Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yahoo/Bing Re-Direct


  • This topic is locked This topic is locked
8 replies to this topic

#1 Mobywan

Mobywan

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 20 November 2013 - 08:58 AM

I keep getting re-directed to this yahoo/bing search engine when I try to view webpages pages. It dosen't happen eveytime I view webpages, just sometimes. I tried googling the issue and am afraid it could be something serious. Any help would be appreciated :)



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:41 PM

Posted 20 November 2013 - 09:53 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Mobywan

Mobywan
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 20 November 2013 - 01:37 PM

Hi Marius, thanks for the quick reply and for helping me out with this situation. Here is the first log.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
Ran by Adit (administrator) on ADIT-PC on 20-11-2013 10:09:15
Running from C:\Users\Adit\Downloads
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.Exe [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd)
HKCU\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [3561816 2013-10-16] (Electronic Arts)
HKCU\...\Run: [Gyazo] - C:\Program Files (x86)\Gyazo\GyStation.exe [2989160 2013-08-21] (Nota Inc.)
MountPoints2: {f37f1cd6-6826-11e2-996b-c8600097ae5f} - F:\setup.exe
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5015040 2012-02-09] (VIA)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-04] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD129E614E3E0CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKCU - (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Adit\AppData\Roaming\Mozilla\Firefox\Profiles\lw17dvb6.default
FF Homepage: www.google.ca
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&CUI=UN45390051914351077&UM=&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Adit\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Extension: Vuze Remote  - C:\Users\Adit\AppData\Roaming\Mozilla\Firefox\Profiles\lw17dvb6.default\Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}

==================== Services (Whitelisted) =================

S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [484592 2013-10-25] (BitRaider, LLC)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [121144 2013-03-25] (Motorola Mobility LLC)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-08] (NVIDIA Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-11] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-27] (NVIDIA Corporation)
S3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [166400 2011-10-11] (Razer USA Ltd)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-01-26] ()
U3 a02334bp; C:\Windows\System32\Drivers\a02334bp.sys [0 ] (Microsoft Corporation)
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [x]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-20 10:09 - 2013-11-20 10:09 - 00013001 _____ C:\Users\Adit\Downloads\FRST.txt
2013-11-20 10:08 - 2013-11-20 10:08 - 00000000 ____D C:\FRST
2013-11-20 10:07 - 2013-11-20 10:07 - 01957964 _____ (Farbar) C:\Users\Adit\Downloads\FRST64.exe
2013-11-20 08:49 - 2013-11-20 08:49 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Adit\Downloads\tdsskiller.exe
2013-11-20 07:57 - 2013-11-20 07:57 - 00388608 _____ (Trend Micro Inc.) C:\Users\Adit\Downloads\HijackThis.exe
2013-11-20 07:57 - 2013-11-20 07:57 - 00012157 _____ C:\Users\Adit\Downloads\hijackthis.log
2013-11-20 07:04 - 2013-11-20 07:05 - 00000000 ____D C:\Windows\LastGood
2013-11-20 07:04 - 2013-11-14 06:55 - 30361888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 18208624 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 15862272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 12613408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-11-20 07:04 - 2013-11-14 06:55 - 11600432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 11514624 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433182.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433182.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 00707360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 00657184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-11-20 07:02 - 2013-11-20 07:02 - 00000000 ____D C:\Users\Adit\AppData\Local\NVIDIA Corporation
2013-11-18 17:51 - 2013-11-18 17:51 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-18 17:51 - 2013-11-18 17:51 - 00000000 ____D C:\Users\Adit\AppData\Roaming\Malwarebytes
2013-11-18 17:51 - 2013-11-18 17:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-18 17:51 - 2013-11-18 17:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-18 17:51 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-18 17:41 - 2013-11-18 17:41 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Adit\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-18 15:15 - 2013-11-18 15:15 - 00000000 ____D C:\Users\Adit\Desktop\Boardwalk Empire S04E11 HDTV x264-2HD[ettv]
2013-11-15 19:42 - 2013-11-15 19:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-13 21:54 - 2013-11-13 21:54 - 00000000 ____D C:\Users\Adit\Desktop\Elysium (2013) DVDRip XviD-MAXSPEED
2013-11-13 14:27 - 2013-11-13 14:27 - 00000017 _____ C:\Users\Adit\Desktop\fitness appointment.txt
2013-11-13 07:48 - 2013-11-13 07:48 - 00000000 ____D C:\Users\Adit\Desktop\Machete Kills [2013] HDRip XViD-ETRG
2013-11-11 21:20 - 2013-11-11 21:24 - 00000012 _____ C:\Users\Adit\Desktop\New Text Document.txt
2013-11-11 08:59 - 2013-11-11 08:59 - 00590112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-11-10 13:47 - 2013-11-10 13:47 - 00001381 _____ C:\Users\Adit\Downloads\Darko Tactics.zip
2013-11-08 22:15 - 2013-11-08 22:15 - 01455528 _____ C:\Users\Adit\Downloads\SystemCheck_enUS(1).exe
2013-11-06 22:08 - 2013-11-06 22:08 - 00330853 _____ C:\Users\Adit\Downloads\RealTemp_370.zip
2013-11-05 18:15 - 2013-11-05 18:15 - 00000000 ____D C:\Users\Adit\Desktop\Monsters University (2013)
2013-11-03 03:13 - 2013-11-03 03:13 - 00001617 _____ C:\Users\Adit\Downloads\Zero Sea's Rage V1.rar
2013-10-30 00:54 - 2013-10-30 05:55 - 00000000 ____D C:\Users\Adit\Desktop\Sons of Anarchy
2013-10-29 17:08 - 2013-10-23 05:30 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433165.dll
2013-10-29 17:08 - 2013-10-23 05:30 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433165.dll
2013-10-29 17:08 - 2013-01-29 03:35 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2013-10-29 02:27 - 2013-11-08 15:47 - 01064224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-10-29 02:27 - 2013-11-08 15:47 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-10-29 02:26 - 2013-09-27 18:01 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-10-29 02:26 - 2013-09-27 18:01 - 00028960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-10-26 21:09 - 2013-10-26 21:09 - 00000000 ____D C:\Users\Adit\AppData\Local\SWTOR
2013-10-25 20:51 - 2013-11-01 23:12 - 00000000 ____D C:\ProgramData\BitRaider
2013-10-25 20:51 - 2013-10-25 20:51 - 00000000 ____D C:\Users\Public\Documents\BitRaider
2013-10-25 20:48 - 2013-10-25 20:48 - 00001449 _____ C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
2013-10-24 00:36 - 2013-10-24 00:36 - 00000026 _____ C:\Users\Adit\Desktop\15% origin discount.txt
2013-10-23 20:13 - 2013-10-24 01:55 - 00000048 _____ C:\Users\Adit\Desktop\heat.txt
2013-10-22 20:57 - 2013-10-22 20:57 - 00000000 ____D C:\Users\Adit\AppData\Local\NVIDIA
2013-10-22 20:20 - 2013-10-22 20:20 - 00001347 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2013-10-22 20:19 - 2013-10-22 20:19 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-10-22 20:18 - 2013-10-22 20:18 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-10-22 20:18 - 2009-07-13 23:54 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-10-22 20:18 - 2009-07-13 23:49 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-10-22 20:15 - 2013-11-14 06:55 - 02697248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-10-22 20:15 - 2013-10-23 05:30 - 02695200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\SET14BE.tmp
2013-10-22 20:15 - 2013-10-15 19:48 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433158.dll
2013-10-22 20:15 - 2013-10-15 19:48 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433158.dll
2013-10-22 20:15 - 2013-09-27 18:01 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-10-22 20:15 - 2013-06-16 07:38 - 00196384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2013-10-22 20:15 - 2013-06-16 07:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2013-10-22 18:27 - 2013-10-22 18:27 - 06288483 _____ C:\Users\Adit\Downloads\Premier League SS13-14 v.3.rar
2013-10-22 18:00 - 2013-10-22 18:00 - 00176620 _____ C:\Users\Adit\Downloads\FM14_Susie_Real_Names_Fixes_beta.rar

