Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

have adware that hasn't been able to be removed by anything I've found


  • This topic is locked This topic is locked
5 replies to this topic

#1 stompr

stompr

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 27 June 2014 - 11:02 AM

 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.51.2
Run by Calvin at 10:53:45 on 2014-06-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8153.4358 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Program Files\SmartTechnology\Software\ProfilerU.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\SmartTechnology\Software\SaiMfd.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Calvin\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Calvin\AppData\Local\Akamai\netsession_win.exe
C:\Users\Calvin\AppData\Roaming\Spotify\spotify.exe
C:\Users\Calvin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Gyazo\GyStation.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe
C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Calvin\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Calvin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Calvin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Calvin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Calvin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Calvin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Calvin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Calvin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uURLSearchHooks: {472734EA-242A-422b-ADF8-83D1E48CC825} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Akamai NetSession Interface] "C:\Users\Calvin\AppData\Local\Akamai\netsession_win.exe"
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Spotify] "C:\Users\Calvin\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\Calvin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [F.lux] "C:\Users\Calvin\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [Battle.net] "C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe" --autostarted
uRun: [Razer Comms] C:\Program Files (x86)\Razer\Core\razercore.exe /ChatApplet
uRun: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Calvin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Curse.lnk - C:\Users\Calvin\AppData\Roaming\Curse Client\Bin\Curse.exe
StartupFolder: C:\Users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\Calvin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Calvin\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Calvin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMEST~1.LNK - 
StartupFolder: C:\Users\Calvin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\Calvin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BELKIN~1.LNK - C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
uPolicies-Explorer: HideSCAHealth = dword:1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{01C1CD88-4A3E-42ED-B06D-FAFBA3278CCF} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{01C1CD88-4A3E-42ED-B06D-FAFBA3278CCF}\46C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{4EC90E66-1BBF-4A5B-9234-4478270E6561} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{4EC90E66-1BBF-4A5B-9234-4478270E6561}\841677B65697564363 : DHCPNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{5607C39C-129A-4772-8C13-C7F83159D8DB} : DHCPNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{57BDD6C3-C415-4539-9859-75CF27A24137} : NameServer = 192.168.0.1
TCP: Interfaces\{57BDD6C3-C415-4539-9859-75CF27A24137}\46C696E6B6F57657563747 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{5B6C03A5-EB39-4897-B91D-7A4129798B49} : DHCPNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{5B6C03A5-EB39-4897-B91D-7A4129798B49}\841677B65697564363 : DHCPNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{7A8CF728-9307-40B0-9A56-7A8283EB73E5} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{7A8CF728-9307-40B0-9A56-7A8283EB73E5}\46C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{7B6F6FA4-88E4-48AD-992A-2A34878F026B} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7B6F6FA4-88E4-48AD-992A-2A34878F026B} : DHCPNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{7B6F6FA4-88E4-48AD-992A-2A34878F026B}\2456C6B696E6E23756475707 : DHCPNameServer = 192.168.206.1
TCP: Interfaces\{7B6F6FA4-88E4-48AD-992A-2A34878F026B}\E45445745414257343D25374 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9FD20478-BBAB-426B-8DA8-29DFAE97EA3B} : DHCPNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{B662A469-D896-4C70-A6D0-47BA095922E6} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{B662A469-D896-4C70-A6D0-47BA095922E6}\46C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{BB670D85-BEF0-49D1-BA2D-E7FB876357BD} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{BB670D85-BEF0-49D1-BA2D-E7FB876357BD}\2456C6B696E6E23756475707 : DHCPNameServer = 192.168.206.1
TCP: Interfaces\{EFE55279-6A99-41F4-8EEC-61C641E4F7B7} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{EFE55279-6A99-41F4-8EEC-61C641E4F7B7}\46C696E6B6F57657563747 : DHCPNameServer = 192.168.0.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exe
x64-Run: [SaiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
Hosts: 69.72.252.254 www.statcounter.com.
Hosts: 184.95.41.155 www.google-analytics.com.
Hosts: 184.95.41.155 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\zx5gmpm4.default\
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\Users\Calvin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Calvin\AppData\Roaming\rcru\plugins\nprcplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-2-19 9216]
R0 RzFilter;RzFilter;C:\Windows\System32\drivers\RzFilter.sys [2013-12-15 74432]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2013-11-11 25056]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-29 2279608]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-27 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-27 860472]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-1-7 1631008]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-8-12 21055432]
R2 RzOvlMon;Razer Overlay Subsystem Emergency Service;C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe [2013-11-20 32960]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-6-23 411936]
