Robosaver 6.1 and other addons/extensions.

[Eosomo]

Unable to remove a few ads/extensions with chrome.  Obviously it is probably going to infect more than just the browser.  Have run malwarebytes software and it still remains.

 

Attaching dds logs . Thank you.

dds.txt

attach.txt

[MrCharlie]

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

[Eosomo]

RogueKiller V8.8.1 _x64_ [Jan 14 2014] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Joseph [Admin rights]

Mode : Scan -- Date : 01/14/2014 19:25:12

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 4 ¤¤¤

[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Browser Addons : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

ÿþ1

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9750422AS +++++

--- User ---

[MBR] 5f721613b0692286a334127041edf2b5

[bSP] 786dd205d656b53cee9ac6a08e0e84e0 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 715402 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) INTEL SSDSC2CW240A3 +++++

--- User ---

[MBR] 8063e882528ef69c64747b0225a44264

[bSP] b164f63e5d43c7fa8061e0adc9f07613 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 228734 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_01142014_192512.txt >>

RKreport[0]_S_01142014_173740.txt

[MrCharlie]

Lets start with this:

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look similar to this, not "sponsored ad links":

• Double click on AdwCleaner.exe to run the tool.

  Vista/Windows 7/8 users right-click and select Run As Administrator

• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you may want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
• If you're ready to clean it all up.....click the Clean button.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted:
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a FULL Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[Eosomo]

# AdwCleaner v3.017 - Report created 15/01/2014 at 13:12:06

# Updated 12/01/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Joseph - GOONIE

# Running from : C:\Users\Joseph\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 

 

-\\ Google Chrome v31.0.1650.63

 

[ File : C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [4366 octets] - [14/01/2014 15:17:36]

AdwCleaner[R1].txt - [887 octets] - [14/01/2014 16:49:18]

AdwCleaner[R2].txt - [1001 octets] - [14/01/2014 16:51:18]

AdwCleaner[R3].txt - [1122 octets] - [15/01/2014 13:08:00]

AdwCleaner[R4].txt - [1182 octets] - [15/01/2014 13:09:01]

AdwCleaner[R5].txt - [1242 octets] - [15/01/2014 13:11:49]

AdwCleaner[s0].txt - [3793 octets] - [14/01/2014 15:19:12]

AdwCleaner[s1].txt - [947 octets] - [14/01/2014 16:50:06]

AdwCleaner[s2].txt - [1062 octets] - [14/01/2014 16:52:15]

AdwCleaner[s3].txt - [1164 octets] - [15/01/2014 13:12:06]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [1224 octets] ##########

[MrCharlie]

Why didn't you say you already ran this, want else have you run?

MrC

[Eosomo]

I ran these programs prior to posting on the forum so some of the logs may be lacking in showing their progress.  Current status shows Robosaver still in the extensions list of Chrome.  Though malwarebytes will fight the advertisement bar at the bottom of the screen and say it's blocking a certain IP address simultaneously, it's still infected.

[MrCharlie]

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

New window that comes up.

MrC

[Eosomo]

I've ran JRT, OTL, TDSSKiller, RogueKiller, FRST64, DDS

[Eosomo]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014 01

Ran by Joseph (administrator) on GOONIE on 15-01-2014 13:26:35

Running from C:\Users\Joseph\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Bison Inc.) C:\Program Files (x86)\BisonCam\PID_0361\DeLay.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

() C:\Program Files (x86)\Hotkey\Hotkey.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

(Farbar) C:\Users\Joseph\Downloads\FRST64 (1).exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2328360 2010-09-16] (Synaptics Incorporated)

HKLM\...\Run: [THXCfg64] - C:\Windows\system32\THXCfg64.dll [25600 2010-09-14] (Creative Technology Ltd.)

HKLM\...\Run: [DeLay] - C:\Program Files (x86)\BisonCam\PID_0361\DeLay.exe [53248 2008-12-05] (Bison Inc.)

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)

HKLM\...\Run: [intelliType Pro] - C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)

HKLM\...\Run: [intelliPoint] - C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-08] (NVIDIA Corporation)

HKLM\...\Run: [shadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-09] (NVIDIA Corporation)

HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)

HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)

HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1374720 2010-11-01] (Creative Technology Ltd)

HKLM-x32\...\Run: [updReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)

HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)

HKLM-x32\...\Run: [CLMLServer] - c:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-20] (CyberLink)

HKLM-x32\...\Run: [RemoteControl10] - c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-02] (CyberLink Corp.)

HKLM-x32\...\Run: [bDRegion] - c:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-11-11] (cyberlink)

HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

MountPoints2: {d8c405f9-719f-11e2-8e72-0090f5ccfbc0} - F:\Install.exe

AppInit_DLLs: C:\Windows\system32\nvinitx.dll [168616 2013-12-19] (NVIDIA Corporation)

AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [141336 2013-12-19] (NVIDIA Corporation)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE7B0BA2FD3FDCE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://searchab.com/?aff=7&uid=024a3010-719f-11e2-8454-0090f5ccfbc0&q={searchTerms}

BHO: No Name - {5511208F-050E-D564-498E-1ECA6BD5E128} -  No File

BHO-x32: No Name - {5511208F-050E-D564-498E-1ECA6BD5E128} -  No File

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.65

 

Chrome: 

=======

CHR Extension: (Google Wallet) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-18]

CHR HKCU\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\Joseph\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [2013-12-18]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Services (Whitelisted) =================

 

S2 CLKMSVC10_38F51D56; c:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2010-11-12] (CyberLink)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()

R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)

R2 nvsvc; C:\Windows\SysWOW64\nvvsvc.exe [0 2014-01-02] ()

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-04-24] ()

R2 PowerBiosServer; c:\Program Files (x86)\Hotkey\PowerBiosServer.exe [35328 2011-02-18] ()

R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2014-01-02] ()

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)

 

==================== Drivers (Whitelisted) ====================

 

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)

S3 SaiU0CFA; C:\Windows\System32\DRIVERS\SaiU0CFA.sys [41352 2010-07-21] (Saitek)

S3 smserial; C:\Windows\System32\DRIVERS\SmSerl64.sys [1227776 2009-06-10] (Motorola Inc.)

S3 GPU-Z; \??\C:\Users\Joseph\AppData\Local\Temp\GPU-Z.sys [x]

S3 WinRing0_1_2_0; \??\C:\Users\Joseph\Downloads\RealTemp_370\WinRing0x64.sys [x]

S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-01-15 13:25 - 2014-01-15 13:25 - 02076160 _____ (Farbar) C:\Users\Joseph\Downloads\FRST64 (1).exe

2014-01-15 02:19 - 2014-01-15 02:19 - 00000000 ____D C:\Windows\SysWOW64\NV

2014-01-15 02:19 - 2014-01-15 02:19 - 00000000 ____D C:\Windows\system32\NV

2014-01-15 02:18 - 2013-12-19 12:33 - 30372640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 22960416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 18310112 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 18222008 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 15877216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 15230352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 12645664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2014-01-15 02:18 - 2013-12-19 12:33 - 11605752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 11554264 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 09700224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 09657464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433221.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433221.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 00882464 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 00879392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 00852768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 00847648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

2014-01-15 02:18 - 2013-12-19 12:33 - 00032544 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys

2014-01-14 19:25 - 2014-01-14 19:25 - 00002098 _____ C:\Users\Joseph\Desktop\RKreport[0]_S_01142014_192512.txt

