Jump to content

Recommended Posts

Hey there. I recently downloaded a free game off the internet and windows defender started warning me about how the application could potentially install unwanted software. The warning it gave was

Category: Software Bundler

Description: This program may install other potentially unwanted software.

Recommended action: Permit this detected item only if you trust the program or the software publisher.

Items:
file:C:\Users\Kodiak\AppData\Local\Temp\qLHEG8is.exe.part
file:C:\Users\Kodiak\Downloads\AS_AVA_downloader.exe

I allowed it thinking it was a false positive. The downloader asked me if I wanted to install this toolbar called MySearchDial, but I declined and went ahead and installed the game anyway. Now after installing the game, I wanted to do a quick scan with defender again so it would remove the file that it thought was malicious, but it would not detect it anymore. After doing some googling, I've found out that MySearchDial was some sort of malicious adware/browser hijacker thing. Now the downloader created a desktop shortcut linking to file:C:\Users\Kodiak\AppData\Local\Temp\ICReinstall_AS_AVA_downloader.exe and everytime I tried to right click it or do anything with it, windows defender warns me about the malicious program but this time the info is different

The following error occurred: Error code 0x80508023. The program could not find the malware and other potentially unwanted software on this computer.

Category: Software Bundler

Description: This program may install other potentially unwanted software.

Recommended action: Permit this detected item only if you trust the program or the software publisher.

Items:
file:C:\Users\Kodiak\AppData\Local\Temp\ICReinstall_AS_AVA_downloader.exe


This would happen everytime i right clicked the shortcut but defender would not be able to remove the file because apparently it is no longer there.

Is this just a false positive? How do I get rid of this thing and the warnings?

 

I would post a DDS log but it just tells me that it could not be run in compatibility mode and just closes. (I'm using Win 8.1 if that matters)

 

Hopefully someone can help me see if my PC is clean, and fix it if it's not. Thanks in advance for your help!

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Link to post
Share on other sites

Thank you for your reply. I have run the FRST scan once and 2 log files were created. I will post the GMER logs shortly

