Jump to content

Possible Infection

ShadoGazer

By ShadoGazer
in Resolved Malware Removal Logs

 Share

Recommended Posts

ShadoGazer

ShadoGazer

Posted
Posted

Hello,

 

After doing a thorough search with Malwarebytes Anti-Malware Pro (love the program, it detects pretty much everything heh), I've come up empty, but my PC has become extremely slow in starting up, and videos, on and offline have skipping problems.  Tried running both DDS.scr and DDS.com programs, but both are telling me that they are not meant to be run in compatibility mode.  I'm not running them as such though, I'm running them directly after downloading.  I'm running Windows 8.1 Pro with Media Center, 4GB RAM, if that helps. 

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

DDS will not run on Windows 8.1, run the following and post the produced logs...

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin

Link to post
Share on other sites
ShadoGazer

ShadoGazer

Posted
  • Author
Posted
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2014 02

Ran by Kevin (administrator) on KEVIN-PC on 19-01-2014 11:17:22

Running from C:\Users\Kevin\Downloads

Windows 8.1 Pro with Media Center (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Decor8\Decor8Srv.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Microsoft Corporation) C:\Windows\System32\LogonUI.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Decor8\Decor8_64.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe

(Microsoft Corporation) C:\Windows\System32\LogonUI.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Decor8\Decor8_64.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe

(Microsoft Corporation) C:\Windows\System32\LogonUI.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Decor8\Decor8_64.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe

(Microsoft Corporation) C:\Windows\System32\LogonUI.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Decor8\Decor8_64.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe

(Microsoft Corporation) C:\Windows\System32\LogonUI.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Decor8\Decor8_64.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe

(Microsoft Corporation) C:\Windows\System32\LogonUI.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Decor8\Decor8_64.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe

(Microsoft Corporation) C:\Windows\System32\LogonUI.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Decor8\Decor8_64.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe

(Microsoft Corporation) C:\Windows\System32\LogonUI.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Decor8\Decor8_64.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe

(Microsoft Corporation) C:\Windows\System32\LogonUI.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Decor8\Decor8_64.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe

(Microsoft Corporation) C:\Windows\System32\LogonUI.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Decor8\Decor8_64.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe

(Microsoft Corporation) C:\Windows\System32\LogonUI.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Decor8\Decor8_64.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe

(Microsoft Corporation) C:\Windows\System32\LogonUI.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Decor8\Decor8_64.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe

(Microsoft Corporation) C:\Windows\System32\LogonUI.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Decor8\Decor8_64.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe

(Microsoft Corporation) C:\Windows\System32\LogonUI.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Decor8\Decor8_64.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\System32\LogonUI.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Decor8\Decor8_64.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe

(Microsoft Corporation) C:\Windows\System32\LogonUI.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Decor8\Decor8_64.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe

(Microsoft Corporation) C:\Windows\System32\LogonUI.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Decor8\Decor8_64.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Decor8\Decor8_64.exe

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe

(Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonUiAcc.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe

(Microsoft Corporation) C:\Windows\System32\SndVol.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [Fences] - C:\Program Files (x86)\Stardock\Fences\Fences.exe [4031152 2013-11-26] (Stardock Corporation)

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-08] (NVIDIA Corporation)

HKLM\...\Run: [shadowPlay] - C:\WINDOWS\system32\nvspcap64.dll [1100248 2013-12-09] (NVIDIA Corporation)

HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)

HKCU\...\Run: [EvolveClient] - C:\Program Files\Echobit\Evolve\EvolveClient.exe [3209120 2013-12-10] (Echobit LLC)

HKCU\...\Policies\Explorer: [TaskbarNoThumbnail] 0

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: 127.0.0.1 localhost

Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()

FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-12]

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-12]

 

Chrome: 

=======

CHR HomePage: 

CHR Extension: (BetterTTV) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2014-01-17]

CHR Extension: (Google Docs) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-17]

CHR Extension: (Google Drive) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-17]

CHR Extension: (Shadow The Hedgehog Theme (1366x768)) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bghkclmldhipkbpdejipdkceglcdpfbp [2014-01-18]