==================== One Month Modified Files and Folders =======

2013-11-20 10:09 - 2013-11-20 10:09 - 00013001 _____ C:\Users\Adit\Downloads\FRST.txt
2013-11-20 10:08 - 2013-11-20 10:08 - 00000000 ____D C:\FRST
2013-11-20 10:08 - 2012-04-28 20:11 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-20 10:07 - 2013-11-20 10:07 - 01957964 _____ (Farbar) C:\Users\Adit\Downloads\FRST64.exe
2013-11-20 08:49 - 2013-11-20 08:49 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Adit\Downloads\tdsskiller.exe
2013-11-20 07:57 - 2013-11-20 07:57 - 00388608 _____ (Trend Micro Inc.) C:\Users\Adit\Downloads\HijackThis.exe
2013-11-20 07:57 - 2013-11-20 07:57 - 00012157 _____ C:\Users\Adit\Downloads\hijackthis.log
2013-11-20 07:25 - 2012-04-29 07:00 - 01281896 _____ C:\Windows\WindowsUpdate.log
2013-11-20 07:06 - 2012-04-28 16:40 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-20 07:06 - 2012-04-28 04:41 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-11-20 07:06 - 2009-07-13 23:51 - 00066688 _____ C:\Windows\setupact.log
2013-11-20 07:05 - 2013-11-20 07:04 - 00000000 ____D C:\Windows\LastGood
2013-11-20 07:02 - 2013-11-20 07:02 - 00000000 ____D C:\Users\Adit\AppData\Local\NVIDIA Corporation
2013-11-20 07:00 - 2009-07-13 23:45 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-20 07:00 - 2009-07-13 23:45 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-20 06:56 - 2013-03-07 17:22 - 00000000 ____D C:\Program Files (x86)\Origin
2013-11-20 06:55 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-18 20:11 - 2012-04-28 21:06 - 00134794 _____ C:\Windows\PFRO.log
2013-11-18 20:10 - 2013-01-25 17:54 - 00000000 ____D C:\Windows\AutoKMS
2013-11-18 17:51 - 2013-11-18 17:51 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-18 17:51 - 2013-11-18 17:51 - 00000000 ____D C:\Users\Adit\AppData\Roaming\Malwarebytes
2013-11-18 17:51 - 2013-11-18 17:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-18 17:51 - 2013-11-18 17:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-18 17:41 - 2013-11-18 17:41 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Adit\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-18 17:26 - 2012-04-28 20:10 - 00000000 ____D C:\Users\Adit\AppData\Roaming\Azureus
2013-11-18 15:15 - 2013-11-18 15:15 - 00000000 ____D C:\Users\Adit\Desktop\Boardwalk Empire S04E11 HDTV x264-2HD[ettv]
2013-11-18 15:12 - 2012-04-28 19:30 - 00000000 ____D C:\Users\Adit\AppData\Local\PMB Files
2013-11-18 15:12 - 2012-04-28 19:30 - 00000000 ____D C:\ProgramData\PMB Files
2013-11-16 18:39 - 2012-04-28 04:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-16 02:57 - 2012-04-28 18:02 - 00000000 ____D C:\Users\Adit\AppData\Roaming\vlc
2013-11-15 19:42 - 2013-11-15 19:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 06:55 - 2013-11-20 07:04 - 30361888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 18208624 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 15862272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 12613408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-11-14 06:55 - 2013-11-20 07:04 - 11600432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 11514624 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433182.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433182.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 00707360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 00657184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-11-14 06:55 - 2013-10-22 20:15 - 02697248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-11-14 06:55 - 2012-04-28 04:40 - 18293608 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-11-14 06:55 - 2012-04-28 04:40 - 15218504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-11-14 06:55 - 2012-04-28 04:40 - 03069608 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-11-14 06:55 - 2012-04-28 04:40 - 01436528 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-11-14 06:55 - 2012-04-28 04:40 - 00023754 _____ C:\Windows\system32\nvinfo.pb
2013-11-13 22:37 - 2009-07-14 00:13 - 00791498 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-13 21:54 - 2013-11-13 21:54 - 00000000 ____D C:\Users\Adit\Desktop\Elysium (2013) DVDRip XviD-MAXSPEED
2013-11-13 14:27 - 2013-11-13 14:27 - 00000017 _____ C:\Users\Adit\Desktop\fitness appointment.txt
2013-11-13 07:48 - 2013-11-13 07:48 - 00000000 ____D C:\Users\Adit\Desktop\Machete Kills [2013] HDRip XViD-ETRG
2013-11-11 21:24 - 2013-11-11 21:20 - 00000012 _____ C:\Users\Adit\Desktop\New Text Document.txt
2013-11-11 10:02 - 2012-04-28 04:41 - 06674208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-11-11 10:02 - 2012-04-28 04:41 - 03490080 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-11-11 10:01 - 2012-04-28 04:41 - 03467927 _____ C:\Windows\system32\nvcoproc.bin
2013-11-11 10:01 - 2012-04-28 04:41 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-11-11 10:01 - 2012-04-28 04:41 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-11-11 10:01 - 2012-04-28 04:41 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-11-11 08:59 - 2013-11-11 08:59 - 00590112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-11-10 13:47 - 2013-11-10 13:47 - 00001381 _____ C:\Users\Adit\Downloads\Darko Tactics.zip