2014-01-14 19:23 - 2014-01-14 19:23 - 04406272 _____ C:\Users\Joseph\Downloads\RogueKillerX64 (4).exe

2014-01-14 18:14 - 2014-01-14 18:14 - 00020545 _____ C:\Users\Joseph\Downloads\dds.txt

2014-01-14 18:13 - 2014-01-14 18:13 - 00007436 _____ C:\Users\Joseph\Downloads\attach.txt

2014-01-14 18:13 - 2014-01-14 18:13 - 00007436 _____ C:\Users\Joseph\Downloads\attach (1).txt

2014-01-14 18:06 - 2014-01-14 18:06 - 00688992 ____R (Swearware) C:\Users\Joseph\Downloads\dds.scr

2014-01-14 18:06 - 2014-01-14 18:06 - 00020545 _____ C:\Users\Joseph\Desktop\dds.txt

2014-01-14 18:06 - 2014-01-14 18:06 - 00007436 _____ C:\Users\Joseph\Desktop\attach.txt

2014-01-14 17:39 - 2014-01-14 17:40 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Joseph\Downloads\tdsskiller.exe

2014-01-14 17:37 - 2014-01-14 17:37 - 00002416 _____ C:\Users\Joseph\Desktop\RKreport[0]_S_01142014_173740.txt

2014-01-14 17:32 - 2014-01-14 17:38 - 00000000 ____D C:\Users\Joseph\Desktop\RK_Quarantine

2014-01-14 16:48 - 2014-01-14 16:48 - 01236282 _____ C:\Users\Joseph\Downloads\AdwCleaner (1).exe

2014-01-14 16:30 - 2014-01-14 16:30 - 00000000 ____D C:\_OTL

2014-01-14 16:24 - 2014-01-14 16:29 - 00112996 _____ C:\Users\Joseph\Downloads\OTL.Txt

2014-01-14 16:24 - 2014-01-14 16:24 - 00104140 _____ C:\Users\Joseph\Downloads\Extras.Txt

2014-01-14 16:21 - 2014-01-14 16:21 - 00602112 _____ (OldTimer Tools) C:\Users\Joseph\Downloads\OTL.exe

2014-01-14 16:20 - 2014-01-14 16:20 - 00000781 _____ C:\Users\Joseph\Desktop\JRT.txt

2014-01-14 16:15 - 2014-01-14 16:15 - 01037068 _____ (Thisisu) C:\Users\Joseph\Downloads\JRT (1).exe

2014-01-14 16:14 - 2014-01-15 13:26 - 00012812 _____ C:\Users\Joseph\Downloads\FRST.txt

2014-01-14 16:14 - 2014-01-14 16:15 - 00024687 _____ C:\Users\Joseph\Downloads\Addition.txt

2014-01-14 16:14 - 2014-01-14 16:14 - 02076160 _____ (Farbar) C:\Users\Joseph\Downloads\FRST64.exe

2014-01-14 16:14 - 2014-01-14 16:14 - 00000000 ____D C:\FRST

2014-01-14 15:23 - 2014-01-14 15:23 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Malwarebytes

2014-01-14 15:22 - 2014-01-14 15:22 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Joseph\Downloads\mbam-setup-1.75.0.1300.exe

2014-01-14 15:22 - 2014-01-14 15:22 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-14 15:22 - 2014-01-14 15:22 - 00000000 ____D C:\ProgramData\Malwarebytes

2014-01-14 15:22 - 2014-01-14 15:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-14 15:22 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-01-14 15:17 - 2014-01-15 13:12 - 00000000 ____D C:\AdwCleaner

2014-01-14 15:17 - 2014-01-14 15:17 - 00000000 ____D C:\Windows\ERUNT

2014-01-14 15:16 - 2014-01-14 15:16 - 01236282 _____ C:\Users\Joseph\Downloads\AdwCleaner.exe

2014-01-14 15:16 - 2014-01-14 15:16 - 01037068 _____ (Thisisu) C:\Users\Joseph\Downloads\JRT.exe

2014-01-14 13:06 - 2014-01-14 13:06 - 00001175 _____ C:\Users\Public\Desktop\Camtasia Studio 8.lnk

2014-01-12 22:22 - 2013-12-20 14:49 - 00098304 _____ C:\Windows\Lavish.dll

2014-01-09 11:24 - 2014-01-14 16:09 - 00000000 ____D C:\Program Files (x86)\VideoPlayerV3

2014-01-05 10:09 - 2014-01-05 10:09 - 00062927 _____ C:\Users\Joseph\Downloads\Loot Settings.ini

2014-01-04 12:21 - 2014-01-04 12:21 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Oracle

2014-01-04 12:18 - 2014-01-04 12:18 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-01-04 12:18 - 2014-01-04 12:18 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-01-04 12:18 - 2014-01-04 12:18 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-01-04 12:18 - 2014-01-04 12:18 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-01-04 12:18 - 2014-01-04 12:18 - 00000000 ____D C:\Program Files (x86)\Java

2014-01-04 12:16 - 2014-01-04 12:16 - 00915368 _____ (Oracle Corporation) C:\Users\Joseph\Downloads\chromeinstall-7u45 (3).exe

2014-01-04 12:15 - 2014-01-04 12:15 - 00915368 _____ (Oracle Corporation) C:\Users\Joseph\Downloads\chromeinstall-7u45 (2).exe

2014-01-04 12:12 - 2014-01-04 12:12 - 00000000 ____D C:\Program Files (x86)\SaveraExTensioun

2014-01-04 06:26 - 2014-01-04 06:26 - 00000015 _____ C:\Users\Joseph\Desktop\Graphics reset.txt

2014-01-04 04:43 - 2014-01-04 04:43 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith

2014-01-04 04:43 - 2014-01-04 04:43 - 00000000 ____D C:\Program Files (x86)\TechSmith

2014-01-04 04:43 - 2014-01-04 04:43 - 00000000 ____D C:\Program Files (x86)\QuickTime

2014-01-04 04:41 - 2014-01-04 04:41 - 255479656 _____ C:\Users\Joseph\Downloads\camtasia.exe

2014-01-02 20:54 - 2014-01-02 20:54 - 00737017 _____ C:\Users\Joseph\AppData\Local\census.cache

2014-01-02 20:54 - 2014-01-02 20:54 - 00082115 _____ C:\Users\Joseph\AppData\Local\ars.cache

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\WUDFHost.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\winlogon.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\taskhost.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\spoolsv.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\smss.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\services.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\nvvsvc.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\lsm.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\lsass.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\igfxpers.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\hkcmd.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\dwm.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\csrss.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\conhost.exe

2014-01-02 20:35 - 2014-01-02 20:35 - 02049128 _____ (Trend Micro Inc.) C:\Users\Joseph\Downloads\HousecallLauncher.exe

2014-01-02 20:35 - 2014-01-02 20:35 - 00000036 _____ C:\Users\Joseph\AppData\Local\housecall.guid.cache

2013-12-30 15:00 - 2014-01-14 16:09 - 00000000 ____D C:\ProgramData\RoboSaver

2013-12-30 15:00 - 2014-01-05 02:26 - 00000000 ____D C:\ProgramData\SaveraExTensioun

2013-12-30 15:00 - 2014-01-04 12:12 - 00000000 ____D C:\ProgramData\97876a884d7d3416