CHR Extension: (YouTube) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-17]

CHR Extension: (Google Search) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-17]

CHR Extension: (AdBlock) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-17]

CHR Extension: (Google Wallet) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-17]

CHR Extension: (Gmail) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-17]

CHR Extension: (Twitch Giveaways) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\poohjpljfecljomfhhimjhddddlidhdd [2014-01-17]

 

==================== Services (Whitelisted) =================

 

U2 Decor8; C:\Program Files (x86)\Stardock\Decor8\Decor8Srv.exe [74864 2013-01-25] (Stardock Software, Inc)

U4 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1570208 2013-12-10] (Echobit LLC)

U2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

U2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)

U2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)

U2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [142960 2013-03-19] (Stardock Software, Inc)

U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)

U2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

U0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)

U3 AVer88xHD; C:\Windows\system32\drivers\AVer88xHD64.sys [508672 2009-06-25] (AVerMedia TECHNOLOGIES, Inc.)

U3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)

U3 E100B; C:\Windows\system32\DRIVERS\efe5b32e.sys [182656 2013-06-18] (Intel Corporation)

U1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\MBAE.sys [62168 2013-08-01] ()

U3 EvolveVirtualAdapter; C:\Windows\system32\DRIVERS\evolve.sys [21656 2013-12-08] (Echobit, LLC)

U3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)

U3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)

U0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)

U0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)

U3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-29] (Microsoft Corporation)

U4 LMIRfsClientNP; No ImagePath

U0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)

U3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)

U3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)

U3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)

U3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)

U3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)

U0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)

U3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)

U3 VASDeviceDrm; C:\Windows\system32\drivers\vasdDev.sys [1454896 2012-03-19] (ShiningMorning Inc.)

U3 VBAudioVACMME; C:\Windows\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows ® Win 7 DDK provider)

U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

U2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-01-19 11:17 - 2014-01-19 11:18 - 00016720 _____ C:\Users\Kevin\Downloads\FRST.txt

2014-01-19 11:16 - 2014-01-19 11:16 - 00000000 ____D C:\FRST

2014-01-19 11:15 - 2014-01-19 11:15 - 02076672 _____ (Farbar) C:\Users\Kevin\Downloads\FRST64.exe

2014-01-19 10:31 - 2014-01-19 10:31 - 00000000 ____D C:\Users\Kevin\AppData\Local\CrashDumps

2014-01-19 10:05 - 2014-01-19 10:05 - 00002211 _____ C:\Users\Kevin\Desktop\RKreport[0]_D_01192014_100551.txt

2014-01-19 10:05 - 2014-01-19 10:05 - 00002111 _____ C:\Users\Kevin\Desktop\RKreport[0]_S_01192014_100539.txt

2014-01-19 10:02 - 2014-01-19 10:02 - 00001396 _____ C:\Users\Kevin\Desktop\RKreport[0]_SC_01192014_100233.txt

2014-01-19 10:02 - 2014-01-19 10:02 - 00000742 _____ C:\Users\Kevin\Desktop\RKreport[0]_PR_01192014_100209.txt

2014-01-19 10:02 - 2014-01-19 10:02 - 00000706 _____ C:\Users\Kevin\Desktop\RKreport[0]_DN_01192014_100211.txt

2014-01-19 10:00 - 2014-01-19 10:00 - 00002082 _____ C:\Users\Kevin\Desktop\RKreport[0]_S_01192014_100008.txt

2014-01-19 10:00 - 2014-01-19 10:00 - 00000865 _____ C:\Users\Kevin\Desktop\RKreport[0]_H_01192014_100030.txt

2014-01-19 09:55 - 2014-01-19 10:05 - 00000000 ____D C:\Users\Kevin\Desktop\RK_Quarantine

2014-01-19 09:54 - 2014-01-19 09:54 - 04406784 _____ C:\Users\Kevin\Downloads\RogueKillerX64.exe

2014-01-19 09:54 - 2014-01-19 09:54 - 00000000 ____D C:\WINDOWS\ERDNT

2014-01-19 09:53 - 2014-01-19 09:53 - 00000936 _____ C:\Users\Kevin\Desktop\NTREGOPT.lnk

