-01-12 19:24 - 2015-12-12 09:37 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-01-12 19:24 - 2015-12-12 09:37 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-01-12 19:24 - 2015-12-12 09:36 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-01-12 19:24 - 2015-12-12 09:36 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-01-12 19:24 - 2015-12-12 09:35 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-01-12 19:24 - 2015-12-12 09:33 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-01-12 19:24 - 2015-12-12 09:31 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-01-12 19:24 - 2015-12-12 09:30 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-01-12 19:24 - 2015-12-12 09:28 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-01-12 19:24 - 2015-12-12 09:27 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-01-12 19:24 - 2015-12-12 09:27 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-01-12 19:24 - 2015-12-12 09:27 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-01-12 19:24 - 2015-12-12 09:25 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-01-12 19:24 - 2015-12-12 09:23 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-01-12 19:24 - 2015-12-12 09:22 - 00718336 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-01-12 19:24 - 2015-12-12 09:21 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-01-12 19:24 - 2015-12-12 09:20 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-01-12 19:24 - 2015-12-12 09:19 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-01-12 19:24 - 2015-12-12 09:18 - 14457856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-01-12 19:24 - 2015-12-12 09:14 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-12 19:24 - 2015-12-12 09:12 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-01-12 19:24 - 2015-12-12 09:10 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-01-12 19:24 - 2015-12-12 09:10 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-01-12 19:24 - 2015-12-12 09:09 - 04610560 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-01-12 19:24 - 2015-12-12 09:08 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-01-12 19:24 - 2015-12-12 09:06 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-01-12 19:24 - 2015-12-12 09:02 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-01-12 19:24 - 2015-12-12 09:00 - 12856320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-01-12 19:24 - 2015-12-12 09:00 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-01-12 19:24 - 2015-12-12 09:00 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-01-12 19:24 - 2015-12-12 09:00 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-01-12 19:24 - 2015-12-12 08:54 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-01-12 19:24 - 2015-12-12 08:42 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-01-12 19:24 - 2015-12-12 08:41 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-01-12 19:24 - 2015-12-12 08:38 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-01-12 19:24 - 2015-12-12 08:36 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-01-12 19:23 - 2015-12-30 11:08 - 05572544 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-01-12 19:23 - 2015-12-30 11:01 - 01214464 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-01-12 19:23 - 2015-12-30 11:01 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-01-12 19:23 - 2015-12-30 10:58 - 01461248 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-01-12 19:23 - 2015-12-30 10:57 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-01-12 19:23 - 2015-12-30 10:38 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-01-12 19:23 - 2015-12-08 13:53 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-01-12 19:23 - 2015-12-08 13:52 - 00312320 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-01-12 19:23 - 2015-12-08 11:07 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-01-12 19:23 - 2015-12-08 11:07 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-01-12 19:23 - 2015-11-16 17:11 - 00025024 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-01-12 19:23 - 2015-11-16 17:08 - 01381376 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-01-12 19:23 - 2015-11-16 17:08 - 00792064 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-01-12 19:23 - 2015-11-16 17:08 - 00705536 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-01-12 19:23 - 2015-11-16 17:08 - 00505856 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-01-12 19:23 - 2015-11-16 17:08 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-01-12 19:23 - 2015-11-16 12:17 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-01-12 19:22 - 2015-12-30 11:08 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-01-12 19:22 - 2015-12-30 11:08 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-01-12 19:22 - 2015-12-30 11:05 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-01-12 19:22 - 2015-12-30 11:02 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-01-12 19:22 - 2015-12-30 11:02 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-01-12 19:22 - 2015-12-30 11:02 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-01-12 