They are backups of your registry file. (ntuser.dat)
These are hidden files and should ont be actually seen.
Windows NT User data
= nt user dat... log file of user data changes (in registry).
Those files are logs of changes that have been made to the user registry hives
If you run regedit and browse to HK_Current_User everything there is contained in that file.
Now if this is infected, it would be by a rootkit and we will need a new post for a deeper look to be certain. The tools above would not help.
To do so you need to follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.
Where the guide requests a DDS log you will need to use RSIT below instead as WIN8.1 will not accept DDS..
Let me know if all went well.
Please download RSIT
by random/random from the link provided for your operating system and save it to your desktop.This tool needs to run while the computer is connected to the Internet. If you get a warning from your firewall or other security programs regarding RSIT attempting to contact the Internet, please allow the connection.
- Close all applications and windows so that you have nothing open and are at your Desktop.
- Double-click on RSIT.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.
- Read the disclaimer and click Continue.
- When the scan is complete, a text file named log.txt will automatically open in Notepad.
- Another text file named info.txt will open minimized.
- Save the log files to your desktop and copy/paste the contents of log.txt by highlighting everything and pressing Ctrl+C.
- After highlighting, right-click, choose Copy and then paste the contents into a new topic in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here.
- Copies of both log files are automatically saved in the C:\RSIT folder which the tool creates during the scan.
: Be sure to mention that you tried to follow the Prep Guide but were unable
to get DDS to run.
Edited by boopme, 26 December 2014 - 11:27 PM.