2014-01-19 09:53 - 2014-01-19 09:53 - 00000917 _____ C:\Users\Kevin\Desktop\ERUNT.lnk

2014-01-19 09:53 - 2014-01-19 09:53 - 00000000 ____D C:\Program Files (x86)\ERUNT

2014-01-19 09:52 - 2014-01-19 09:52 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Kevin\Downloads\erunt-setup (1).exe

2014-01-19 09:50 - 2014-01-19 09:50 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Kevin\Downloads\erunt-setup.exe

2014-01-19 09:49 - 2014-01-19 09:51 - 00002198 _____ C:\Users\Kevin\Desktop\Rkill.txt

2014-01-19 09:49 - 2014-01-19 09:49 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Kevin\Downloads\rkill.exe

2014-01-19 09:34 - 2014-01-19 09:34 - 00688992 _____ (Swearware) C:\Users\Kevin\Downloads\dds.com

2014-01-19 09:28 - 2014-01-19 09:28 - 00688992 _____ (Swearware) C:\Users\Kevin\Downloads\dds.scr

2014-01-19 08:33 - 2014-01-19 08:33 - 53846085 _____ C:\Users\Kevin\Downloads\JRR_Skins_collection_4_11b.zip

2014-01-19 08:33 - 2014-01-19 08:33 - 07111141 _____ C:\Users\Kevin\Downloads\JRR_addon_Erebor_4_11b.zip

2014-01-18 22:46 - 2014-01-18 22:46 - 00565594 _____ C:\Users\Kevin\Downloads\01-19-2014.zip

2014-01-18 22:35 - 2014-01-18 22:35 - 00003469 _____ C:\Users\Kevin\Downloads\autoadmin.lua

2014-01-18 14:17 - 2014-01-18 16:33 - 00000000 ____D C:\Users\Kevin\Documents\GTA San Andreas User Files

2014-01-18 14:00 - 2014-01-18 14:00 - 00000221 _____ C:\Users\Kevin\Desktop\Grand Theft Auto San Andreas.url

2014-01-17 02:16 - 2014-01-19 10:26 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-17 02:16 - 2014-01-19 08:07 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2014-01-17 02:16 - 2014-01-19 08:07 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-17 02:16 - 2014-01-17 02:21 - 00003886 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2014-01-17 02:16 - 2014-01-17 02:21 - 00003650 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2014-01-17 02:16 - 2014-01-17 02:17 - 00000000 ____D C:\Users\Kevin\AppData\Local\Google

2014-01-17 02:16 - 2014-01-17 02:16 - 00000000 ____D C:\Program Files (x86)\Google

2014-01-14 16:53 - 2014-01-14 16:53 - 00000000 ____D C:\WINDOWS\SysWOW64\directx

2014-01-13 15:39 - 2014-01-13 15:39 - 00000000 ____D C:\Users\Kevin\Documents\The 7th Guest

2014-01-13 15:39 - 2007-02-10 23:18 - 00000893 _____ C:\Users\Kevin\Documents\readme.txt

2014-01-13 14:45 - 2014-01-13 14:45 - 00000222 _____ C:\Users\Kevin\Desktop\The 7th Guest.url

2014-01-12 00:19 - 2014-01-12 00:19 - 00000000 ____D C:\Users\Kevin\Documents\Vice_City_PLUS_10_TRAINER-PiZZADOX

2014-01-11 23:37 - 2014-01-12 01:25 - 00000000 ____D C:\Users\Kevin\Documents\GTA Vice City User Files

2014-01-11 08:33 - 2014-01-15 04:46 - 00000226 _____ C:\Users\Kevin\Desktop\The Lord of the Rings Online.url

2014-01-10 00:56 - 2014-01-10 00:56 - 00000000 ____D C:\Users\Kevin\Documents\whitelist-1

2014-01-09 22:04 - 2014-01-09 22:04 - 00000000 ____D C:\Users\Kevin\Documents\whitelist