19:22 - 2015-12-30 11:02 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-01-12 19:22 - 2015-12-30 11:02 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-01-12 19:22 - 2015-12-30 11:02 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-01-12 19:22 - 2015-12-30 11:01 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-01-12 19:22 - 2015-12-30 11:01 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-01-12 19:22 - 2015-12-30 11:01 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-01-12 19:22 - 2015-12-30 11:01 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-01-12 19:22 - 2015-12-30 11:01 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-01-12 19:22 - 2015-12-30 11:00 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-01-12 19:22 - 2015-12-30 10:59 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-01-12 19:22 - 2015-12-30 10:59 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-01-12 19:22 - 2015-12-30 10:59 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-01-12 19:22 - 2015-12-30 10:58 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-01-12 19:22 - 2015-12-30 10:57 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-01-12 19:22 - 2015-12-30 10:57 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-01-12 19:22 - 2015-12-30 10:55 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-01-12 19:22 - 2015-12-30 10:55 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-01-12 19:22 - 2015-12-30 10:55 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-01-12 19:22 - 2015-12-30 10:54 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-01-12 19:22 - 2015-12-30 10:54 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-01-12 19:22 - 2015-12-30 10:54 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:54 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:54 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:54 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:54 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:54 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:54 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:47 - 03993536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-01-12 19:22 - 2015-12-30 10:47 - 03938240 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-01-12 19:22 - 2015-12-30 10:44 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-01-12 19:22 - 2015-12-30 10:41 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-01-12 19:22 - 2015-12-30 10:41 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-01-12 19:22 - 2015-12-30 10:41 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-01-12 19:22 - 2015-12-30 10:41 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-01-12 19:22 - 2015-12-30 10:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-01-12 19:22 - 2015-12-30 10:41 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-01-12 19:22 - 2015-12-30 10:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-01-12 19:22 - 2015-12-30 10:41 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-01-12 19:22 - 2015-12-30 10:40 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-01-12 19:22 - 2015-12-30 10:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-01-12 19:22 - 2015-12-30 10:39 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-01-12 19:22 - 2015-12-30 10:39 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-01-12 19:22 - 2015-12-30 10:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-01-12 19:22 - 2015-12-30 10:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-01-12 19:22 - 2015-12-30 10:38 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-01-12 19:22 - 2015-12-30 10:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-01-12 19:22 - 2015-12-30 10:37 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-01-12 19:22 - 2015-12-30 10:37 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:37 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:37 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 10:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 09:57 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-01-12 19:22 - 2015-12-30 09:50 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-01-12 19:22 - 2015-12-30 09:49 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-01-12 19:22 - 2015-12-30 09:44 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-01-12 19:22 - 2015-12-30 09:43 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-01-12 19:22 - 2015-12-30 09:42 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-01-12 19:22 - 2015-12-30 09:42 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-01-12 19:22 - 2015-12-30 09:41 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-01-12 19:22 - 2015-12-30 09:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-01-12 19:22 - 2015-12-30 09:32 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-01-12 19:22 - 2015-12-30 09:32 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-01-12 19:22 - 2015-12-30 09:32 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-01-12 19:22 - 2015-12-30 09:32 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-01-12 19:22 - 2015-12-30 09:30 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-01-12 19:22 - 2015-12-30 09:30 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 09:30 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 09:30 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-12 19:22 - 2015-12-30 09:30 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-02 14:17 - 2016-01-02 14:17 - 00000000 ____D C:\Users\Jaedyn\AppData\Local\{5EEF0D17-307A-4CF6-B665-BA17795CEDA2}