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014 01
Ran by Kodiak (administrator) on KODIAKPC on 12-02-2014 20:27:13
Running from C:\Users\Kodiak\Downloads
Windows 8.1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\CxUtilSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\WINDOWS\SysWOW64\PnkBstrA.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\caudiofilteragent64.exe
(Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio3.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(PC-Doctor, Inc.) C:\Program Files\Dell Support Center\uaclauncher.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [883840 2012-03-29] (Conexant Systems, Inc.)
HKLM\...\Run: [smartAudio] - C:\Program Files\CONEXANT\SA3\SACpl.exe [1647616 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [Nvtmru] - "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [shadowPlay] - C:\WINDOWS\system32\nvspcap64.dll [1179576 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-15] (Logitech Inc.)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM-x32\...\Run: [iMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-20] (Intel Corporation)
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-02] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3911846515-1532461053-2334403900-1002\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [457728 2013-09-30] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-20] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
SearchScopes: HKLM - DefaultScope {7EE4B2DE-7B5D-41AB-8D5B-C2F54A76D482} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM - {7EE4B2DE-7B5D-41AB-8D5B-C2F54A76D482} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - DefaultScope {7EE4B2DE-7B5D-41AB-8D5B-C2F54A76D482} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - {7EE4B2DE-7B5D-41AB-8D5B-C2F54A76D482} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKCU - DefaultScope {7EE4B2DE-7B5D-41AB-8D5B-C2F54A76D482} URL =
SearchScopes: HKCU - {7EE4B2DE-7B5D-41AB-8D5B-C2F54A76D482} URL =
Tcpip\Parameters: [DhcpNameServer] 202.65.242.50 202.65.242.46 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Kodiak\AppData\Roaming\Mozilla\Firefox\Profiles\tqlgh4ij.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2011-10-12] (Conexant Systems, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-20] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-01-10] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-11-26] (SoftThinks SAS)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows ® Win 7 DDK provider)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-31] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-26] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-31] (Logitech Inc.)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-28] (NVIDIA Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-27] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-12 20:27 - 2014-02-12 20:27 - 00011710 _____ () C:\Users\Kodiak\Downloads\FRST.txt
2014-02-12 20:27 - 2014-02-12 20:27 - 00000000 ____D () C:\FRST
2014-02-12 20:25 - 2014-02-12 20:25 - 02151424 _____ (Farbar) C:\Users\Kodiak\Downloads\FRST64.exe
2014-02-12 19:19 - 2014-02-12 19:19 - 00688992 _____ (Swearware) C:\Users\Kodiak\Downloads\dds.scr
2014-02-12 19:18 - 2014-02-12 19:18 - 00000000 ____D () C:\Users\Kodiak\Desktop\malware help
2014-02-12 18:59 - 2014-02-12 19:00 - 00001152 _____ () C:\Users\Kodiak\Desktop\Continue AVA Installation.lnk
2014-02-12 18:36 - 2014-02-12 18:53 - 00001956 _____ () C:\Users\Kodiak\Desktop\A.V.A.lnk
2014-02-12 18:36 - 2014-02-12 18:36 - 00000000 ____D () C:\Users\Kodiak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayFPS
2014-02-12 18:32 - 2014-02-12 18:32 - 00000000 ____D () C:\Program Files\PlayFPS
2014-02-12 18:31 - 2014-02-12 18:31 - 00000000 ____D () C:\Users\Kodiak\AppData\Roaming\WinRAR
2014-02-12 18:31 - 2014-02-12 18:31 - 00000000 ____D () C:\Users\Kodiak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-02-12 18:30 - 2014-02-12 18:31 - 00000000 ____D () C:\Program Files\WinRAR
2014-02-12 18:30 - 2014-02-12 18:30 - 01977432 _____ () C:\Users\Kodiak\Downloads\winrar-x64-501.exe
2014-02-12 17:59 - 2014-02-12 17:59 - 2252393050 _____ () C:\Users\Kodiak\Downloads\A.V.A3.07-2.rar
2014-02-12 16:24 - 2014-02-12 16:24 - 00736312 _____ () C:\Users\Kodiak\Downloads\AS_AVA_downloader.exe
2014-02-12 15:42 - 2014-02-12 15:42 - 00001127 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-12 15:42 - 2014-02-12 15:42 - 00000000 ____D () C:\Users\Kodiak\AppData\Roaming\Malwarebytes
2014-02-12 15:42 - 2014-02-12 15:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-12 15:42 - 2014-02-12 15:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-12 15:42 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-02-12 15:41 - 2014-02-12 15:41 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Kodiak\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-12 00:19 - 2014-02-12 00:19 - 00000220 _____ () C:\Users\Kodiak\Desktop\Killing Floor.url
2014-02-09 22:09 - 2014-02-12 18:26 - 00000000 ____D () C:\Users\Kodiak\AppData\Local\SecondLife