2013-12-30 15:00 - 2013-12-30 15:00 - 00000000 ____D C:\ProgramData\nhkdjgiongcgfhedhbglbbhjbajkkkoo

2013-12-30 06:23 - 2014-01-01 04:56 - 00000000 ____D C:\ProgramData\Content Accelerator

2013-12-29 08:40 - 2013-12-29 08:40 - 00297280 _____ C:\Windows\Minidump\122913-19546-01.dmp

2013-12-25 21:40 - 2013-12-25 21:40 - 00000930 _____ C:\Users\Joseph\Desktop\EverQuest - Neenjapoke.lnk

2013-12-25 21:40 - 2013-12-25 21:40 - 00000922 _____ C:\Users\Joseph\Desktop\EverQuest - Bonkaroo.lnk

2013-12-25 21:40 - 2013-12-25 21:40 - 00000918 _____ C:\Users\Joseph\Desktop\EverQuest - Stubble.lnk

2013-12-25 21:40 - 2013-12-25 21:40 - 00000914 _____ C:\Users\Joseph\Desktop\EverQuest - Portly.lnk

2013-12-25 21:40 - 2013-12-25 21:40 - 00000910 _____ C:\Users\Joseph\Desktop\EverQuest - Pudgy.lnk

2013-12-25 21:40 - 2013-12-25 21:40 - 00000910 _____ C:\Users\Joseph\Desktop\EverQuest - Bonks.lnk

2013-12-25 21:39 - 2013-12-25 21:39 - 00000914 _____ C:\Users\Joseph\Desktop\EverQuest - Upshot.lnk

2013-12-20 16:48 - 2013-12-20 16:48 - 00001091 _____ C:\Users\Joseph\Downloads\PEQTGC-Stryd (1).ini

2013-12-20 16:38 - 2013-12-20 16:48 - 00000000 ____D C:\Users\Joseph\Desktop\EQINIS

2013-12-20 16:38 - 2013-12-20 16:38 - 00001821 _____ C:\Users\Joseph\Downloads\PEQTGC-Maddix.ini

2013-12-20 16:38 - 2013-12-20 16:38 - 00001513 _____ C:\Users\Joseph\Downloads\PEQTGC-Jazzem.ini

2013-12-20 16:38 - 2013-12-20 16:38 - 00001328 _____ C:\Users\Joseph\Downloads\PEQTGC-Khazad.ini

2013-12-20 16:38 - 2013-12-20 16:38 - 00000715 _____ C:\Users\Joseph\Downloads\PEQTGC-Rucus.ini

2013-12-20 16:38 - 2013-12-20 16:38 - 00000696 _____ C:\Users\Joseph\Downloads\PEQTGC-Striking.ini

2013-12-20 13:53 - 2013-12-20 13:53 - 00000000 ____D C:\Users\Joseph\AppData\Local\cache

2013-12-20 13:53 - 2013-12-20 13:53 - 00000000 ____D C:\Users\Joseph\.android

2013-12-20 13:53 - 2013-12-20 13:53 - 00000000 _____ C:\Users\Joseph\daemonprocess.txt

2013-12-20 13:52 - 2013-12-20 15:10 - 00000000 ____D C:\Program Files (x86)\WinEQ2

2013-12-20 13:52 - 2013-12-20 13:52 - 00000990 _____ C:\Users\Joseph\Desktop\WinEQ 2.0.lnk

2013-12-20 13:51 - 2013-12-20 13:51 - 00923784 _____ (CNET Download.com) C:\Users\Joseph\Downloads\cbsidlm-cbsi145-WinEQ-SEO-10526904.exe

2013-12-20 13:06 - 2013-12-20 13:06 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Mozilla

2013-12-20 11:59 - 2013-12-20 11:59 - 78936289 _____ C:\Users\Joseph\Downloads\UF_missing_files.rar

2013-12-20 11:58 - 2013-12-20 12:17 - 2161365751 _____ C:\Users\Joseph\Downloads\UF.zip

2013-12-19 16:48 - 2013-12-19 16:48 - 00153216 _____ (Amônétízé Ltd) C:\Users\Joseph\Downloads\everquest underfoot client__3515_i201775776_il11981137.exe

2013-12-19 16:47 - 2013-12-19 16:47 - 00327232 _____ C:\Users\Joseph\Downloads\EverQuest_Underfoot_Client.exe

2013-12-19 16:42 - 2013-12-19 16:42 - 00153216 _____ (Amônétízé Ltd) C:\Users\Joseph\Downloads\everquest underfoot client__3516_i201770421_il11980222.exe

2013-12-19 14:39 - 2013-12-19 14:39 - 00000663 _____ C:\Users\Joseph\Desktop\eqbcs - Shortcut.lnk

2013-12-19 14:37 - 2013-12-19 14:37 - 00001128 _____ C:\Users\Joseph\Desktop\MacroQuest2 - Shortcut.lnk

2013-12-19 14:29 - 2013-12-19 14:29 - 00154357 _____ C:\Users\Joseph\Downloads\e3 v5.1.4.zip

2013-12-19 14:29 - 2013-12-19 14:29 - 00010078 _____ C:\Users\Joseph\Downloads\Hot Fixes (r4).zip

2013-12-19 14:28 - 2013-12-19 14:29 - 10430528 _____ C:\Users\Joseph\Downloads\Killians' MacroQuest2.zip

2013-12-18 00:29 - 2013-12-18 00:29 - 00000000 ____D C:\Windows\SysWOW64\modules

2013-12-18 00:29 - 2013-12-18 00:29 - 00000000 ____D C:\Windows\SysWOW64\js

2013-12-18 00:29 - 2013-12-18 00:29 - 00000000 ____D C:\Windows\SysWOW64\images

2013-12-18 00:29 - 2013-12-18 00:29 - 00000000 ____D C:\Windows\SysWOW64\html

2013-12-18 00:29 - 2013-12-18 00:29 - 00000000 ____D C:\Windows\SysWOW64\css

2013-12-17 22:12 - 2013-12-05 00:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys

2013-12-17 22:12 - 2013-12-05 00:42 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

 

==================== One Month Modified Files and Folders =======

 

2014-01-15 13:26 - 2014-01-14 16:14 - 00012812 _____ C:\Users\Joseph\Downloads\FRST.txt

2014-01-15 13:25 - 2014-01-15 13:25 - 02076160 _____ (Farbar) C:\Users\Joseph\Downloads\FRST64 (1).exe

2014-01-15 13:24 - 2012-04-17 11:53 - 01344647 _____ C:\Windows\WindowsUpdate.log

2014-01-15 13:19 - 2009-07-13 20:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-01-15 13:19 - 2009-07-13 20:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-01-15 13:17 - 2009-07-13 21:13 - 00006450 _____ C:\Windows\system32\PerfStringBackup.INI

2014-01-15 13:12 - 2014-01-14 15:17 - 00000000 ____D C:\AdwCleaner

2014-01-15 13:12 - 2013-06-30 20:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-15 13:12 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2014-01-15 13:12 - 2009-07-13 20:51 - 00098582 _____ C:\Windows\setupact.log

2014-01-15 12:57 - 2013-06-30 20:53 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-15 12:48 - 2012-09-04 16:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-01-15 02:19 - 2014-01-15 02:19 - 00000000 ____D C:\Windows\SysWOW64\NV