2015-12-26 20:35 - 2015-12-26 20:35 - 00000000 ____D C:\Users\Jaedyn\AppData\Local\{DBF579CA-8E96-4045-B44F-64644FB96424}
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-15 22:56 - 2012-06-27 21:55 - 00000000 ____D C:\Users\Lora\AppData\Roaming\uTorrent
2016-01-15 22:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2016-01-15 22:51 - 2012-06-09 23:08 - 00007680 ___SH C:\Users\Lora\Thumbs.db
2016-01-15 22:39 - 2009-07-13 20:45 - 00028848 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-15 22:39 - 2009-07-13 20:45 - 00028848 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-15 22:26 - 2011-05-22 05:10 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-15 22:23 - 2012-06-25 18:15 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-15 22:21 - 2012-06-07 22:59 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-01-15 22:17 - 2011-05-22 05:17 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
2016-01-15 22:17 - 2011-05-22 05:16 - 00000000 ____D C:\Program Files (x86)\CyberLink
2016-01-15 22:11 - 2011-09-21 21:40 - 00000000 ____D C:\Users\Lora\AppData\Local\CyberLink
2016-01-15 21:45 - 2014-10-12 18:11 - 00000000 ____D C:\Users\Lora\AppData\Roaming\Microsoft Games
2016-01-15 21:45 - 2014-10-12 17:55 - 00000000 ____D C:\ProgramData\Microsoft Games
2016-01-15 21:45 - 2014-10-05 02:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2016-01-15 21:28 - 2011-09-19 19:59 - 00000000 ____D C:\ProgramData\MFAData
2016-01-15 21:13 - 2015-12-02 18:56 - 00000000 ____D C:\Users\Lora\AppData\LocalLow\uTorrent
2016-01-15 21:11 - 2009-07-13 21:13 - 00783464 _____ C:\windows\system32\PerfStringBackup.INI
2016-01-15 21:11 - 2009-07-13 19:20 - 00000000 ____D C:\windows\inf
2016-01-15 21:08 - 2015-05-06 08:52 - 00000000 ___RD C:\Users\Lora\OneDrive
2016-01-15 21:05 - 2012-06-25 18:15 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-15 21:04 - 2014-10-28 14:04 - 00000000 ____D C:\ProgramData\TorchCrashHandler
2016-01-15 21:02 - 2009-07-13 21:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-01-15 20:56 - 2014-12-10 03:43 - 00000000 ____D C:\windows\system32\appraiser
2016-01-15 20:56 - 2014-05-02 02:00 - 00000000 ___SD C:\windows\system32\CompatTel
2016-01-15 20:56 - 2013-01-21 23:25 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-15 20:52 - 2012-05-17 19:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-15 20:52 - 2012-05-17 19:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-15 20:31 - 2013-02-02 03:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-15 20:21 - 2013-08-20 04:56 - 00003914 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{DFF879AB-9E88-4FF0-832A-7CEB516A7AB6}
2016-01-13 21:21 - 2013-07-21 02:10 - 00000000 ____D C:\windows\system32\MRT
2016-01-13 21:21 - 2011-09-29 19:42 - 143671360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-01-13 21:11 - 2009-07-13 18:34 - 00000478 _____ C:\windows\win.ini
2016-01-12 18:45 - 2014-12-13 13:17 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-01-12 18:43 - 2015-06-29 22:04 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-10 20:56 - 2012-06-27 23:13 - 00000000 ____D C:\Users\Lora\AppData\Roaming\vlc
2016-01-09 12:30 - 2011-09-23 17:58 - 00000000 ____D C:\Users\Lora\AppData\Local\CrashDumps
2016-01-08 20:28 - 2014-12-03 00:51 - 00000000 ____D C:\ProgramData\APN
2016-01-08 17:57 - 2015-05-03 19:37 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-08 17:56 - 2015-05-03 19:37 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-08 17:56 - 2015-05-03 19:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-03 09:49 - 2013-02-01 17:55 - 00000000 ____D C:\Users\Clarence
2016-01-03 09:45 - 2011-09-19 19:21 - 00000000 ____D C:\Users\Lora
2016-01-03 01:37 - 2013-08-19 19:50 - 00003922 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{AE9AA3AB-BF46-4A1C-BC34-B3F02710911C}
2016-01-02 18:05 - 2013-07-31 07:07 - 00000000 ____D C:\Users\Jaedyn\AppData\Roaming\vlc
2016-01-01 22:08 - 2012-11-13 21:23 - 00000000 ____D C:\Users\Jaedyn\AppData\Local\Google
2016-01-01 21:21 - 2012-06-07 22:59 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-01-01 21:21 - 2012-06-07 22:59 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-01 21:21 - 2012-06-07 22:59 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-12-31 18:30 - 2015-09-10 21:39 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2015-12-27 21:05 - 2011-09-24 18:52 - 00000000 ____D C:\Users\Jaedyn\AppData\Local\CrashDumps
2015-12-27 15:02 - 2015-04-05 18:45 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-12-27 15:02 - 2015-04-05 18:44 - 00000000 ___SD C:\windows\system32\GWX
2015-12-26 20:35 - 2011-10-03 22:27 - 00000000 ____D C:\Users\Jaedyn\AppData\Local\Windows Live
 