R2 WSWNDA3100v2;WSWNDA3100v2;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2013-11-11 303360]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2012-2-21 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2012-2-21 396776]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-11-12 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-27 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-27 63704]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-23 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-6-23 40392]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 RTL8192cu;Belkin Wireless Adapter;C:\Windows\System32\drivers\rtwlanu.sys [2014-3-23 1041000]
R3 RzSynapse;Razer Driver;C:\Windows\System32\drivers\RzSynapse.sys [2011-5-12 154624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2013-11-11 1256192]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;C:\Windows\System32\drivers\hitmanpro35.sys [2011-12-10 25160]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-10 111616]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-8-19 351136]
S3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-8-19 4869024]
S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072]
S3 RzDxgk;RzDxgk;C:\Windows\System32\drivers\RzDxgk.sys [2013-12-15 129472]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-3 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-5-12 49152]
S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
S4 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-7-12 2337144]
S4 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
S4 WeGameClientService;WeGame Client Service;C:\Program Files (x86)\WeGame\wgclientservice.exe [2011-7-12 18472]
S4 WLANBelkinService;Belkin WLAN service;C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe [2009-12-28 36864]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\System32\WScript.exe "%1" %* [UserChoice]
.
=============== Created Last 30 ================
.
2014-06-27 15:48:01 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-27 15:47:45 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-27 15:47:45 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-06-27 15:47:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-27 09:30:19 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{76B3AF86-9D47-495F-9CF9-02CFD1320CC2}\offreg.dll
2014-06-27 09:29:13 10779000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{76B3AF86-9D47-495F-9CF9-02CFD1320CC2}\mpengine.dll
2014-06-26 03:57:14 -------- d-----w- C:\Program Files\CCleaner
2014-06-26 03:54:36 -------- d-----w- C:\ProgramData\HitmanPro
2014-06-26 03:33:29 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-06-26 03:32:29 -------- d-----w- C:\AdwCleaner
2014-06-23 16:09:43 609056 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-06-23 15:23:18 1715176 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-06-23 15:23:18 1291232 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-06-23 15:22:43 40392 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-06-23 15:22:43 34760 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-06-11 04:34:56 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-11 04:34:56 424448 ----a-w- C:\Windows\System32\aeinv.dll
.
==================== Find3M  ====================
.
2014-06-13 02:59:26 1542088 ----a-w- C:\Windows\System32\nvdispgenco6434043.dll
2014-06-13 02:59:20 1890264 ----a-w- C:\Windows\System32\nvdispco6434043.dll
2014-06-13 02:48:13 946120 ----a-w- C:\Windows\System32\NvIFR64.dll
2014-06-13 02:48:12 902616 ----a-w- C:\Windows\System32\NvFBC64.dll
2014-06-13 02:48:12 13824408 ----a-w- C:\Windows\System32\nvcuda.dll
2014-06-13 02:48:11 909256 ----a-w- C:\Windows\SysWow64\NvIFR.dll
2014-06-13 02:48:11 4248520 ----a-w- C:\Windows\System32\nvcuvid.dll
2014-06-13 02:48:10 869336 ----a-w- C:\Windows\SysWow64\NvFBC.dll
2014-06-13 02:48:10 3989464 ----a-w- C:\Windows\SysWow64\nvcuvid.dll
2014-06-13 02:48:10 11211224 ----a-w- C:\Windows\SysWow64\nvcuda.dll
2014-06-13 02:48:09 391456 ----a-w- C:\Windows\System32\NvIFROpenGL.dll
2014-06-13 02:48:09 348120 ----a-w- C:\Windows\SysWow64\NvIFROpenGL.dll
2014-06-13 02:48:09 13911928 ----a-w- C:\Windows\System32\nvopencl.dll
2014-06-13 02:48:09 11272544 ----a-w- C:\Windows\SysWow64\nvopencl.dll
2014-06-13 02:47:39 14497528 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2014-06-13 02:47:38 16122344 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2014-06-13 02:47:36 417568 ----a-w- C:\Windows\SysWow64\nvEncodeAPI.dll
2014-06-13 02:47:35 18625768 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2014-06-13 02:47:35 17553032 ----a-w- C:\Windows\System32\nvd3dumx.dll
2014-06-13 02:47:34 31512352 ----a-w- C:\Windows\System32\nvoglv64.dll
2014-06-13 02:47:33 502048 ----a-w- C:\Windows\System32\nvEncodeAPI64.dll
2014-06-13 02:47:31 24198616 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2014-06-13 02:47:16 12860888 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2014-06-13 02:46:03 354016 ----a-w- C:\Windows\System32\nvoglshim64.dll
2014-06-13 02:46:03 305600 ----a-w- C:\Windows\SysWow64\nvoglshim32.dll
2014-06-13 02:46:01 965312 ----a-w- C:\Windows\System32\nvumdshimx.dll
2014-06-13 02:46:01 846832 ----a-w- C:\Windows\SysWow64\nvumdshim.dll
2014-06-13 02:46:01 22994392 ----a-w- C:\Windows\System32\nvcompiler.dll
2014-06-13 02:46:01 166568 ----a-w- C:\Windows\System32\nvinitx.dll
2014-06-13 02:46:01 146480 ----a-w- C:\Windows\SysWow64\nvinit.dll
2014-06-13 02:46:00 2814120 ----a-w- C:\Windows\SysWow64\nvapi.dll
2014-06-13 02:46:00 15294296 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2014-06-13 02:45:59 3196304 ----a-w- C:\Windows\System32\nvapi64.dll
2014-06-13 02:11:57 6783960 ----a-w- C:\Windows\System32\nvcpl.dll
2014-06-13 02:11:57 3523360 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-06-13 02:11:54 933208 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-06-13 02:11:53 62808 ----a-w- C:\Windows\System32\nvshext.dll
2014-06-13 02:11:53 387528 ----a-w- C:\Windows\System32\nvmctray.dll
2014-06-12 17:58:41 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-12 17:58:41 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-06 17:40:02 3802247 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-29 23:07:51 1122312 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-05-29 23:07:38 1279480 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-05-12 12:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-05 02:47:20 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-04-01 03:46:48 130712 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2014-04-01 03:46:48 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-03-31 16:42:42 37320 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-03-31 14:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 10:54:30.01 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:44 PM

