Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 DCOM Error


  • This topic is locked This topic is locked
13 replies to this topic

#1 Clank10

Clank10

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:41 PM

Posted 08 January 2014 - 08:09 PM

Keep getting this DCOM error. Its really annoying and apparantly I have that rpcss.dll infection thing. Here are some logs

 

 DDS thing: 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7600.16385  BrowserJavaVersion: 10.45.2
Run by Eric at 19:53:41 on 2014-01-08
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.8123.5365 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ASRock\XFast LAN\spd.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
C:\Program Files (x86)\XFastUSB\XFastUsb.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\msdtc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\Notepad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [ASRock A-Tuning] <no file>
mRun: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ISCTSY~1.LNK - C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{0BC92629-AB96-4587-803E-1941E46922E9} : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AsrRamDisk;AsrRamDisk;C:\Windows\System32\drivers\AsrRamDisk.sys [2013-12-16 34640]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-4-30 677360]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-4-30 28656]
R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2013-12-16 17192]
R1 FNETURPX;FNETURPX;C:\Windows\System32\drivers\FNETURPX.SYS [2013-12-16 16648]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-4-30 15344]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-2-23 183048]
R2 ISCTAgent;Intel® Smart Connect Technology Agent;C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2013-3-14 182248]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-2 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-2 701512]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-16 15125280]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE [2013-12-16 239176]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-11-23 414496]
R3 e1dexpress;Intel® PRO/1000 PCI Express Network Connection Driver D;C:\Windows\System32\drivers\e1d62x64.sys [2013-12-16 496400]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2013-3-14 21048]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2013-3-14 21048]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-3-14 46568]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-1-2 25928]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-12-16 39200]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\drivers\WPRO_41_2001.sys [2013-12-16 34752]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AsrDrv101;AsrDrv101;C:\Windows\SysWOW64\drivers\AsrDrv101.sys [2013-12-24 22280]
S3 FNETTBOH_305;FNETTBOH_305;C:\Windows\System32\drivers\FNETTBOH_305.SYS [2013-12-20 32320]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-12-16 171072]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
.
=============== Created Last 30 ================
.
2014-01-09 00:29:36 -------- d-----w- C:\Users\Eric\AppData\Local\CrashDumps
2014-01-09 00:05:23 94656 ----a-w- C:\Windows\System32\WPRO_41_2001woem.tmp
2014-01-02 21:00:24 -------- d-----w- C:\Users\Eric\AppData\Roaming\Malwarebytes
2014-01-02 21:00:14 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-02 21:00:14 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-02 21:00:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-02 20:58:48 -------- d-----w- C:\ProgramData\HitmanPro
2014-01-02 01:50:17 -------- d-----w- C:\Program Files (x86)\Steam
2014-01-02 01:37:31 -------- d-----w- C:\Users\Eric\AppData\Local\Diagnostics
2013-12-30 20:51:29 -------- d-----w- C:\ProgramData\NexonUS
2013-12-30 20:51:29 -------- d-----w- C:\ProgramData\Nexon
2013-12-30 18:11:41 -------- d-----w- C:\Program Files (x86)\WinSCP
2013-12-27 04:15:52 -------- d-----w- C:\Windows\System32\appmgmt
2013-12-24 17:00:12 22280 ----a-w- C:\Windows\SysWow64\drivers\AsrDrv101.sys
2013-12-22 21:03:02 -------- d-----w- C:\Users\Eric\AppData\Local\Apple Computer
2013-12-22 21:02:57 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-12-22 21:02:49 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-22 21:02:49 -------- d-----w- C:\Program Files\iTunes
2013-12-22 21:02:49 -------- d-----w- C:\Program Files\iPod
2013-12-22 21:02:49 -------- d-----w- C:\Program Files (x86)\iTunes
2013-12-22 21:02:25 -------- d-----w- C:\Users\Eric\AppData\Local\Apple
2013-12-22 21:01:52 -------- d-----w- C:\Program Files\Bonjour
2013-12-22 21:01:52 -------- d-----w- C:\Program Files (x86)\Bonjour
2013-12-21 15:22:18 -------- d-----w- C:\Users\Eric\AppData\Roaming\Technology Lighthouse
2013-12-21 15:21:57 -------- d-----w- C:\Users\Eric\AppData\Local\Programs
2013-12-20 21:44:23 32320 ----a-w- C:\Windows\System32\drivers\FNETTBOH_305.SYS
2013-12-18 20:17:15 -------- d-----w- C:\Users\Eric\.ultimatescape
2013-12-17 20:15:03 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2B95EC7D-B1E6-4684-8065-2DAD35C12428}\mpengine.dll
2013-12-17 20:14:14 -------- d-----w- C:\ProgramData\AVAST Software
2013-12-17 20:13:02 -------- d-----w- C:\Users\Eric\AppData\Roaming\uTorrent
2013-12-17 20:05:42 -------- d-----w- C:\Users\Eric\AppData\Roaming\NVIDIA
2013-12-17 20:04:55 -------- d-----w- C:\.jagex_cache_32
2013-12-17 20:04:34 -------- d-----w- C:\Users\Eric\jagexcache
2013-12-17 20:03:27 -------- d-----w- C:\ProgramData\Oracle
2013-12-17 20:00:23 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-17 19:58:38 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2013-12-17 15:41:58 -------- d-----w- C:\Windows\Panther
2013-12-17 03:12:39 544568 ----a-r- C:\Windows\System32\PROUnstl.exe
2013-12-17 03:12:01 73032 ----a-w- C:\Windows\System32\e1dmsg.dll
2013-12-17 03:12:01 496400 ----a-w- C:\Windows\System32\drivers\e1d62x64.sys
2013-12-17 03:12:01 36472 ----a-w- C:\Windows\System32\NicCo36.dll
2013-12-17 03:12:00 101224 ----a-w- C:\Windows\System32\NicInstD.dll
2013-12-17 03:06:46 34752 ----a-w- C:\Windows\System32\drivers\WPRO_41_2001.sys
2013-12-17 03:04:31 1632128 ----a-w- C:\Windows\System32\drivers\cfosspeed6.sys
2013-12-17 03:04:31 -------- d-----w- C:\Users\Eric\AppData\Local\cFos
2013-12-17 03:04:31 -------- d-----w- C:\Program Files\ASRock
2013-12-17 03:04:22 -------- d-----w- C:\ProgramData\cFos
2013-12-17 03:04:19 16648 ----a-w- C:\Windows\System32\drivers\FNETURPX.SYS
2013-12-17 03:04:19 -------- d-----w- C:\ProgramData\FNET
2013-12-17 03:04:17 -------- d-----w- C:\Program Files (x86)\XFastUSB
2013-12-17 03:04:09 34640 ----a-w- C:\Windows\System32\drivers\AsrRamDisk.sys
2013-12-17 03:04:06 -------- d-----w- C:\Windows\ASRock
2013-12-17 03:04:04 -------- d-----w- C:\Program Files (x86)\ASRock Utility
2013-12-17 03:03:49 -------- d-----w- C:\Users\Eric\AppData\Local\Google
2013-12-17 03:03:36 17192 ----a-w- C:\Windows\System32\drivers\AsrAppCharger.sys
2013-12-17 03:03:34 -------- d-----w- C:\Program Files\ASRock Utility
2013-12-17 03:03:25 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2013-12-17 03:00:00 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2013-12-17 02:59:54 64624 ----a-w- C:\Windows\System32\drivers\HECIx64.sys
2013-12-17 02:57:57 -------- d-----w- C:\Users\Eric\AppData\Roaming\Intel Corporation
2013-12-17 02:57:21 -------- d-sh--w- C:\Windows\Installer
2013-12-17 02:57:20 -------- d-----w- C:\Users\Eric\Intel
2013-12-17 02:57:06 -------- d-----w- C:\Windows\System32\SRSLabs
2013-12-17 02:57:05 -------- d-----w- C:\Windows\SysWow64\RTCOM
2013-12-17 02:57:05 -------- d-----w- C:\Program Files\Realtek
2013-12-17 02:54:40 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2013-12-17 02:54:37 -------- d-----w- C:\Intel
2013-12-17 02:48:55 -------- d-----w- C:\Users\Eric\AppData\Local\VirtualStore
2013-12-17 00:24:10 955168 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2013-12-17 00:24:10 1064224 ----a-w- C:\Windows\System32\nvspcap64.dll
2013-12-17 00:22:51 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-12-17 00:22:51 6674208 ----a-w- C:\Windows\System32\nvcpl.dll
2013-12-17 00:22:51 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-12-17 00:22:51 3498475 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-12-17 00:22:51 3490080 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-12-17 00:22:51 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-12-17 00:22:45 61216 ----a-w- C:\Windows\System32\OpenCL.dll
2013-12-17 00:22:45 53024 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-12-17 00:22:39 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-12-17 00:22:35 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2013-12-17 00:17:59 -------- d-----w- C:\Program Files\NVIDIA Corporation
2013-12-17 00:17:42 -------- d-----w- C:\NVIDIA
2013-12-17 00:16:54 -------- d-----r- C:\Program Files (x86)\Skype
.
==================== Find3M  ====================
.
2013-11-23 20:18:38 590112 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
============= FINISH: 19:53:51.82 ===============
 
I attatched the file that said attatch below.
 