==================== Files in the root of some directories =======
 
2012-09-30 23:47 - 2012-09-30 23:50 - 23759265 _____ (Igor Pavlov) C:\Program Files\tor-browser-2.2.39-1_en-US.exe
2014-07-09 22:05 - 2014-07-09 22:18 - 0000813 _____ () C:\ProgramData\hpzinstall.log
2011-05-22 05:28 - 2011-05-22 05:29 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-05-22 05:16 - 2011-05-22 05:17 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2011-05-22 05:23 - 2011-05-22 05:24 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-05-22 05:17 - 2011-05-22 05:23 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2011-05-22 05:24 - 2011-05-22 05:28 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
 
Some files in TEMP:
====================
C:\Users\Jaedyn\AppData\Local\Temp\7a3a2pbb.dll
C:\Users\Jaedyn\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Lora\AppData\Local\Temp\_is1C4.exe
C:\Users\Lora\AppData\Local\Temp\_isADFA.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-15 09:44
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 polskamachina

polskamachina

  • Malware Response Team
  • 4,034 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:38 PM

Posted 28 January 2016 - 04:31 PM

Hi FasrFifty :)

 

My name is polskamachina and I would like to welcome you to the Malware Removal Forum. I will be helping you with your malware issues.

What follows below are some ground rules for this forum.

I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-8 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Please give me some time to review your situation and I will get back to you with further instructions.

 

polskamachina



#3 FasrFifty

FasrFifty
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:05:38 PM

Posted 28 January 2016 - 04:45 PM

Thank you very much. I will await your further instructions.

#4 polskamachina

polskamachina

  • Malware Response Team
  • 4,034 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:38 PM

Posted 31 January 2016 - 01:52 AM

Hi FasrFifty :)

 

I am still putting together a fix for your computer. :busy:

 

Thank your for your patience.

 

polskamachina



#5 polskamachina

polskamachina

  • Malware Response Team
  • 4,034 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:38 PM

Posted 31 January 2016 - 07:17 PM

Hi FasrFifty :)
 
There are several issues that need to be corrected. Let's get started.
 
We need to uninstall AVG from your browser with Revo Uninstaller Free. This is what is causing your hard drive to fill up.

Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an alternative method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • One at a time, double-click on the listed programs below, or anything similar, to remove it:
  • AVG Security Toolbar
  • AVG SafeGuard Toolbar
  • AVG Web TuneUP
  • When prompted if you want to uninstall click Yes
  • Be sure the Advanced option is selected then click Next
  • The program will run. If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Click on, Select all (do not manually check or uncheck any of the boxes!), then click Delete
  • When prompted click on Yes and then on Next
  • This deletion process may occur several times. The action is always the same. Select all, then Delete.
  • When prompted select Yes, then Next
  • Once done, click Finish
  • Repeat this process for all three of the programs in the above list.
  • If asked to restart you computer, please do so but not until Revo has completed removing each program.

Next:

Going over your logs I noticed that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove this program, use Revo Uninstaller as previously directed.

If you wish to keep it, please do not use it until your computer is cleaned.
 
Next:
 
I noticed these programs installed on your system. Do you recognize them?

Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Next:
 
Please download, install, and run Windirstat This program will open a Windows-type Explorer view of your folder structure. When completed, you will see the folders which are using the most disk space at the top of the list. Expand each of those folders and soon you will come to a folder which will be hogging lots of disk space. The path of the folder in question will most likely be:

C:\Users\Username\AppData\Local\Packages\Windows_ie_ac_001\AC

Let me know if that path matches your results. Last but not least, I will need a screen shot of Windirstat that shows the size and name of the offending folder(s). Instructions to post your screen shot are here if you need them.

In summary I will need from you:

  • Confirmation that you were able to uninstall all of the AVG toolbars and WebTuneUp
  • Whether or not you uninstalled µTorrent
  • Did you recognize the list of programs I flagged from your system?
  • The name of the folder on your hard drive that is eating up your hard drive space with an accompanying screen shot.

Let me know if you have any questions.
 
polskamacahina



#6 FasrFifty

FasrFifty
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:05:38 PM

Posted 01 February 2016 - 10:53 PM

Hello polskamacahina and thanks for the quick reply.

Last night my AVG picked up a threat.

 

Threat: Could be a Trojan horse JS/Exploit

Object name: C:\Users\Lora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLV7NZKC\search[1].htm

Severity: High

State: Secured

Identified by: Scan

Date: 31/01/2016, 1:24:55 PM

 

Before I go ahead and start what you instructed I just want to make sure this doesn't affect any of the instructions you gave me.