2013-11-08 22:15 - 2013-11-08 22:15 - 01455528 _____ C:\Users\Adit\Downloads\SystemCheck_enUS(1).exe
2013-11-08 15:47 - 2013-10-29 02:27 - 01064224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-11-08 15:47 - 2013-10-29 02:27 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-11-07 09:15 - 2009-07-14 00:08 - 00032570 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-06 22:08 - 2013-11-06 22:08 - 00330853 _____ C:\Users\Adit\Downloads\RealTemp_370.zip
2013-11-05 18:15 - 2013-11-05 18:15 - 00000000 ____D C:\Users\Adit\Desktop\Monsters University (2013)
2013-11-05 15:16 - 2012-11-20 15:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-05 15:16 - 2012-07-23 12:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-03 03:13 - 2013-11-03 03:13 - 00001617 _____ C:\Users\Adit\Downloads\Zero Sea's Rage V1.rar
2013-11-01 23:12 - 2013-10-25 20:51 - 00000000 ____D C:\ProgramData\BitRaider
2013-10-31 22:23 - 2013-01-25 17:54 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job
2013-10-30 05:55 - 2013-10-30 00:54 - 00000000 ____D C:\Users\Adit\Desktop\Sons of Anarchy
2013-10-29 02:27 - 2012-04-28 04:41 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-10-29 02:27 - 2012-04-28 04:40 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-10-26 21:09 - 2013-10-26 21:09 - 00000000 ____D C:\Users\Adit\AppData\Local\SWTOR
2013-10-25 20:51 - 2013-10-25 20:51 - 00000000 ____D C:\Users\Public\Documents\BitRaider
2013-10-25 20:48 - 2013-10-25 20:48 - 00001449 _____ C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
2013-10-25 20:48 - 2012-04-28 17:50 - 00014144 _____ C:\Users\Adit\Documents\Install STAR WARS The Old Republic.log
2013-10-24 01:55 - 2013-10-23 20:13 - 00000048 _____ C:\Users\Adit\Desktop\heat.txt
2013-10-24 00:36 - 2013-10-24 00:36 - 00000026 _____ C:\Users\Adit\Desktop\15% origin discount.txt
2013-10-23 05:30 - 2013-10-29 17:08 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433165.dll
2013-10-23 05:30 - 2013-10-29 17:08 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433165.dll
2013-10-23 05:30 - 2013-10-22 20:15 - 02695200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\SET14BE.tmp
2013-10-23 05:30 - 2012-04-28 04:40 - 18286416 _____ (NVIDIA Corporation) C:\Windows\system32\SET140E.tmp
2013-10-23 05:30 - 2012-04-28 04:40 - 15212336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\SET1AAD.tmp
2013-10-23 05:30 - 2012-04-28 04:40 - 03067560 _____ (NVIDIA Corporation) C:\Windows\system32\SETFFE4.tmp
2013-10-23 05:30 - 2012-04-28 04:40 - 01435504 _____ (NVIDIA Corporation) C:\Windows\system32\SET119C.tmp
2013-10-23 00:27 - 2013-10-08 14:34 - 00000000 ____D C:\Users\Adit\AppData\Local\Battle.net
2013-10-22 21:11 - 2012-04-28 04:25 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-22 20:57 - 2013-10-22 20:57 - 00000000 ____D C:\Users\Adit\AppData\Local\NVIDIA
2013-10-22 20:26 - 2012-04-28 04:13 - 00000000 ___RD C:\Users\Adit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-22 20:23 - 2013-09-10 23:15 - 00000000 ____D C:\Users\Adit\AppData\Local\Deployment
2013-10-22 20:20 - 2013-10-22 20:20 - 00001347 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2013-10-22 20:19 - 2013-10-22 20:19 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-10-22 20:18 - 2013-10-22 20:18 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-10-22 20:01 - 2012-04-30 17:46 - 00000000 ____D C:\ProgramData\Skype
2013-10-22 20:01 - 2012-04-30 11:29 - 00000000 ____D C:\Users\Adit\AppData\Local\Ubisoft Game Launcher
2013-10-22 20:00 - 2012-04-30 17:46 - 00000000 ____D C:\Users\Adit\AppData\Roaming\Skype
2013-10-22 19:59 - 2013-09-12 17:10 - 00000000 ____D C:\Users\Adit\AppData\Local\Google
2013-10-22 19:59 - 2013-09-12 17:10 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-22 19:59 - 2012-10-14 15:50 - 00000000 ____D C:\Users\Adit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-10-22 19:58 - 2013-09-08 00:25 - 00000000 ____D C:\Users\Adit\AppData\Local\TeamSpeak 3 Client
2013-10-22 19:58 - 2013-08-08 16:06 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-10-22 19:53 - 2012-04-28 17:50 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-10-22 18:27 - 2013-10-22 18:27 - 06288483 _____ C:\Users\Adit\Downloads\Premier League SS13-14 v.3.rar
2013-10-22 18:00 - 2013-10-22 18:00 - 00176620 _____ C:\Users\Adit\Downloads\FM14_Susie_Real_Names_Fixes_beta.rar

Some content of TEMP:
====================
C:\Users\Adit\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Adit\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Adit\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Adit\AppData\Local\Temp\nvStInst.exe
C:\Users\Adit\AppData\Local\Temp\ose00000.exe
C:\Users\Adit\AppData\Local\Temp\_is72AF.exe
C:\Users\Adit\AppData\Local\Temp\_isAAE2.exe
C:\Users\Adit\AppData\Local\Temp\_isABD6.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-04-28 04:18] - [2011-02-25 01:36] - 0295296 ____A (Microsoft Corporation) C9D0EAF58D6BA71E128E715EA43AD87D