 
 
Now i did the systemlook too as thats what i've seen to do in previous threads i read and this is it:
 
SystemLook 30.07.11 by jpshortstuff
Log created at 19:58 on 08/01/2014 by Eric
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.
 
========== filefind ==========
 
Searching for "rpcss.dll"
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll --a---- 509440 bytes [00:00 14/07/2009] [01:41 14/07/2009] 7266972E86890E2B30C0C322E906B027
 
-= EOF =-
 
Now i have the blitzblank program too, but I heard I can really mess it up so i don't know what to do with it so i'm going to wait for some help so i don't mess anything up! All help is appreciated, thanks :)
 

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:41 AM

Posted 11 January 2014 - 05:58 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Regards,

Georgi


cXfZ4wS.png


#3 Clank10

Clank10
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:41 PM

Posted 11 January 2014 - 12:09 PM

Alright here is the Frst.txt document:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2014 05
Ran by Eric (administrator) on ERICSPC on 11-01-2014 12:07:31
Running from C:\Users\Eric\Downloads
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-28] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [XFast LAN] - C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [1441152 2011-10-19] (cFos Software GmbH)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1064224 2013-11-08] (NVIDIA Corporation)
HKLM-x32\...\Run: [XFastUSB] - C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5021448 2013-12-16] (FNet Co., Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKCU\...\Run: [ASRock A-Tuning] - [x]
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
MountPoints2: {cb6996c7-6731-11e3-92b3-806e6f6e6963} - D:\ASRSetup.exe
 
==================== Internet (Whitelisted) ====================
 
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Extension: (YouTube) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1 [2013-12-22]
CHR Extension: (Adblock Plus) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_0 [2013-12-21]
CHR Extension: (Google Search) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1 [2013-12-22]
CHR Extension: (AdBlock) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0 [2013-12-22]
CHR Extension: (Google Wallet) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-22]
CHR Extension: (Gmail) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 [2013-12-22]
 
==================== Services (Whitelisted) =================
 
R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-10-19] (cFos Software GmbH)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [182248 2013-03-14] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-08] (NVIDIA Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-02-19] (Realtek Semiconductor)
 
