Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible zeroaccess rootkit


  • Please log in to reply
5 replies to this topic

#1 shadowk8

shadowk8

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 25 April 2015 - 06:58 PM

Hey guys like the title says my computers been acting a little funky the past couple days with explorer.exe crashing along with chrome. Figured id stop by and see if guys dont mind helping me out to see if anythings up. At the moment im running x64 8.1, and have scanned with mbam, tdsskiller, avast, and roguekiller which did pop up with a zero access processed it killed, but i wasn't able to see what the process actually was since it was out of date and closed it. And after the update i nvr saw it kill that process again even tried restarting the computer.  Thats pretty much why im posting now cus i know zero access is a nasty rootkit if i have it. Would be a bit weird tho since nothing else like tdsskiller or mbam anti-rootkit didnt pop up with anything.

 

Any help would be great, heres the FRST log. And the additional. txt attached.

 

Colin

 

 

Ran by ColinR (administrator) on COLIN on 25-04-2015 20:00:12
Running from C:\Users\ColinR\Desktop
Loaded Profiles: ColinR (Available profiles: ColinR)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
() C:\Program Files (x86)\Corsair\Corsair Link\CorsairLink.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Spotify Ltd) C:\Users\ColinR\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3918\Agent.exe
(Blizzard Entertainment) E:\Programs\Battle.net\Battle.net.5669\Battle.net.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-04-22] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618168 2015-03-31] (Malwarebytes Corporation)
HKU\S-1-5-21-2710202301-3690403667-3441836411-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-13] (Valve Corporation)
HKU\S-1-5-21-2710202301-3690403667-3441836411-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-2710202301-3690403667-3441836411-1001\...\Run: [SUPERAntiSpyware] => E:\Programs\SUPERAntiSpyware.exe [7806232 2015-03-25] (SUPERAntiSpyware)
HKU\S-1-5-21-2710202301-3690403667-3441836411-1001\...\Run: [Spotify Web Helper] => C:\Users\ColinR\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-04-21] (Spotify Ltd)
HKU\S-1-5-21-2710202301-3690403667-3441836411-1001\...\Run: [Spotify] => C:\Users\ColinR\AppData\Roaming\Spotify\Spotify.exe [7168568 2015-04-21] (Spotify Ltd)
HKU\S-1-5-21-2710202301-3690403667-3441836411-1001\...\Run: [Battle.net] => E:\Programs\Battle.net\Battle.net Launcher.exe [2861104 2015-04-06] (Blizzard Entertainment)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-22] (Avast Software s.r.o.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2710202301-3690403667-3441836411-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-03-25] (Avast Software s.r.o.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-25] (Avast Software s.r.o.)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 172.22.2.1
Tcpip\..\Interfaces\{04E739A4-489B-4D63-BC6F-A6BA1048B1F8}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-23] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-21]
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\ColinR\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (WOT) - C:\Users\ColinR\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-04-23]
CHR Extension: (Adblock Plus) - C:\Users\ColinR\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-25]
CHR Extension: (Bookmark Manager) - C:\Users\ColinR\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-23]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\ColinR\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-04-23]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ColinR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-23]
CHR Extension: (Google Wallet) - C:\Users\ColinR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-05]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 !SASCORE; E:\Programs\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-22] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-04-22] (Avast Software)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-04] (Microsoft Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-03-31] (Malwarebytes Corporation)
S2 MBAMService; E:\Programs\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-22] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-22] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-22] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-22] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-22] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-22] ()
R3 CORK70; C:\Windows\system32\drivers\CORK70.sys [25600 2015-02-21] ( )
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-03-31] ()
R3 int0800; C:\Windows\System32\drivers\flashud.sys [51712 2015-02-21] (Intel Corporation)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2015-02-21] (Logitech Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [125952 2015-02-21] (Intel Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39056 2015-04-08] (NVIDIA Corporation)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
R1 SASDIFSV; E:\Programs\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; E:\Programs\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 Serenum; C:\Windows\system32\DRIVERS\nuvserenum.sys [23552 2015-02-21] (Windows ® Win 7 DDK provider)
R3 Serial; C:\Windows\system32\DRIVERS\nuvserial.sys [86016 2015-02-21] (Nuvoton Technology Corp.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-25] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-04-22] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-11-21] (Microsoft Corporation)
R3 cpuz138; \??\C:\Users\ColinR\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Steam\steamapps\common\Driver Fusion Premium\DriverFusion.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-25 20:00 - 2015-04-25 20:00 - 00011956 _____ () C:\Users\ColinR\Desktop\FRST.txt
2015-04-25 19:59 - 2015-04-25 20:00 - 00000000 ____D () C:\FRST
2015-04-25 19:55 - 2015-04-25 19:55 - 02099712 _____ (Farbar) C:\Users\ColinR\Desktop\FRST64.exe
2015-04-25 13:46 - 2015-04-25 16:53 - 00000231 _____ () C:\WINDOWS\setupact.log
2015-04-25 13:46 - 2015-04-25 13:46 - 00001384 _____ () C:\WINDOWS\PFRO.log
2015-04-25 13:46 - 2015-04-25 13:46 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-04-25 13:12 - 2015-04-25 16:51 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2710202301-3690403667-3441836411-1001