LastRegBack: 2013-11-10 00:17

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-11-2013
Ran by Adit at 2013-11-20 10:09:48
Running from C:\Users\Adit\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8)
ALLCapture Enterprise 3.0 (x32)
Apple Application Support (x32 Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (x32 Version: 2.1.3.127)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.0.11.12)
Battle.net (x32)
Battlelog Web Plugins (x32 Version: 2.1.3)
BitRaider Web Client (x32 Version: 1.1.9.4)
Bonjour (Version: 3.0.0.10)
CDDRV_Installer (Version: 4.60)
Diablo III (x32)
Dual-Core Optimizer (x32 Version: 1.1.4.0169)
erLT (x32 Version: 1.20.0137)
ESN Sonar (x32 Version: 0.70.4)
Football Manager 2014 (x32)
GeForce Experience NvStream Client Components (Version: 1.6.28)
Gyazo 1.2.1 (x32)
Intel® Management Engine Components (x32 Version: 8.0.2.1410)
Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.1.209)
Intel® Trusted Connect Service Client (Version: 1.23.605.1)
iTunes (Version: 11.0.1.12)
Java 7 Update 21 (x32 Version: 7.0.210)
Java Auto Updater (x32 Version: 2.1.9.5)
KhalInstallWrapper (Version: 2.00.0000)
League of Legends (x32 Version: 1.3)
Logitech Gaming Software 5.10 (Version: 5.10.127)
Logitech SetPoint (x32 Version: 4.80)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Motorola Device Manager (x32 Version: 2.3.9)
Motorola Device Software Update (x32 Version: 13.02.1402)
Motorola Mobile Drivers Installation 6.0.0 (Version: 6.0.0)
Mozilla Firefox 25.0.1 (x86 en-US) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
NVIDIA 3D Vision Controller Driver 331.82 (Version: 331.82)
NVIDIA 3D Vision Driver 331.82 (Version: 331.82)
NVIDIA Control Panel 331.82 (Version: 331.82)
NVIDIA GeForce Experience 1.7.1 (Version: 1.7.1)
NVIDIA Graphics Driver 331.82 (Version: 331.82)
NVIDIA HD Audio Driver 1.3.26.4 (Version: 1.3.26.4)
NVIDIA Install Application (Version: 2.1002.140.952)
NVIDIA LED Visualizer 1.0 (Version: 1.0)
NVIDIA PhysX (x32 Version: 9.13.0725)
NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725)
NVIDIA ShadowPlay 9.3.21 (Version: 9.3.21)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3182)
NVIDIA Update 9.3.21 (Version: 9.3.21)
NVIDIA Update Components (Version: 9.3.21)
NVIDIA Virtual Audio 1.2.9 (Version: 1.2.9)
Origin (x32 Version: 9.1.13.85)
Pando Media Booster (x32 Version: 2.6.0.7)
Platform (x32 Version: 1.39)
QuickTime (x32 Version: 7.71.80.42)
Rockstar Games Social Club (x32 Version: 1.0.9.5)
SHIELD Streaming (Version: 1.6.53)
SimCity™ (x32 Version: 1.0.0.0)
Star Wars The Old Republic (x32 Version: 7.0.0.21)
Star Wars: The Old Republic (x32 Version: 1.00)
Steam (x32 Version: 1.0.0.0)
Ubisoft Game Launcher (x32 Version: 1.0.0.0)
Unity Web Player (HKCU Version: )
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
VIA Platform Device Manager (x32 Version: 1.39)
VLC media player 2.0.1 (x32 Version: 2.0.1)
Vuze (x32 Version: 4.7)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR 4.11 (64-bit) (Version: 4.11.0)

==================== Restore Points  =========================

02-11-2013 23:01:03 Scheduled Checkpoint
10-11-2013 05:12:28 Scheduled Checkpoint
17-11-2013 05:16:01 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2D6EB3C0-AAA4-45AC-AD30-36CC353560B5} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
Task: {406E1182-DC05-4096-88EB-D4315F34CBC0} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {424C27B4-9611-4071-881E-BACDD00C2DB6} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {8D9D75B1-DDC4-4649-B7CD-1D175486E891} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {A0DAE16E-DBCF-457D-B23C-CE8840493E39} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D07F5955-2470-46AF-A1C9-D681B726F321} - System32\Tasks\{897BD95C-6451-4F4A-8398-4BE2EF9AF9B6} => Firefox.exe http://ui.skype.com/ui/0/5.9.0.114.259/en/eula?source=lightinstaller
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe

==================== Loaded Modules (whitelisted) =============

2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-04-28 04:25 - 2011-12-05 20:58 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2012-04-28 04:25 - 2011-12-05 20:58 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2012-11-13 15:26 - 2009-07-20 12:35 - 00018960 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-25 14:44 - 2013-03-25 14:44 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2012-04-28 04:27 - 2012-02-07 16:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-11-15 19:42 - 2013-11-15 19:42 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-11-05 15:16 - 2013-11-05 15:16 - 16233864 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/20/2013 10:08:19 AM) (Source: Application Error) (User: )
Description: Faulting application name: fm.exe, version: 14.1.3.45519, time stamp: 0x5272c0ef
Faulting module name: fm.exe, version: 14.1.3.45519, time stamp: 0x5272c0ef
Exception code: 0xc0000005
Fault offset: 0x0154fa50
Faulting process id: 0x1638
Faulting application start time: 0xfm.exe0
Faulting application path: fm.exe1
Faulting module path: fm.exe2
Report Id: fm.exe3

Error: (11/13/2013 09:45:39 PM) (Source: Application Error) (User: )
Description: Faulting application name: fm.exe, version: 14.1.3.45519, time stamp: 0x5272c0ef
Faulting module name: fm.exe, version: 14.1.3.45519, time stamp: 0x5272c0ef
Exception code: 0xc0000005
Fault offset: 0x0154fa50
Faulting process id: 0x1720
Faulting application start time: 0xfm.exe0
Faulting application path: fm.exe1
Faulting module path: fm.exe2
Report Id: fm.exe3

Error: (11/13/2013 11:36:24 AM) (Source: Application Error) (User: )
Description: Faulting application name: fm.exe, version: 14.1.3.45519, time stamp: 0x5272c0ef
Faulting module name: fm.exe, version: 14.1.3.45519, time stamp: 0x5272c0ef
Exception code: 0xc0000005
Fault offset: 0x00f31237
Faulting process id: 0x420
Faulting application start time: 0xfm.exe0
Faulting application path: fm.exe1
Faulting module path: fm.exe2
Report Id: fm.exe3

Error: (11/12/2013 02:29:54 AM) (Source: Application Error) (User: )
Description: Faulting application name: fm.exe, version: 14.1.3.45519, time stamp: 0x5272c0ef
Faulting module name: fm.exe, version: 14.1.3.45519, time stamp: 0x5272c0ef
Exception code: 0xc0000005
Fault offset: 0x00f31237
Faulting process id: 0x4738
Faulting application start time: 0xfm.exe0
Faulting application path: fm.exe1
Faulting module path: fm.exe2
Report Id: fm.exe3