==================== Drivers (Whitelisted) ====================
 
S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2013-12-24] (ASRock Incorporation)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [34640 2012-08-09] (ASRock Inc.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-26] (Intel Corporation)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-12-20] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2013-12-16] (FNet Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21048 2013-03-14] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21048 2013-03-14] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-03-14] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-27] (NVIDIA Corporation)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-01-11] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-11 12:07 - 2014-01-11 12:07 - 00009321 _____ C:\Users\Eric\Downloads\FRST.txt
2014-01-11 12:07 - 2014-01-11 12:07 - 00000000 ____D C:\FRST
2014-01-11 12:06 - 2014-01-11 12:07 - 02076672 _____ (Farbar) C:\Users\Eric\Downloads\FRST64.exe
2014-01-11 12:06 - 2014-01-11 12:06 - 01220096 _____ (Farbar) C:\Users\Eric\Downloads\FRST.exe
2014-01-11 11:32 - 2014-01-11 11:32 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-01-08 20:07 - 2014-01-08 20:07 - 00000000 ____D C:\Users\Eric\AppData\Local\Adobe
2014-01-08 19:59 - 2014-01-08 19:59 - 01153912 _____ (Emsi Software GmbH) C:\Users\Eric\Desktop\BlitzBlank.exe
2014-01-08 19:58 - 2014-01-08 19:58 - 00139264 _____ C:\Users\Eric\Downloads\SystemLook.exe
2014-01-08 19:58 - 2014-01-08 19:58 - 00000988 _____ C:\Users\Eric\Downloads\SystemLook.txt
2014-01-08 19:53 - 2014-01-08 19:53 - 00688992 ____R (Swearware) C:\Users\Eric\Downloads\dds.com
2014-01-08 19:53 - 2014-01-08 19:53 - 00015257 _____ C:\Users\Eric\Desktop\dds.txt
2014-01-08 19:53 - 2014-01-08 19:53 - 00006323 _____ C:\Users\Eric\Desktop\attach.txt
2014-01-08 19:50 - 2014-01-08 19:50 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Eric\Downloads\rkill.exe
2014-01-08 19:50 - 2014-01-08 19:50 - 00002598 _____ C:\Users\Eric\Desktop\Rkill.txt
2014-01-08 19:29 - 2014-01-08 19:29 - 00000000 ____D C:\Users\Eric\AppData\Local\CrashDumps
2014-01-05 15:51 - 2014-01-05 15:51 - 00155136 _____ C:\Users\Eric\Downloads\Sensation Review Quiz 1.ppt
2014-01-03 12:20 - 2014-01-03 12:20 - 00000000 ____S C:\Windows\system32\gaei.qwo
2014-01-02 16:00 - 2014-01-02 16:00 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-02 16:00 - 2014-01-02 16:00 - 00000000 ____D C:\Users\Eric\AppData\Roaming\Malwarebytes
2014-01-02 16:00 - 2014-01-02 16:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-02 16:00 - 2014-01-02 16:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-02 16:00 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-02 15:59 - 2014-01-02 15:59 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Eric\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-02 15:59 - 2014-01-02 15:59 - 10264904 _____ (SurfRight B.V.) C:\Users\Eric\Downloads\HitmanPro_x64.exe
2014-01-02 15:58 - 2014-01-02 15:58 - 09096848 _____ (SurfRight B.V.) C:\Users\Eric\Downloads\HitmanPro36.exe
2014-01-02 15:58 - 2014-01-02 15:58 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-02 11:55 - 2014-01-02 11:55 - 00185800 _____ (Лаборатория Касперского) C:\Users\Eric\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5203.exe
2014-01-01 21:22 - 2014-01-01 21:22 - 00000222 _____ C:\Users\Eric\Desktop\Vindictus.url
2014-01-01 20:50 - 2014-01-06 22:32 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-01 20:50 - 2014-01-01 20:50 - 01133552 _____ C:\Users\Eric\Downloads\SteamSetup (1).exe
2014-01-01 20:50 - 2014-01-01 20:50 - 00000967 _____ C:\Users\Public\Desktop\Steam.lnk
2014-01-01 14:05 - 2014-01-01 14:06 - 13089032 _____ (IObit                                                       ) C:\Users\Eric\Downloads\driverbooster-cnet-setup.exe
2014-01-01 13:48 - 2014-01-01 13:48 - 00000000 ____S C:\Windows\system32\tdxss.fzb
2014-01-01 00:20 - 2014-01-01 00:20 - 01768110 _____ C:\Users\Eric\Downloads\IntelBurnTest.zip
2014-01-01 00:15 - 2014-01-01 00:15 - 00330853 _____ C:\Users\Eric\Downloads\RealTemp_370.zip
2013-12-31 21:25 - 2013-12-31 23:35 - 00000000 _____ C:\dfu.log
2013-12-31 16:23 - 2013-12-31 16:23 - 00037376 _____ C:\Windows\system32\fieobs.ukj
2013-12-31 16:13 - 2014-01-11 11:32 - 00000083 _____ C:\Windows\system32\uxtl.fxm
2013-12-31 16:13 - 2013-12-31 16:23 - 00000101 _____ C:\Windows\system32\zfryan.alt
2013-12-31 16:13 - 2013-12-31 16:13 - 00000064 _____ C:\Windows\system32\xvkqdaj.ftj
2013-12-31 15:57 - 2013-12-31 15:57 - 00219314 ____S C:\Windows\system32\uacosl.azl
2013-12-30 15:51 - 2013-12-30 15:51 - 00000000 ____D C:\ProgramData\NexonUS
2013-12-30 15:51 - 2013-12-30 15:51 - 00000000 ____D C:\ProgramData\Nexon
2013-12-30 15:50 - 2013-12-30 16:33 - 00000000 ____D C:\Users\Eric\Documents\Vindictus
2013-12-30 15:20 - 2013-12-30 15:20 - 00000600 _____ C:\Users\Eric\AppData\Roaming\winscp.rnd
2013-12-30 13:48 - 2013-12-30 13:49 - 04981147 _____ C:\Users\Eric\Downloads\0907 - Pokemon Ruby (U)(Mugs).zip
2013-12-30 13:22 - 2013-12-30 13:22 - 00627832 _____ C:\Users\Eric\Downloads\CR_Downloader_for_pokemon-black.exe
2013-12-30 13:11 - 2013-12-30 13:11 - 00000983 _____ C:\Users\Public\Desktop\WinSCP.lnk
2013-12-30 13:11 - 2013-12-30 13:11 - 00000000 ____D C:\Program Files (x86)\WinSCP
2013-12-30 13:10 - 2013-12-30 13:11 - 05132128 _____ (Martin Prikryl                                              ) C:\Users\Eric\Downloads\winscp550setup.exe
2013-12-26 23:15 - 2013-12-26 23:15 - 00000000 ____D C:\Windows\system32\appmgmt
2013-12-24 12:00 - 2013-12-24 12:00 - 00022280 _____ (ASRock Incorporation) C:\Windows\SysWOW64\Drivers\AsrDrv101.sys
2013-12-22 18:00 - 2013-12-22 18:00 - 00819176 _____ (Google Inc.) C:\Users\Eric\Downloads\ChromeSetup.exe
2013-12-22 16:28 - 2013-12-22 16:29 - 31222685 _____ C:\Users\Eric\Downloads\evasi0n7-win-1.0.0-5fbc5de0c23654546ad78bd75a703a5724e15d39.zip
2013-12-22 16:03 - 2013-12-22 16:03 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-22 16:03 - 2013-12-22 16:03 - 00000000 ____D C:\Users\Eric\AppData\Roaming\Apple Computer
2013-12-22 16:03 - 2013-12-22 16:03 - 00000000 ____D C:\Users\Eric\AppData\Local\Apple Computer
2013-12-22 16:02 - 2013-12-22 16:02 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2013-12-22 16:02 - 2013-12-22 16:02 - 00000000 ____D C:\Users\Eric\AppData\Local\Apple
2013-12-22 16:02 - 2013-12-22 16:02 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-22 16:02 - 2013-12-22 16:02 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-22 16:02 - 2013-12-22 16:02 - 00000000 ____D C:\Program Files\iTunes
2013-12-22 16:02 - 2013-12-22 16:02 - 00000000 ____D C:\Program Files\iPod
2013-12-22 16:02 - 2013-12-22 16:02 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-22 16:02 - 2013-12-22 16:02 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-22 16:02 - 2013-12-22 16:02 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-12-22 16:02 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-12-22 16:01 - 2013-12-22 16:02 - 00000000 ____D C:\ProgramData\Apple
2013-12-22 16:01 - 2013-12-22 16:01 - 00000000 ____D C:\Program Files\Bonjour
2013-12-22 16:01 - 2013-12-22 16:01 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-12-22 16:00 - 2013-12-22 16:01 - 100400976 _____ (Apple Inc.) C:\Users\Eric\Downloads\iTunes64Setup.exe
2013-12-22 15:57 - 2013-12-22 15:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-12-21 10:33 - 2013-12-21 10:33 - 00401752 _____ (Softonic                                        ) C:\Users\Eric\Downloads\SoftonicDownloader_for_axife-mouse-recorder.exe
2013-12-21 10:22 - 2013-12-21 10:33 - 00000000 ____D C:\Users\Eric\AppData\Roaming\Technology Lighthouse
2013-12-21 10:22 - 2013-12-21 10:22 - 00000000 _____ C:\Users\Eric\AppData\Roaming\ADF8F0174DAB4265999B9336FFF72A2D.dat
2013-12-21 10:19 - 2013-12-21 10:19 - 07576672 _____ (Technology Lighthouse                                       ) C:\Users\Eric\Downloads\ptfbsetup.exe
2013-12-20 17:05 - 2013-12-20 17:05 - 01977432 _____ C:\Users\Eric\Downloads\winrar-x64-501.exe
2013-12-20 17:05 - 2013-12-20 17:05 - 00000000 ____D C:\Users\Eric\AppData\Roaming\WinRAR
2013-12-20 17:05 - 2013-12-20 17:05 - 00000000 ____D C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-12-20 17:05 - 2013-12-20 17:05 - 00000000 ____D C:\Program Files\WinRAR
2013-12-20 17:05 - 2009-01-27 00:57 - 00000000 ____D C:\Users\Eric\Desktop\Syobon Action 2
2013-12-20 17:04 - 2013-12-20 17:04 - 02787330 _____ C:\Users\Eric\Downloads\Syobon_Action_2.rar
2013-12-20 16:44 - 2013-12-20 16:44 - 00032320 _____ (FNet Co., Ltd.) C:\Windows\system32\Drivers\FNETTBOH_305.SYS