Posted 02 July 2014 - 09:12 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 stompr

stompr
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 02 July 2014 - 12:06 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2014
Ran by Calvin (administrator) on ILLUSION on 02-07-2014 12:04:05
Running from C:\Users\Calvin\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Akamai Technologies, Inc.) C:\Users\Calvin\AppData\Local\Akamai\netsession_win.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Akamai Technologies, Inc.) C:\Users\Calvin\AppData\Local\Akamai\netsession_win.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Razer USA Ltd) C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe
() C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\Calvin\AppData\Roaming\Spotify\spotify.exe
() C:\Users\Calvin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Calvin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Calvin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Calvin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Calvin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.4767\Battle.net.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
() C:\Users\Calvin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.212\deploy\LoLLauncher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.98\deploy\LolClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2012-10-15] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2012-10-15] (Saitek)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-29] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1279480 2014-05-29] (NVIDIA Corporation)
HKLM-x32\...\Run: [Razer Blackwidow Driver] => C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe [887712 2011-05-16] (Razer USA Ltd)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-1636389650-383508748-4122975336-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-1636389650-383508748-4122975336-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Calvin\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1636389650-383508748-4122975336-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24474752 2014-06-05] (Google)
HKU\S-1-5-21-1636389650-383508748-4122975336-1000\...\Run: [Spotify] => C:\Users\Calvin\AppData\Roaming\Spotify\spotify.exe [6165048 2014-07-01] (Spotify Ltd)
HKU\S-1-5-21-1636389650-383508748-4122975336-1000\...\Run: [Spotify Web Helper] => C:\Users\Calvin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-01] (Spotify Ltd)
HKU\S-1-5-21-1636389650-383508748-4122975336-1000\...\Run: [F.lux] => C:\Users\Calvin\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKU\S-1-5-21-1636389650-383508748-4122975336-1000\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [2907184 2014-06-25] (Blizzard Entertainment)
HKU\S-1-5-21-1636389650-383508748-4122975336-1000\...\Run: [Razer Comms] => C:\Program Files (x86)\Razer\Core\razercore.exe [1094336 2013-11-20] (Razer, Inc.)
HKU\S-1-5-21-1636389650-383508748-4122975336-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [2990304 2013-10-30] (Nota Inc.)
HKU\S-1-5-21-1636389650-383508748-4122975336-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1636389650-383508748-4122975336-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1636389650-383508748-4122975336-1000\...\MountPoints2: E - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1636389650-383508748-4122975336-1000\...\MountPoints2: {413d5983-cb31-11e1-aa45-df016ba6cc32} - E:\TLBootstrap_WPP.exe
HKU\S-1-5-21-1636389650-383508748-4122975336-1000\...\MountPoints2: {80256010-2171-11e3-abf3-fb721776892a} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1636389650-383508748-4122975336-1000\...\MountPoints2: {8c714254-a404-11e0-bf4e-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-21-1636389650-383508748-4122975336-1000\...\MountPoints2: {a2527903-4712-11dd-b6c6-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-1636389650-383508748-4122975336-1000\...\MountPoints2: {e209c6bc-eb9f-11e0-8d54-f152e497dc4d} - E:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Belkin USB Wireless Adaptor Utility.lnk
ShortcutTarget: Belkin USB Wireless Adaptor Utility.lnk -> C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
Startup: C:\Users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
ShortcutTarget: Curse.lnk -> C:\Users\Calvin\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Startup: C:\Users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Calvin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk
Startup: C:\Users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0AD2339F8437CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKCU - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - No File
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{4EC90E66-1BBF-4A5B-9234-4478270E6561}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{57BDD6C3-C415-4539-9859-75CF27A24137}: [NameServer]192.168.0.1
Tcpip\..\Interfaces\{7B6F6FA4-88E4-48AD-992A-2A34878F026B}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{BB670D85-BEF0-49D1-BA2D-E7FB876357BD}: [NameServer]8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\Calvin\AppData\Roaming\Mozilla\Firefox\Profiles\zx5gmpm4.default
FF SearchEngineOrder.3: Bing 
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.102.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.140.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @idsoftware.com/QuakeLive - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\Calvin\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Calvin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-24]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-24]
 
Chrome: 
=======
CHR StartupUrls: "https://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (QUAKE LIVE) - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
CHR Plugin: (Unity Player) - C:\Users\Calvin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Calvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Calvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Calvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-04]
CHR Extension: (Adblock Plus) - C:\Users\Calvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-04-13]
CHR Extension: (Google Search) - C:\Users\Calvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-04]
CHR Extension: (Search by Image (by Google)) - C:\Users\Calvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2014-02-03]
CHR Extension: (Google Calendar) - C:\Users\Calvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-11-24]
CHR Extension: (Hola Better Internet) - C:\Users\Calvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2013-11-15]
CHR Extension: (Wolfram|Alpha (Official)) - C:\Users\Calvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icncamkooinmbehmkeilcccmoljfkdhp [2013-12-07]
CHR Extension: (The Official /r/Diablo Extension) - C:\Users\Calvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjmpdfkpnaidejfjdhmlpblahnidojbm [2013-08-24]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Calvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2013-08-14]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Calvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2013-12-07]
CHR Extension: (Google Wallet) - C:\Users\Calvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Calvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-04]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-01-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
 