2014-01-09 02:14 - 2014-01-09 02:14 - 00000204 _____ C:\Users\Kevin\Desktop\Don't Starve Mod Tools.url

2014-01-07 21:29 - 2013-12-19 15:33 - 30372640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll

2014-01-07 21:29 - 2013-12-19 15:33 - 25257248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll

2014-01-07 21:29 - 2013-12-19 15:33 - 22960416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll

2014-01-07 21:29 - 2013-12-19 15:33 - 18222008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll

2014-01-07 21:29 - 2013-12-19 15:33 - 17560352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll

2014-01-07 21:29 - 2013-12-19 15:33 - 12645664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys

2014-01-07 21:29 - 2013-12-19 15:33 - 11605752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll

2014-01-07 21:29 - 2013-12-19 15:33 - 11554264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll

2014-01-07 21:29 - 2013-12-19 15:33 - 09700224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll

2014-01-07 21:29 - 2013-12-19 15:33 - 09657464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll

2014-01-07 21:29 - 2013-12-19 15:33 - 03132704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll

2014-01-07 21:29 - 2013-12-19 15:33 - 03125024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvenc.dll

2014-01-07 21:29 - 2013-12-19 15:33 - 02947872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll

2014-01-07 21:29 - 2013-12-19 15:33 - 02747680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvenc.dll

2014-01-07 21:29 - 2013-12-19 15:33 - 01884448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6433221.dll

2014-01-07 21:29 - 2013-12-19 15:33 - 01511712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6433221.dll

2014-01-07 21:29 - 2013-12-19 15:33 - 01242400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll

2014-01-07 21:29 - 2013-12-19 15:33 - 00882464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll

2014-01-07 21:29 - 2013-12-19 15:33 - 00879392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll

2014-01-07 21:29 - 2013-12-19 15:33 - 00852768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll

2014-01-07 21:29 - 2013-12-19 15:33 - 00847648 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll

2014-01-07 21:29 - 2013-12-19 15:33 - 00317472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll

2014-01-07 21:29 - 2013-12-19 15:33 - 00266984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll

2014-01-07 21:29 - 2013-12-19 15:33 - 00168616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll

2014-01-07 21:29 - 2013-12-19 15:33 - 00141336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll

2014-01-07 21:29 - 2013-11-28 08:38 - 00197408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys

2014-01-07 21:29 - 2013-11-28 08:38 - 00031520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll

2014-01-07 21:29 - 2013-11-22 03:36 - 01515296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll

2014-01-07 21:27 - 2014-01-07 21:27 - 00000000 ____D C:\NVIDIA

2014-01-07 21:20 - 2014-01-07 21:22 - 00000000 ____D C:\Users\Kevin\AppData\Local\NVIDIA Corporation

2014-01-07 21:15 - 2013-12-05 03:42 - 00039200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys

2014-01-07 21:15 - 2013-12-05 03:42 - 00032544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll

2014-01-06 00:20 - 2014-01-06 00:20 - 00000000 ____D C:\Users\Kevin\Documents\Book of Unwritten Tales

2014-01-06 00:19 - 2014-01-06 00:19 - 00466456 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll

2014-01-06 00:19 - 2014-01-06 00:19 - 00444952 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll

2014-01-06 00:19 - 2014-01-06 00:19 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll

2014-01-06 00:19 - 2014-01-06 00:19 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll

2014-01-06 00:19 - 2014-01-06 00:19 - 00000000 ____D C:\Program Files (x86)\OpenAL

2014-01-06 00:18 - 2014-01-14 16:53 - 00021006 _____ C:\WINDOWS\DirectX.log

2014-01-01 05:27 - 2014-01-19 11:11 - 01590487 _____ C:\WINDOWS\WindowsUpdate.log

2014-01-01 05:27 - 2014-01-07 21:34 - 00000234 _____ C:\WINDOWS\setupact.log

2014-01-01 05:27 - 2014-01-01 05:27 - 00000000 _____ C:\WINDOWS\setuperr.log

2013-12-29 21:53 - 2013-12-29 21:53 - 01577374 _____ C:\Users\Kevin\AppData\Roaming\Fallen Earth_2.57.1.7_2013-12-30-02-53.dmp