2013-12-18 22:31 - 2013-12-18 22:32 - 00061440 _____ (Gary's Hood) C:\Users\Eric\Desktop\rsclient.exe
2013-12-18 19:27 - 2013-12-18 19:27 - 00010342 _____ C:\Users\Eric\Desktop\US2Launcher.jar
2013-12-18 15:18 - 2013-12-18 15:18 - 00000014 _____ C:\Users\Eric\uid.dat
2013-12-18 15:17 - 2014-01-08 21:06 - 00000000 ____D C:\Users\Eric\.ultimatescape
2013-12-18 14:55 - 2013-12-18 14:55 - 00000043 _____ C:\Users\Eric\jagex_cl_oldschool_LIVE.dat
2013-12-17 15:20 - 2013-12-17 15:20 - 00000000 ____D C:\Users\Eric\Downloads\Tomb.Raider-SKIDROW
2013-12-17 15:18 - 2013-12-17 15:18 - 00374882 _____ (Disc Soft Ltd) C:\Users\Eric\Downloads\Unconfirmed 3265.crdownload
2013-12-17 15:14 - 2013-12-18 14:50 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-17 15:14 - 2013-12-17 15:14 - 00000812 _____ C:\Users\Eric\Desktop\µTorrent.lnk
2013-12-17 15:14 - 2013-12-17 15:14 - 00000792 _____ C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-12-17 15:13 - 2013-12-17 15:36 - 00000000 ____D C:\Users\Eric\AppData\Roaming\uTorrent
2013-12-17 15:10 - 2013-12-17 15:11 - 91412976 _____ (AVAST Software) C:\Users\Eric\Downloads\avast_free_antivirus_setup.exe
2013-12-17 15:10 - 2013-12-17 15:11 - 01340496 _____ (BitTorrent Inc.) C:\Users\Eric\Downloads\utorrent.exe
2013-12-17 15:05 - 2013-12-31 21:25 - 00000000 ____D C:\Users\Eric\AppData\Roaming\NVIDIA
2013-12-17 15:04 - 2013-12-26 23:15 - 00000000 ____D C:\Users\Eric\jagexcache
2013-12-17 15:04 - 2013-12-18 15:15 - 00000024 _____ C:\Users\Eric\random.dat
2013-12-17 15:04 - 2013-12-17 15:06 - 00000024 _____ C:\Users\Eric\jagexappletviewer.preferences
2013-12-17 15:04 - 2013-12-17 15:04 - 00000043 _____ C:\Users\Eric\jagex_cl_runescape_LIVE.dat
2013-12-17 15:04 - 2013-12-17 15:04 - 00000000 ____D C:\.jagex_cache_32
2013-12-17 15:03 - 2013-12-17 15:03 - 00000000 ____D C:\ProgramData\Oracle
2013-12-17 15:00 - 2013-12-17 15:00 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-17 15:00 - 2013-12-17 15:00 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-17 15:00 - 2013-12-17 15:00 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-17 15:00 - 2013-12-17 15:00 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-17 15:00 - 2013-12-17 15:00 - 00000000 ____D C:\ProgramData\Sun
2013-12-17 15:00 - 2013-12-17 15:00 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-17 14:59 - 2013-12-17 15:00 - 23805952 _____ C:\Users\Eric\Downloads\RuneScape_893.msi
2013-12-17 14:59 - 2013-12-17 14:59 - 00915368 _____ (Oracle Corporation) C:\Users\Eric\Downloads\chromeinstall-7u45.exe
2013-12-17 14:59 - 2013-12-17 14:59 - 00000000 ____D C:\ProgramData\McAfee
2013-12-17 14:58 - 2013-12-17 14:58 - 01133552 _____ C:\Users\Eric\Downloads\SteamSetup.exe
2013-12-17 10:45 - 2013-12-17 10:45 - 00001313 _____ C:\Windows\TSSysprep.log
2013-12-17 10:44 - 2013-12-17 10:44 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-12-17 10:41 - 2013-12-16 21:46 - 00000000 ____D C:\Windows\Panther
2013-12-16 22:13 - 2013-12-16 22:13 - 00000000 ____D C:\Users\Eric\Downloads\ASRSetup
2013-12-16 22:12 - 2013-02-26 04:23 - 00496400 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1d62x64.sys
2013-12-16 22:12 - 2013-02-08 13:37 - 00544568 ____R (Intel Corporation) C:\Windows\system32\PROUnstl.exe
2013-12-16 22:12 - 2012-12-05 15:34 - 00073032 _____ (Intel Corporation) C:\Windows\system32\e1dmsg.dll
2013-12-16 22:12 - 2012-11-13 16:01 - 00101224 _____ (Intel Corporation) C:\Windows\system32\NicInstD.dll
2013-12-16 22:12 - 2012-01-06 01:03 - 00003114 _____ C:\Windows\system32\e1d62x64.din
2013-12-16 22:12 - 2009-05-25 21:05 - 00036472 _____ (Intel Corporation) C:\Windows\system32\NicCo36.dll
2013-12-16 22:12 - 2006-01-12 02:52 - 00001904 ____N C:\Windows\system32\SetupBD.din
2013-12-16 22:06 - 2014-01-11 11:32 - 00386208 _____ C:\Windows\PFRO.log
2013-12-16 22:06 - 2014-01-11 11:32 - 00034752 _____ C:\Windows\system32\Drivers\WPRO_41_2001.sys
2013-12-16 22:05 - 2014-01-08 20:07 - 00000000 ____D C:\Users\Eric\AppData\Roaming\Adobe
2013-12-16 22:05 - 2013-12-16 22:05 - 00002014 _____ C:\Users\Public\Desktop\Adobe Reader 9.lnk
2013-12-16 22:05 - 2013-12-16 22:05 - 00000997 _____ C:\Users\Public\Desktop\Acrobat.com.lnk
2013-12-16 22:05 - 2013-12-16 22:05 - 00000000 ____D C:\Users\Eric\AppData\Roaming\Macromedia
2013-12-16 22:05 - 2013-12-16 22:05 - 00000000 ____D C:\ProgramData\Adobe
2013-12-16 22:05 - 2013-12-16 22:05 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-12-16 22:04 - 2013-12-22 18:01 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-16 22:04 - 2013-12-16 22:04 - 00016648 _____ (FNet Co., Ltd.) C:\Windows\system32\Drivers\FNETURPX.SYS
2013-12-16 22:04 - 2013-12-16 22:04 - 00001889 _____ C:\Users\Public\Desktop\XFast USB.LNK
2013-12-16 22:04 - 2013-12-16 22:04 - 00001267 _____ C:\Users\Public\Desktop\A-Tuning.lnk
2013-12-16 22:04 - 2013-12-16 22:04 - 00001048 _____ C:\Users\Public\Desktop\ASRock SmartConnect.lnk
2013-12-16 22:04 - 2013-12-16 22:04 - 00000003 _____ C:\Users\Eric\AppData\Local\user_data.ini
2013-12-16 22:04 - 2013-12-16 22:04 - 00000000 ____D C:\Windows\ASRock
2013-12-16 22:04 - 2013-12-16 22:04 - 00000000 ____D C:\Users\Eric\AppData\Local\cFos
2013-12-16 22:04 - 2013-12-16 22:04 - 00000000 ____D C:\ProgramData\FNET
2013-12-16 22:04 - 2013-12-16 22:04 - 00000000 ____D C:\ProgramData\cFos
2013-12-16 22:04 - 2013-12-16 22:04 - 00000000 ____D C:\Program Files\ASRock
2013-12-16 22:04 - 2013-12-16 22:04 - 00000000 ____D C:\Program Files (x86)\XFastUSB
2013-12-16 22:04 - 2013-12-16 22:04 - 00000000 ____D C:\Program Files (x86)\ASRock Utility
2013-12-16 22:04 - 2012-08-09 20:03 - 00034640 _____ (ASRock Inc.) C:\Windows\system32\Drivers\AsrRamDisk.sys
2013-12-16 22:04 - 2011-07-04 18:19 - 01632128 _____ (cFos Software GmbH) C:\Windows\system32\Drivers\cfosspeed6.sys
2013-12-16 22:03 - 2014-01-11 11:33 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-16 22:03 - 2014-01-10 22:19 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-16 22:03 - 2013-12-22 18:05 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-16 22:03 - 2013-12-22 18:05 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-16 22:03 - 2013-12-16 22:07 - 00000000 ____D C:\Users\Eric\AppData\Local\Google
2013-12-16 22:03 - 2013-12-16 22:04 - 00000000 ____D C:\Program Files\ASRock Utility
2013-12-16 22:03 - 2013-12-16 22:03 - 00004614 _____ C:\Windows\DPINST.LOG
2013-12-16 22:03 - 2013-12-16 22:03 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-16 22:03 - 2011-05-10 19:28 - 00017192 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\AsrAppCharger.sys
2013-12-16 21:59 - 2013-12-16 21:59 - 00000000 ____D C:\Users\Eric\AppData\Roaming\InstallShield
2013-12-16 21:59 - 2013-12-16 21:59 - 00000000 ____D C:\ProgramData\InstallShield
2013-12-16 21:59 - 2013-03-12 16:19 - 00064624 _____ (Intel Corporation) C:\Windows\system32\Drivers\HECIx64.sys
2013-12-16 21:57 - 2013-12-16 22:12 - 00000000 ____D C:\Program Files\Intel
2013-12-16 21:57 - 2013-12-16 22:10 - 00057952 _____ C:\Users\Eric\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-16 21:57 - 2013-12-16 22:06 - 00000000 ____D C:\ProgramData\Intel
2013-12-16 21:57 - 2013-12-16 21:57 - 00730638 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-16 21:57 - 2013-12-16 21:57 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-12-16 21:57 - 2013-12-16 21:57 - 00000000 ____D C:\Windows\system32\SRSLabs
2013-12-16 21:57 - 2013-12-16 21:57 - 00000000 ____D C:\Users\Eric\Intel
2013-12-16 21:57 - 2013-12-16 21:57 - 00000000 ____D C:\Users\Eric\AppData\Roaming\Intel Corporation
2013-12-16 21:57 - 2013-12-16 21:57 - 00000000 ____D C:\Program Files\Realtek
