Jump to content

Adware/Changed homepage/search provider


Recommended Posts

I was re-installing the webcam software manycam and forgot to uncheck the option to make mystart my homepage and search provider, as well as install a toolbar, although I never found any toolbars installed. I manually changed my homepage and ran MBAM, where it found and removed 3 infected files (log attached). I then ran a full scan of MBAM after restarting my system, and nothing was found. I've run the Farbar tool and have uninstalled my torrent client as well.

 

 

A little embarrassed about the 'hentai.txt' in the logs but will leave it there nonetheless.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-04-2014 01
Ran by Keith (administrator) on POONSLAYER on 21-04-2014 14:34:46
Running from C:\Users\Keith\Desktop
Windows 8.1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Clementine) C:\Program Files (x86)\Clementine\clementine.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Visicom Media Inc.) C:\Program Files (x86)\ManyCam\ManyCam.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\Clementine\clementine-tagreader.exe
() C:\Program Files (x86)\Clementine\clementine-tagreader.exe
() C:\Program Files (x86)\Clementine\clementine-tagreader.exe
() C:\Program Files (x86)\Clementine\clementine-tagreader.exe
() C:\Program Files (x86)\Clementine\clementine-tagreader.exe
() C:\Program Files (x86)\Clementine\clementine-tagreader.exe
() C:\Program Files (x86)\Clementine\clementine-tagreader.exe
() C:\Program Files (x86)\Clementine\clementine-tagreader.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17031_none_fa50b3979b1bcb4a\TiWorker.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-03-31] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKU\S-1-5-21-3388057210-4261844941-3444539521-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIEE.EXE [283232 2012-09-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3388057210-4261844941-3444539521-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Keith\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3388057210-4261844941-3444539521-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [2990304 2013-10-30] (Nota Inc.)
HKU\S-1-5-21-3388057210-4261844941-3444539521-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3388057210-4261844941-3444539521-1001\...\Run: [ManyCam] => C:\Program Files (x86)\ManyCam\ManyCam.exe [8473064 2014-03-26] (Visicom Media Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC6A278DE1E5CCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.mystart.com/results.php?gen=ms&pr=manycam&id=manycam_ot&v=4_0&ent=ch_5007&q={searchTerms}
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\17q3f0m0.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: HTTPS-Everywhere - C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\17q3f0m0.default\Extensions\https-everywhere@eff.org [2014-04-20]
FF Extension: WOT - C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\17q3f0m0.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-03-05]
FF Extension: ExHentai Easy 2 - C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\17q3f0m0.default\Extensions\jid1-7NbXi2AqS1oUFw@jetpack.xpi [2014-03-05]
FF Extension: Adblock Plus - C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\17q3f0m0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-05]
FF Extension: Greasemonkey - C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\17q3f0m0.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-03-05]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-15]