2015-04-24 17:37 - 2015-04-24 17:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-23 21:26 - 2015-04-25 17:13 - 00390496 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-23 19:41 - 2015-04-23 19:41 - 00000000 ____D () C:\RegBackup
2015-04-23 14:16 - 2015-04-25 16:52 - 00003018 _____ () C:\WINDOWS\System32\Tasks\MSIAfterburner
2015-04-23 04:32 - 2015-04-23 04:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-23 04:31 - 2015-04-25 19:36 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-23 04:31 - 2015-04-25 16:53 - 00000906 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-23 04:31 - 2015-04-23 04:32 - 00000000 ____D () C:\Users\ColinR\AppData\Local\Google
2015-04-23 04:31 - 2015-04-23 04:32 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-23 04:31 - 2015-04-23 04:31 - 00003882 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-23 04:31 - 2015-04-23 04:31 - 00003646 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-23 04:30 - 2015-04-23 04:31 - 00000000 ____D () C:\Users\ColinR\AppData\Local\Deployment
2015-04-23 04:30 - 2015-04-23 04:30 - 00000000 ____D () C:\Users\ColinR\AppData\Local\Apps\2.0
2015-04-23 04:23 - 2015-04-23 04:23 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-04-23 04:23 - 2015-04-23 04:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-23 04:23 - 2015-04-23 04:23 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-23 04:23 - 2015-04-23 04:23 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-23 04:23 - 2015-04-08 20:58 - 31570064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 30397072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 25375048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 24053576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 17176128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 15818528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 15716232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 14617288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 14006752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 12852784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 12689592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 11380728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 10423952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-04-23 04:23 - 2015-04-08 20:58 - 03317344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 02935416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 02896528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 02573456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 01895568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435012.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcvadgenco64.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435012.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 01540240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 01086424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 01047368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 01037640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 00970568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 00962192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 00927440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 00849552 _____ () C:\WINDOWS\system32\nvmcumd.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 00499344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 00402576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 00390472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 00346256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 00195728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2015-04-23 04:23 - 2015-04-08 20:58 - 00175880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 00154256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 00150648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 00128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 00100680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcaparm.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 00078480 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 00066704 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 00039056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvadarm.sys
2015-04-23 04:23 - 2015-04-08 20:58 - 00030536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2015-04-23 04:23 - 2015-04-08 20:58 - 00029329 _____ () C:\WINDOWS\system32\nvinfo.pb
2015-04-23 04:23 - 2015-04-08 17:30 - 06841488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-04-23 04:23 - 2015-04-08 17:30 - 03478344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-04-23 04:23 - 2015-04-08 17:30 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-04-23 04:23 - 2015-04-08 17:30 - 00936264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-04-23 04:23 - 2015-04-08 17:30 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-04-23 04:23 - 2015-04-08 17:30 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-04-23 04:23 - 2015-04-08 13:52 - 04336074 _____ () C:\WINDOWS\system32\nvcoproc.bin
2015-04-23 03:46 - 2015-04-23 03:46 - 00000000 ____D () C:\WINDOWS\LastGood
2015-04-23 03:31 - 2015-04-23 03:31 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2015-04-23 03:17 - 2015-04-23 03:17 - 00000000 ____D () C:\Users\ColinR\AppData\Local\Intel
2015-04-22 14:01 - 2015-04-22 14:01 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-04-22 14:01 - 2015-04-22 14:01 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-04-22 01:56 - 2015-04-02 20:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-04-22 01:56 - 2015-04-02 20:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-04-22 01:56 - 2015-03-17 13:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-04-22 01:56 - 2015-03-13 22:03 - 04179968 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-04-22 01:56 - 2015-03-13 00:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-04-22 01:56 - 2015-03-13 00:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-04-22 01:56 - 2015-03-12 22:59 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-04-22 01:56 - 2015-03-12 22:38 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-04-22 01:56 - 2015-03-12 22:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-04-22 01:56 - 2015-03-12 21:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-04-22 01:56 - 