2013-12-16 21:56 - 2013-12-16 21:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-16 21:56 - 2013-12-16 21:56 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-12-16 21:56 - 2013-03-29 08:42 - 03379272 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2013-12-16 21:56 - 2013-03-29 04:10 - 00449481 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2013-12-16 21:56 - 2013-03-27 03:57 - 00135240 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2013-12-16 21:56 - 2013-03-26 04:06 - 02797128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2013-12-16 21:56 - 2013-03-26 04:04 - 02734624 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2013-12-16 21:56 - 2013-03-26 02:40 - 03693128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2013-12-16 21:56 - 2013-03-26 01:38 - 01659464 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2013-12-16 21:56 - 2013-03-22 14:43 - 00208072 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2013-12-16 21:56 - 2013-03-12 05:16 - 00613448 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2013-12-16 21:56 - 2013-02-20 05:55 - 01284680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2013-12-16 21:56 - 2013-02-19 05:52 - 00991816 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2013-12-16 21:56 - 2013-01-16 03:02 - 02079816 ____R (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2013-12-16 21:56 - 2012-06-20 04:26 - 00110592 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2013-12-16 21:56 - 2012-03-07 22:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2013-12-16 21:56 - 2012-01-29 22:43 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2013-12-16 21:56 - 2012-01-09 21:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2013-12-16 21:56 - 2011-12-20 02:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2013-12-16 21:56 - 2011-11-22 03:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2013-12-16 21:56 - 2011-03-16 23:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2013-12-16 21:56 - 2011-03-07 04:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2013-12-16 21:56 - 2010-11-07 18:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2013-12-16 21:56 - 2010-11-07 18:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2013-12-16 21:56 - 2010-11-07 18:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2013-12-16 21:56 - 2010-11-07 18:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2013-12-16 21:56 - 2010-11-07 18:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2013-12-16 21:56 - 2010-11-07 18:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2013-12-16 21:56 - 2010-11-03 05:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2013-12-16 21:54 - 2013-12-16 22:04 - 00000000 ____D C:\Program Files (x86)\Intel
2013-12-16 21:54 - 2013-12-16 21:54 - 00000000 ____D C:\Intel
2013-12-16 21:54 - 2013-02-27 18:37 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2013-12-16 21:50 - 2014-01-11 11:35 - 00324778 _____ C:\Windows\WindowsUpdate.log
2013-12-16 21:49 - 2013-12-16 21:49 - 00001447 _____ C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-16 21:49 - 2013-12-16 21:49 - 00001413 _____ C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-12-16 21:49 - 2013-12-16 21:49 - 00000000 ___RD C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-16 21:49 - 2013-12-16 21:49 - 00000000 ___RD C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-16 21:48 - 2013-12-21 11:26 - 00000000 ____D C:\Users\Eric\AppData\Local\VirtualStore
2013-12-16 21:46 - 2013-12-18 15:18 - 00000000 ____D C:\Users\Eric
2013-12-16 21:46 - 2013-12-16 21:46 - 00000020 ___SH C:\Users\Eric\ntuser.ini
2013-12-16 21:46 - 2013-12-16 21:46 - 00000000 __SHD C:\Recovery
2013-12-16 21:46 - 2009-07-13 23:54 - 00000000 ___RD C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-16 21:46 - 2009-07-13 23:49 - 00000000 ___RD C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-12-16 19:24 - 2013-12-16 19:24 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-12-16 19:24 - 2013-11-08 15:50 - 01064224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-12-16 19:24 - 2013-11-08 15:50 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-12-16 19:23 - 2014-01-11 11:32 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-16 19:23 - 2013-12-16 19:23 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-12-16 19:23 - 2009-07-13 23:54 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-16 19:23 - 2009-07-13 23:49 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-12-16 19:22 - 2013-12-18 14:40 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-12-16 19:22 - 2013-12-16 19:24 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-12-16 19:22 - 2013-11-23 14:26 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2013-12-16 19:22 - 2013-11-23 14:26 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2013-12-16 19:22 - 2013-11-23 12:42 - 06674208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-12-16 19:22 - 2013-11-23 12:42 - 03490080 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-12-16 19:22 - 2013-11-23 12:42 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-12-16 19:22 - 2013-11-23 12:42 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-12-16 19:22 - 2013-11-23 12:42 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-12-16 19:22 - 2013-11-22 11:28 - 03498475 _____ C:\Windows\system32\nvcoproc.bin
2013-12-16 19:21 - 2013-11-23 14:26 - 30361888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-12-16 19:21 - 2013-11-23 14:26 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-12-16 19:21 - 2013-11-23 14:26 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-12-16 19:21 - 2013-11-23 14:26 - 18293096 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-12-16 19:21 - 2013-11-23 14:26 - 18208624 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-12-16 19:21 - 2013-11-23 14:26 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-12-16 19:21 - 2013-11-23 14:26 - 15862272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-12-16 19:21 - 2013-11-23 14:26 - 15218504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-12-16 19:21 - 2013-11-23 14:26 - 12613920 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-12-16 19:21 - 2013-11-23 14:26 - 11566648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-12-16 19:21 - 2013-11-23 14:26 - 11441664 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-12-16 19:21 - 2013-11-23 14:26 - 09663656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-12-16 19:21 - 2013-11-23 14:26 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-12-16 19:21 - 2013-11-23 14:26 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-12-16 19:21 - 2013-11-23 14:26 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-12-16 19:21 - 2013-11-23 14:26 - 03069608 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-12-16 19:21 - 2013-11-23 14:26 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-12-16 19:21 - 2013-11-23 14:26 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-12-16 19:21 - 2013-11-23 14:26 - 02697248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-12-16 19:21 - 2013-11-23 14:26 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433193.dll
2013-12-16 19:21 - 2013-11-23 14:26 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433193.dll
2013-12-16 19:21 - 2013-11-23 14:26 - 01436528 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-12-16 19:21 - 2013-11-23 14:26 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-12-16 19:21 - 2013-11-23 14:26 - 00707360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-12-16 19:21 - 2013-11-23 14:26 - 00657184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-12-16 19:21 - 2013-11-23 14:26 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-12-16 19:21 - 2013-11-23 14:26 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-12-16 19:21 - 2013-11-23 14:26 - 00479520 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2013-12-16 19:21 - 2013-11-23 14:26 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-12-16 19:21 - 2013-11-23 14:26 - 00357152 _____ C:\Windows\system32\NvIFROpenGL.dll
2013-12-16 19:21 - 2013-11-23 14:26 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-12-16 19:21 - 2013-11-23 14:26 - 00314656 _____ C:\Windows\SysWOW64\NvIFROpenGL.dll
2013-12-16 19:21 - 2013-11-23 14:26 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-12-16 19:21 - 2013-11-23 14:26 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-12-16 19:21 - 2013-11-23 14:26 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-12-16 19:21 - 2013-11-23 14:26 - 00023754 _____ C:\Windows\system32\nvinfo.pb
2013-12-16 19:21 - 2013-09-27 18:01 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-12-16 19:21 - 2013-09-27 18:01 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-12-16 19:21 - 2013-09-27 18:01 - 00028960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-12-16 19:21 - 2013-06-16 07:38 - 00196384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2013-12-16 19:21 - 2013-06-16 07:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2013-12-16 19:21 - 2013-01-29 03:35 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2013-12-16 19:17 - 2013-12-16 19:24 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-12-16 19:17 - 2013-12-16 19:17 - 00000000 ____D C:\NVIDIA
2013-12-16 19:16 - 2014-01-11 11:33 - 00000000 ____D C:\Users\Eric\AppData\Roaming\Skype
2013-12-16 19:16 - 2014-01-02 11:58 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2013-12-16 19:16 - 2014-01-02 11:58 - 00000000 ____D C:\ProgramData\Skype
2013-12-16 19:16 - 2013-12-16 19:16 - 01551008 _____ (Skype Technologies S.A.) C:\Users\Eric\Downloads\SkypeSetup.exe
2013-12-16 19:16 - 2013-12-16 19:16 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-16 19:15 - 2013-12-16 19:17 - 210804288 _____ (NVIDIA Corporation) C:\Users\Eric\Downloads\331.93-desktop-win8-win7-winvista-64bit-english-beta.exe
 