2014-02-09 22:09 - 2014-02-11 17:40 - 00001171 _____ () C:\Users\Public\Desktop\Second Life Viewer.lnk
2014-02-09 22:09 - 2014-02-09 22:24 - 00000000 ____D () C:\Users\Kodiak\AppData\Roaming\SecondLife
2014-02-09 22:08 - 2014-02-09 22:09 - 00000000 ____D () C:\Program Files (x86)\SecondLifeViewer
2014-02-09 22:08 - 2014-02-09 22:08 - 31478056 _____ () C:\Users\Kodiak\Downloads\Second_Life_3_6_13_284995_i686_Setup.exe
2014-02-09 22:02 - 2013-12-20 04:33 - 25257248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2014-02-09 22:02 - 2013-12-20 04:33 - 22960416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2014-02-09 22:02 - 2013-12-20 04:33 - 17560352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2014-02-09 22:02 - 2013-12-20 04:33 - 12645664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2014-02-09 22:02 - 2013-12-20 04:33 - 11605752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2014-02-09 22:02 - 2013-12-20 04:33 - 11554264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2014-02-09 22:02 - 2013-12-20 04:33 - 09700224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2014-02-09 22:02 - 2013-12-20 04:33 - 09657464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2014-02-09 22:02 - 2013-12-20 04:33 - 03132704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2014-02-09 22:02 - 2013-12-20 04:33 - 03125024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvenc.dll
2014-02-09 22:02 - 2013-12-20 04:33 - 02947872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2014-02-09 22:02 - 2013-12-20 04:33 - 02747680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvenc.dll
2014-02-09 22:02 - 2013-12-20 04:33 - 01884448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6433221.dll
2014-02-09 22:02 - 2013-12-20 04:33 - 01511712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6433221.dll
2014-02-09 22:02 - 2013-12-20 04:33 - 00882464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2014-02-09 22:02 - 2013-12-20 04:33 - 00879392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2014-02-09 22:02 - 2013-12-20 04:33 - 00852768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2014-02-09 22:02 - 2013-12-20 04:33 - 00847648 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2014-02-09 22:02 - 2013-12-20 04:33 - 00479520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2014-02-09 22:02 - 2013-12-20 04:33 - 00405280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2014-02-09 22:02 - 2013-12-20 04:33 - 00357152 _____ () C:\WINDOWS\system32\NvIFROpenGL.dll
2014-02-09 22:02 - 2013-12-20 04:33 - 00317472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2014-02-09 22:02 - 2013-12-20 04:33 - 00314656 _____ () C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2014-02-09 22:02 - 2013-12-20 04:33 - 00266984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2014-02-09 22:02 - 2013-11-28 21:38 - 00197408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2014-02-09 22:02 - 2013-11-28 21:38 - 00031520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2014-02-09 22:02 - 2013-11-22 16:36 - 01515296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2014-02-02 15:46 - 2014-02-02 19:47 - 00000000 ____D () C:\Users\Kodiak\Desktop\datcm audio
2014-01-25 13:22 - 2014-01-25 13:22 - 00000000 ____D () C:\Users\Kodiak\AppData\Roaming\RotMG.Production
2014-01-24 15:35 - 2014-01-24 15:35 - 00000000 ____D () C:\Users\Kodiak\Documents\CAPCOM
2014-01-23 20:00 - 2013-12-28 02:42 - 00039200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2014-01-23 20:00 - 2013-12-28 02:42 - 00033056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2014-01-23 16:05 - 2014-01-23 16:05 - 00000222 _____ () C:\Users\Kodiak\Desktop\Resident Evil 6  Biohazard 6.url
2014-01-23 11:56 - 2014-01-23 11:56 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-23 11:55 - 2014-01-23 11:56 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-23 11:55 - 2014-01-23 11:56 - 00000000 ____D () C:\Program Files\iTunes
2014-01-23 11:55 - 2014-01-23 11:55 - 00000000 ____D () C:\Program Files\iPod
2014-01-23 11:55 - 2014-01-23 11:55 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-15 17:48 - 2013-12-09 08:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-15 17:48 - 2013-11-27 23:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-15 17:48 - 2013-11-27 19:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-15 17:48 - 2013-11-27 18:34 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-01-15 17:48 - 2013-11-27 17:54 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-15 17:48 - 2013-11-27 16:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 17:48 - 2013-11-27 16:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-15 17:48 - 2013-11-27 16:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 17:48 - 2013-11-27 16:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-15 17:48 - 2013-11-27 16:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-15 17:48 - 2013-11-27 16:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll

==================== One Month Modified Files and Folders =======

2014-02-12 20:27 - 2014-02-12 20:27 - 00011710 _____ () C:\Users\Kodiak\Downloads\FRST.txt
2014-02-12 20:27 - 2014-02-12 20:27 - 00000000 ____D () C:\FRST
2014-02-12 20:25 - 2014-02-12 20:25 - 02151424 _____ (Farbar) C:\Users\Kodiak\Downloads\FRST64.exe
2014-02-12 20:21 - 2013-06-11 20:23 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-02-12 20:20 - 2013-11-27 03:32 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3911846515-1532461053-2334403900-1002
2014-02-12 20:17 - 2013-11-27 02:50 - 01351462 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-12 20:15 - 2013-11-10 18:12 - 00260996 _____ () C:\Users\Public\CAFADEBUG.log
2014-02-12 20:14 - 2013-11-27 02:51 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-12 20:14 - 2013-08-22 22:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-12 19:19 - 2014-02-12 19:19 - 00688992 _____ (Swearware) C:\Users\Kodiak\Downloads\dds.scr
2014-02-12 19:18 - 2014-02-12 19:18 - 00000000 ____D () C:\Users\Kodiak\Desktop\malware help
2014-02-12 19:00 - 2014-02-12 18:59 - 00001152 _____ () C:\Users\Kodiak\Desktop\Continue AVA Installation.lnk
2014-02-12 19:00 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-12 18:53 - 2014-02-12 18:36 - 00001956 _____ () C:\Users\Kodiak\Desktop\A.V.A.lnk
2014-02-12 18:43 - 2013-11-11 08:17 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-12 18:36 - 2014-02-12 18:36 - 00000000 ____D () C:\Users\Kodiak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayFPS
2014-02-12 18:32 - 2014-02-12 18:32 - 00000000 ____D () C:\Program Files\PlayFPS
2014-02-12 18:31 - 2014-02-12 18:31 - 00000000 ____D () C:\Users\Kodiak\AppData\Roaming\WinRAR
2014-02-12 18:31 - 2014-02-12 18:31 - 00000000 ____D () C:\Users\Kodiak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-02-12 18:31 - 2014-02-12 18:30 - 00000000 ____D () C:\Program Files\WinRAR
2014-02-12 18:30 - 2014-02-12 18:30 - 01977432 _____ () C:\Users\Kodiak\Downloads\winrar-x64-501.exe
2014-02-12 18:26 - 2014-02-09 22:09 - 00000000 ____D () C:\Users\Kodiak\AppData\Local\SecondLife
2014-02-12 17:59 - 2014-02-12 17:59 - 2252393050 _____ () C:\Users\Kodiak\Downloads\A.V.A3.07-2.rar
2014-02-12 17:10 - 2013-12-16 02:52 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-12 16:24 - 2014-02-12 16:24 - 00736312 _____ () C:\Users\Kodiak\Downloads\AS_AVA_downloader.exe
2014-02-12 15:42 - 2014-02-12 15:42 - 00001127 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-12 15:42 - 2014-02-12 15:42 - 00000000 ____D () C:\Users\Kodiak\AppData\Roaming\Malwarebytes
2014-02-12 15:42 - 2014-02-12 15:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-12 15:42 - 2014-02-12 15:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-12 15:41 - 2014-02-12 15:41 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Kodiak\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-12 00:19 - 2014-02-12 00:19 - 00000220 _____ () C:\Users\Kodiak\Desktop\Killing Floor.url
2014-02-12 00:19 - 2013-12-16 04:14 - 00000000 ____D () C:\Users\Kodiak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-02-11 17:40 - 2014-02-09 22:09 - 00001171 _____ () C:\Users\Public\Desktop\Second Life Viewer.lnk
2014-02-11 15:48 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-02-11 00:01 - 2013-11-27 23:05 - 00281032 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2014-02-11 00:01 - 2013-11-27 23:05 - 00281032 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2014-02-09 22:24 - 2014-02-09 22:09 - 00000000 ____D () C:\Users\Kodiak\AppData\Roaming\SecondLife
2014-02-09 22:09 - 2014-02-09 22:08 - 00000000 ____D () C:\Program Files (x86)\SecondLifeViewer
2014-02-09 22:08 - 2014-02-09 22:08 - 31478056 _____ () C:\Users\Kodiak\Downloads\Second_Life_3_6_13_284995_i686_Setup.exe
2014-02-09 22:03 - 2013-11-27 02:50 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-09 22:03 - 2013-08-22 22:46 - 00329877 _____ () C:\WINDOWS\setupact.log
2014-02-09 16:28 - 2013-11-15 23:55 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-02-07 23:41 - 2013-08-22 21:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-05 17:43 - 2013-11-11 08:17 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-02-02 19:47 - 2014-02-02 15:46 - 00000000 ____D () C:\Users\Kodiak\Desktop\datcm audio
2014-01-31 04:47 - 2013-08-22 23:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-31 04:47 - 2013-08-22 23:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-25 20:53 - 2013-11-27 23:05 - 00281032 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2014-01-25 13:22 - 2014-01-25 13:22 - 00000000 ____D () C:\Users\Kodiak\AppData\Roaming\RotMG.Production
2014-01-24 15:35 - 2014-01-24 15:35 - 00000000 ____D () C:\Users\Kodiak\Documents\CAPCOM
2014-01-24 15:34 - 2013-06-11 20:25 - 00344605 _____ () C:\WINDOWS\DirectX.log
2014-01-23 16:05 - 2014-01-23 16:05 - 00000222 _____ () C:\Users\Kodiak\Desktop\Resident Evil 6  Biohazard 6.url
2014-01-23 11:56 - 2014-01-23 11:56 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-23 11:56 - 2014-01-23 11:55 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-23 11:56 - 2014-01-23 11:55 - 00000000 ____D () C:\Program Files\iTunes
2014-01-23 11:55 - 2014-01-23 11:55 - 00000000 ____D () C:\Program Files\iPod
2014-01-23 11:55 - 2014-01-23 11:55 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-23 11:54 - 2013-11-27 02:10 - 00000000 ____D () C:\ProgramData\Apple
2014-01-21 10:53 - 2013-11-16 00:34 - 01179576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2014-01-21 10:53 - 2013-11-16 00:34 - 01048152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2014-01-19 15:38 - 2013-11-10 21:10 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-17 17:31 - 2013-08-22 23:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-01-17 15:22 - 2013-11-10 17:48 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-01-17 15:21 - 2013-11-10 17:48 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Kodiak\AppData\Local\Temp\ICReinstall_AS_AVA_downloader.exe
C:\Users\Kodiak\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Kodiak\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Kodiak\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Kodiak\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Kodiak\AppData\Local\Temp\nvStInst.exe
C:\Users\Kodiak\AppData\Local\Temp\sonarinst.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-28 20:55