Error: (11/11/2013 10:44:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: fm.exe, version: 14.1.3.45519, time stamp: 0x5272c0ef
Faulting module name: fm.exe, version: 14.1.3.45519, time stamp: 0x5272c0ef
Exception code: 0xc0000005
Fault offset: 0x00f31237
Faulting process id: 0x560
Faulting application start time: 0xfm.exe0
Faulting application path: fm.exe1
Faulting module path: fm.exe2
Report Id: fm.exe3

Error: (11/11/2013 01:49:55 PM) (Source: Application Error) (User: )
Description: Faulting application name: fm.exe, version: 14.1.3.45519, time stamp: 0x5272c0ef
Faulting module name: fm.exe, version: 14.1.3.45519, time stamp: 0x5272c0ef
Exception code: 0xc0000005
Fault offset: 0x00f31237
Faulting process id: 0x1510
Faulting application start time: 0xfm.exe0
Faulting application path: fm.exe1
Faulting module path: fm.exe2
Report Id: fm.exe3

Error: (11/10/2013 06:51:43 PM) (Source: Application Error) (User: )
Description: Faulting application name: fm.exe, version: 14.1.3.45519, time stamp: 0x5272c0ef
Faulting module name: fm.exe, version: 14.1.3.45519, time stamp: 0x5272c0ef
Exception code: 0xc0000005
Fault offset: 0x00f31237
Faulting process id: 0x1200
Faulting application start time: 0xfm.exe0
Faulting application path: fm.exe1
Faulting module path: fm.exe2
Report Id: fm.exe3

Error: (11/09/2013 03:17:36 PM) (Source: Application Error) (User: )
Description: Faulting application name: fm.exe, version: 14.1.3.45519, time stamp: 0x5272c0ef
Faulting module name: fm.exe, version: 14.1.3.45519, time stamp: 0x5272c0ef
Exception code: 0xc0000005
Fault offset: 0x0154fa50
Faulting process id: 0x14dc
Faulting application start time: 0xfm.exe0
Faulting application path: fm.exe1
Faulting module path: fm.exe2
Report Id: fm.exe3

Error: (11/09/2013 01:12:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: fm.exe, version: 14.1.3.45519, time stamp: 0x5272c0ef
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49d10
Exception code: 0xc0000374
Fault offset: 0x000ce903
Faulting process id: 0xfbc
Faulting application start time: 0xfm.exe0
Faulting application path: fm.exe1
Faulting module path: fm.exe2
Report Id: fm.exe3

Error: (11/09/2013 00:03:49 AM) (Source: Application Error) (User: )
Description: Faulting application name: fm.exe, version: 14.1.3.45519, time stamp: 0x5272c0ef
Faulting module name: fm.exe, version: 14.1.3.45519, time stamp: 0x5272c0ef
Exception code: 0xc0000005
Fault offset: 0x00f31237
Faulting process id: 0xa18
Faulting application start time: 0xfm.exe0
Faulting application path: fm.exe1
Faulting module path: fm.exe2
Report Id: fm.exe3


System errors:
=============
Error: (11/19/2013 11:02:36 PM) (Source: nvlddmkm) (User: )
Description: \Device\Video5!051d(2528)

Error: (11/18/2013 06:40:09 PM) (Source: nvlddmkm) (User: )
Description: \Device\Video5!051d(2528)

Error: (11/18/2013 06:05:53 AM) (Source: nvlddmkm) (User: )
Description: \Device\Video5!051d(2528)

Error: (11/16/2013 06:57:45 PM) (Source: nvlddmkm) (User: )
Description: \Device\Video5!051d(2528)

Error: (11/14/2013 09:18:04 AM) (Source: nvlddmkm) (User: )
Description: \Device\Video5!051d(2528)

Error: (11/14/2013 08:22:48 AM) (Source: nvlddmkm) (User: )
Description: \Device\Video5!051d(2528)

Error: (11/12/2013 02:48:05 AM) (Source: Service Control Manager) (User: )
Description: The Server service terminated with the following error:
%%1062

Error: (11/12/2013 02:48:05 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1115

Error: (11/12/2013 02:48:01 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service failed to start due to the following error:
%%1069

Error: (11/12/2013 02:48:01 AM) (Source: Service Control Manager) (User: )
Description: The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error:
%%1352

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).


Microsoft Office Sessions:
=========================
Error: (11/20/2013 10:08:19 AM) (Source: Application Error)(User: )
Description: fm.exe14.1.3.455195272c0effm.exe14.1.3.455195272c0efc00000050154fa50163801cee5ee5dd475faC:\Program Files (x86)\Steam\steamapps\common\Football Manager 2014\fm.exeC:\Program Files (x86)\Steam\steamapps\common\Football Manager 2014\fm.exe965a0020-51f5-11e3-9836-c8600097ae5f

Error: (11/13/2013 09:45:39 PM) (Source: Application Error)(User: )
Description: fm.exe14.1.3.455195272c0effm.exe14.1.3.455195272c0efc00000050154fa50172001cee091ba6aa3b5C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2014\fm.exeC:\Program Files (x86)\Steam\steamapps\common\Football Manager 2014\fm.exed824ec29-4cd6-11e3-aff0-c8600097ae5f

Error: (11/13/2013 11:36:24 AM) (Source: Application Error)(User: )
Description: fm.exe14.1.3.455195272c0effm.exe14.1.3.455195272c0efc000000500f3123742001cee06fbcbcd266C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2014\fm.exeC:\Program Files (x86)\Steam\steamapps\common\Football Manager 2014\fm.exebba7b315-4c81-11e3-aff0-c8600097ae5f

Error: (11/12/2013 02:29:54 AM) (Source: Application Error)(User: )
Description: fm.exe14.1.3.455195272c0effm.exe14.1.3.455195272c0efc000000500f31237473801cedf618c98cf8aC:\Program Files (x86)\Steam\steamapps\common\Football Manager 2014\fm.exeC:\Program Files (x86)\Steam\steamapps\common\Football Manager 2014\fm.exe38c096f8-4b6c-11e3-98a9-c8600097ae5f

Error: (11/11/2013 10:44:04 PM) (Source: Application Error)(User: )
Description: fm.exe14.1.3.455195272c0effm.exe14.1.3.455195272c0efc000000500f3123756001cedf1d9e64ec55C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2014\fm.exeC:\Program Files (x86)\Steam\steamapps\common\Football Manager 2014\fm.exeac980e61-4b4c-11e3-98a9-c8600097ae5f