==================== One Month Modified Files and Folders =======
 
2014-01-11 12:07 - 2014-01-11 12:07 - 00009321 _____ C:\Users\Eric\Downloads\FRST.txt
2014-01-11 12:07 - 2014-01-11 12:07 - 00000000 ____D C:\FRST
2014-01-11 12:07 - 2014-01-11 12:06 - 02076672 _____ (Farbar) C:\Users\Eric\Downloads\FRST64.exe
2014-01-11 12:06 - 2014-01-11 12:06 - 01220096 _____ (Farbar) C:\Users\Eric\Downloads\FRST.exe
2014-01-11 11:38 - 2009-07-14 00:13 - 00715704 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-11 11:37 - 2009-07-13 23:45 - 00010208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-11 11:37 - 2009-07-13 23:45 - 00010208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-11 11:35 - 2013-12-16 21:50 - 00324778 _____ C:\Windows\WindowsUpdate.log
2014-01-11 11:33 - 2013-12-16 22:03 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-11 11:33 - 2013-12-16 19:16 - 00000000 ____D C:\Users\Eric\AppData\Roaming\Skype
2014-01-11 11:32 - 2014-01-11 11:32 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-01-11 11:32 - 2013-12-31 16:13 - 00000083 _____ C:\Windows\system32\uxtl.fxm
2014-01-11 11:32 - 2013-12-16 22:06 - 00386208 _____ C:\Windows\PFRO.log
2014-01-11 11:32 - 2013-12-16 22:06 - 00034752 _____ C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-01-11 11:32 - 2013-12-16 19:23 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-11 11:32 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-11 11:32 - 2009-07-13 23:51 - 00039950 _____ C:\Windows\setupact.log
2014-01-10 22:19 - 2013-12-16 22:03 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-08 21:06 - 2013-12-18 15:17 - 00000000 ____D C:\Users\Eric\.ultimatescape
2014-01-08 20:07 - 2014-01-08 20:07 - 00000000 ____D C:\Users\Eric\AppData\Local\Adobe
2014-01-08 20:07 - 2013-12-16 22:05 - 00000000 ____D C:\Users\Eric\AppData\Roaming\Adobe
2014-01-08 19:59 - 2014-01-08 19:59 - 01153912 _____ (Emsi Software GmbH) C:\Users\Eric\Desktop\BlitzBlank.exe
2014-01-08 19:58 - 2014-01-08 19:58 - 00139264 _____ C:\Users\Eric\Downloads\SystemLook.exe
2014-01-08 19:58 - 2014-01-08 19:58 - 00000988 _____ C:\Users\Eric\Downloads\SystemLook.txt
2014-01-08 19:53 - 2014-01-08 19:53 - 00688992 ____R (Swearware) C:\Users\Eric\Downloads\dds.com
2014-01-08 19:53 - 2014-01-08 19:53 - 00015257 _____ C:\Users\Eric\Desktop\dds.txt
2014-01-08 19:53 - 2014-01-08 19:53 - 00006323 _____ C:\Users\Eric\Desktop\attach.txt
2014-01-08 19:50 - 2014-01-08 19:50 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Eric\Downloads\rkill.exe
2014-01-08 19:50 - 2014-01-08 19:50 - 00002598 _____ C:\Users\Eric\Desktop\Rkill.txt
2014-01-08 19:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Registration
2014-01-08 19:29 - 2014-01-08 19:29 - 00000000 ____D C:\Users\Eric\AppData\Local\CrashDumps
2014-01-06 22:32 - 2014-01-01 20:50 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-05 15:51 - 2014-01-05 15:51 - 00155136 _____ C:\Users\Eric\Downloads\Sensation Review Quiz 1.ppt
2014-01-03 12:20 - 2014-01-03 12:20 - 00000000 ____S C:\Windows\system32\gaei.qwo
2014-01-03 12:20 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\sysprep
2014-01-02 16:00 - 2014-01-02 16:00 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-02 16:00 - 2014-01-02 16:00 - 00000000 ____D C:\Users\Eric\AppData\Roaming\Malwarebytes
2014-01-02 16:00 - 2014-01-02 16:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-02 16:00 - 2014-01-02 16:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-02 15:59 - 2014-01-02 15:59 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Eric\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-02 15:59 - 2014-01-02 15:59 - 10264904 _____ (SurfRight B.V.) C:\Users\Eric\Downloads\HitmanPro_x64.exe
2014-01-02 15:58 - 2014-01-02 15:58 - 09096848 _____ (SurfRight B.V.) C:\Users\Eric\Downloads\HitmanPro36.exe
2014-01-02 15:58 - 2014-01-02 15:58 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-02 11:58 - 2013-12-16 19:16 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2014-01-02 11:58 - 2013-12-16 19:16 - 00000000 ____D C:\ProgramData\Skype
2014-01-02 11:55 - 2014-01-02 11:55 - 00185800 _____ (Лаборатория Касперского) C:\Users\Eric\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5203.exe
2014-01-01 21:22 - 2014-01-01 21:22 - 00000222 _____ C:\Users\Eric\Desktop\Vindictus.url
2014-01-01 20:50 - 2014-01-01 20:50 - 01133552 _____ C:\Users\Eric\Downloads\SteamSetup (1).exe
2014-01-01 20:50 - 2014-01-01 20:50 - 00000967 _____ C:\Users\Public\Desktop\Steam.lnk
2014-01-01 14:06 - 2014-01-01 14:05 - 13089032 _____ (IObit                                                       ) C:\Users\Eric\Downloads\driverbooster-cnet-setup.exe
2014-01-01 13:48 - 2014-01-01 13:48 - 00000000 ____S C:\Windows\system32\tdxss.fzb
2014-01-01 00:20 - 2014-01-01 00:20 - 01768110 _____ C:\Users\Eric\Downloads\IntelBurnTest.zip
2014-01-01 00:15 - 2014-01-01 00:15 - 00330853 _____ C:\Users\Eric\Downloads\RealTemp_370.zip
2013-12-31 23:35 - 2013-12-31 21:25 - 00000000 _____ C:\dfu.log
2013-12-31 21:25 - 2013-12-17 15:05 - 00000000 ____D C:\Users\Eric\AppData\Roaming\NVIDIA
2013-12-31 16:23 - 2013-12-31 16:23 - 00037376 _____ C:\Windows\system32\fieobs.ukj
2013-12-31 16:23 - 2013-12-31 16:13 - 00000101 _____ C:\Windows\system32\zfryan.alt
2013-12-31 16:13 - 2013-12-31 16:13 - 00000064 _____ C:\Windows\system32\xvkqdaj.ftj
2013-12-31 15:57 - 2013-12-31 15:57 - 00219314 ____S C:\Windows\system32\uacosl.azl
2013-12-30 16:33 - 2013-12-30 15:50 - 00000000 ____D C:\Users\Eric\Documents\Vindictus
2013-12-30 15:51 - 2013-12-30 15:51 - 00000000 ____D C:\ProgramData\NexonUS
2013-12-30 15:51 - 2013-12-30 15:51 - 00000000 ____D C:\ProgramData\Nexon
2013-12-30 15:20 - 2013-12-30 15:20 - 00000600 _____ C:\Users\Eric\AppData\Roaming\winscp.rnd
2013-12-30 13:49 - 2013-12-30 13:48 - 04981147 _____ C:\Users\Eric\Downloads\0907 - Pokemon Ruby (U)(Mugs).zip
2013-12-30 13:22 - 2013-12-30 13:22 - 00627832 _____ C:\Users\Eric\Downloads\CR_Downloader_for_pokemon-black.exe
2013-12-30 13:11 - 2013-12-30 13:11 - 00000983 _____ C:\Users\Public\Desktop\WinSCP.lnk
2013-12-30 13:11 - 2013-12-30 13:11 - 00000000 ____D C:\Program Files (x86)\WinSCP
2013-12-30 13:11 - 2013-12-30 13:10 - 05132128 _____ (Martin Prikryl                                              ) C:\Users\Eric\Downloads\winscp550setup.exe
2013-12-26 23:15 - 2013-12-26 23:15 - 00000000 ____D C:\Windows\system32\appmgmt
2013-12-26 23:15 - 2013-12-17 15:04 - 00000000 ____D C:\Users\Eric\jagexcache
2013-12-24 12:00 - 2013-12-24 12:00 - 00022280 _____ (ASRock Incorporation) C:\Windows\SysWOW64\Drivers\AsrDrv101.sys
2013-12-22 18:05 - 2013-12-16 22:03 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-22 18:05 - 2013-12-16 22:03 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-22 18:01 - 2013-12-16 22:04 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-22 18:00 - 2013-12-22 18:00 - 00819176 _____ (Google Inc.) C:\Users\Eric\Downloads\ChromeSetup.exe
2013-12-22 16:29 - 2013-12-22 16:28 - 31222685 _____ C:\Users\Eric\Downloads\evasi0n7-win-1.0.0-5fbc5de0c23654546ad78bd75a703a5724e15d39.zip
2013-12-22 16:03 - 2013-12-22 16:03 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-22 16:03 - 2013-12-22 16:03 - 00000000 ____D C:\Users\Eric\AppData\Roaming\Apple Computer
2013-12-22 16:03 - 2013-12-22 16:03 - 00000000 ____D C:\Users\Eric\AppData\Local\Apple Computer
2013-12-22 16:02 - 2013-12-22 16:02 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2013-12-22 16:02 - 2013-12-22 16:02 - 00000000 ____D C:\Users\Eric\AppData\Local\Apple
2013-12-22 16:02 - 2013-12-22 16:02 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-22 16:02 - 2013-12-22 16:02 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-22 16:02 - 2013-12-22 16:02 - 00000000 ____D C:\Program Files\iTunes
2013-12-22 16:02 - 2013-12-22 16:02 - 00000000 ____D C:\Program Files\iPod
2013-12-22 16:02 - 2013-12-22 16:02 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-22 16:02 - 2013-12-22 16:02 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-22 16:02 - 2013-12-22 16:02 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-12-22 16:02 - 2013-12-22 16:01 - 00000000 ____D C:\ProgramData\Apple
2013-12-22 16:01 - 2013-12-22 16:01 - 00000000 ____D C:\Program Files\Bonjour
2013-12-22 16:01 - 2013-12-22 16:01 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-12-22 16:01 - 2013-12-22 16:00 - 100400976 _____ (Apple Inc.) C:\Users\Eric\Downloads\iTunes64Setup.exe
2013-12-22 15:57 - 2013-12-22 15:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-12-21 11:26 - 2013-12-16 21:48 - 00000000 ____D C:\Users\Eric\AppData\Local\VirtualStore
2013-12-21 10:33 - 2013-12-21 10:33 - 00401752 _____ (Softonic                                        ) C:\Users\Eric\Downloads\SoftonicDownloader_for_axife-mouse-recorder.exe
2013-12-21 10:33 - 2013-12-21 10:22 - 00000000 ____D C:\Users\Eric\AppData\Roaming\Technology Lighthouse