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-02-2014 01
Ran by Kodiak at 2014-02-12 20:27:37
Running from C:\Users\Kodiak\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

A.V.A (x32 Version: 3.07 - PlayFPS)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Amnesia: A Machine for Pigs (x32 Version:  - The Chinese Room)
Apple Application Support (x32 Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Audiosurf (x32 Version:  - Dylan Fitterer)
Battlefield 4™ (x32 Version: 1.0.0.1 - Electronic Arts)
Battlelog Web Plugins (x32 Version: 2.3.2 - EA Digital Illusions CE AB)
Beat Hazard (x32 Version:  - Cold Beam Games)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Conexant SmartAudio HD (Version: 8.50.12.0 - Conexant)
Counter-Strike: Global Offensive (x32 Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (x32 Version: 1.0.0.6 - Dell Inc.)
Dell Backup and Recovery (x32 Version: 1.0.0.6 - Dell Inc.)
Dell Digital Delivery (x32 Version: 2.5.1400.0 - Dell Products, LP)
Dell Support Center (Version: 3.2.6032.125 - PC-Doctor, Inc.)
Dell Wireless Driver Installation (x32 Version: 10.0 - Dell)
Dota 2 (x32 Version:  - Valve)
DSC/AA Factory Installer (Version: 3.2.6032.125 - PC-Doctor, Inc.) Hidden
ESN Sonar (x32 Version: 0.70.4 - ESN Social Software AB)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Intel® Control Center (x32 Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (x32 Version: 10.18.10.3316 - Intel Corporation)
Intel® Rapid Storage Technology (x32 Version: 11.6.0.1030 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden
iTunes (Version: 11.1.4.62 - Apple Inc.)
Just Cause 2 (x32 Version:  - Avalanche)
Killing Floor (x32 Version:  - Tripwire Interactive)
L.A. Noire (x32 Version:  - Team Bondi)
Left 4 Dead 2 (x32 Version:  - Valve)
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 5.10 (Version: 5.10.127 - Logitech)
Logitech Gaming Software 8.51 (Version: 8.51.5 - Logitech Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (x32 Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Office (x32 Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Need for Speed: Hot Pursuit (x32 Version:  - Criterion Games)
NVIDIA 3D Vision Controller Driver 332.21 (Version: 332.21 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 332.21 (Version: 332.21 - NVIDIA Corporation)
NVIDIA Control Panel 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.2 (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 332.21 (Version: 332.21 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3221 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (Version: 1.2.20 - NVIDIA Corporation)
Origin (x32 Version: 9.3.10.4710 - Electronic Arts, Inc.)
Papers, Please (x32 Version:  - 3909)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PunkBuster Services (x32 Version: 0.992 - Even Balance, Inc.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Resident Evil 6 / Biohazard 6 (x32 Version:  - Capcom)
Rising Storm/Red Orchestra 2 Multiplayer (x32 Version:  - Tripwire Interactive)
SecondLifeViewer (remove only) (x32 Version:  - )
Shared C Run-time for x64 (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (x32 Version:  - Firaxis Games)
Steam (x32 Version:  - Valve Corporation)
Team Fortress 2 (x32 Version:  - Valve)
TeamSpeak 3 Client (Version: 3.0.13 - TeamSpeak Systems GmbH)
Torchlight II (x32 Version:  - Runic Games)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 5.01 (64-bit) (Version: 5.01.0 - win.rar GmbH)

==================== Restore Points  =========================

23-01-2014 12:01:38 Installed DirectX
28-01-2014 12:55:31 Windows Update
05-02-2014 15:41:23 Windows Update