Thanks.

Lora



#7 polskamachina

polskamachina

  • Malware Response Team
  • 4,034 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:38 PM

Posted 02 February 2016 - 12:36 PM

Hi FasrFifty :)
 
As long as AVG quarantined the object, you should be ok. I noticed you have an outdated version of Java. That in itself poses a security risk. I would have suggested that you uninstall your present version of Java but we have to give priority to the fact that your lack of disk space is at a critical level.
 
Please proceed with the previous instructions.
 
Let me know if you have any questions.
 
polskamachina



#8 FasrFifty

FasrFifty
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:05:38 PM

Posted 03 February 2016 - 12:54 AM

Polskamachina,

 

Ok, so first things first. I installed Revo Installer. AVG Security Toolbar and AVG SafeGuard Toolbar were not on the list of items to uninstall, I Uninstalled AVG Webtuneup as well as uTorrent,

 

The list of programs you asked if I recognized, all of them say Windows Live which I recognize, but I have no idea what all the gibberish at the beginning is? So I would guess the answer is no??

 

WOW. The Windirstat program is so cool. I love the way you can see the breakdown all color coordinated.

I was very surprised to notice what is alot of space is in my user account there is a file called FrostWire, which I don't think I have even used since I got this laptop, but I think my ex may have installed it a long time ago? Anyway it is using i think 25 gigs or so. I couldnt even find the file named

C:\Users\Username\AppData\Local\Packages\Windows_ie_ac_001\AC

After I got to local I couldn't the file "packages"

 

Here is the Windirstat screenshot

 

frostwire%20offender.jpg

 

So now I'm thinking maybe I was wrong about something filling up my hard drive with empty files, however, something IS still making empty files on my hard drive, I took a screenshot of what is going on in my d drive so you can see what i mean.

 

d%20drive%20new%20files.jpg

 

See all the File folders that's names are random letters and numbers? I don't know where those are coming from.

So when I first noticed them it was right after i noticed that my hard drive was almost full and I just figured they must have filled up my c drive then started on my d drive.

 

I Hope I have done everything correctly. I appreciate the help.

Thanks,

Lora.



#9 FasrFifty

FasrFifty
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:05:38 PM

Posted 05 February 2016 - 02:39 AM

polskamachina,

 

Hi. I had a look at the addition.txt that I attached and was scrolling through the list of programs and found a whole bunch more suspicious ones that say Windows Live, but also some other stuff that leads me to believe that it is NOT windows live.

 

Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
I noticed they all have the same version number, which also matches the version number of the list you originally pulled because they looked suspicious, So based on the fact that clearly isnt a coincidence, I also flagged this last program even though the spelling is all correct and there is no gibberish. It has the same version number, and it too is also hidden like the rest of them.
 
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
I don`t know what to do with all these, I am sure you will give me further instructions on what to do.
I appreciate you taking the time to help.
Sincerely,
Lora


#10 polskamachina

polskamachina

  • Malware Response Team
  • 4,034 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:38 PM

Posted 05 February 2016 - 11:13 AM

Hi Lora :)

 

Thank you for the update. I will check into those programs and see if they are simply unnecessary or indeed malware. I would still like to free up some disk space for you and am working on a fix.

 

polskamachina



#11 polskamachina

polskamachina

  • Malware Response Team
  • 4,034 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:38 PM

Posted 06 February 2016 - 04:43 PM

Hi Lora :)
 
I think what has happened with those strange looking Windows Live programs is that they were installed legitimately when Widows Live Essentials was installed with multiple language support. We have to unhide them before they can be removed.
 
Let's begin.

  • Please copy and paste the following text into a blank Notepad window. Make sure you get everything copied.
R2 vToolbarUpdater40.2.4; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.4\ToolbarUpdater.exe [1923984 2015-12-31] (AVG Secure Search)
C:\Program Files (x86)\Common Files\AVG Secure Search
Task: {310079E9-8AB3-48E4-867E-6BF46D830142} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
R2 TorchCrashHandler; C:\Users\Lora\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217032 2014-10-29] (TorchMedia Inc.) <==== ATTENTION
GroupPolicyUsers\S-1-5-21-3165291254-1560408694-3473088485-1003\User: Restriction <======= ATTENTION
Findfolder: AC;Frostwire*
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenGaleria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
  • Save the Notepad file to your downloads folder as fixlist.txt  Note: The fix will not work unless fixlist.txt and FRST64 are in the same folder.
  • Run FRST64. When the window opens up, click on the Fix button.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log, Fixlog.txt on your desktop.
  • Please copy and paste the log into your next reply to me.