2013-12-21 10:22 - 2013-12-21 10:22 - 00000000 _____ C:\Users\Eric\AppData\Roaming\ADF8F0174DAB4265999B9336FFF72A2D.dat
2013-12-21 10:19 - 2013-12-21 10:19 - 07576672 _____ (Technology Lighthouse                                       ) C:\Users\Eric\Downloads\ptfbsetup.exe
2013-12-20 17:05 - 2013-12-20 17:05 - 01977432 _____ C:\Users\Eric\Downloads\winrar-x64-501.exe
2013-12-20 17:05 - 2013-12-20 17:05 - 00000000 ____D C:\Users\Eric\AppData\Roaming\WinRAR
2013-12-20 17:05 - 2013-12-20 17:05 - 00000000 ____D C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-12-20 17:05 - 2013-12-20 17:05 - 00000000 ____D C:\Program Files\WinRAR
2013-12-20 17:04 - 2013-12-20 17:04 - 02787330 _____ C:\Users\Eric\Downloads\Syobon_Action_2.rar
2013-12-20 16:44 - 2013-12-20 16:44 - 00032320 _____ (FNet Co., Ltd.) C:\Windows\system32\Drivers\FNETTBOH_305.SYS
2013-12-18 22:32 - 2013-12-18 22:31 - 00061440 _____ (Gary's Hood) C:\Users\Eric\Desktop\rsclient.exe
2013-12-18 19:27 - 2013-12-18 19:27 - 00010342 _____ C:\Users\Eric\Desktop\US2Launcher.jar
2013-12-18 15:18 - 2013-12-18 15:18 - 00000014 _____ C:\Users\Eric\uid.dat
2013-12-18 15:18 - 2013-12-16 21:46 - 00000000 ____D C:\Users\Eric
2013-12-18 15:15 - 2013-12-17 15:04 - 00000024 _____ C:\Users\Eric\random.dat
2013-12-18 14:55 - 2013-12-18 14:55 - 00000043 _____ C:\Users\Eric\jagex_cl_oldschool_LIVE.dat
2013-12-18 14:50 - 2013-12-17 15:14 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-18 14:40 - 2013-12-16 19:22 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-12-17 15:36 - 2013-12-17 15:13 - 00000000 ____D C:\Users\Eric\AppData\Roaming\uTorrent
2013-12-17 15:20 - 2013-12-17 15:20 - 00000000 ____D C:\Users\Eric\Downloads\Tomb.Raider-SKIDROW
2013-12-17 15:18 - 2013-12-17 15:18 - 00374882 _____ (Disc Soft Ltd) C:\Users\Eric\Downloads\Unconfirmed 3265.crdownload
2013-12-17 15:14 - 2013-12-17 15:14 - 00000812 _____ C:\Users\Eric\Desktop\µTorrent.lnk
2013-12-17 15:14 - 2013-12-17 15:14 - 00000792 _____ C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-12-17 15:11 - 2013-12-17 15:10 - 91412976 _____ (AVAST Software) C:\Users\Eric\Downloads\avast_free_antivirus_setup.exe
2013-12-17 15:11 - 2013-12-17 15:10 - 01340496 _____ (BitTorrent Inc.) C:\Users\Eric\Downloads\utorrent.exe
2013-12-17 15:06 - 2013-12-17 15:04 - 00000024 _____ C:\Users\Eric\jagexappletviewer.preferences
2013-12-17 15:04 - 2013-12-17 15:04 - 00000043 _____ C:\Users\Eric\jagex_cl_runescape_LIVE.dat
2013-12-17 15:04 - 2013-12-17 15:04 - 00000000 ____D C:\.jagex_cache_32
2013-12-17 15:03 - 2013-12-17 15:03 - 00000000 ____D C:\ProgramData\Oracle
2013-12-17 15:00 - 2013-12-17 15:00 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-12-17 15:00 - 2013-12-17 15:00 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-12-17 15:00 - 2013-12-17 15:00 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-12-17 15:00 - 2013-12-17 15:00 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-12-17 15:00 - 2013-12-17 15:00 - 00000000 ____D C:\ProgramData\Sun
2013-12-17 15:00 - 2013-12-17 15:00 - 00000000 ____D C:\Program Files (x86)\Java
2013-12-17 15:00 - 2013-12-17 14:59 - 23805952 _____ C:\Users\Eric\Downloads\RuneScape_893.msi
2013-12-17 14:59 - 2013-12-17 14:59 - 00915368 _____ (Oracle Corporation) C:\Users\Eric\Downloads\chromeinstall-7u45.exe
2013-12-17 14:59 - 2013-12-17 14:59 - 00000000 ____D C:\ProgramData\McAfee
2013-12-17 14:58 - 2013-12-17 14:58 - 01133552 _____ C:\Users\Eric\Downloads\SteamSetup.exe
2013-12-17 10:45 - 2013-12-17 10:45 - 00001313 _____ C:\Windows\TSSysprep.log
2013-12-17 10:45 - 2009-07-13 23:46 - 00001774 _____ C:\Windows\DtcInstall.log
2013-12-17 10:44 - 2013-12-17 10:44 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-12-17 10:42 - 2009-07-14 02:46 - 00000000 ____D C:\Windows\CSC
2013-12-17 10:41 - 2009-07-14 00:38 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG
2013-12-17 10:41 - 2009-07-14 00:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2013-12-16 22:13 - 2013-12-16 22:13 - 00000000 ____D C:\Users\Eric\Downloads\ASRSetup
2013-12-16 22:12 - 2013-12-16 21:57 - 00000000 ____D C:\Program Files\Intel
2013-12-16 22:10 - 2013-12-16 21:57 - 00057952 _____ C:\Users\Eric\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-16 22:08 - 2009-07-13 23:45 - 00266848 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-16 22:07 - 2013-12-16 22:03 - 00000000 ____D C:\Users\Eric\AppData\Local\Google
2013-12-16 22:06 - 2013-12-16 21:57 - 00000000 ____D C:\ProgramData\Intel
2013-12-16 22:05 - 2013-12-16 22:05 - 00002014 _____ C:\Users\Public\Desktop\Adobe Reader 9.lnk
2013-12-16 22:05 - 2013-12-16 22:05 - 00000997 _____ C:\Users\Public\Desktop\Acrobat.com.lnk
2013-12-16 22:05 - 2013-12-16 22:05 - 00000000 ____D C:\Users\Eric\AppData\Roaming\Macromedia
2013-12-16 22:05 - 2013-12-16 22:05 - 00000000 ____D C:\ProgramData\Adobe
2013-12-16 22:05 - 2013-12-16 22:05 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-12-16 22:04 - 2013-12-16 22:04 - 00016648 _____ (FNet Co., Ltd.) C:\Windows\system32\Drivers\FNETURPX.SYS
2013-12-16 22:04 - 2013-12-16 22:04 - 00001889 _____ C:\Users\Public\Desktop\XFast USB.LNK
2013-12-16 22:04 - 2013-12-16 22:04 - 00001267 _____ C:\Users\Public\Desktop\A-Tuning.lnk
2013-12-16 22:04 - 2013-12-16 22:04 - 00001048 _____ C:\Users\Public\Desktop\ASRock SmartConnect.lnk
2013-12-16 22:04 - 2013-12-16 22:04 - 00000003 _____ C:\Users\Eric\AppData\Local\user_data.ini
2013-12-16 22:04 - 2013-12-16 22:04 - 00000000 ____D C:\Windows\ASRock
2013-12-16 22:04 - 2013-12-16 22:04 - 00000000 ____D C:\Users\Eric\AppData\Local\cFos
2013-12-16 22:04 - 2013-12-16 22:04 - 00000000 ____D C:\ProgramData\FNET
2013-12-16 22:04 - 2013-12-16 22:04 - 00000000 ____D C:\ProgramData\cFos
2013-12-16 22:04 - 2013-12-16 22:04 - 00000000 ____D C:\Program Files\ASRock
2013-12-16 22:04 - 2013-12-16 22:04 - 00000000 ____D C:\Program Files (x86)\XFastUSB
2013-12-16 22:04 - 2013-12-16 22:04 - 00000000 ____D C:\Program Files (x86)\ASRock Utility
2013-12-16 22:04 - 2013-12-16 22:03 - 00000000 ____D C:\Program Files\ASRock Utility
2013-12-16 22:04 - 2013-12-16 21:54 - 00000000 ____D C:\Program Files (x86)\Intel
2013-12-16 22:03 - 2013-12-16 22:03 - 00004614 _____ C:\Windows\DPINST.LOG
2013-12-16 22:03 - 2013-12-16 22:03 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-16 21:59 - 2013-12-16 21:59 - 00000000 ____D C:\Users\Eric\AppData\Roaming\InstallShield
2013-12-16 21:59 - 2013-12-16 21:59 - 00000000 ____D C:\ProgramData\InstallShield
2013-12-16 21:59 - 2013-12-16 21:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-16 21:57 - 2013-12-16 21:57 - 00730638 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-16 21:57 - 2013-12-16 21:57 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-12-16 21:57 - 2013-12-16 21:57 - 00000000 ____D C:\Windows\system32\SRSLabs
2013-12-16 21:57 - 2013-12-16 21:57 - 00000000 ____D C:\Users\Eric\Intel
2013-12-16 21:57 - 2013-12-16 21:57 - 00000000 ____D C:\Users\Eric\AppData\Roaming\Intel Corporation
2013-12-16 21:57 - 2013-12-16 21:57 - 00000000 ____D C:\Program Files\Realtek
2013-12-16 21:57 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\restore
2013-12-16 21:56 - 2013-12-16 21:56 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-12-16 21:54 - 2013-12-16 21:54 - 00000000 ____D C:\Intel
2013-12-16 21:49 - 2013-12-16 21:49 - 00001447 _____ C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-16 21:49 - 2013-12-16 21:49 - 00001413 _____ C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-12-16 21:49 - 2013-12-16 21:49 - 00000000 ___RD C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-16 21:49 - 2013-12-16 21:49 - 00000000 ___RD C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-16 21:46 - 2013-12-17 10:41 - 00000000 ____D C:\Windows\Panther
2013-12-16 21:46 - 2013-12-16 21:46 - 00000020 ___SH C:\Users\Eric\ntuser.ini
2013-12-16 21:46 - 2013-12-16 21:46 - 00000000 __SHD C:\Recovery
2013-12-16 21:46 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\Setup
2013-12-16 21:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-12-16 19:24 - 2013-12-16 19:24 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-12-16 19:24 - 2013-12-16 19:22 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-12-16 19:24 - 2013-12-16 19:17 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-12-16 19:23 - 2013-12-16 19:23 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-12-16 19:22 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Help
2013-12-16 19:17 - 2013-12-16 19:17 - 00000000 ____D C:\NVIDIA
2013-12-16 19:17 - 2013-12-16 19:15 - 210804288 _____ (NVIDIA Corporation) C:\Users\Eric\Downloads\331.93-desktop-win8-win7-winvista-64bit-english-beta.exe
2013-12-16 19:16 - 2013-12-16 19:16 - 01551008 _____ (Skype Technologies S.A.) C:\Users\Eric\Downloads\SkypeSetup.exe
2013-12-16 19:16 - 2013-12-16 19:16 - 00000000 ___RD C:\Program Files (x86)\Skype
 