==================== Hosts content: ==========================

2013-08-22 21:25 - 2013-08-22 21:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {5697EFF0-2567-488D-B8F6-2C12DFD69769} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2013-02-15] (PC-Doctor, Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9BEDD026-27F1-497A-A991-97D85DE59414} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-01-17] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B197C708-D134-470E-BCB4-63D7248B2838} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2013-02-15] (PC-Doctor, Inc.)
Task: {BF26E607-8C67-442B-99AF-41414DFF8D9C} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DDE285D2-306F-4B25-A510-00FF6833BFF4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E92114E1-CBBB-4805-B112-0C84241E81F8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-10-03 23:42 - 2013-10-03 23:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-08-22 15:19 - 2013-08-22 14:54 - 00174592 _____ () C:\WINDOWS\system32\WinMetadata\Windows.UI.winmd
2013-08-22 15:19 - 2013-08-22 14:54 - 00050176 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Data.winmd
2013-08-22 15:19 - 2013-08-22 14:54 - 00030208 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Foundation.winmd
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-27 23:05 - 2014-01-10 23:33 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2013-12-21 06:44 - 2013-12-21 06:44 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-12-09 05:59 - 2013-12-09 05:59 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\51e8ad01f95536e724df502bba0057b6\PSIClient.ni.dll
2013-06-11 20:17 - 2012-07-19 03:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Kodiak\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/12/2014 08:22:20 PM) (Source: Application Error) (User: )
Description: Faulting application name: AVA.exe, version: 1.2.1.3, time stamp: 0x52a830de
Faulting module name: ntdll.dll, version: 6.3.9600.16408, time stamp: 0x523d45fa
Exception code: 0xc0000409
Fault offset: 0x0006f049
Faulting process id: 0xae0
Faulting application start time: 0xAVA.exe0
Faulting application path: AVA.exe1
Faulting module path: AVA.exe2
Report Id: AVA.exe3
Faulting package full name: AVA.exe4
Faulting package-relative application ID: AVA.exe5

Error: (02/12/2014 07:05:23 PM) (Source: Application Error) (User: )
Description: Faulting application name: AVA.exe, version: 1.2.1.3, time stamp: 0x52a830de
Faulting module name: ntdll.dll, version: 6.3.9600.16408, time stamp: 0x523d45fa
Exception code: 0xc0000409
Fault offset: 0x0006f049
Faulting process id: 0x12a8
Faulting application start time: 0xAVA.exe0
Faulting application path: AVA.exe1
Faulting module path: AVA.exe2
Report Id: AVA.exe3
Faulting package full name: AVA.exe4
Faulting package-relative application ID: AVA.exe5

Error: (02/12/2014 06:55:44 PM) (Source: Application Error) (User: )
Description: Faulting application name: AVA.exe, version: 1.2.1.3, time stamp: 0x52a830de
Faulting module name: ntdll.dll, version: 6.3.9600.16408, time stamp: 0x523d45fa
Exception code: 0xc0000409
Fault offset: 0x0006f049
Faulting process id: 0x1498
Faulting application start time: 0xAVA.exe0
Faulting application path: AVA.exe1
Faulting module path: AVA.exe2
Report Id: AVA.exe3
Faulting package full name: AVA.exe4
Faulting package-relative application ID: AVA.exe5

Error: (02/12/2014 06:54:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: AVA.exe, version: 1.2.1.3, time stamp: 0x52a830de
Faulting module name: ntdll.dll, version: 6.3.9600.16408, time stamp: 0x523d45fa
Exception code: 0xc0000409
Fault offset: 0x0006f049
Faulting process id: 0x1a0c
Faulting application start time: 0xAVA.exe0
Faulting application path: AVA.exe1
Faulting module path: AVA.exe2
Report Id: AVA.exe3
Faulting package full name: AVA.exe4
Faulting package-relative application ID: AVA.exe5

Error: (02/12/2014 06:53:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: AVA.exe, version: 1.2.1.3, time stamp: 0x52a830de
Faulting module name: ntdll.dll, version: 6.3.9600.16408, time stamp: 0x523d45fa
Exception code: 0xc0000409
Fault offset: 0x0006f049
Faulting process id: 0x1b80
Faulting application start time: 0xAVA.exe0
Faulting application path: AVA.exe1
Faulting module path: AVA.exe2
Report Id: AVA.exe3
Faulting package full name: AVA.exe4
Faulting package-relative application ID: AVA.exe5