2013-12-27 17:21 - 2013-12-09 21:13 - 01100248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll

2013-12-27 17:21 - 2013-12-09 21:13 - 00982232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll

2013-12-27 17:15 - 2013-12-19 15:33 - 02698272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll

2013-12-27 17:15 - 2013-12-05 03:42 - 00035104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll

2013-12-27 17:15 - 2013-11-23 14:26 - 02697248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\SET3D20.tmp

2013-12-27 17:15 - 2013-11-23 14:26 - 01884448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6433193.dll

2013-12-27 17:15 - 2013-11-23 14:26 - 01511712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6433193.dll

2013-12-27 17:15 - 2013-09-27 18:01 - 00029984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\SET2723.tmp

2013-12-27 17:15 - 2013-01-29 03:35 - 01510176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco64.dll

 

==================== One Month Modified Files and Folders =======

 

2014-01-19 11:18 - 2014-01-19 11:17 - 00016720 _____ C:\Users\Kevin\Downloads\FRST.txt

2014-01-19 11:16 - 2014-01-19 11:16 - 00000000 ____D C:\FRST

2014-01-19 11:15 - 2014-01-19 11:15 - 02076672 _____ (Farbar) C:\Users\Kevin\Downloads\FRST64.exe

2014-01-19 11:12 - 2013-08-03 18:13 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-01-19 11:11 - 2014-01-01 05:27 - 01590487 _____ C:\WINDOWS\WindowsUpdate.log

2014-01-19 11:03 - 2013-08-03 20:02 - 00000000 ____D C:\Program Files (x86)\Steam

2014-01-19 11:00 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sru

2014-01-19 10:31 - 2014-01-19 10:31 - 00000000 ____D C:\Users\Kevin\AppData\Local\CrashDumps

2014-01-19 10:26 - 2014-01-17 02:16 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-19 10:05 - 2014-01-19 10:05 - 00002211 _____ C:\Users\Kevin\Desktop\RKreport[0]_D_01192014_100551.txt

2014-01-19 10:05 - 2014-01-19 10:05 - 00002111 _____ C:\Users\Kevin\Desktop\RKreport[0]_S_01192014_100539.txt

2014-01-19 10:05 - 2014-01-19 09:55 - 00000000 ____D C:\Users\Kevin\Desktop\RK_Quarantine

2014-01-19 10:02 - 2014-01-19 10:02 - 00001396 _____ C:\Users\Kevin\Desktop\RKreport[0]_SC_01192014_100233.txt

2014-01-19 10:02 - 2014-01-19 10:02 - 00000742 _____ C:\Users\Kevin\Desktop\RKreport[0]_PR_01192014_100209.txt

2014-01-19 10:02 - 2014-01-19 10:02 - 00000706 _____ C:\Users\Kevin\Desktop\RKreport[0]_DN_01192014_100211.txt

2014-01-19 10:00 - 2014-01-19 10:00 - 00002082 _____ C:\Users\Kevin\Desktop\RKreport[0]_S_01192014_100008.txt

2014-01-19 10:00 - 2014-01-19 10:00 - 00000865 _____ C:\Users\Kevin\Desktop\RKreport[0]_H_01192014_100030.txt

2014-01-19 09:58 - 2013-08-03 18:06 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1508423221-205234423-1967611059-1001

2014-01-19 09:54 - 2014-01-19 09:54 - 04406784 _____ C:\Users\Kevin\Downloads\RogueKillerX64.exe

2014-01-19 09:54 - 2014-01-19 09:54 - 00000000 ____D C:\WINDOWS\ERDNT

2014-01-19 09:53 - 2014-01-19 09:53 - 00000936 _____ C:\Users\Kevin\Desktop\NTREGOPT.lnk

2014-01-19 09:53 - 2014-01-19 09:53 - 00000917 _____ C:\Users\Kevin\Desktop\ERUNT.lnk

2014-01-19 09:53 - 2014-01-19 09:53 - 00000000 ____D C:\Program Files (x86)\ERUNT