2014-01-15 02:19 - 2014-01-15 02:19 - 00000000 ____D C:\Windows\system32\NV

2014-01-15 02:19 - 2012-04-17 11:50 - 00000000 ____D C:\ProgramData\NVIDIA

2014-01-14 19:25 - 2014-01-14 19:25 - 00002098 _____ C:\Users\Joseph\Desktop\RKreport[0]_S_01142014_192512.txt

2014-01-14 19:23 - 2014-01-14 19:23 - 04406272 _____ C:\Users\Joseph\Downloads\RogueKillerX64 (4).exe

2014-01-14 18:14 - 2014-01-14 18:14 - 00020545 _____ C:\Users\Joseph\Downloads\dds.txt

2014-01-14 18:13 - 2014-01-14 18:13 - 00007436 _____ C:\Users\Joseph\Downloads\attach.txt

2014-01-14 18:13 - 2014-01-14 18:13 - 00007436 _____ C:\Users\Joseph\Downloads\attach (1).txt

2014-01-14 18:06 - 2014-01-14 18:06 - 00688992 ____R (Swearware) C:\Users\Joseph\Downloads\dds.scr

2014-01-14 18:06 - 2014-01-14 18:06 - 00020545 _____ C:\Users\Joseph\Desktop\dds.txt

2014-01-14 18:06 - 2014-01-14 18:06 - 00007436 _____ C:\Users\Joseph\Desktop\attach.txt

2014-01-14 17:40 - 2014-01-14 17:39 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Joseph\Downloads\tdsskiller.exe

2014-01-14 17:38 - 2014-01-14 17:32 - 00000000 ____D C:\Users\Joseph\Desktop\RK_Quarantine

2014-01-14 17:37 - 2014-01-14 17:37 - 00002416 _____ C:\Users\Joseph\Desktop\RKreport[0]_S_01142014_173740.txt

2014-01-14 16:50 - 2012-04-17 12:14 - 00055520 _____ C:\Windows\PFRO.log

2014-01-14 16:48 - 2014-01-14 16:48 - 01236282 _____ C:\Users\Joseph\Downloads\AdwCleaner (1).exe

2014-01-14 16:30 - 2014-01-14 16:30 - 00000000 ____D C:\_OTL

2014-01-14 16:29 - 2014-01-14 16:24 - 00112996 _____ C:\Users\Joseph\Downloads\OTL.Txt

2014-01-14 16:24 - 2014-01-14 16:24 - 00104140 _____ C:\Users\Joseph\Downloads\Extras.Txt

2014-01-14 16:21 - 2014-01-14 16:21 - 00602112 _____ (OldTimer Tools) C:\Users\Joseph\Downloads\OTL.exe

2014-01-14 16:20 - 2014-01-14 16:20 - 00000781 _____ C:\Users\Joseph\Desktop\JRT.txt

2014-01-14 16:15 - 2014-01-14 16:15 - 01037068 _____ (Thisisu) C:\Users\Joseph\Downloads\JRT (1).exe

2014-01-14 16:15 - 2014-01-14 16:14 - 00024687 _____ C:\Users\Joseph\Downloads\Addition.txt

2014-01-14 16:14 - 2014-01-14 16:14 - 02076160 _____ (Farbar) C:\Users\Joseph\Downloads\FRST64.exe

2014-01-14 16:14 - 2014-01-14 16:14 - 00000000 ____D C:\FRST

2014-01-14 16:09 - 2014-01-09 11:24 - 00000000 ____D C:\Program Files (x86)\VideoPlayerV3

2014-01-14 16:09 - 2013-12-30 15:00 - 00000000 ____D C:\ProgramData\RoboSaver

2014-01-14 16:09 - 2013-02-07 19:21 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\BitTorrent

2014-01-14 15:23 - 2014-01-14 15:23 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Malwarebytes

2014-01-14 15:22 - 2014-01-14 15:22 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Joseph\Downloads\mbam-setup-1.75.0.1300.exe

2014-01-14 15:22 - 2014-01-14 15:22 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-14 15:22 - 2014-01-14 15:22 - 00000000 ____D C:\ProgramData\Malwarebytes

2014-01-14 15:22 - 2014-01-14 15:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-14 15:17 - 2014-01-14 15:17 - 00000000 ____D C:\Windows\ERUNT

2014-01-14 15:16 - 2014-01-14 15:16 - 01236282 _____ C:\Users\Joseph\Downloads\AdwCleaner.exe

2014-01-14 15:16 - 2014-01-14 15:16 - 01037068 _____ (Thisisu) C:\Users\Joseph\Downloads\JRT.exe

2014-01-14 15:08 - 2013-02-07 19:24 - 00000000 ____D C:\ProgramData\InstallMate

2014-01-14 15:04 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries

2014-01-14 13:06 - 2014-01-14 13:06 - 00001175 _____ C:\Users\Public\Desktop\Camtasia Studio 8.lnk

2014-01-14 13:06 - 2012-04-20 17:00 - 00000000 ____D C:\Users\Joseph

2014-01-14 11:24 - 2012-11-23 13:47 - 00000000 ____D C:\Users\Joseph\AppData\Local\CrashDumps

2014-01-13 22:21 - 2013-07-16 19:32 - 00000000 ____D C:\Program Files\Google

2014-01-13 22:21 - 2013-06-30 20:53 - 00000000 ____D C:\Program Files (x86)\Google

2014-01-13 18:48 - 2012-04-20 17:12 - 00000000 ____D C:\Users\Joseph\AppData\Local\Google

2014-01-13 10:08 - 2013-11-02 13:01 - 00000000 ____D C:\ProgramData\BlueStacksSetup

2014-01-09 21:38 - 2013-02-09 13:01 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\SoftGrid Client

2014-01-07 11:31 - 2009-07-13 23:44 - 00000000 ___RD C:\Users\Public\Recorded TV

2014-01-05 10:09 - 2014-01-05 10:09 - 00062927 _____ C:\Users\Joseph\Downloads\Loot Settings.ini

2014-01-05 02:26 - 2013-12-30 15:00 - 00000000 ____D C:\ProgramData\SaveraExTensioun

2014-01-05 02:26 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD

2014-01-04 12:21 - 2014-01-04 12:21 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Oracle

2014-01-04 12:18 - 2014-01-04 12:18 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-01-04 12:18 - 2014-01-04 12:18 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-01-04 12:18 - 2014-01-04 12:18 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-01-04 12:18 - 2014-01-04 12:18 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-01-04 12:18 - 2014-01-04 12:18 - 00000000 ____D C:\Program Files (x86)\Java

2014-01-04 12:18 - 2013-10-22 14:41 - 00000000 ____D C:\ProgramData\Oracle

2014-01-04 12:16 - 2014-01-04 12:16 - 00915368 _____ (Oracle Corporation) C:\Users\Joseph\Downloads\chromeinstall-7u45 (3).exe

2014-01-04 12:15 - 2014-01-04 12:15 - 00915368 _____ (Oracle Corporation) C:\Users\Joseph\Downloads\chromeinstall-7u45 (2).exe

2014-01-04 12:12 - 2014-01-04 12:12 - 00000000 ____D C:\Program Files (x86)\SaveraExTensioun

2014-01-04 12:12 - 2013-12-30 15:00 - 00000000 ____D C:\ProgramData\97876a884d7d3416

2014-01-04 07:34 - 2013-02-05 23:45 - 00000000 ____D C:\Users\Joseph\Documents\Camtasia Studio