Error: (02/12/2014 06:52:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: AVA.exe, version: 1.2.1.3, time stamp: 0x52a830de
Faulting module name: ntdll.dll, version: 6.3.9600.16408, time stamp: 0x523d45fa
Exception code: 0xc0000409
Fault offset: 0x0006f049
Faulting process id: 0x1278
Faulting application start time: 0xAVA.exe0
Faulting application path: AVA.exe1
Faulting module path: AVA.exe2
Report Id: AVA.exe3
Faulting package full name: AVA.exe4
Faulting package-relative application ID: AVA.exe5

Error: (02/12/2014 05:03:55 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (02/12/2014 04:01:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 26.0.0.5087, time stamp: 0x52a0d273
Faulting module name: xul.dll, version: 26.0.0.5087, time stamp: 0x52a0d20a
Exception code: 0xc0000005
Fault offset: 0x0014e1a8
Faulting process id: 0xbc0
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3
Faulting package full name: firefox.exe4
Faulting package-relative application ID: firefox.exe5

Error: (02/12/2014 04:21:14 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (02/12/2014 00:02:19 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall


System errors:
=============
Error: (02/12/2014 08:17:36 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/12/2014 02:57:28 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/11/2014 11:55:42 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/11/2014 08:30:24 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/11/2014 03:43:57 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/10/2014 11:41:32 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/10/2014 08:01:07 PM) (Source: DCOM) (User: KodiakPC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/10/2014 08:00:37 PM) (Source: DCOM) (User: KodiakPC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/10/2014 07:47:50 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (02/09/2014 08:12:49 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable


Microsoft Office Sessions:
=========================
Error: (02/12/2014 08:22:20 PM) (Source: Application Error)(User: )
Description: AVA.exe1.2.1.352a830dentdll.dll6.3.9600.16408523d45fac00004090006f049ae001cf27ed0ce2ea5aC:\Program Files\PlayFPS\A.V.A\Binaries\AVA.exeC:\WINDOWS\SYSTEM32\ntdll.dll51459193-93e0-11e3-bfe6-a41f727224a7

Error: (02/12/2014 07:05:23 PM) (Source: Application Error)(User: )
Description: AVA.exe1.2.1.352a830dentdll.dll6.3.9600.16408523d45fac00004090006f04912a801cf27e25231bb6dC:\Program Files\PlayFPS\A.V.A\Binaries\AVA.exeC:\WINDOWS\SYSTEM32\ntdll.dll90f97b3f-93d5-11e3-bfe4-a41f727224a7

Error: (02/12/2014 06:55:44 PM) (Source: Application Error)(User: )
Description: AVA.exe1.2.1.352a830dentdll.dll6.3.9600.16408523d45fac00004090006f049149801cf27e0f99b4670C:\Program Files\PlayFPS\A.V.A\Binaries\AVA.exeC:\WINDOWS\SYSTEM32\ntdll.dll384b0649-93d4-11e3-bfe4-a41f727224a7

Error: (02/12/2014 06:54:25 PM) (Source: Application Error)(User: )
Description: AVA.exe1.2.1.352a830dentdll.dll6.3.9600.16408523d45fac00004090006f0491a0c01cf27e0ca600fc6C:\Program Files\PlayFPS\A.V.A\Binaries\AVA.exeC:\WINDOWS\SYSTEM32\ntdll.dll09085eda-93d4-11e3-bfe4-a41f727224a7

Error: (02/12/2014 06:53:25 PM) (Source: Application Error)(User: )
Description: AVA.exe1.2.1.352a830dentdll.dll6.3.9600.16408523d45fac00004090006f0491b8001cf27e0a6cbe2b3C:\Program Files\PlayFPS\A.V.A\Binaries\AVA.exeC:\WINDOWS\SYSTEM32\ntdll.dlle57f7873-93d3-11e3-bfe4-a41f727224a7

Error: (02/12/2014 06:52:06 PM) (Source: Application Error)(User: )
Description: AVA.exe1.2.1.352a830dentdll.dll6.3.9600.16408523d45fac00004090006f049127801cf27e07632c3f0C:\Program Files\PlayFPS\A.V.A\Binaries\AVA.exeC:\WINDOWS\SYSTEM32\ntdll.dllb66e3f68-93d3-11e3-bfe4-a41f727224a7