2014-01-19 09:52 - 2014-01-19 09:52 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Kevin\Downloads\erunt-setup (1).exe

2014-01-19 09:51 - 2014-01-19 09:49 - 00002198 _____ C:\Users\Kevin\Desktop\Rkill.txt

2014-01-19 09:50 - 2014-01-19 09:50 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Kevin\Downloads\erunt-setup.exe

2014-01-19 09:49 - 2014-01-19 09:49 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Kevin\Downloads\rkill.exe

2014-01-19 09:34 - 2014-01-19 09:34 - 00688992 _____ (Swearware) C:\Users\Kevin\Downloads\dds.com

2014-01-19 09:28 - 2014-01-19 09:28 - 00688992 _____ (Swearware) C:\Users\Kevin\Downloads\dds.scr

2014-01-19 09:18 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness

2014-01-19 08:39 - 2013-11-28 00:10 - 00000000 ____D C:\Users\Kevin\Documents\The Lord of the Rings Online

2014-01-19 08:33 - 2014-01-19 08:33 - 53846085 _____ C:\Users\Kevin\Downloads\JRR_Skins_collection_4_11b.zip

2014-01-19 08:33 - 2014-01-19 08:33 - 07111141 _____ C:\Users\Kevin\Downloads\JRR_addon_Erebor_4_11b.zip

2014-01-19 08:07 - 2014-01-17 02:16 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2014-01-19 08:07 - 2014-01-17 02:16 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-19 08:07 - 2013-10-29 18:00 - 00000000 __RDO C:\Users\Kevin\SkyDrive

2014-01-19 02:38 - 2013-08-03 19:50 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

2014-01-19 00:17 - 2013-08-03 19:46 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\TS3Client

2014-01-18 22:46 - 2014-01-18 22:46 - 00565594 _____ C:\Users\Kevin\Downloads\01-19-2014.zip

2014-01-18 22:35 - 2014-01-18 22:35 - 00003469 _____ C:\Users\Kevin\Downloads\autoadmin.lua

2014-01-18 16:33 - 2014-01-18 14:17 - 00000000 ____D C:\Users\Kevin\Documents\GTA San Andreas User Files

2014-01-18 14:24 - 2013-08-05 14:51 - 00000000 ____D C:\Users\Kevin\Documents\My Trainers

2014-01-18 14:00 - 2014-01-18 14:00 - 00000221 _____ C:\Users\Kevin\Desktop\Grand Theft Auto San Andreas.url

2014-01-18 12:04 - 2013-08-04 00:07 - 00000000 ____D C:\WINDOWS\system32\MRT

2014-01-18 12:01 - 2013-08-03 20:17 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-01-18 01:50 - 2013-08-04 14:43 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Skype

2014-01-17 17:32 - 2013-08-03 18:11 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Mozilla

2014-01-17 17:25 - 2013-12-12 02:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2014-01-17 14:15 - 2013-10-09 01:52 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Bioshock2Steam

2014-01-17 02:21 - 2014-01-17 02:16 - 00003886 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2014-01-17 02:21 - 2014-01-17 02:16 - 00003650 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2014-01-17 02:17 - 2014-01-17 02:16 - 00000000 ____D C:\Users\Kevin\AppData\Local\Google

2014-01-17 02:16 - 2014-01-17 02:16 - 00000000 ____D C:\Program Files (x86)\Google

2014-01-15 04:47 - 2013-08-14 17:48 - 00000000 ____D C:\ProgramData\Adobe

2014-01-15 04:47 - 2013-08-03 18:12 - 00000000 ____D C:\Users\Kevin\AppData\Local\Adobe

2014-01-15 04:47 - 2013-08-03 17:54 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Adobe

2014-01-15 04:46 - 2014-01-11 08:33 - 00000226 _____ C:\Users\Kevin\Desktop\The Lord of the Rings Online.url

2014-01-15 03:52 - 2013-08-03 18:13 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

2014-01-14 16:54 - 2013-08-04 22:56 - 00000000 ____D C:\Users\Kevin\Documents\My Games