Chrome:
=======

CHR StartupUrls: "startup_urls_migration_time": "13038550843422675"
CHR DefaultSearchKeyword: google.com_
CHR DefaultSearchURL: http://www.google.com/search?q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-05]
CHR Extension: (Google Drive) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-05]
CHR Extension: (WOT) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-04-13]
CHR Extension: (YouTube) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-05]
CHR Extension: (Google Search) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-05]
CHR Extension: (AdBlock) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-13]
CHR Extension: (avast! Online Security) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-05]
CHR Extension: (Cookies) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphcomljdfghbkdcfndaijbokpgddeno [2014-04-13]
CHR Extension: (Skype Click to Call) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-05]
CHR Extension: (Google Wallet) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-05]
CHR Extension: (Gmail) - C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-05]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-31]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-31] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2013-12-30] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-23] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-03-31] (AVAST Software)
R1 aswNdisFlt; C:\Windows\system32\DRIVERS\aswNdisFlt.sys [439648 2014-01-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-03-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-03-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-03-31] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-03-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-03-31] ()
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
S3 FiiOE10; C:\Windows\system32\drivers\FiiOE10.sys [64464 2012-11-29] (Windows ® Win 7 DDK provider)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [41504 2014-01-23] (LogMeIn Inc.)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [52128 2013-11-26] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 RTCore64; C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [15176 2013-05-07] ()
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)
S1 aswKbd; \??\C:\Windows\system32\drivers\aswKbd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-21 14:34 - 2014-04-21 14:35 - 00016466 _____ () C:\Users\Keith\Desktop\FRST.txt
2014-04-21 14:34 - 2014-04-21 14:34 - 00000000 ____D () C:\FRST
2014-04-21 14:33 - 2014-04-21 14:33 - 02163712 _____ (Farbar) C:\Users\Keith\Desktop\FRST64.exe
2014-04-21 05:54 - 2014-04-21 05:54 - 04139360 _____ (Kaspersky Lab ZAO) C:\Users\Keith\Downloads\tdsskiller.exe
2014-04-20 22:17 - 2014-04-20 21:59 - 01717879 _____ () C:\Users\Keith\Downloads\dban-1.0.7_i386.exe
2014-04-20 20:26 - 2014-04-21 14:24 - 00000000 ____D () C:\Users\Keith\AppData\Local\ManyCam
2014-04-20 20:25 - 2014-04-20 20:25 - 00001037 _____ () C:\Users\Public\Desktop\ManyCam.lnk
2014-04-20 20:21 - 2014-04-20 20:21 - 00000000 ____D () C:\Users\Keith\AppData\Roaming\ManyCam
2014-04-20 20:20 - 2014-04-20 20:25 - 00000000 ____D () C:\Program Files (x86)\ManyCam
2014-04-20 20:20 - 2014-04-20 20:20 - 00000000 ____D () C:\ProgramData\EmailNotifier
2014-04-20 20:20 - 2014-04-20 20:20 - 00000000 ____D () C:\Program Files (x86)\mystarttb
2014-04-20 20:18 - 2014-04-20 20:18 - 00003090 _____ () C:\Windows\System32\Tasks\{ED4ED269-9AFB-460F-9ED7-957E07D0B8BF}
2014-04-20 19:10 - 2014-04-20 19:10 - 22081088 _____ (Visicom Media Inc.) C:\Users\Keith\Downloads\ManyCamSetup.exe
2014-04-20 08:42 - 2014-04-20 08:42 - 00000033 _____ () C:\Users\Keith\Documents\gnu.txt
2014-04-20 02:48 - 2014-04-20 02:48 - 00001092 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2014-04-20 02:48 - 2014-03-26 19:01 - 00254240 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2014-04-20 02:48 - 2014-03-26 19:00 - 00128288 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2014-04-19 23:35 - 2014-04-19 23:43 - 00000000 ____D () C:\ProgramData\VMware
2014-04-19 23:35 - 2014-04-19 23:35 - 00000000 ____D () C:\Program Files (x86)\VMware
2014-04-19 22:57 - 2014-04-21 04:37 - 00000000 ____D () C:\Users\Keith\VirtualBox VMs
2014-04-19 22:08 - 2014-04-21 05:07 - 00000000 ____D () C:\Users\Keith\.VirtualBox
2014-04-19 22:08 - 2014-04-19 22:08 - 00000000 ____D () C:\Program Files\Oracle
2014-04-19 21:49 - 2014-04-21 03:43 - 00000000 ____D () C:\Users\Keith\Documents\VM
2014-04-19 03:12 - 2014-04-19 03:12 - 00000852 _____ () C:\Users\Keith\Downloads\Downloads - Shortcut.lnk
2014-04-18 18:49 - 2014-04-18 18:49 - 03001655 _____ () C:\Users\Keith\Downloads\1397508599032.webm
2014-04-17 21:09 - 2014-04-17 21:09 - 00000028 _____ () C:\Users\Keith\Documents\kjkk.txt
2014-04-16 23:30 - 2014-04-16 23:30 - 00001625 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-04-16 23:30 - 2014-04-16 23:30 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-04-16 23:30 - 2014-04-16 23:30 - 00000000 ____D () C:\Riot Games
2014-04-16 23:30 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-04-16 23:30 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-04-16 23:30 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-04-16 23:28 - 2014-04-16 23:28 - 00000000 ____D () C:\Users\Keith\AppData\Local\PMB Files
2014-04-16 23:28 - 2014-04-16 23:28 - 00000000 ____D () C:\ProgramData\PMB Files
2014-04-16 23:27 - 2014-04-16 23:27 - 00000000 ____D () C:\Users\Keith\AppData\Roaming\Riot Games
2014-04-16 23:27 - 2014-04-16 23:27 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-04-15 18:06 - 2014-04-15 18:06 - 02871687 _____ () C:\Users\Keith\Downloads\1397596647673.webm
2014-04-14 01:02 - 2014-04-14 01:02 - 00000042 _____ () C:\Users\Keith\Documents\snapchat.txt
2014-04-13 14:16 - 2014-04-13 14:16 - 00000015 _____ () C:\Users\Keith\Documents\and cereal.txt
2014-04-09 20:44 - 2014-04-09 20:44 - 02644429 _____ () C:\Users\Keith\Downloads\1397085186976.webm
2014-04-09 19:24 - 2014-04-09 19:24 - 00025715 _____ () C:\Users\Keith\Downloads\Prank of all time.txt