2015-03-12 20:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-04-22 01:56 - 2015-03-08 22:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-04-22 01:56 - 2015-03-05 23:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-04-22 01:56 - 2015-03-05 22:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-04-22 01:56 - 2015-03-05 22:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-04-22 01:56 - 2015-03-04 19:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-04-22 01:56 - 2015-03-03 21:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-04-22 01:56 - 2015-03-03 21:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-04-22 01:56 - 2015-02-17 19:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-04-22 01:56 - 2015-02-12 22:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-04-22 01:56 - 2015-02-12 21:46 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-04-22 01:56 - 2015-01-29 20:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-04-19 15:54 - 2015-04-19 15:54 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-COLIN-Windows-8.1-Pro-(64-bit).dat
2015-04-19 15:41 - 2015-04-19 15:41 - 00000000 ____D () C:\Users\ColinR\temp
2015-04-19 15:41 - 2015-04-19 15:41 - 00000000 ____D () C:\Users\ColinR\AppData\Roaming\TeamViewer
2015-04-18 16:06 - 2015-04-23 04:19 - 00207872 _____ (Power Admin LLC) C:\WINDOWS\PAExec.exe
2015-04-18 02:34 - 2015-04-18 02:34 - 00000000 ____D () C:\Users\ColinR\AppData\Local\UnrealEngineLauncher
2015-04-16 22:56 - 2015-01-05 23:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-04-16 22:56 - 2015-01-05 22:59 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-04-16 22:56 - 2015-01-05 21:12 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-04-16 22:56 - 2015-01-05 21:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-04-14 14:29 - 2015-03-23 17:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-14 14:29 - 2015-03-23 17:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-14 14:29 - 2015-03-23 17:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-14 14:29 - 2015-03-23 17:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-14 14:29 - 2015-03-23 17:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-14 14:29 - 2015-03-20 00:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-14 14:29 - 2015-03-20 00:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-14 14:29 - 2015-03-20 00:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-14 14:29 - 2015-03-19 23:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-14 14:29 - 2015-03-19 22:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-14 14:29 - 2015-03-19 22:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-14 14:29 - 2015-03-19 22:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-14 14:29 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-14 14:29 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-14 14:29 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-14 14:29 - 2015-03-12 23:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-14 14:29 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-14 14:29 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-14 14:29 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-14 14:29 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-14 14:29 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-14 14:29 - 2015-03-12 23:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-14 14:29 - 2015-03-12 23:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-14 14:29 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-14 14:29 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-14 14:29 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-14 14:29 - 2015-03-12 22:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-14 14:29 - 2015-03-12 22:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-14 14:29 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-14 14:29 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-14 14:29 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-14 14:29 - 2015-03-12 22:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-14 14:29 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-14 14:29 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-14 14:29 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-14 14:29 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-14 14:29 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-14 14:29 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-14 14:28 - 2015-03-04 06:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-14 14:28 - 2015-03-03 23:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-14 14:28 - 2015-03-03 22:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-14 14:28 - 2015-02-24 04:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-14 01:59 - 2015-04-25 19:03 - 00000080 _____ () C:\Users\ColinR\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-04-14 01:59 - 2015-04-25 19:03 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2015-04-14 01:59 - 2015-04-25 19:02 - 00000000 ____D () C:\Program Files\Rockstar Games
2015-04-14 01:59 - 2015-04-14 01:59 - 00000000 ____D () C:\Users\ColinR\AppData\Local\Rockstar Games
2015-04-10 18:21 - 2015-03-14 04:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-10 18:21 - 2015-03-13 21:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-10 18:21 - 2015-03-13 21:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-10 18:21 - 2015-03-13 21:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-10 18:21 - 2015-03-13 21:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-10 18:21 - 2015-03-13 21:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-10 18:21 - 2015-03-13 20:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-10 18:21 - 2015-03-13 20:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-10 18:21 - 2015-03-13 20:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-10 18:21 - 2015-03-13 20:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-10 18:21 - 2015-03-13 20:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-10 18:21 - 2015-03-13 20:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-10 18:21 - 2015-03-13 20:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-10 18:21 - 2015-03-13 20:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-10 18:21 - 2015-03-13 20:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-10 18:21 - 2015-03-13 20:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-10 18:21 - 2015-03-13 19:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-10 18:21 - 2015-03-13 19:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-10 17:48 - 2015-04-23 14:29 - 00000000 ____D () C:\Users\ColinR\AppData\Local\CrashDumps