2014-01-04 07:32 - 2013-02-05 23:55 - 00000000 ____D C:\Test

2014-01-04 06:26 - 2014-01-04 06:26 - 00000015 _____ C:\Users\Joseph\Desktop\Graphics reset.txt

2014-01-04 04:43 - 2014-01-04 04:43 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith

2014-01-04 04:43 - 2014-01-04 04:43 - 00000000 ____D C:\Program Files (x86)\TechSmith

2014-01-04 04:43 - 2014-01-04 04:43 - 00000000 ____D C:\Program Files (x86)\QuickTime

2014-01-04 04:43 - 2013-04-12 19:35 - 00000000 ____D C:\ProgramData\TechSmith

2014-01-04 04:41 - 2014-01-04 04:41 - 255479656 _____ C:\Users\Joseph\Downloads\camtasia.exe

2014-01-04 03:49 - 2013-07-16 19:32 - 00000000 ____D C:\Users\Joseph\AppData\Local\Adobe

2014-01-04 03:48 - 2012-09-04 16:50 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-01-04 03:48 - 2012-09-04 16:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-01-04 03:48 - 2012-09-04 16:50 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-01-02 20:54 - 2014-01-02 20:54 - 00737017 _____ C:\Users\Joseph\AppData\Local\census.cache

2014-01-02 20:54 - 2014-01-02 20:54 - 00082115 _____ C:\Users\Joseph\AppData\Local\ars.cache

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\WUDFHost.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\winlogon.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\taskhost.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\spoolsv.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\smss.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\services.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\nvvsvc.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\lsm.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\lsass.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\igfxpers.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\hkcmd.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\dwm.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\csrss.exe

2014-01-02 20:43 - 2014-01-02 20:43 - 00000000 _____ C:\Windows\SysWOW64\conhost.exe

2014-01-02 20:35 - 2014-01-02 20:35 - 02049128 _____ (Trend Micro Inc.) C:\Users\Joseph\Downloads\HousecallLauncher.exe

2014-01-02 20:35 - 2014-01-02 20:35 - 00000036 _____ C:\Users\Joseph\AppData\Local\housecall.guid.cache

2014-01-01 04:56 - 2013-12-30 06:23 - 00000000 ____D C:\ProgramData\Content Accelerator

2013-12-31 01:26 - 2013-11-24 03:00 - 00000000 ____D C:\Users\Joseph\Desktop\MonteSticks

2013-12-30 15:00 - 2013-12-30 15:00 - 00000000 ____D C:\ProgramData\nhkdjgiongcgfhedhbglbbhjbajkkkoo

2013-12-29 08:40 - 2013-12-29 08:40 - 00297280 _____ C:\Windows\Minidump\122913-19546-01.dmp

2013-12-29 08:40 - 2012-05-29 17:06 - 719287023 _____ C:\Windows\MEMORY.DMP

2013-12-29 08:40 - 2012-05-29 17:06 - 00000000 ____D C:\Windows\Minidump

2013-12-25 21:40 - 2013-12-25 21:40 - 00000930 _____ C:\Users\Joseph\Desktop\EverQuest - Neenjapoke.lnk

2013-12-25 21:40 - 2013-12-25 21:40 - 00000922 _____ C:\Users\Joseph\Desktop\EverQuest - Bonkaroo.lnk

2013-12-25 21:40 - 2013-12-25 21:40 - 00000918 _____ C:\Users\Joseph\Desktop\EverQuest - Stubble.lnk

2013-12-25 21:40 - 2013-12-25 21:40 - 00000914 _____ C:\Users\Joseph\Desktop\EverQuest - Portly.lnk

2013-12-25 21:40 - 2013-12-25 21:40 - 00000910 _____ C:\Users\Joseph\Desktop\EverQuest - Pudgy.lnk

2013-12-25 21:40 - 2013-12-25 21:40 - 00000910 _____ C:\Users\Joseph\Desktop\EverQuest - Bonks.lnk

2013-12-25 21:39 - 2013-12-25 21:39 - 00000914 _____ C:\Users\Joseph\Desktop\EverQuest - Upshot.lnk

2013-12-21 10:16 - 2013-11-17 16:40 - 00000000 ____D C:\Users\Joseph\Desktop\Wut

2013-12-20 20:38 - 2012-10-15 18:34 - 00000000 ____D C:\Users\Joseph\AppData\Local\PMB Files

2013-12-20 20:38 - 2012-10-15 18:34 - 00000000 ____D C:\ProgramData\PMB Files

2013-12-20 16:48 - 2013-12-20 16:48 - 00001091 _____ C:\Users\Joseph\Downloads\PEQTGC-Stryd (1).ini

2013-12-20 16:48 - 2013-12-20 16:38 - 00000000 ____D C:\Users\Joseph\Desktop\EQINIS

2013-12-20 16:38 - 2013-12-20 16:38 - 00001821 _____ C:\Users\Joseph\Downloads\PEQTGC-Maddix.ini

2013-12-20 16:38 - 2013-12-20 16:38 - 00001513 _____ C:\Users\Joseph\Downloads\PEQTGC-Jazzem.ini

2013-12-20 16:38 - 2013-12-20 16:38 - 00001328 _____ C:\Users\Joseph\Downloads\PEQTGC-Khazad.ini

2013-12-20 16:38 - 2013-12-20 16:38 - 00000715 _____ C:\Users\Joseph\Downloads\PEQTGC-Rucus.ini

2013-12-20 16:38 - 2013-12-20 16:38 - 00000696 _____ C:\Users\Joseph\Downloads\PEQTGC-Striking.ini

2013-12-20 15:10 - 2013-12-20 13:52 - 00000000 ____D C:\Program Files (x86)\WinEQ2

2013-12-20 14:49 - 2014-01-12 22:22 - 00098304 _____ C:\Windows\Lavish.dll

2013-12-20 14:17 - 2013-03-24 21:13 - 00000000 ____D C:\ProgramData\HappyCloud

2013-12-20 13:53 - 2013-12-20 13:53 - 00000000 ____D C:\Users\Joseph\AppData\Local\cache

2013-12-20 13:53 - 2013-12-20 13:53 - 00000000 ____D C:\Users\Joseph\.android

2013-12-20 13:53 - 2013-12-20 13:53 - 00000000 _____ C:\Users\Joseph\daemonprocess.txt

2013-12-20 13:52 - 2013-12-20 13:52 - 00000990 _____ C:\Users\Joseph\Desktop\WinEQ 2.0.lnk

2013-12-20 13:51 - 2013-12-20 13:51 - 00923784 _____ (CNET Download.com) C:\Users\Joseph\Downloads\cbsidlm-cbsi145-WinEQ-SEO-10526904.exe

2013-12-20 13:06 - 2013-12-20 13:06 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Mozilla

2013-12-20 12:17 - 2013-12-20 11:58 - 2161365751 _____ C:\Users\Joseph\Downloads\UF.zip

2013-12-20 11:59 - 2013-12-20 11:59 - 78936289 _____ C:\Users\Joseph\Downloads\UF_missing_files.rar

2013-12-19 21:21 - 2012-04-24 19:35 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins

2013-12-19 21:20 - 2012-05-01 22:38 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Wondershare

2013-12-19 18:17 - 2012-05-03 17:16 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Skype

2013-12-19 16:48 - 2013-12-19 16:48 - 00153216 _____ (Amônétízé Ltd) C:\Users\Joseph\Downloads\everquest underfoot client__3515_i201775776_il11981137.exe