Files to move or delete:
====================
C:\Users\Eric\jagex_cl_oldschool_LIVE.dat
C:\Users\Eric\jagex_cl_runescape_LIVE.dat
C:\Users\Eric\random.dat
C:\Users\Eric\uid.dat
 
 
Some content of TEMP:
====================
C:\Users\Eric\AppData\Local\Temp\272b018a6d69674ce72e380951b18189.dll
C:\Users\Eric\AppData\Local\Temp\COMAP.EXE
C:\Users\Eric\AppData\Local\Temp\ICReinstall_CR_Downloader_for_pokemon-black.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-07-13 19:00] - [2009-07-13 20:41] - 0510464 ____A (Microsoft Corporation) 84139976E0D6CB1E0289EC5890E76805
 
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-10 17:04
 
==================== End Of Log ============================
 
The addition.txt is attatched below

Attached Files



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:41 AM

Posted 12 January 2014 - 05:53 AM

Hi,

 

  • Please re-run FRST again and type the following in the edit box after Search: rpcss.dll
  • Click the Search button
  • It will make a log (Search.txt)- please post the log into your reply to me. (you can use pastebin as well).

 

Regards,

Georgi


cXfZ4wS.png


#5 Clank10

Clank10
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:41 PM

Posted 12 January 2014 - 11:35 AM

Alright here it is:

 

Farbar Recovery Scan Tool (x64) Version: 12-01-2014
Ran by Eric at 2014-01-12 11:34:27
Running from C:\Users\Eric\Downloads
Boot Mode: Normal
 
================== Search: "rpcss.dll" ===================
 
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[2009-07-13 19:00] - [2009-07-13 20:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027
 
C:\Windows\System32\rpcss.dll
[2009-07-13 19:00] - [2009-07-13 20:41] - 0510464 ____A (Microsoft Corporation) 84139976E0D6CB1E0289EC5890E76805
 
====== End Of Search ======


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:41 AM

Posted 13 January 2014 - 03:28 PM

Hi,

 

Please create a new system restore point before you proceed with the fix!

http://www.sevenforums.com/tutorials/697-system-restore-point-create.html

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
 

Regards,
Georgi


cXfZ4wS.png


#7 Clank10

Clank10
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:41 PM

Posted 13 January 2014 - 03:54 PM

Alright i did the fix and here is the log:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-01-2014 02
Ran by Eric at 2014-01-13 15:52:24 Run:1
Running from C:\Users\Eric\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
2014-01-01 13:48 - 2014-01-01 13:48 - 00000000 ____S C:\Windows\system32\tdxss.fzb
2014-01-03 12:20 - 2014-01-03 12:20 - 00000000 ____S C:\Windows\system32\gaei.qwo
2013-12-31 16:23 - 2013-12-31 16:23 - 00037376 _____ C:\Windows\system32\fieobs.ukj
2013-12-31 16:13 - 2014-01-11 11:32 - 00000083 _____ C:\Windows\system32\uxtl.fxm
2013-12-31 16:13 - 2013-12-31 16:23 - 00000101 _____ C:\Windows\system32\zfryan.alt
2013-12-31 16:13 - 2013-12-31 16:13 - 00000064 _____ C:\Windows\system32\xvkqdaj.ftj
2013-12-31 15:57 - 2013-12-31 15:57 - 00219314 ____S C:\Windows\system32\uacosl.azl
C:\Users\Eric\AppData\Local\Temp\272b018a6d69674ce72e380951b18189.dll
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll C:\Windows\System32\rpcss.dll
*****************
 
Could not move "C:\Windows\system32\tdxss.fzb" => Scheduled to move on reboot.
C:\Windows\system32\gaei.qwo => Moved successfully.
C:\Windows\system32\fieobs.ukj => Moved successfully.
C:\Windows\system32\uxtl.fxm => Moved successfully.
Could not move "C:\Windows\system32\zfryan.alt" => Scheduled to move on reboot.
C:\Windows\system32\xvkqdaj.ftj => Moved successfully.
Could not move "C:\Windows\system32\uacosl.azl" => Scheduled to move on reboot.
C:\Users\Eric\AppData\Local\Temp\272b018a6d69674ce72e380951b18189.dll => Moved successfully.
C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-13 15:53:23)<=
 
C:\Windows\system32\tdxss.fzb => Moved successfully.
C:\Windows\system32\zfryan.alt => Moved successfully.
C:\Windows\system32\uacosl.azl => Moved successfully.
 
==== End of Fixlog ====


#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:41 AM

Posted 13 January 2014 - 04:02 PM

Hi,

 

How are things now?

 

I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

 

STEP 1

 

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.

 

 

STEP 2

 

  • Please download RogueKiller.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    JtwHB.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed!!
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 4

 

 

Please download Malwarebytes Anti-Rootkit mbamicontw5.gif and save it to your desktop.

  • Be sure to print out and follow these instructions for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.

Note: Further documentation on this tool can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit (mbar) folder.

 

 

STEP 5

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

 

STEP 6

 

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

STEP 7

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 8

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#9 Clank10

Clank10
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:41 PM

Posted 13 January 2014 - 04:50 PM

Alright I did everything above and i'll post the logs all in order so here we go, but first, the securitycheck program said It was unsupported for me, so i couldn't use it. Anyways heres the logs:

 

Rkill:

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 01/13/2014 04:14:40 PM in x64 mode.
Windows Version: Windows 7 Ultimate 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 01/13/2014 04:14:56 PM
Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)
 
Rougekiller:
 
RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Eric [Admin rights]
Mode : Scan -- Date : 01/13/2014 16:16:59
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST1000DM ST1000DM003-1CH1 SCSI Disk Device +++++
--- User ---
[MBR] d6a502f0f03d2ecf628ab8eb35bcb7cc
[BSP] 618e40f423865bfc2e56f329ffa253db : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x18] The program issued a command but the command length is incorrect. )
 
Finished : << RKreport[0]_S_01132014_161659.txt >>
 
 
 
TDSkiller: check the attatched files since its long
 
 
ADWcleaner:
 
# AdwCleaner v3.017 - Report created 13/01/2014 at 16:34:39
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Ultimate  (64 bits)
# Username : Eric - ERICSPC
# Running from : C:\Users\Eric\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_axife-mouse-recorder_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_axife-mouse-recorder_RASMANCS
Key Deleted : HKCU\Software\Softonic
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7600.16385
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1011 octets] - [13/01/2014 16:33:41]
AdwCleaner[S0].txt - [898 octets] - [13/01/2014 16:34:39]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [957 octets] ##########
 
 
JRT:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Ultimate x64
Ran by Eric on Mon 01/13/2014 at 16:38:25.45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/13/2014 at 16:41:38.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
and Hitmanpro:
 
HitmanPro 3.7.8.208
www.hitmanpro.com
 
   Computer name . . . . : ERICSPC
   Windows . . . . . . . : 6.1.0.7600.X64/4
   User name . . . . . . : EricsPC\Eric
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2014-01-13 16:43:02
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 31s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 81
 
   Objects scanned . . . : 931,130
   Files scanned . . . . : 45,027
   Remnants scanned  . . : 181,671 files / 704,432 keys
 
Cookies _____________________________________________________________________
 
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:a1.interclick.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.e-kolay.net
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ad4game.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.cpxcenter.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.glispa.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ookla.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:ar.atwola.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:atwola.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:care2.112.2o7.net
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:exoclick.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:microsoftsto.112.2o7.net
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:msnbc.112.2o7.net
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:myroitracking.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:network.realmedia.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:oracle.112.2o7.net
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:pool-eu-ie.creative-serving.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornomegatube.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:serv.adpornmedia.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.4u.pl
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.adotube.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:survey.g.doubleclick.net
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:usatoday1.112.2o7.net
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.burstnet.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
   C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
   C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Cookies\eric@ads.pointroll[1].txt
   C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Cookies\eric@ads.yahoo[2].txt
   C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Cookies\eric@adtechus[1].txt
   C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Cookies\eric@at.atwola[2].txt
   C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Cookies\eric@bs.serving-sys[1].txt
   C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Cookies\eric@c.atdmt[2].txt
   C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Cookies\eric@casalemedia[1].txt
   C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Cookies\eric@collective-media[1].txt
   C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Cookies\eric@doubleclick[1].txt
   C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Cookies\eric@invitemedia[1].txt
   C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Cookies\eric@media6degrees[1].txt
   C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Cookies\eric@pointroll[2].txt
   C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Cookies\eric@questionmarket[2].txt
   C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Cookies\eric@realmedia[1].txt
   C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Cookies\eric@revsci[2].txt
   C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Cookies\eric@ru4[1].txt
   C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Cookies\eric@serving-sys[1].txt
   C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Cookies\eric@smartadserver[1].txt
 
 
 
 
Now thats all of them!!!

 

Attached Files



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:41 AM

Posted 14 January 2014 - 06:31 PM

Hi,

 

Please restart the computer and try to run SecurityCheck (it should run this time) and then post the log in your next reply.

 

Also you attached the wrong log from TDSSKiller. There should have a bigger one. Please attach it as well.

 

And you forgot the log from Malwarebytes' Anti-rootkit...I want to see it as well...

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 14 January 2014 - 06:32 PM.

cXfZ4wS.png


#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:41 AM

Posted 18 January 2014 - 06:12 AM

Hi,

 

Are you still there?

 

 

Regards,

Georgi


cXfZ4wS.png


#12 Clank10

Clank10
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:41 PM

Posted 18 January 2014 - 11:35 AM

Oh yes sorry haven't checked the thread in awhile that is my fault! I'll go do those few things right now I'll post them shortly!



#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:41 AM

Posted 18 January 2014 - 09:33 PM

Ok, thank you for letting me know! :)

 

 

Regards,

Georgi


cXfZ4wS.png


#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:41 AM

Posted 30 January 2014 - 09:31 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users