==================== Services (Whitelisted) =================
 
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-05-12] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-29] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-02-26] ()
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2013-11-20] (Razer, Inc.)
S4 WeGameClientService; C:\Program Files (x86)\WeGame\WGClientService.exe [18472 2011-07-09] (WeGame.com, Inc.)
S4 WLANBelkinService; C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe [36864 2009-12-28] () [File not signed]
R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()
 
==================== Drivers (Whitelisted) ====================
 
S3 hitmanpro35; C:\Windows\system32\drivers\hitmanpro35.sys [25160 2011-12-22] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1041000 2012-02-22] (Realtek Semiconductor Corporation                           )
S3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2013-11-20] (Razer, Inc.)
R0 RzFilter; C:\Windows\System32\drivers\RzFilter.sys [74432 2013-11-20] (Razer, Inc.)
S3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [154624 2011-05-12] (Razer USA Ltd)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [24680 2012-10-15] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52200 2012-10-15] (Saitek)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 UCOREW64; \??\C:\Users\Calvin\AppData\Local\Temp\7zOBFBC.tmp\UCOREW64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-02 12:04 - 2014-07-02 12:04 - 00032128 _____ () C:\Users\Calvin\Desktop\FRST.txt
2014-07-02 12:03 - 2014-07-02 12:04 - 00000000 ____D () C:\FRST
2014-07-02 12:02 - 2014-07-02 12:02 - 02083840 _____ (Farbar) C:\Users\Calvin\Desktop\FRST64.exe
2014-07-01 12:46 - 2014-07-01 12:46 - 00000007 _____ () C:\Users\Calvin\Desktop\ANIME TO WATCH.txt
2014-06-29 15:45 - 2014-06-29 15:45 - 00056178 _____ () C:\Users\Calvin\Documents\ts3_clientui-win64-1403250090-2014-06-29 15_45_19.708221.dmp
2014-06-29 01:00 - 2014-07-01 10:42 - 00000034 _____ () C:\Windows\setupact.log
2014-06-29 01:00 - 2014-06-29 01:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-29 00:08 - 2014-06-29 00:08 - 05265811 _____ () C:\Users\Calvin\Downloads\Hearthstone.Deck.Tracker-v0.3.4.rar
2014-06-28 21:42 - 2014-06-28 21:42 - 00000000 ____D () C:\Windows\46ED2B6485C74E1F920CA555B21F2E4C.TMP
2014-06-28 16:22 - 2014-06-28 16:22 - 00000000 ____D () C:\Users\Calvin\Documents\EA Games
2014-06-28 16:21 - 2014-06-28 21:42 - 00224616 _____ () C:\Windows\DirectX.log
2014-06-27 16:59 - 2014-06-27 17:00 - 05267151 _____ () C:\Users\Calvin\Downloads\Hearthstone.Deck.Tracker-v0.3.3.rar
2014-06-27 10:54 - 2014-06-27 10:54 - 00030083 _____ () C:\Users\Calvin\Desktop\dds.txt
2014-06-27 10:54 - 2014-06-27 10:54 - 00011441 _____ () C:\Users\Calvin\Desktop\attach.txt
2014-06-27 10:48 - 2014-06-27 22:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-27 10:48 - 2014-06-27 10:48 - 00688992 ____R (Swearware) C:\Users\Calvin\Desktop\dds.com
2014-06-27 10:47 - 2014-06-27 10:47 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-27 10:47 - 2014-06-27 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-27 10:47 - 2014-06-27 10:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-27 10:47 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-27 10:47 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-27 00:09 - 2014-06-27 00:09 - 00000000 ____D () C:\Users\Calvin\Documents\Square Enix
2014-06-26 11:01 - 2014-06-26 12:11 - 00007653 _____ () C:\Users\Calvin\Documents\TombRaider.log
2014-06-26 09:51 - 2014-06-26 09:52 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Calvin\Downloads\tdsskiller (1).exe
2014-06-25 23:04 - 2014-06-25 23:04 - 00354532 _____ () C:\Users\Calvin\Documents\cc_20140625_230422.reg
2014-06-25 22:57 - 2014-06-25 22:57 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-25 22:57 - 2014-06-25 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-25 22:57 - 2014-06-25 22:57 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-25 22:56 - 2014-06-25 22:56 - 04812672 _____ (Piriform Ltd) C:\Users\Calvin\Downloads\ccsetup415.exe
2014-06-25 22:54 - 2014-06-25 22:54 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-25 22:52 - 2014-06-25 22:53 - 11181544 _____ (SurfRight B.V.) C:\Users\Calvin\Downloads\HitmanPro_x64.exe
2014-06-25 22:33 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-25 22:32 - 2014-06-25 23:13 - 00000000 ____D () C:\AdwCleaner
2014-06-25 22:31 - 2014-06-25 22:31 - 01342659 _____ () C:\Users\Calvin\Downloads\AdwCleaner.exe
2014-06-25 16:51 - 2014-06-25 16:51 - 00000000 ____D () C:\Users\Calvin\Desktop\troll
2014-06-23 13:37 - 2014-06-23 13:37 - 04824041 _____ () C:\Users\Calvin\Downloads\Hearthstone.Deck.Tracker-v0.2.18.rar
2014-06-23 11:09 - 2014-06-12 19:19 - 00609056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-06-23 11:06 - 2014-06-12 21:59 - 01890264 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434043.dll
2014-06-23 11:06 - 2014-06-12 21:59 - 01542088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434043.dll
2014-06-23 11:06 - 2014-06-12 21:48 - 13911928 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-06-23 11:06 - 2014-06-12 21:48 - 13824408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-06-23 11:06 - 2014-06-12 21:48 - 11272544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-06-23 11:06 - 2014-06-12 21:48 - 11211224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-06-23 11:06 - 2014-06-12 21:48 - 04248520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-06-23 11:06 - 2014-06-12 21:48 - 03989464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-06-23 11:06 - 2014-06-12 21:48 - 00946120 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-06-23 11:06 - 2014-06-12 21:48 - 00909256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-06-23 11:06 - 2014-06-12 21:48 - 00902616 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-06-23 11:06 - 2014-06-12 21:48 - 00869336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-06-23 11:06 - 2014-06-12 21:48 - 00391456 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-06-23 11:06 - 2014-06-12 21:48 - 00348120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-06-23 11:06 - 2014-06-12 21:47 - 31512352 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-06-23 11:06 - 2014-06-12 21:47 - 24198616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-06-23 11:06 - 2014-06-12 21:47 - 16122344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-06-23 11:06 - 2014-06-12 21:47 - 12860888 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-06-23 11:06 - 2014-06-12 21:47 - 00502048 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-06-23 11:06 - 2014-06-12 21:47 - 00417568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-06-23 11:06 - 2014-06-12 21:46 - 22994392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-06-23 11:06 - 2014-06-12 21:46 - 15294296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-06-23 11:06 - 2014-06-12 21:46 - 00846832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-06-23 11:06 - 2014-06-12 21:46 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-06-23 11:06 - 2014-06-12 21:46 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-06-23 11:06 - 2014-06-12 21:46 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-06-23 11:06 - 2014-06-12 21:46 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-06-23 10:23 - 2014-05-29 18:07 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-06-23 10:23 - 2014-05-29 18:07 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-06-23 10:22 - 2014-03-31 11:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-06-23 10:22 - 2014-03-31 11:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-06-22 22:13 - 2014-06-28 19:06 - 00000000 ____D () C:\Users\Calvin\Desktop\Hearthstone Deck Tracker
2014-06-22 22:10 - 2014-06-22 22:10 - 04821445 _____ () C:\Users\Calvin\Downloads\Hearthstone.Deck.Tracker-v0.2.17.rar
2014-06-12 13:07 - 2012-06-21 17:07 - 00000318 _____ () C:\Users\Calvin\Desktop\Curse Client.appref-ms
2014-06-10 23:36 - 2014-05-30 05:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-10 23:36 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-10 23:36 - 2014-05-30 05:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-10 23:36 - 2014-05-30 04:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-10 23:36 - 2014-05-30 04:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-10 23:36 - 2014-05-30 04:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-10 23:36 - 2014-05-30 04:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-10 23:36 - 2014-05-30 04:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-10 23:36 - 2014-05-30 04:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-10 23:36 - 2014-05-30 04:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-10 23:36 - 2014-05-30 04:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-10 23:36 - 2014-05-30 04:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-10 23:36 - 2014-05-30 04:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-10 23:36 - 2014-05-30 04:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-10 23:36 - 2014-05-30 04:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-10 23:36 - 2014-05-30 04:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-10 23:36 - 2014-05-30 04:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-10 23:36 - 2014-05-30 04:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-10 23:36 - 2014-05-30 03:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-10 23:36 - 2014-05-30 03:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-10 23:36 - 2014-05-30 03:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-10 23:36 - 2014-05-30 03:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-10 23:36 - 2014-05-30 03:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-10 23:36 - 2014-05-30 03:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-10 23:36 - 2014-05-30 03:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-10 23:36 - 2014-05-30 03:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-10 23:36 - 2014-05-30 03:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-10 23:36 - 2014-05-30 03:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-10 23:36 - 2014-05-30 03:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-10 23:36 - 2014-05-30 03:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-10 23:36 - 2014-05-30 03:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-10 23:36 - 2014-05-30 03:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-10 23:36 - 2014-05-30 03:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-10 23:36 - 2014-05-30 03:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-10 23:36 - 2014-05-30 03:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-10 23:36 - 2014-05-30 03:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-10 23:36 - 2014-05-30 03:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-10 23:36 - 2014-05-30 03:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-10 23:36 - 2014-05-30 03:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-10 23:36 - 2014-05-30 03:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-10 23:36 - 2014-05-30 02:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-10 23:36 - 2014-05-30 02:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-10 23:36 - 2014-05-30 02:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-10 23:36 - 2014-05-30 02:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-10 23:36 - 2014-05-30 02:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-10 23:36 - 2014-05-30 02:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-10 23:36 - 2014-05-30 02:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-10 23:36 - 2014-05-30 02:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-10 23:36 - 2014-05-30 02:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-10 23:36 - 2014-05-30 02:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-10 23:36 - 2014-05-30 02:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-10 23:36 - 2014-05-30 02:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-10 23:36 - 2014-04-24 21:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-10 23:36 - 2014-04-24 21:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-10 23:36 - 2014-04-04 21:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-10 23:36 - 2014-04-04 21:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-10 23:36 - 2014-03-26 09:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-10 23:36 - 2014-03-26 09:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-10 23:36 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-10 23:36 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-10 23:36 - 2014-03-26 09:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-10 23:36 - 2014-03-26 09:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-10 23:36 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-10 23:36 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-10 23:34 - 2014-06-08 04:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-10 23:34 - 2014-06-08 04:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-02 22:50 - 2014-06-02 23:32 - 00000000 ____D () C:\Users\Calvin\Desktop\League Replays
2014-06-02 22:45 - 2014-06-02 22:46 - 44199212 _____ () C:\Users\Calvin\Downloads\Pentakill-SmiteandIgnite.zip
 