2013-12-19 16:47 - 2013-12-19 16:47 - 00327232 _____ C:\Users\Joseph\Downloads\EverQuest_Underfoot_Client.exe

2013-12-19 16:42 - 2013-12-19 16:42 - 00153216 _____ (Amônétízé Ltd) C:\Users\Joseph\Downloads\everquest underfoot client__3516_i201770421_il11980222.exe

2013-12-19 14:39 - 2013-12-19 14:39 - 00000663 _____ C:\Users\Joseph\Desktop\eqbcs - Shortcut.lnk

2013-12-19 14:37 - 2013-12-19 14:37 - 00001128 _____ C:\Users\Joseph\Desktop\MacroQuest2 - Shortcut.lnk

2013-12-19 14:29 - 2013-12-19 14:29 - 00154357 _____ C:\Users\Joseph\Downloads\e3 v5.1.4.zip

2013-12-19 14:29 - 2013-12-19 14:29 - 00010078 _____ C:\Users\Joseph\Downloads\Hot Fixes (r4).zip

2013-12-19 14:29 - 2013-12-19 14:28 - 10430528 _____ C:\Users\Joseph\Downloads\Killians' MacroQuest2.zip

2013-12-19 12:33 - 2014-01-15 02:18 - 30372640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 22960416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 18310112 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 18222008 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 15877216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 15230352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 12645664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2013-12-19 12:33 - 2014-01-15 02:18 - 11605752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 11554264 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 09700224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 09657464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433221.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433221.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 00882464 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 00879392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 00852768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 00847648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

2013-12-19 12:33 - 2014-01-15 02:18 - 00032544 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys

2013-12-19 12:33 - 2013-05-06 16:35 - 02698272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll

2013-12-19 12:33 - 2012-05-20 12:10 - 00023754 _____ C:\Windows\system32\nvinfo.pb

2013-12-19 12:33 - 2012-02-03 20:59 - 03071656 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll

2013-12-19 12:33 - 2012-02-03 20:59 - 01436528 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll

2013-12-19 10:53 - 2012-10-03 19:57 - 06671648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll

2013-12-19 10:53 - 2012-10-03 19:57 - 03490080 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll

2013-12-19 10:53 - 2012-10-03 19:57 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll

2013-12-19 10:53 - 2012-10-03 19:57 - 01065248 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll

2013-12-19 10:53 - 2012-10-03 19:57 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

2013-12-19 10:53 - 2012-10-03 19:57 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll

2013-12-19 10:53 - 2012-10-03 19:57 - 00067072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll

2013-12-19 10:53 - 2012-10-03 19:57 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

2013-12-18 21:01 - 2012-10-03 19:57 - 03539040 _____ C:\Windows\system32\nvcoproc.bin

2013-12-18 00:29 - 2013-12-18 00:29 - 00000000 ____D C:\Windows\SysWOW64\modules

2013-12-18 00:29 - 2013-12-18 00:29 - 00000000 ____D C:\Windows\SysWOW64\js

2013-12-18 00:29 - 2013-12-18 00:29 - 00000000 ____D C:\Windows\SysWOW64\images

2013-12-18 00:29 - 2013-12-18 00:29 - 00000000 ____D C:\Windows\SysWOW64\html

2013-12-18 00:29 - 2013-12-18 00:29 - 00000000 ____D C:\Windows\SysWOW64\css

2013-12-18 00:29 - 2013-02-08 10:59 - 00001083 _____ C:\Users\Joseph\Desktop\AIM.lnk

2013-12-17 22:13 - 2013-10-22 15:21 - 00000000 ____D C:\Users\Joseph\AppData\Local\NVIDIA

2013-12-17 22:12 - 2013-11-12 14:06 - 00000000 ____D C:\Users\Joseph\AppData\Local\NVIDIA Corporation

2013-12-17 22:12 - 2012-10-03 19:57 - 00000000 ____D C:\ProgramData\NVIDIA Corporation

2013-12-17 22:12 - 2012-04-17 11:50 - 00000000 ____D C:\Program Files\NVIDIA Corporation

2013-12-17 22:12 - 2012-04-17 11:50 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

 

Files to move or delete:

====================

C:\Users\Joseph\antlr.runtime.dll

C:\Users\Joseph\ElophantClient.exe

C:\Users\Joseph\FluorineFx.dll

C:\Users\Joseph\log4net.dll

C:\Users\Joseph\NotMissing.dll

C:\Users\Joseph\ServiceStack.Text.dll

 

 

Some content of TEMP:

====================

C:\Users\Joseph\AppData\Local\Temp\ntdll_dump.dll

C:\Users\Joseph\AppData\Local\Temp\Quarantine.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-01-11 00:24

 

==================== End Of Log ============================

[MrCharlie]

Run FRST and post the 2 logs, MrC

[Eosomo]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2014

Ran by Joseph at 2014-01-14 16:14:59

Running from C:\Users\Joseph\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

 

==================== Installed Programs ======================

 

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122 - Adobe Systems, Inc.)

AIM for Windows (HKCU Version:  - AOL Inc.)

Amazon Kindle (HKCU Version:  - Amazon)

Batman: Arkham City GOTY (x32 Version:  - Rocksteady Studios)

Battlefield 3™ (x32 Version: 1.0.0.0 - Electronic Arts)

Battlelog Web Plugins (x32 Version: 2.1.7 - EA Digital Illusions CE AB)

BisonCam (x32 Version:  - BisonCam)

Camtasia Studio 8 (x32 Version: 8.2.1.1423 - TechSmith Corporation)

Chivalry: Medieval Warfare (x32 Version:  - )

Company of Heroes (New Steam Version) (x32 Version:  - )

Company of Heroes (x32 Version:  - Relic)

Company of Heroes 2 (x32 Version:  - Relic Entertainment)

Company of Heroes: Opposing Fronts (x32 Version:  - Relic)

Company of Heroes: Tales of Valor (x32 Version:  - Relic)

Content Accelerator (x32 Version:  - Intellitech)

Counter-Strike (x32 Version:  - Valve)

Counter-Strike: Global Offensive - SDK (x32 Version:  - )

Counter-Strike: Global Offensive (x32 Version:  - )

CyberLink Media Suite (x32 Version: 8.0.2401 - CyberLink Corp.)

CyberLink Media Suite (x32 Version: 8.0.2401 - CyberLink Corp.) Hidden

CyberLink Power2Go (x32 Version: 7.0.0.1126 - CyberLink Corp.)

CyberLink Power2Go (x32 Version: 7.0.0.1126 - CyberLink Corp.) Hidden

CyberLink PowerDVD 10 (x32 Version: 10.0.2312.52 - CyberLink Corp.)

CyberLink PowerDVD 10 (x32 Version: 10.0.2312.52 - CyberLink Corp.) Hidden

EverQuest Titanium (x32 Version: 1.00.000 - )

F.E.A.R. 2: Project Origin (x32 Version:  - Monolith)

F.E.A.R. 3 (x32 Version:  - Day 1 Studios)

Final Exam Demo (x32 Version:  - )

GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden

Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)

Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden

Guns of Icarus Dev App (x32 Version:  - )

Guns of Icarus Online (x32 Version:  - Muse Games)

Heaven DX11 Benchmark version 3.0 (Version: 3.0 - Unigine Corp.)