2014-01-14 16:53 - 2014-01-14 16:53 - 00000000 ____D C:\WINDOWS\SysWOW64\directx

2014-01-14 16:53 - 2014-01-06 00:18 - 00021006 _____ C:\WINDOWS\DirectX.log

2014-01-14 16:53 - 2013-08-04 10:52 - 00000000 ___HD C:\WINDOWS\msdownld.tmp

2014-01-13 15:39 - 2014-01-13 15:39 - 00000000 ____D C:\Users\Kevin\Documents\The 7th Guest

2014-01-13 14:49 - 2013-08-13 21:59 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\ScummVM

2014-01-13 14:45 - 2014-01-13 14:45 - 00000222 _____ C:\Users\Kevin\Desktop\The 7th Guest.url

2014-01-13 14:22 - 2013-08-03 17:54 - 00000000 ___RD C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-01-13 14:21 - 2013-11-17 16:26 - 00000000 ____D C:\Program Files (x86)\RaidCall

2014-01-13 14:14 - 2013-11-22 23:54 - 00000000 ____D C:\Program Files (x86)\Zenimax Online

2014-01-12 11:20 - 2013-08-25 11:22 - 00000000 ____D C:\Users\Kevin\Documents\Telltale Games

2014-01-12 01:25 - 2014-01-11 23:37 - 00000000 ____D C:\Users\Kevin\Documents\GTA Vice City User Files

2014-01-12 00:19 - 2014-01-12 00:19 - 00000000 ____D C:\Users\Kevin\Documents\Vice_City_PLUS_10_TRAINER-PiZZADOX

2014-01-11 12:51 - 2013-11-28 00:05 - 00000000 ____D C:\Users\Kevin\AppData\Local\Turbine

2014-01-11 09:42 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\Registration

2014-01-11 09:41 - 2013-11-28 00:03 - 00880342 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI

2014-01-10 00:56 - 2014-01-10 00:56 - 00000000 ____D C:\Users\Kevin\Documents\whitelist-1

2014-01-09 22:04 - 2014-01-09 22:04 - 00000000 ____D C:\Users\Kevin\Documents\whitelist

2014-01-09 02:14 - 2014-01-09 02:14 - 00000204 _____ C:\Users\Kevin\Desktop\Don't Starve Mod Tools.url

2014-01-08 19:26 - 2013-08-25 01:02 - 00163328 ___SH C:\Users\Kevin\Downloads\Thumbs.db

2014-01-07 21:34 - 2014-01-01 05:27 - 00000234 _____ C:\WINDOWS\setupact.log

2014-01-07 21:34 - 2013-10-29 17:35 - 00000000 ____D C:\ProgramData\NVIDIA

2014-01-07 21:27 - 2014-01-07 21:27 - 00000000 ____D C:\NVIDIA

2014-01-07 21:23 - 2013-08-03 23:51 - 00000000 ____D C:\Users\Kevin\AppData\Local\NVIDIA

2014-01-07 21:22 - 2014-01-07 21:20 - 00000000 ____D C:\Users\Kevin\AppData\Local\NVIDIA Corporation

2014-01-07 21:21 - 2013-10-29 17:34 - 00000000 ____D C:\ProgramData\NVIDIA Corporation

2014-01-07 21:17 - 2013-10-29 17:34 - 00000000 ____D C:\Program Files\NVIDIA Corporation

2014-01-07 21:17 - 2013-10-29 17:34 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

2014-01-06 17:31 - 2013-08-22 10:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2014-01-06 17:31 - 2013-08-22 10:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2014-01-06 00:20 - 2014-01-06 00:20 - 00000000 ____D C:\Users\Kevin\Documents\Book of Unwritten Tales

2014-01-06 00:19 - 2014-01-06 00:19 - 00466456 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll

2014-01-06 00:19 - 2014-01-06 00:19 - 00444952 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll

2014-01-06 00:19 - 2014-01-06 00:19 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll

2014-01-06 00:19 - 2014-01-06 00:19 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll

2014-01-06 00:19 - 2014-01-06 00:19 - 00000000 ____D C:\Program Files (x86)\OpenAL