2014-04-09 15:53 - 2014-03-30 20:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 15:53 - 2014-03-30 18:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 15:53 - 2014-03-10 05:35 - 02008408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-09 15:53 - 2014-03-10 05:35 - 00377176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2014-04-09 15:53 - 2014-03-06 04:19 - 01287576 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 15:53 - 2014-03-06 04:02 - 01109424 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-09 15:53 - 2014-03-06 01:17 - 00835584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-04-09 15:53 - 2014-03-06 01:10 - 01036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 15:52 - 2014-04-09 15:52 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 15:52 - 2014-04-09 15:52 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-08 19:46 - 2014-04-08 20:00 - 00000000 ____D () C:\Users\Keith\Downloads\skyrim
2014-04-08 14:59 - 2014-04-08 14:59 - 00002153 _____ () C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2014-04-08 14:59 - 2014-03-26 16:40 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-04-08 14:54 - 2014-03-27 07:45 - 31270856 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-04-08 14:54 - 2014-03-27 07:45 - 25257416 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-04-08 14:54 - 2014-03-27 07:45 - 23785416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-04-08 14:54 - 2014-03-27 07:45 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-04-08 14:54 - 2014-03-27 07:45 - 17467048 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-04-08 14:54 - 2014-03-27 07:45 - 13158232 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-04-08 14:54 - 2014-03-27 07:45 - 11644392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-04-08 14:54 - 2014-03-27 07:45 - 11598560 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-04-08 14:54 - 2014-03-27 07:45 - 09734744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-04-08 14:54 - 2014-03-27 07:45 - 09697128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-04-08 14:54 - 2014-03-27 07:45 - 03139928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-04-08 14:54 - 2014-03-27 07:45 - 02949976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-04-08 14:54 - 2014-03-27 07:45 - 02785056 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-04-08 14:54 - 2014-03-27 07:45 - 02413344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-04-08 14:54 - 2014-03-27 07:45 - 01890080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433750.dll
2014-04-08 14:54 - 2014-03-27 07:45 - 01539416 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433750.dll
2014-04-08 14:54 - 2014-03-27 07:45 - 00894752 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-04-08 14:54 - 2014-03-27 07:45 - 00891168 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-04-08 14:54 - 2014-03-27 07:45 - 00864600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-04-08 14:54 - 2014-03-27 07:45 - 00859592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-04-08 14:54 - 2014-03-27 07:45 - 00836544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-04-08 14:54 - 2014-03-27 07:45 - 00491864 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-04-08 14:54 - 2014-03-27 07:45 - 00415008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-04-08 14:54 - 2014-03-27 07:45 - 00382240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-04-08 14:54 - 2014-03-27 07:45 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-04-08 14:54 - 2014-03-27 07:45 - 00336672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-04-08 14:54 - 2014-03-27 07:45 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-04-08 14:54 - 2014-03-27 07:45 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-04-08 14:54 - 2014-03-27 07:45 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-04-08 14:35 - 2014-03-21 14:43 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-04-08 14:35 - 2014-03-21 14:43 - 00033568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-04-07 07:40 - 2014-04-07 07:43 - 00493319 _____ () C:\Users\Keith\Documents\-car.xlsx
2014-04-07 06:42 - 2014-04-07 07:39 - 00000000 ____D () C:\Users\Keith\Downloads\car proj
2014-04-06 01:52 - 2014-04-19 05:51 - 00000060 _____ () C:\Users\Keith\Documents\anime.txt
2014-04-02 03:16 - 2014-04-02 03:16 - 00000009 _____ () C:\Users\Keith\Documents\tax.txt
2014-04-01 01:18 - 2014-04-01 01:18 - 00297128 _____ () C:\Windows\Minidump\040114-17046-01.dmp
2014-03-31 18:47 - 2014-02-22 07:16 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-03-31 18:47 - 2014-02-22 06:24 - 00124416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-03-31 04:54 - 2014-01-19 02:38 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-31 04:49 - 2014-03-31 04:49 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-29 19:01 - 2014-03-29 19:01 - 130757055 _____ () C:\Users\Keith\Downloads\The Hand(s) That Thieve(s).rar
2014-03-28 19:48 - 2014-03-28 19:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 00:32 - 2014-03-28 00:32 - 00000000 ____D () C:\Users\Keith\Downloads\TheSharpening
2014-03-27 01:41 - 2014-03-27 01:41 - 77169663 _____ () C:\Users\Keith\Downloads\Melt-Banana-Fetch[2013].zip
2014-03-26 19:00 - 2014-03-26 19:00 - 00156448 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys
2014-03-26 19:00 - 2014-03-26 19:00 - 00141600 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2014-03-26 18:58 - 2014-03-26 18:58 - 00204064 _____ (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll
2014-03-26 00:05 - 2014-03-26 00:05 - 03822704 _____ () C:\Users\Keith\Downloads\battlelog-web-plugins_2.3.2_133.exe
2014-03-24 13:55 - 2014-04-17 00:15 - 00000000 ____D () C:\Users\Keith\AppData\Roaming\X-Chat 2
2014-03-24 13:55 - 2014-03-24 13:55 - 00001026 _____ () C:\Users\Keith\Desktop\X-Chat 2.lnk
2014-03-24 13:55 - 2014-03-24 13:55 - 00000000 ____D () C:\Program Files (x86)\X-Chat 2
2014-03-24 13:54 - 2014-03-24 13:54 - 08549657 _____ (SilvereX ) C:\Users\Keith\Downloads\xchat-2.8.6-2.exe
2014-03-24 02:29 - 2014-03-24 02:29 - 00000104 _____ () C:\Users\Keith\Documents\hentai.txt