Error: (02/12/2014 05:03:55 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (02/12/2014 04:01:00 PM) (Source: Application Error)(User: )
Description: firefox.exe26.0.0.508752a0d273xul.dll26.0.0.508752a0d20ac00000050014e1a8bc001cf27befd675467C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dllcf6a1cdf-93bb-11e3-bfe4-a41f727224a7

Error: (02/12/2014 04:21:14 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (02/12/2014 00:02:19 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall


==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 3967.53 MB
Available physical RAM: 2381.45 MB
Total Pagefile: 5823.53 MB
Available Pagefile: 3960.97 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:921.04 GB) (Free:712.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 74C2BC40)

Partition: GPT Partition Type
==================== End Of Log ============================
 

Link to post
Share on other sites

While scanning, 2 error messages popped up. One was C:\WINDOWS\system32\config\system: The process cannot acccess the file because it is being used by another process and the other was something about  C:\users\kodiak\ntuser.dat


GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-02-12 20:39:18
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002f WDC_WD10EZEX-75ZF5A0 rev.80.00A80 931.51GB
Running: 72w82eip.exe; Driver: C:\Users\Kodiak\AppData\Local\Temp\uflcqpod.sys


---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [584:616]  fffff960009af4d0

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                    unknown MBR code

---- EOF - GMER 2.1 ----
 

Link to post
Share on other sites

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.


Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

Link to post
Share on other sites

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-02-12 20:56:55
-----------------------------
20:56:55.983    OS Version: Windows x64 6.2.9200
20:56:55.983    Number of processors: 4 586 0x3A09
20:56:55.984    ComputerName: KODIAKPC  UserName: Kodiak
20:56:56.010    Initialze error 1
20:58:49.408    AVAST engine defs: 14021200
20:58:57.632    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002f
20:58:57.633    Disk 0 Vendor: WDC_WD10EZEX-75ZF5A0 80.00A80 Size: 953869MB BusType: 11
20:58:57.655    Disk 0 MBR read successfully
20:58:57.657    Disk 0 MBR scan
20:58:57.661    Disk 0 unknown MBR code
20:58:57.671    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
20:58:57.676    Disk 0 scanning C:\WINDOWS\system32\drivers
20:58:57.678    Service scanning
20:58:58.189    Modules scanning
20:58:58.191    Disk 0 trace - called modules:
20:58:58.194    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
20:58:58.197    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe0000274d670]
20:58:58.199    3 CLASSPNP.SYS[fffff80000c01abb] -> nt!IofCallDriver -> [0xffffe00000ff8230]
20:58:58.202    5 ACPI.sys[fffff800003335f1] -> nt!IofCallDriver -> \Device\0000002f[0xffffe000001817f0]
20:58:58.205    AVAST engine scan C:\WINDOWS
20:58:58.208    AVAST engine scan C:\WINDOWS\system32
20:58:58.211    AVAST engine scan C:\WINDOWS\system32\drivers
20:58:58.214    AVAST engine scan C:\Users\Kodiak
20:58:58.217    AVAST engine scan C:\ProgramData
20:58:58.220    Scan finished successfully
20:59:19.849    Disk 0 MBR has been saved successfully to "C:\Users\Kodiak\Desktop\MBR.dat"
20:59:19.853    The log file has been saved successfully to "C:\Users\Kodiak\Desktop\aswMBR.txt"




Also I'd like to add the alert does not show up anymore when i right click the shortcut after restarting my pc an hour ago

Link to post
Share on other sites

Looks good!

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

I have turned on windows defender after the scan completed.

C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe    a variant of Win32/HiddenStart.A potentially unsafe application
C:\Users\Kodiak\AppData\Local\Temp\ICReinstall_AS_AVA_downloader.exe    a variant of Win32/InstallCore.BY potentially unwanted application
C:\Users\Kodiak\Downloads\AS_AVA_downloader.exe    a variant of Win32/InstallCore.BY potentially unwanted application


The last 2 files were the files that defender was bugging my about. Maybe because the downloader had an option to install the MySearchDial application?

I'm pretty sure the first file is safe, as I had this in the past. It came back because I did a factory reset on my PC. https://forums.malwarebytes.org/index.php?showtopic=130664&p=713581

Shall I delete these files? Even the first one(dell)?

Link to post
Share on other sites

The first file ist definitly safe, it is simply starting in the background and therefore listed as potentially unsafe.

The other files contain additional software which has nothing to do with the software the installer shall install - toolbars, for example. I would delete them.

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.