Error: (11/11/2013 01:49:55 PM) (Source: Application Error)(User: )
Description: fm.exe14.1.3.455195272c0effm.exe14.1.3.455195272c0efc000000500f31237151001cedee9f89bc44cC:\Program Files (x86)\Steam\steamapps\common\Football Manager 2014\fm.exeC:\Program Files (x86)\Steam\steamapps\common\Football Manager 2014\fm.exe0dd0aade-4b02-11e3-98a9-c8600097ae5f

Error: (11/10/2013 06:51:43 PM) (Source: Application Error)(User: )
Description: fm.exe14.1.3.455195272c0effm.exe14.1.3.455195272c0efc000000500f31237120001cede1d601c3666C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2014\fm.exeC:\Program Files (x86)\Steam\steamapps\common\Football Manager 2014\fm.exe0cc2bdc8-4a63-11e3-9c8c-c8600097ae5f

Error: (11/09/2013 03:17:36 PM) (Source: Application Error)(User: )
Description: fm.exe14.1.3.455195272c0effm.exe14.1.3.455195272c0efc00000050154fa5014dc01cedd775e16b5a3C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2014\fm.exeC:\Program Files (x86)\Steam\steamapps\common\Football Manager 2014\fm.exef8a542c5-497b-11e3-a7be-c8600097ae5f

Error: (11/09/2013 01:12:42 PM) (Source: Application Error)(User: )
Description: fm.exe14.1.3.455195272c0efntdll.dll6.1.7600.169154ec49d10c0000374000ce903fbc01cedd4d7784aa1cC:\Program Files (x86)\Steam\steamapps\common\Football Manager 2014\fm.exeC:\Windows\SysWOW64\ntdll.dll85e1cdc0-496a-11e3-a7be-c8600097ae5f

Error: (11/09/2013 00:03:49 AM) (Source: Application Error)(User: )
Description: fm.exe14.1.3.455195272c0effm.exe14.1.3.455195272c0efc000000500f31237a1801cedcfa47f6a8dcC:\Program Files (x86)\Steam\steamapps\common\Football Manager 2014\fm.exeC:\Program Files (x86)\Steam\steamapps\common\Football Manager 2014\fm.exe51508332-48fc-11e3-9801-c8600097ae5f


==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 8147.53 MB
Available physical RAM: 4174.29 MB
Total Pagefile: 16293.21 MB
Available Pagefile: 12346.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:40.89 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (External) (Fixed) (Total:931.51 GB) (Free:34.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 66FDFC64)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

As for the aswMBR logs I've run the program twice and it just stalls on the same point everytime (scanning some game file, waited over an hour), here is the log from that.

 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-20 11:36:16
-----------------------------
11:36:16.069    OS Version: Windows x64 6.1.7600
11:36:16.069    Number of processors: 8 586 0x2A07
11:36:16.069    ComputerName: ADIT-PC  UserName: Adit
11:36:16.989    Initialize success
11:36:29.329    AVAST engine defs: 13111900
11:36:44.664    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:36:44.664    Disk 0 Vendor: ST3250410AS 3.AAC Size: 238475MB BusType: 3
11:36:44.726    Disk 0 MBR read successfully
11:36:44.726    Disk 0 MBR scan
11:36:44.726    Disk 0 Windows 7 default MBR code
11:36:44.742    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       238464 MB offset 63
11:36:44.913    Disk 0 scanning C:\Windows\system32\drivers
11:37:13.180    Service scanning
11:37:32.383    Modules scanning
11:37:32.391    Disk 0 trace - called modules:
11:37:32.419    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800743d2c0]<<sprf.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
11:37:32.425    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077f9060]
11:37:32.429    3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa80076a29b0]
11:37:32.435    5 ACPI.sys[fffff8800103a781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80077e1060]
11:37:32.441    \Driver\atapi[0xfffffa80074d5570] -> IRP_MJ_CREATE -> 0xfffffa800743d2c0
11:37:33.406    AVAST engine scan C:\Windows
11:37:51.490    AVAST engine scan C:\Windows\system32
11:45:17.151    AVAST engine scan C:\Windows\system32\drivers
11:45:57.633    AVAST engine scan C:\Users\Adit
13:35:11.655    Disk 0 MBR has been saved successfully to "C:\Users\Adit\Desktop\MBR.dat"
13:35:11.655    The log file has been saved successfully to "C:\Users\Adit\Desktop\aswMBR.txt"

I'll await further instruction from here.



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:41 PM

Posted 21 November 2013 - 03:47 AM

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Mobywan

Mobywan
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 21 November 2013 - 07:49 PM

I have removed any cracked software and illegally obtained copyrighted material, should I re-do all logs?



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:41 PM

Posted 22 November 2013 - 03:21 AM

Thank you.

No, just post a new FRST log, please.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 Mobywan

Mobywan
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:41 AM

Posted 22 November 2013 - 02:52 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-11-2013 01
Ran by Adit (administrator) on ADIT-PC on 22-11-2013 14:50:37
Running from C:\Users\Adit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XW1ZRGNV
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Users\Adit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XW1ZRGNV\FRST64[1].exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.Exe [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd)
HKCU\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [3551576 2013-11-20] (Electronic Arts)
HKCU\...\Run: [Gyazo] - C:\Program Files (x86)\Gyazo\GyStation.exe [2989160 2013-08-21] (Nota Inc.)
MountPoints2: {f37f1cd6-6826-11e2-996b-c8600097ae5f} - F:\setup.exe
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5015040 2012-02-09] (VIA)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-04] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD129E614E3E0CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKCU - (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Adit\AppData\Roaming\Mozilla\Firefox\Profiles\lw17dvb6.default
FF Homepage: www.google.ca
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&CUI=UN45390051914351077&UM=&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Adit\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Extension: Vuze Remote  - C:\Users\Adit\AppData\Roaming\Mozilla\Firefox\Profiles\lw17dvb6.default\Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}