==================== One Month Modified Files and Folders =======
 
2014-07-02 12:04 - 2014-07-02 12:04 - 00032128 _____ () C:\Users\Calvin\Desktop\FRST.txt
2014-07-02 12:04 - 2014-07-02 12:03 - 00000000 ____D () C:\FRST
2014-07-02 12:04 - 2011-06-30 19:57 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\Skype
2014-07-02 12:03 - 2013-08-14 23:14 - 00000000 ____D () C:\Users\Calvin\AppData\Local\Battle.net
2014-07-02 12:02 - 2014-07-02 12:02 - 02083840 _____ (Farbar) C:\Users\Calvin\Desktop\FRST64.exe
2014-07-02 11:51 - 2013-01-04 21:48 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-02 11:25 - 2011-06-30 19:16 - 01828693 _____ () C:\Windows\WindowsUpdate.log
2014-07-02 11:21 - 2012-08-16 15:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-02 10:49 - 2013-05-27 21:40 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\TS3Client
2014-07-02 09:51 - 2013-01-04 21:47 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-02 08:53 - 2013-07-24 21:20 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\Spotify
2014-07-02 01:09 - 2011-06-30 20:14 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-01 20:14 - 2013-06-27 00:26 - 00007601 _____ () C:\Users\Calvin\AppData\Local\Resmon.ResmonCfg
2014-07-01 18:34 - 2012-02-15 12:02 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1CD21DA0-0E3B-4F7F-886E-BE847C421CE4}
2014-07-01 14:17 - 2013-10-08 20:21 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-07-01 12:46 - 2014-07-01 12:46 - 00000007 _____ () C:\Users\Calvin\Desktop\ANIME TO WATCH.txt
2014-07-01 11:20 - 2013-01-11 13:32 - 00000000 ___RD () C:\Users\Calvin\Google Drive
2014-07-01 10:42 - 2014-06-29 01:00 - 00000034 _____ () C:\Windows\setupact.log
2014-06-30 13:37 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-30 12:06 - 2013-07-24 21:22 - 00000000 ____D () C:\Users\Calvin\AppData\Local\Spotify
2014-06-29 21:11 - 2012-01-24 21:57 - 00000000 ___RD () C:\Users\Calvin\Dropbox
2014-06-29 17:21 - 2014-05-26 12:41 - 00000000 ____D () C:\Program Files (x86)\Heroes of the Storm
2014-06-29 15:45 - 2014-06-29 15:45 - 00056178 _____ () C:\Users\Calvin\Documents\ts3_clientui-win64-1403250090-2014-06-29 15_45_19.708221.dmp
2014-06-29 01:00 - 2014-06-29 01:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-29 00:08 - 2014-06-29 00:08 - 05265811 _____ () C:\Users\Calvin\Downloads\Hearthstone.Deck.Tracker-v0.3.4.rar
2014-06-28 21:42 - 2014-06-28 21:42 - 00000000 ____D () C:\Windows\46ED2B6485C74E1F920CA555B21F2E4C.TMP
2014-06-28 21:42 - 2014-06-28 16:21 - 00224616 _____ () C:\Windows\DirectX.log
2014-06-28 21:42 - 2012-01-06 20:32 - 00000000 ____D () C:\Users\Calvin\Documents\my games
2014-06-28 19:06 - 2014-06-22 22:13 - 00000000 ____D () C:\Users\Calvin\Desktop\Hearthstone Deck Tracker
2014-06-28 16:22 - 2014-06-28 16:22 - 00000000 ____D () C:\Users\Calvin\Documents\EA Games
2014-06-28 09:50 - 2009-07-13 23:45 - 00020688 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-28 09:50 - 2009-07-13 23:45 - 00020688 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-27 22:37 - 2014-06-27 10:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-27 17:00 - 2014-06-27 16:59 - 05267151 _____ () C:\Users\Calvin\Downloads\Hearthstone.Deck.Tracker-v0.3.3.rar
2014-06-27 10:54 - 2014-06-27 10:54 - 00030083 _____ () C:\Users\Calvin\Desktop\dds.txt
2014-06-27 10:54 - 2014-06-27 10:54 - 00011441 _____ () C:\Users\Calvin\Desktop\attach.txt
2014-06-27 10:48 - 2014-06-27 10:48 - 00688992 ____R (Swearware) C:\Users\Calvin\Desktop\dds.com
2014-06-27 10:47 - 2014-06-27 10:47 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-27 10:47 - 2014-06-27 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-27 10:47 - 2014-06-27 10:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-27 10:47 - 2011-12-10 22:36 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\Malwarebytes
2014-06-27 10:47 - 2011-12-10 22:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-27 10:47 - 2011-12-10 22:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-06-27 00:09 - 2014-06-27 00:09 - 00000000 ____D () C:\Users\Calvin\Documents\Square Enix
2014-06-26 21:58 - 2011-12-15 20:14 - 00000000 ____D () C:\Users\Calvin\AppData\Local\CrashDumps
2014-06-26 12:11 - 2014-06-26 11:01 - 00007653 _____ () C:\Users\Calvin\Documents\TombRaider.log
2014-06-26 11:44 - 2012-01-24 21:54 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\Dropbox
2014-06-26 09:52 - 2014-06-26 09:51 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Calvin\Downloads\tdsskiller (1).exe
2014-06-25 23:13 - 2014-06-25 22:32 - 00000000 ____D () C:\AdwCleaner
2014-06-25 23:04 - 2014-06-25 23:04 - 00354532 _____ () C:\Users\Calvin\Documents\cc_20140625_230422.reg
2014-06-25 23:02 - 2011-07-03 19:14 - 00000000 ____D () C:\Program Files (x86)\VentSrv
2014-06-25 23:02 - 2011-06-30 19:31 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\Ventrilo
2014-06-25 23:00 - 2011-07-01 09:51 - 00000000 ____D () C:\Windows\Minidump
2014-06-25 23:00 - 2008-06-30 22:06 - 00000000 ____D () C:\Windows\Panther