2015-04-10 17:43 - 2015-04-10 17:43 - 00003088 _____ () C:\WINDOWS\System32\Tasks\Start Corsair Link
2015-04-10 17:43 - 2015-04-10 17:43 - 00000000 ____D () C:\Users\ColinR\AppData\Roaming\Corsair
2015-04-10 17:43 - 2015-04-10 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair
2015-04-10 17:43 - 2015-04-10 17:43 - 00000000 ____D () C:\Program Files (x86)\Silabs
2015-04-10 17:43 - 2015-04-10 17:43 - 00000000 ____D () C:\Program Files (x86)\Corsair
2015-04-09 19:24 - 2015-04-09 19:24 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-09 19:19 - 2015-04-09 19:17 - 00073800 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
2015-04-07 23:43 - 2015-03-22 18:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-07 23:43 - 2015-03-22 18:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-07 23:43 - 2015-03-22 18:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-07 23:43 - 2015-03-22 18:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-07 23:43 - 2015-03-22 18:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-07 23:43 - 2015-03-22 18:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-07 23:43 - 2015-03-22 18:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-07 23:43 - 2015-02-20 19:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-07 23:43 - 2014-12-02 19:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-04-04 14:32 - 2015-04-08 14:35 - 00000000 ____D () C:\Users\ColinR\AppData\Local\Ubisoft Game Launcher
2015-04-04 14:32 - 2015-04-04 14:32 - 00000000 ____D () C:\Users\ColinR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2015-03-27 15:59 - 2015-03-27 15:59 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-03-27 15:59 - 2015-03-27 15:59 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-03-26 15:01 - 2015-03-14 04:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-26 15:01 - 2015-03-14 04:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-03-26 14:43 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-03-26 14:43 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-25 20:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-25 19:59 - 2015-02-21 19:27 - 00000000 ____D () C:\Users\ColinR\AppData\Local\Battle.net
2015-04-25 19:58 - 2015-02-21 19:37 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-25 19:58 - 2015-02-21 17:55 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2015-04-25 19:03 - 2015-02-21 17:42 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-25 17:36 - 2015-02-21 20:57 - 00000000 ____D () C:\Users\ColinR\AppData\Local\Spotify
2015-04-25 16:59 - 2014-11-21 04:43 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-25 16:53 - 2015-02-21 17:43 - 00000000 ____D () C:\Users\ColinR\AppData\Roaming\Spotify
2015-04-25 16:53 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-25 13:32 - 2015-02-21 17:48 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-04-25 10:34 - 2015-02-21 20:05 - 00000000 ____D () C:\AdwCleaner
2015-04-25 10:31 - 2015-03-15 16:42 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-04-25 10:26 - 2015-02-21 17:45 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-04-25 02:46 - 2015-02-21 17:50 - 00000000 ____D () C:\Users\ColinR\AppData\Roaming\Curse Client
2015-04-24 17:37 - 2015-02-21 17:49 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-24 17:34 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-24 17:07 - 2015-02-21 18:01 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-23 21:19 - 2015-02-21 17:55 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server
2015-04-23 20:11 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-23 17:40 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-23 04:23 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Help
2015-04-23 03:19 - 2015-03-04 02:31 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-23 03:08 - 2015-03-06 23:21 - 00000000 ____D () C:\Program Files\World of Warcraft
2015-04-23 00:12 - 2015-02-21 17:39 - 00000000 ____D () C:\Users\ColinR
2015-04-22 23:15 - 2015-03-16 03:48 - 00000000 ____D () C:\Users\ColinR\AppData\Roaming\Skype
2015-04-22 14:01 - 2015-02-21 17:45 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-04-22 14:01 - 2015-02-21 17:45 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-04-22 14:01 - 2015-02-21 17:45 - 00272248 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-04-22 14:01 - 2015-02-21 17:45 - 00137288 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-04-22 14:01 - 2015-02-21 17:45 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-04-22 14:01 - 2015-02-21 17:45 - 00089944 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-04-22 14:01 - 2015-02-21 17:45 - 00065736 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-04-22 14:01 - 2015-02-21 17:45 - 00029168 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-04-22 13:16 - 2013-08-22 10:44 - 00337808 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-22 01:56 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-04-22 01:56 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-04-21 00:49 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-04-18 02:34 - 2015-03-09 22:10 - 00000000 ____D () C:\ProgramData\Epic
2015-04-14 16:40 - 2015-02-21 16:32 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-14 16:38 - 2015-02-21 16:32 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-13 19:24 - 2014-11-21 12:23 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-13 19:24 - 2014-11-21 12:23 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-10 17:43 - 2015-02-21 19:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-09 19:56 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-09 19:24 - 2014-11-21 12:17 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-09 19:24 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-09 19:24 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-04-09 19:19 - 2015-02-21 19:48 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-04-06 17:54 - 2015-02-21 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-04-06 17:54 - 2015-02-21 17:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-03-31 14:40 - 2015-02-21 17:43 - 00001823 _____ () C:\Users\ColinR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
 