Hotkey 6.0044 (x32 Version: 6.0044 - NoteBook)

Hotkey 6.0044 (x32 Version: 6.0044 - NoteBook) Hidden

Intel® Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)

Intel® Management Engine Components (x32 Version: 8.0.1.1399 - Intel Corporation)

Intel® Processor Graphics (x32 Version: 9.17.10.3223 - Intel Corporation)

Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.6.1.0536 - Intel Corporation) Hidden

Intel® PROSet/Wireless WiFi Software Driver (Version: 15.06.1000.0167 - Intel Corporation) Hidden

Intel® Rapid Storage Technology (x32 Version: 11.0.0.1032 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)

Intel® Solid-State Drive Toolbox (x32 Version: 3.0.5.400 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.3.214 - Intel Corporation)

Intel® PROSet/Wireless Software (x32 Version: 15.6.1 - Intel Corporation)

Intel® PROSet/Wireless WiFi Software (Version: 15.06.1000.0142 - Intel Corporation) Hidden

Intel® Trusted Connect Service Client (Version: 1.23.219.2 - Intel Corporation)

Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

League of Legends (x32 Version: 1.3 - Riot Games)

LOLReplay (x32 Version: 0.8.3.0 - www.leaguereplays.com)

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Mouse and Keyboard Center (Version: 2.0.162.0 - Microsoft Corporation)

Microsoft Mouse and Keyboard Center (Version: 2.0.162.0 - Microsoft Corporation) Hidden

Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)

Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)

Mumble 1.2.3 (x32 Version: 1.2.3 - Thorvald Natvig)

Natural Selection 2 (x32 Version:  - Unknown Worlds Entertainment)

NVIDIA Control Panel 331.82 (Version: 331.82 - NVIDIA Corporation) Hidden

NVIDIA GeForce Experience 1.8.1 (Version: 1.8.1 - NVIDIA Corporation)

NVIDIA Graphics Driver 331.82 (Version: 331.82 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden

NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden

NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden

NVIDIA Optimus Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden

NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden

NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)

NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden

NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden

NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden

NVIDIA Virtual Audio 1.2.19 (Version: 1.2.19 - NVIDIA Corporation)

Orcs Must Die! 2 (x32 Version:  - Robot Entertainment)

Origin (x32 Version: 8.5.2.23 - Electronic Arts, Inc.)

Pando Media Booster (x32 Version: 2.6.0.8 - Pando Networks Inc.)

Path of Exile (x32 Version:  - Grinding Gear Games)

PunkBuster Services (x32 Version: 0.991 - Even Balance, Inc.)

RaidCall (x32 Version: 7.2.4-1.0.7299.14 - raidcall.com)

Realtek Ethernet Controller Driver (x32 Version: 7.52.203.2012 - Realtek)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6526 - Realtek Semiconductor Corp.)

Realtek PCIE Card Reader (x32 Version: 6.1.7601.27015 - Realtek Semiconductor Corp.)

SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden

Skype Click to Call (x32 Version: 6.13.13771 - Skype Technologies S.A.)

Skype™ 6.10 (x32 Version: 6.10.104 - Skype Technologies S.A.)

Spelunky (x32 Version:  - )

Starbound (x32 Version:  - )

Steam (x32 Version: 1.0.0.0 - Valve Corporation)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (Version: 15.1.14.0 - Synaptics Incorporated)

System Requirements Lab for Intel (x32 Version: 4.5.13.0 - Husdawg, LLC)

TeamSpeak 3 Client (Version: 3.0.13.1 - TeamSpeak Systems GmbH)

The Lord of the Rings: War in the North (x32 Version:  - Snowblind Studios)

The Stanley Parable (x32 Version:  - Galactic Cafe)

The War Z version 1.0 (x32 Version: 1.0 - Arktos Entertainment Group LLC)

THX TruStudio Pro (x32 Version: TAMB-CVS1D-1-LB R07 - Creative Technology Limited)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)

Ventrilo Client for Windows x64 (Version: 3.0.8.0 - Flagship Industries, Inc.)

VLC media player 2.0.6 (x32 Version: 2.0.6 - VideoLAN)

WebCam Installer (x32 Version: 4.04 - WebCam)

WebCam Installer (x32 Version: 4.04 - WebCam) Hidden

 

==================== Restore Points  =========================

 

31-12-2013 01:51:35 Windows Update

03-01-2014 08:40:14 Windows Update

04-01-2014 12:43:31 Installed Camtasia Studio 8

04-01-2014 20:15:29 Removed Java 7 Update 45

04-01-2014 20:15:44 Installed Java 7 Update 45

04-01-2014 20:18:10 Removed Java 7 Update 45

04-01-2014 20:18:24 Installed Java 7 Update 45

06-01-2014 21:20:44 Windows Update

10-01-2014 18:57:49 Windows Update

14-01-2014 06:31:42 Windows Update

14-01-2014 21:06:31 Installed Camtasia Studio 8

14-01-2014 23:04:03 Removed BlueStacks Notification Center

14-01-2014 23:04:32 Removed 7-Zip 9.20 (x64 edition)

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {0CDCA93B-988E-4629-B89C-1A432664A27F} - System32\Tasks\{40B28948-946B-4D61-AC8A-6B76C615495B} => Iexplore.exe http://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsMain

Task: {0F727F59-3C14-4326-9A17-DA0A0AD66BD3} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)

Task: {33CC9CD9-15D8-4289-9B1B-7C48092F90F8} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-11-02] (Microsoft)

Task: {3A698B87-197D-4670-B48C-E6C0EF6735B2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-04] (Adobe Systems Incorporated)

Task: {488206BB-9DB3-4C70-8487-DA4D3359873D} - System32\Tasks\{23DB8139-0725-47D5-94BC-F41421C9324F} => Chrome.exe http://ui.skype.com/ui/0/6.3.0.107/en/abandoninstall?page=tsProgressBar

Task: {4D4DB3AA-95A6-45B9-A337-F028140178AC} - System32\Tasks\{CB2EDB9B-BB89-4B82-98A0-7744AE9F2607} => Chrome.exe http://ui.skype.com/ui/0/6.11.0.102/en/abandoninstall?page=tsProgressBar

Task: {6E962DBE-8ADA-4A43-992F-50D6AC3AB880} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-30] (Google Inc.)

Task: {7DB0F317-6F13-4C96-802E-FEC0284A70CF} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)

Task: {DD52CCE3-5D27-4EED-BB71-348F5D4620F1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-30] (Google Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-12-30 06:23 - 2013-12-30 06:23 - 04529152 _____ () C:\ProgramData\Content Accelerator\ContentAccelerator_x64.dll

2012-04-17 11:57 - 2010-11-12 11:38 - 00241152 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL

2012-03-28 08:54 - 2012-03-19 14:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2013-09-09 13:39 - 2013-09-09 13:39 - 23782440 _____ () C:\Users\Joseph\AppData\Local\AOL\AIM\libcef.dll

2013-09-09 10:51 - 2013-10-08 09:35 - 16233864 _____ () C:\Users\Joseph\AppData\Local\AOL\AIM\npswf32.dll

2009-06-06 13:50 - 2009-06-06 13:50 - 00019968 _____ () C:\Program Files (x86)\Hotkey\Audiodll.dll

2010-08-20 08:57 - 2010-08-20 08:57 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll

2010-08-20 08:57 - 2010-08-20 08:57 - 00013096 _____ () c:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

2013-12-05 13:58 - 2013-12-03 18:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll

2013-12-05 13:58 - 2013-12-03 18:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll

2013-12-05 13:58 - 2013-12-03 18:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll

2013-12-05 13:58 - 2013-12-03 18:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll

2013-12-05 13:58 - 2013-12-03 18:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

2013-12-05 13:58 - 2013-12-03 18:48 - 13586896 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

2013-10-23 21:30 - 2013-10-23 21:30 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\991a8d378a3e64b31c0f4770ba9ae071\IsdiInterop.ni.dll

2012-04-17 11:54 - 2011-11-29 19:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2012-04-17 11:58 - 2012-01-19 19:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== Faulty Device Manager Devices =============

 

Name: 

Description: 

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/14/2014 04:10:01 PM) (Source: Windows Search Service) (User: )

Description: The index cannot be initialized.