2014-06-25 22:57 - 2014-06-25 22:57 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-25 22:57 - 2014-06-25 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-25 22:57 - 2014-06-25 22:57 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-25 22:56 - 2014-06-25 22:56 - 04812672 _____ (Piriform Ltd) C:\Users\Calvin\Downloads\ccsetup415.exe
2014-06-25 22:54 - 2014-06-25 22:54 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-25 22:53 - 2014-06-25 22:52 - 11181544 _____ (SurfRight B.V.) C:\Users\Calvin\Downloads\HitmanPro_x64.exe
2014-06-25 22:50 - 2014-05-02 16:12 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\DropboxMaster
2014-06-25 22:49 - 2011-06-30 19:22 - 00000000 ____D () C:\Users\Calvin\AppData\Local\Deployment
2014-06-25 22:47 - 2011-07-01 13:45 - 00000000 ____D () C:\Fraps
2014-06-25 22:43 - 2011-06-30 19:24 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-25 22:43 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-25 22:31 - 2014-06-25 22:31 - 01342659 _____ () C:\Users\Calvin\Downloads\AdwCleaner.exe
2014-06-25 16:51 - 2014-06-25 16:51 - 00000000 ____D () C:\Users\Calvin\Desktop\troll
2014-06-25 14:18 - 2013-08-15 08:38 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-06-24 23:53 - 2011-12-21 23:10 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-24 23:53 - 2011-12-21 23:10 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-06-24 23:53 - 2011-11-23 11:03 - 00000000 ____D () C:\ProgramData\PC Tools
2014-06-24 23:53 - 2011-10-04 17:53 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-24 17:59 - 2011-07-01 12:43 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-06-24 16:32 - 2013-10-05 10:40 - 00000000 ____D () C:\Program Files\OBS
2014-06-24 08:22 - 2013-05-27 21:39 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-06-24 08:18 - 2014-03-21 22:38 - 00000000 ____D () C:\Users\Calvin\Documents\PrettyMay
2014-06-24 08:18 - 2012-03-02 21:54 - 00000000 ____D () C:\Program Files (x86)\PrettyMay
2014-06-23 13:37 - 2014-06-23 13:37 - 04824041 _____ () C:\Users\Calvin\Downloads\Hearthstone.Deck.Tracker-v0.2.18.rar
2014-06-23 11:10 - 2012-11-28 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-06-23 11:09 - 2011-06-30 19:24 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-06-23 11:08 - 2011-06-30 19:23 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-06-23 10:23 - 2014-01-07 23:58 - 00000000 ____D () C:\Users\Calvin\AppData\Local\NVIDIA Corporation
2014-06-23 10:23 - 2011-06-30 19:24 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-06-22 22:10 - 2014-06-22 22:10 - 04821445 _____ () C:\Users\Calvin\Downloads\Hearthstone.Deck.Tracker-v0.2.17.rar
2014-06-21 14:54 - 2013-01-11 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-06-21 09:46 - 2013-01-04 21:48 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-21 09:46 - 2013-01-04 21:47 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-21 09:14 - 2014-03-29 16:51 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-21 08:57 - 2012-01-24 21:54 - 00000000 ____D () C:\Users\Calvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-21 08:43 - 2011-06-30 19:16 - 00000000 ____D () C:\Users\Calvin
2014-06-21 08:43 - 2009-07-14 00:08 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-12 21:59 - 2014-06-23 11:06 - 01890264 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434043.dll
2014-06-12 21:59 - 2014-06-23 11:06 - 01542088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434043.dll
2014-06-12 21:59 - 2012-10-10 22:22 - 00026353 _____ () C:\Windows\system32\nvinfo.pb
2014-06-12 21:48 - 2014-06-23 11:06 - 13911928 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-06-12 21:48 - 2014-06-23 11:06 - 13824408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-06-12 21:48 - 2014-06-23 11:06 - 11272544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-06-12 21:48 - 2014-06-23 11:06 - 11211224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-06-12 21:48 - 2014-06-23 11:06 - 04248520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-06-12 21:48 - 2014-06-23 11:06 - 03989464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-06-12 21:48 - 2014-06-23 11:06 - 00946120 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-06-12 21:48 - 2014-06-23 11:06 - 00909256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-06-12 21:48 - 2014-06-23 11:06 - 00902616 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-06-12 21:48 - 2014-06-23 11:06 - 00869336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-06-12 21:48 - 2014-06-23 11:06 - 00391456 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-06-12 21:48 - 2014-06-23 11:06 - 00348120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-06-12 21:47 - 2014-06-23 11:06 - 31512352 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-06-12 21:47 - 2014-06-23 11:06 - 24198616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-06-12 21:47 - 2014-06-23 11:06 - 16122344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-06-12 