==================== Services (Whitelisted) =================

S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [484592 2013-10-25] (BitRaider, LLC)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [121144 2013-03-25] (Motorola Mobility LLC)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-08] (NVIDIA Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-11] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-27] (NVIDIA Corporation)
S3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [166400 2011-10-11] (Razer USA Ltd)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2013-01-26] ()
U3 acnl8d3r; C:\Windows\System32\Drivers\acnl8d3r.sys [0 ] (Microsoft Corporation)
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [x]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-20 10:18 - 2013-11-20 10:18 - 04745728 _____ (AVAST Software) C:\Users\Adit\Downloads\aswmbr.exe
2013-11-20 10:09 - 2013-11-20 10:10 - 00035478 _____ C:\Users\Adit\Downloads\FRST.txt
2013-11-20 10:09 - 2013-11-20 10:10 - 00020508 _____ C:\Users\Adit\Downloads\Addition.txt
2013-11-20 10:08 - 2013-11-20 10:08 - 00000000 ____D C:\FRST
2013-11-20 08:49 - 2013-11-20 08:49 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Adit\Downloads\tdsskiller.exe
2013-11-20 07:57 - 2013-11-20 07:57 - 00388608 _____ (Trend Micro Inc.) C:\Users\Adit\Downloads\HijackThis.exe
2013-11-20 07:57 - 2013-11-20 07:57 - 00012157 _____ C:\Users\Adit\Downloads\hijackthis.log
2013-11-20 07:04 - 2013-11-14 06:55 - 30361888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 18208624 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 15862272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 12613408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-11-20 07:04 - 2013-11-14 06:55 - 11600432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 11514624 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433182.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433182.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 00707360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 00657184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-11-20 07:04 - 2013-11-14 06:55 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-11-20 07:02 - 2013-11-20 07:02 - 00000000 ____D C:\Users\Adit\AppData\Local\NVIDIA Corporation
2013-11-18 17:51 - 2013-11-18 17:51 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-18 17:51 - 2013-11-18 17:51 - 00000000 ____D C:\Users\Adit\AppData\Roaming\Malwarebytes
2013-11-18 17:51 - 2013-11-18 17:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-18 17:51 - 2013-11-18 17:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-18 17:51 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-18 17:41 - 2013-11-18 17:41 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Adit\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-15 19:42 - 2013-11-15 19:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-13 14:27 - 2013-11-20 11:43 - 00000017 _____ C:\Users\Adit\Desktop\trainer consultation.txt
2013-11-11 21:20 - 2013-11-11 21:24 - 00000012 _____ C:\Users\Adit\Desktop\New Text Document.txt
2013-11-11 08:59 - 2013-11-11 08:59 - 00590112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-11-10 13:47 - 2013-11-10 13:47 - 00001381 _____ C:\Users\Adit\Downloads\Darko Tactics.zip
2013-11-06 22:08 - 2013-11-06 22:08 - 00330853 _____ C:\Users\Adit\Downloads\RealTemp_370.zip
2013-11-03 03:13 - 2013-11-03 03:13 - 00001617 _____ C:\Users\Adit\Downloads\Zero Sea's Rage V1.rar
2013-10-29 17:08 - 2013-10-23 05:30 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433165.dll
2013-10-29 17:08 - 2013-10-23 05:30 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433165.dll
2013-10-29 17:08 - 2013-01-29 03:35 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2013-10-29 02:27 - 2013-11-08 15:47 - 01064224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-10-29 02:27 - 2013-11-08 15:47 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-10-29 02:26 - 2013-09-27 18:01 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-10-29 02:26 - 2013-09-27 18:01 - 00028960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-10-26 21:09 - 2013-10-26 21:09 - 00000000 ____D C:\Users\Adit\AppData\Local\SWTOR
2013-10-25 20:51 - 2013-11-01 23:12 - 00000000 ____D C:\ProgramData\BitRaider
2013-10-25 20:51 - 2013-10-25 20:51 - 00000000 ____D C:\Users\Public\Documents\BitRaider
2013-10-25 20:48 - 2013-10-25 20:48 - 00001449 _____ C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
2013-10-24 00:36 - 2013-10-24 00:36 - 00000026 _____ C:\Users\Adit\Desktop\15% origin discount.txt