2014-01-01 05:27 - 2014-01-01 05:27 - 00000000 _____ C:\WINDOWS\setuperr.log

2014-01-01 03:51 - 2013-09-28 00:53 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk

2014-01-01 03:51 - 2013-09-28 00:53 - 00000000 ____D C:\Program Files\CCleaner

2013-12-30 09:45 - 2013-08-08 23:20 - 00000000 ____D C:\Users\Kevin\AppData\Local\Daedalic Entertainment

2013-12-29 21:53 - 2013-12-29 21:53 - 01577374 _____ C:\Users\Kevin\AppData\Roaming\Fallen Earth_2.57.1.7_2013-12-30-02-53.dmp

2013-12-21 15:02 - 2013-08-14 13:51 - 00000000 ____D C:\Program Files (x86)\Origin

2013-12-20 16:38 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache

 

Some content of TEMP:

====================

C:\Users\Kevin\AppData\Local\Temp\CH.dll

C:\Users\Kevin\AppData\Local\Temp\CH2.dll

C:\Users\Kevin\AppData\Local\Temp\Copy.dll

C:\Users\Kevin\AppData\Local\Temp\ntdll_dump.dll

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-01-11 12:37

 

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Do not see any obvious malware/infection in your logs, run the following:

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced logs in next reply, also tell what issues/concerns remain...

 

Kevin

Link to post
Share on other sites
ShadoGazer

ShadoGazer

Posted
  • Author
Posted
# AdwCleaner v3.017 - Report created 19/01/2014 at 12:09:39

# Updated 12/01/2014 by Xplode

# Operating System : Windows 8.1 Pro with Media Center  (64 bits)

# Username : Kevin - KEVIN-PC

# Running from : C:\Users\Kevin\Downloads\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16384

 

 

-\\ Mozilla Firefox v

 

-\\ Google Chrome v32.0.1700.76

 

[ File : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [1441 octets] - [19/01/2014 12:07:41]

AdwCleaner[R1].txt - [1353 octets] - [19/01/2014 12:09:39]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1413 octets] ##########

 

Not sure of those registry items, also not sure why Firefox is still listed, as I uninstalled it some time ago.  Currently running a Malwarebytes scan, will post results in next reply
Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

FireFox is listed only, no version no. means it is not installed. IE and Chrome give version no. so they are installed.

 

Registry keys are plugins for Skype toolbar, if you do not want or use, then use clean option from AdwCleaner and remove those entries.

 

Post Malwarebytes log when ready, give update on any issues or concerns...

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

But you have Windows 8.1, new OS. Is your PC outdated, is that what you mean. Run a "Clean Boot" state, see if that makes any difference...

 

Go to this link: http://support.microsoft.com/kb/929135 expand "How to perform a clean boot" then expand option for Windows 8.1. Follow those instructions and run a clean boot, does that make any difference?

 
Link to post
Share on other sites
ShadoGazer

ShadoGazer

Posted
  • Author
Posted

Nope, no difference at all.  Seemed almost worse, the way it started up.  I honestly think it's just my PC being old and outdated.  Some of the parts are new, but most of this dinosaur of a PC are I think from 2005 heh.  Defragging won't make much difference, as I just did that the other day, and I'm currently showing only a 1% fragmentation.

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Ok, if clean boot makes no difference follow the instructions from the link given and return to Normal boot mode.

 

Next,

 

You can Delete FRST and any produced logs, also this folder C:\FRST.

 

Next,

 

Uninstall adwcleaner.exe (unless you want to keep it)

  •   Please close all open programs and internet browsers.
  •   Double click on adwcleaner.exe to run the tool.
  •   Click on Uninstall
  • Click Yes at Would you like to Uninstall Adwcleaner

 

Finally,

 

Go to this link: http://windows.microsoft.com/en-gb/windows/delete-files-using-disk-cleanup#delete-files-using-disk-cleanup=windows-8  follow the instructions for some general system maintenance, see if that makes any difference...

 

Let me know if any other issues or concerns....

 

Kevin

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.