Next:
 
We need to examine what's in your FrostWire folder before we haphazardly delete it. Please do the following:

  • Enter the elevated command prompt mode.
  • Copy and paste the following into the command prompt:
  • dir c:\users\FrostWire /s /o:-s > c:\users\FrostWire\Desktop\Frost.txt
  • This may take a while to execute.
  • When it has completed, a file on your desktop will appear named, Frost.txt
  • The file size may be rather large. Let me know if you have any trouble copying it and pasting it into your next reply to me.

Regarding your D: partition: I think those are media files that were downloaded with a file sharing service. I have already told you about the risks involved when using those kinds of files. It's up to you though if you want to delete them.
 
Please run WinDirStat again and take a screenshot of the D: partition but this time make sure that the directory tree in the left pane shows the file size breakdown of each folder. The column widths are adjustable so if you need to expand them to see the file sizes, please read the directions below:
 
Though the screenshot below isn't of the WinDirStat software, the implementation of the column adjustment will be the same.
90370d1379284787t-windows-explorer-colum
Left click and hold, then drag the column border to the left and right to adjust its width to what you would like it to be. Release the left click when finished with the adjustment.
 
You can do the same trick by hovering your mouse over the WinDirStat's, left pane's, scroll bar. The cursor will turn into a double-arrowed cursor which then can be used to drag the boundaries of the left pane's window size. Arrange the window to give the most detailed information that you can before taking the screenshot.
 
Next:

  • Enter the elevated command prompt mode again.
  • Copy and paste the following into the command prompt:
  • dir d: /s /o:-s > c:\users\FrostWire\Desktop\d_drive.txt
  • This may take a while to execute.
  • When it has completed, a file on your desktop will appear named, d_drive.txt
  • Please copy and paste that file into your next reply to me.

Finally, please run FRST64 again

  • When the window opens, check the box for Addition.txt.
  • Click on Scan.
  • When the scan has completed, please copy and paste the FRST.txt and Addition.txt logs into your next reply to me.

In summary I will need from you:

  • Fixlog.txt
  • Frost.txt
  • WinDirStat screenshot of D:  that shows the folder sizes
  • d_drive.txt
  • FRST.txt
  • Addition.txt

Let me know if you have any questions.
 
polskamachina



#12 FasrFifty

FasrFifty
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:05:38 PM

Posted 06 February 2016 - 05:28 PM

Polskamachina,

 

Hello again. Okay so when I first tried to save the notepad file I got an error message saying

 

This file contains characters in Unicode format which will be lost if you save this file as an ANSI encoded text file. To keep the Unicode information, click cancel below and then select one of the Unicode options from the encoding drop down list. Continue?

 

So i can see what it is referring to when I am in the "save as" window but I am not sure which encoding option to choose?

The options are ANSI, Unicode, Unicode big endian, or UTF-8.

 

Thanks.



#13 FasrFifty

FasrFifty
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:05:38 PM

Posted 06 February 2016 - 05:31 PM

Also, I was just looking into what I will be doing next, and when I tried to click on the "elevated command prompt" link you posted to find out how to do that, I was taken to an error message window saying that I do not have permission to view that forum.



#14 FasrFifty

FasrFifty
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:05:38 PM

Posted 06 February 2016 - 05:34 PM

Sorry, I figured out the elevated command prompt thing. The second link you posted on your reply worked.



#15 polskamachina

polskamachina

  • Malware Response Team
  • 4,034 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:38 PM

Posted 06 February 2016 - 08:44 PM

Hi Lora :)

So i can see what it is referring to when I am in the "save as" window but I am not sure which encoding option to choose?

The options are ANSI, Unicode, Unicode big endian, or UTF-8.

Select the Unicode option in Notepad. That should do the trick.

 

polskamachina






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users