==================== One Month Modified Files and Folders =======

2013-11-22 14:50 - 2009-07-13 23:45 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-22 14:50 - 2009-07-13 23:45 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-22 14:49 - 2012-06-11 13:32 - 00000000 ____D C:\Users\Adit\Documents\Rockstar Games
2013-11-22 14:49 - 2012-04-29 07:00 - 01482483 _____ C:\Windows\WindowsUpdate.log
2013-11-22 14:45 - 2013-03-07 17:22 - 00000000 ____D C:\Program Files (x86)\Origin
2013-11-22 14:45 - 2009-07-13 23:51 - 00067416 _____ C:\Windows\setupact.log
2013-11-22 14:44 - 2012-04-28 16:40 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-22 14:44 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-21 22:07 - 2012-04-28 18:02 - 00000000 ____D C:\Users\Adit\AppData\Roaming\vlc
2013-11-21 20:16 - 2012-04-28 20:10 - 00000000 ____D C:\Users\Adit\AppData\Roaming\Azureus
2013-11-21 20:09 - 2012-04-28 16:52 - 00106696 _____ C:\Users\Adit\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-21 19:33 - 2012-04-30 01:28 - 00000000 ____D C:\Users\Adit\Documents\My Games
2013-11-21 19:32 - 2012-06-11 12:20 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2013-11-21 19:30 - 2012-04-30 16:32 - 00000000 ____D C:\Program Files (x86)\EA Games
2013-11-21 13:42 - 2012-04-28 21:06 - 00135158 _____ C:\Windows\PFRO.log
2013-11-21 13:42 - 2009-07-13 23:45 - 00409440 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-21 13:41 - 2013-01-25 17:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-21 13:40 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-11-21 13:39 - 2009-07-14 02:46 - 00000000 ____D C:\Windows\ShellNew
2013-11-21 13:39 - 2009-07-13 21:34 - 00000387 _____ C:\Windows\win.ini
2013-11-21 13:37 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-11-21 00:17 - 2012-04-28 20:11 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-20 11:43 - 2013-11-13 14:27 - 00000017 _____ C:\Users\Adit\Desktop\trainer consultation.txt
2013-11-20 11:36 - 2012-04-28 19:30 - 00000000 ____D C:\Users\Adit\AppData\Local\PMB Files
2013-11-20 11:36 - 2012-04-28 19:30 - 00000000 ____D C:\ProgramData\PMB Files
2013-11-20 10:18 - 2013-11-20 10:18 - 04745728 _____ (AVAST Software) C:\Users\Adit\Downloads\aswmbr.exe
2013-11-20 10:10 - 2013-11-20 10:09 - 00035478 _____ C:\Users\Adit\Downloads\FRST.txt
2013-11-20 10:10 - 2013-11-20 10:09 - 00020508 _____ C:\Users\Adit\Downloads\Addition.txt
2013-11-20 10:08 - 2013-11-20 10:08 - 00000000 ____D C:\FRST
2013-11-20 08:49 - 2013-11-20 08:49 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Adit\Downloads\tdsskiller.exe
2013-11-20 07:57 - 2013-11-20 07:57 - 00388608 _____ (Trend Micro Inc.) C:\Users\Adit\Downloads\HijackThis.exe
2013-11-20 07:57 - 2013-11-20 07:57 - 00012157 _____ C:\Users\Adit\Downloads\hijackthis.log
2013-11-20 07:06 - 2012-04-28 04:41 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-11-20 07:02 - 2013-11-20 07:02 - 00000000 ____D C:\Users\Adit\AppData\Local\NVIDIA Corporation
2013-11-18 20:10 - 2013-01-25 17:54 - 00000000 ____D C:\Windows\AutoKMS
2013-11-18 17:51 - 2013-11-18 17:51 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-18 17:51 - 2013-11-18 17:51 - 00000000 ____D C:\Users\Adit\AppData\Roaming\Malwarebytes
2013-11-18 17:51 - 2013-11-18 17:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-18 17:51 - 2013-11-18 17:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-18 17:41 - 2013-11-18 17:41 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Adit\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-16 18:39 - 2012-04-28 04:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-15 19:42 - 2013-11-15 19:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 06:55 - 2013-11-20 07:04 - 30361888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 18208624 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 15862272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 12613408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-11-14 06:55 - 2013-11-20 07:04 - 11600432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 11514624 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433182.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433182.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 01242400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 00707360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 00657184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 00609568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 00562464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-11-14 06:55 - 2013-11-20 07:04 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-11-14 06:55 - 2013-10-22 20:15 - 02697248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-11-14 06:55 - 2012-04-28 04:40 - 18293608 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-11-14 06:55 - 2012-04-28 04:40 - 15218504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-11-14 06:55 - 2012-04-28 04:40 - 03069608 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-11-14 06:55 - 2012-04-28 04:40 - 01436528 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-11-14 06:55 - 2012-04-28 04:40 - 00023754 _____ C:\Windows\system32\nvinfo.pb
2013-11-13 22:37 - 2009-07-14 00:13 - 00791498 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-11 21:24 - 2013-11-11 21:20 - 00000012 _____ C:\Users\Adit\Desktop\New Text Document.txt
2013-11-11 10:02 - 2012-04-28 04:41 - 06674208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-11-11 10:02 - 2012-04-28 04:41 - 03490080 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-11-11 10:01 - 2012-04-28 04:41 - 03467927 _____ C:\Windows\system32\nvcoproc.bin
2013-11-11 10:01 - 2012-04-28 04:41 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-11-11 10:01 - 2012-04-28 04:41 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-11-11 10:01 - 2012-04-28 04:41 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-11-11 08:59 - 2013-11-11 08:59 - 00590112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-11-10 13:47 - 2013-11-10 13:47 - 00001381 _____ C:\Users\Adit\Downloads\Darko Tactics.zip
2013-11-08 15:47 - 2013-10-29 02:27 - 01064224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-11-08 15:47 - 2013-10-29 02:27 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-11-07 09:15 - 2009-07-14 00:08 - 00032570 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-06 22:08 - 2013-11-06 22:08 - 00330853 _____ C:\Users\Adit\Downloads\RealTemp_370.zip
2013-11-05 15:16 - 2012-11-20 15:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-05 15:16 - 2012-07-23 12:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-03 03:13 - 2013-11-03 03:13 - 00001617 _____ C:\Users\Adit\Downloads\Zero Sea's Rage V1.rar
2013-11-01 23:12 - 2013-10-25 20:51 - 00000000 ____D C:\ProgramData\BitRaider
2013-10-31 22:23 - 2013-01-25 17:54 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job
2013-10-29 02:27 - 2012-04-28 04:41 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-10-29 02:27 - 2012-04-28 04:40 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-10-26 21:09 - 2013-10-26 21:09 - 00000000 ____D C:\Users\Adit\AppData\Local\SWTOR
2013-10-25 20:51 - 2013-10-25 20:51 - 00000000 ____D C:\Users\Public\Documents\BitRaider
2013-10-25 20:48 - 2013-10-25 20:48 - 00001449 _____ C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
2013-10-25 20:48 - 2012-04-28 17:50 - 00014144 _____ C:\Users\Adit\Documents\Install STAR WARS The Old Republic.log
2013-10-24 00:36 - 2013-10-24 00:36 - 00000026 _____ C:\Users\Adit\Desktop\15% origin discount.txt
2013-10-23 05:30 - 2013-10-29 17:08 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433165.dll
2013-10-23 05:30 - 2013-10-29 17:08 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433165.dll
2013-10-23 00:27 - 2013-10-08 14:34 - 00000000 ____D C:\Users\Adit\AppData\Local\Battle.net

Files to move or delete:
====================
C:\Users\Adit\AppData\Roaming\Origin


Some content of TEMP:
====================
C:\Users\Adit\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Adit\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Adit\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Adit\AppData\Local\Temp\nvStInst.exe
C:\Users\Adit\AppData\Local\Temp\ose00000.exe
C:\Users\Adit\AppData\Local\Temp\_is72AF.exe
C:\Users\Adit\AppData\Local\Temp\_isAAE2.exe
C:\Users\Adit\AppData\Local\Temp\_isABD6.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-04-28 04:18] - [2011-02-25 01:36] - 0295296 ____A (Microsoft Corporation) C9D0EAF58D6BA71E128E715EA43AD87D



LastRegBack: 2013-11-20 13:57

==================== End Of Log ============================



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:41 PM

Posted 25 November 2013 - 03:02 AM

Disable CD Emulation with DeFogger

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers.
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK


IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

 

 

Fix with FRST (normal mode)

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.

    URLSearchHook: HKCU - (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
    SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
    SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
    Toolbar: HKCU - No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} -  No File
    FF Extension: Vuze Remote  - C:\Users\Adit\AppData\Roaming\Mozilla\Firefox\Profiles\lw17dvb6.default\Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    
    U3 acnl8d3r; C:\Windows\System32\Drivers\acnl8d3r.sys [0 ] (Microsoft Corporation)
    
    C:\Windows\System32\Drivers\acnl8d3r.sys
    C:\Users\Adit\AppData\Roaming\Origin
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:41 PM

Posted 06 December 2013 - 06:55 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users