 

 

Details:

The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index.  (HRESULT : 0x80040d03) (0x80040d03)

 

Error: (01/14/2014 04:10:01 PM) (Source: Windows Search Service) (User: )

Description: The application cannot be initialized.

 

Context: Windows Application

 

 

Details:

The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index.  (HRESULT : 0x80040d03) (0x80040d03)

 

Error: (01/14/2014 04:10:01 PM) (Source: Windows Search Service) (User: )

Description: The gatherer object cannot be initialized.

 

Context: Windows Application, SystemIndex Catalog

 

 

Details:

The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index.  (HRESULT : 0x80040d03) (0x80040d03)

 

Error: (01/14/2014 04:10:01 PM) (Source: Windows Search Service) (User: )

Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

 

 

Details:

The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

 

Error: (01/14/2014 04:10:01 PM) (Source: Windows Search Service) (User: )

Description: The search service has detected corrupted data files in the index {id=431}. The service will attempt to automatically correct this problem by rebuilding the index.

 

 

Details:

The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

 

Error: (01/14/2014 04:10:01 PM) (Source: Windows Search Service) (User: )

Description: The gatherer is unable to read the registry Path.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index.  (HRESULT : 0x80040d03) (0x80040d03)

 

Error: (01/14/2014 03:24:30 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)

Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

 

Error: (01/14/2014 03:24:30 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)

Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

 

Error: (01/14/2014 11:24:11 AM) (Source: Application Error) (User: )

Description: Faulting application name: chrome.exe, version: 31.0.1650.63, time stamp: 0x529e8b45

Faulting module name: chrome.dll, version: 31.0.1650.63, time stamp: 0x529e84ac

Exception code: 0x80000003

Fault offset: 0x003a19aa

Faulting process id: 0x1f0c

Faulting application start time: 0xchrome.exe0

Faulting application path: chrome.exe1

Faulting module path: chrome.exe2

Report Id: chrome.exe3

 

Error: (01/14/2014 10:25:39 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)

Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

 

 

System errors:

=============

Error: (01/14/2014 04:10:31 PM) (Source: Service Control Manager) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 

%%1056

 

Error: (01/14/2014 04:10:18 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (01/14/2014 04:10:04 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (01/14/2014 04:10:03 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (01/14/2014 04:10:01 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (01/14/2014 04:10:01 PM) (Source: Service Control Manager) (User: )

Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

Error: (01/14/2014 04:10:01 PM) (Source: Service Control Manager) (User: )

Description: The Windows Search service terminated with service-specific error %%-2147218173.

 

Error: (01/14/2014 04:10:00 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (01/14/2014 04:09:56 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (01/14/2014 04:09:28 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

 

Microsoft Office Sessions:

=========================

Error: (01/14/2014 04:10:01 PM) (Source: Windows Search Service)(User: )

Description: 

Details:

The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index.  (HRESULT : 0x80040d03) (0x80040d03)

 

Error: (01/14/2014 04:10:01 PM) (Source: Windows Search Service)(User: )

Description: Context: Windows Application

 

 

Details:

The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index.  (HRESULT : 0x80040d03) (0x80040d03)

 

Error: (01/14/2014 04:10:01 PM) (Source: Windows Search Service)(User: )

Description: Context: Windows Application, SystemIndex Catalog

 

 

Details:

The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index.  (HRESULT : 0x80040d03) (0x80040d03)

 

Error: (01/14/2014 04:10:01 PM) (Source: Windows Search Service)(User: )

Description: 

Details:

The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

The catalog is corrupt

 

Error: (01/14/2014 04:10:01 PM) (Source: Windows Search Service)(User: )

Description: 

Details:

The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

431

 

Error: (01/14/2014 04:10:01 PM) (Source: Windows Search Service)(User: )

Description: Context:  Application, SystemIndex Catalog

 

 

Details:

The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index.  (HRESULT : 0x80040d03) (0x80040d03)

Path

 

Error: (01/14/2014 03:24:30 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)

Description: WmiApRplWmiApRpl8F20300004D070000

 

Error: (01/14/2014 03:24:30 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)

Description: Performance1637070000000000000000000009030000

 

Error: (01/14/2014 11:24:11 AM) (Source: Application Error)(User: )

Description: chrome.exe31.0.1650.63529e8b45chrome.dll31.0.1650.63529e84ac80000003003a19aa1f0c01cf115e2d194e72C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\chrome.dll718e0077-7d51-11e3-916e-0090f5ccfbc0

 

Error: (01/14/2014 10:25:39 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)

Description: WmiApRplWmiApRpl8F20300004D070000

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 22%

Total physical RAM: 16278.5 MB

Available physical RAM: 12689.57 MB

Total Pagefile: 32555.19 MB

Available Pagefile: 28756.93 MB

Total Virtual: 8192 MB

Available Virtual: 8191.8 MB

 

==================== Drives ================================

 

Drive c: (Windows) (Fixed) (Total:223.37 GB) (Free:77.53 GB) NTFS

Drive d: () (Fixed) (Total:698.63 GB) (Free:563.19 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: FCAA2E79)

Partition 1: (Not Active) - (Size=699 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 224 GB) (Disk ID: FCAA2E61)

Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

[MrCharlie]

I need to see the addition.txt, MrC

[Eosomo]

Posted same time as you above, but is a little messy.

 

Addition.txt

[MrCharlie]

Download the attached fixlist.txt to the same folder as FRST.

Run FRST.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Last.......

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[Eosomo]

ok

Fixlog.txt

JRT.txt

[MrCharlie]

How is it??? MrC

[Eosomo]

Scan will be a while as my steam folder has a few games in it.

[Eosomo]

Haha so finished the scan with it finding nothing new and now I have that stupid conduit malware taking over my browser.

[Eosomo]

Ok well update is I removed the conduit search with another adwcleaner and manually going in after to browser settings to remove start up page.  Even though the symptoms of the robosaver appear to be gone for now, the extension is still listed.  Is this just an empty listing and was indeed removed, or is it still there dormant? 

[MrCharlie]

You mean this one:

HKCU\SOFTWARE\Google\Chrome\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil => Key deleted successfully.

"C:\Users\Joseph\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx" => File/Directory not found.

HKLM\SOFTWARE\Policies\Google => Key deleted successfully.

"C:\Users\Joseph\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx" => File/Directory not found.

[Eosomo]

I'm not sure.  The extension is still suggesting hyperlinks.

[MrCharlie]

Reset Chrome:

https://support.google.com/chrome/answer/3296214?hl=en

[Eosomo]

Reset and extension is still hovering there.  If I disable it, it seems to stay off, but can't be removed.

[MrCharlie]

Re-scan with FRST, post the new log.

MrC