==================== Files in the root of some directories =======
 
2015-02-21 19:49 - 2015-02-21 19:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some content of TEMP:
====================
C:\Users\ColinR\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-16 18:51
 
==================== End Of Log ============================

Attached Files


Edited by shadowk8, 26 April 2015 - 12:06 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:58 AM

Posted 29 April 2015 - 08:21 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled.

Important.

Turn System Restore on - Windows Help
http://windows.microsoft.com/en-ca/windows/turn-system-restore-on-off#1TC=windows-7
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CloseProcesses:

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-05]
R3 cpuz138; \??\C:\Users\ColinR\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Steam\steamapps\common\Driver Fusion Premium\DriverFusion.sys [X]

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

The rest of the logs are clean.

#3 shadowk8

shadowk8
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 29 April 2015 - 01:22 PM

Ok so i ran the fixlist with frst, ill post the log at the bottom. Out of curiosity was any of this infected/bad or just corrupted ? And if you don't mind can we go through some other logs to make sure everything is clean.

 

Colin 

 

ix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-04-2015
Ran by ColinR at 2015-04-29 14:15:45 Run:1
Running from E:\
Loaded Profiles: ColinR (Available profiles: ColinR)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-05]
R3 cpuz138; \??\C:\Users\ColinR\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Steam\steamapps\common\Driver Fusion Premium\DriverFusion.sys [X]
 
End
*****************
 
Processes closed successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => Key deleted successfully.
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
cpuz138 => Service deleted successfully.
WinRing0_1_2_0 => Service deleted successfully.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-04-29 14:16:30)<=
 
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => File could not move.
 
==== End of Fixlog 14:16:30 ====

Edited by shadowk8, 29 April 2015 - 01:35 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:58 AM

Posted 30 April 2015 - 06:54 AM

Nothing malicious was found. Just some clean up.

Both your logs were checked.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#5 shadowk8

shadowk8
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 30 April 2015 - 01:56 PM

Good to know, mbam, hitman, etc arent popping up with anything either so looks like it was a fp. One question before I go tho, ive been using avast free for awhile now, and most people im talking to now are telling me bitdefender free is pretty much the best free antivirus to use atm. And seems to be a lot less intrusive then Avast, any personal recommendation or comments on that ? 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:58 AM

Posted 01 May 2015 - 06:32 AM

And seems to be a lot less intrusive then Avast, any personal recommendation or comments on that ?


If they have experience with both then I would take their recommendation.

If you want to go that way refer to this Bitdefender page.

http://www.bitdefender.com/support/removal-tools-%28uninstallers%29-for-common-antivirus-software-1107.html




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users