21:47 - 2014-06-23 11:06 - 12860888 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-06-12 21:47 - 2014-06-23 11:06 - 00502048 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-06-12 21:47 - 2014-06-23 11:06 - 00417568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-06-12 21:47 - 2014-02-18 17:18 - 17553032 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-06-12 21:47 - 2011-10-01 17:10 - 18625768 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-06-12 21:47 - 2011-06-30 19:42 - 14497528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-06-12 21:46 - 2014-06-23 11:06 - 22994392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-06-12 21:46 - 2014-06-23 11:06 - 15294296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-06-12 21:46 - 2014-06-23 11:06 - 00846832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-06-12 21:46 - 2014-06-23 11:06 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-06-12 21:46 - 2014-06-23 11:06 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-06-12 21:46 - 2014-06-23 11:06 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-06-12 21:46 - 2014-06-23 11:06 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-06-12 21:46 - 2012-10-10 22:23 - 00965312 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-06-12 21:46 - 2012-10-10 22:22 - 02814120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-06-12 21:45 - 2011-06-30 19:42 - 03196304 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-06-12 21:11 - 2011-06-30 19:24 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-06-12 21:11 - 2010-12-27 11:55 - 06783960 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-06-12 21:11 - 2010-12-27 11:54 - 03523360 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-06-12 21:11 - 2010-12-27 11:54 - 00933208 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-06-12 21:11 - 2010-12-27 11:54 - 00387528 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-06-12 19:19 - 2014-06-23 11:09 - 00609056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-06-12 13:16 - 2009-07-14 00:13 - 00813502 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-12 12:59 - 2012-08-16 15:58 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-12 12:58 - 2012-06-16 09:43 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-12 12:58 - 2011-07-01 12:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-11 04:00 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-06-11 03:04 - 2013-08-03 09:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 03:02 - 2012-10-11 18:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-11 03:02 - 2012-01-02 19:36 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 03:01 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-08 04:13 - 2014-06-10 23:34 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 04:08 - 2014-06-10 23:34 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 17:34 - 2012-01-05 18:55 - 00000000 ____D () C:\Users\Calvin\Documents\StarCraft II
2014-06-06 12:40 - 2012-11-18 04:02 - 03802247 _____ () C:\Windows\system32\nvcoproc.bin
2014-06-05 16:54 - 2011-07-16 11:13 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-06-02 23:32 - 2014-06-02 22:50 - 00000000 ____D () C:\Users\Calvin\Desktop\League Replays
2014-06-02 22:46 - 2014-06-02 22:45 - 44199212 _____ () C:\Users\Calvin\Downloads\Pentakill-SmiteandIgnite.zip
 
Files to move or delete:
====================
C:\Users\Calvin\man.dat
C:\Users\Calvin\mbid.exe
C:\Users\Calvin\open_htm.exe
C:\Users\Calvin\tag.dat
 
 
Some content of TEMP:
====================
C:\Users\Calvin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpymfhti.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64
 
 
LastRegBack: 2014-06-28 01:35
 
==================== End Of Log ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:44 PM

Posted 02 July 2014 - 12:42 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
URLSearchHook: HKCU - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - No File
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3321486&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP33951DD4-2307-476A-92D8-0608411C9008&q={searchTerms}&SSPV=C21110_sp_ie
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.102.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Hola Better Internet) - C:\Users\Calvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2013-11-15]
C:\Users\Calvin\man.dat
C:\Users\Calvin\mbid.exe
C:\Users\Calvin\open_htm.exe
C:\Users\Calvin\tag.dat
AlternateDataStreams: C:\ProgramData\TEMP:7578EF04
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
Task: {2EBB4D4A-4B02-4F50-9548-114D69FC8C76} - \UpdaterEX No Task File <==== ATTENTION

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
---

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:44 PM

Posted 09 July 2014 - 08:45 AM

Are you still with me?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:44 PM

Posted 15 July 2014 - 08:55 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users