==================== One Month Modified Files and Folders =======

2014-04-21 14:35 - 2014-04-21 14:34 - 00016466 _____ () C:\Users\Keith\Desktop\FRST.txt
2014-04-21 14:35 - 2013-12-21 14:11 - 00000000 ____D () C:\Users\Keith\AppData\Roaming\Skype
2014-04-21 14:34 - 2014-04-21 14:34 - 00000000 ____D () C:\FRST
2014-04-21 14:33 - 2014-04-21 14:33 - 02163712 _____ (Farbar) C:\Users\Keith\Desktop\FRST64.exe
2014-04-21 14:33 - 2013-12-15 07:57 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3388057210-4261844941-3444539521-1001
2014-04-21 14:30 - 2014-01-19 01:27 - 00000000 ____D () C:\Users\Keith\AppData\Local\Last.fm
2014-04-21 14:27 - 2014-03-05 22:40 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-21 14:27 - 2013-12-15 07:52 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0334EAC5-58E4-49A1-9950-87245C56A076}
2014-04-21 14:26 - 2013-12-15 07:55 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-21 14:26 - 2013-12-15 06:53 - 01163480 _____ () C:\Windows\WindowsUpdate.log
2014-04-21 14:24 - 2014-04-20 20:26 - 00000000 ____D () C:\Users\Keith\AppData\Local\ManyCam
2014-04-21 14:24 - 2013-12-14 18:58 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-21 14:22 - 2013-12-15 08:06 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-21 14:22 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-21 06:18 - 2013-12-15 07:55 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-21 06:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2014-04-21 05:57 - 2014-03-03 04:34 - 00000000 ____D () C:\Users\Keith\Downloads\jp
2014-04-21 05:54 - 2014-04-21 05:54 - 04139360 _____ (Kaspersky Lab ZAO) C:\Users\Keith\Downloads\tdsskiller.exe
2014-04-21 05:07 - 2014-04-19 22:08 - 00000000 ____D () C:\Users\Keith\.VirtualBox
2014-04-21 04:37 - 2014-04-19 22:57 - 00000000 ____D () C:\Users\Keith\VirtualBox VMs
2014-04-21 04:00 - 2014-01-23 06:31 - 00000000 ____D () C:\Users\Keith\AppData\Local\Paint.NET
2014-04-21 03:43 - 2014-04-19 21:49 - 00000000 ____D () C:\Users\Keith\Documents\VM
2014-04-20 21:59 - 2014-04-20 22:17 - 01717879 _____ () C:\Users\Keith\Downloads\dban-1.0.7_i386.exe
2014-04-20 20:37 - 2013-12-15 06:46 - 00011458 _____ () C:\Windows\PFRO.log
2014-04-20 20:25 - 2014-04-20 20:25 - 00001037 _____ () C:\Users\Public\Desktop\ManyCam.lnk
2014-04-20 20:25 - 2014-04-20 20:20 - 00000000 ____D () C:\Program Files (x86)\ManyCam
2014-04-20 20:25 - 2013-08-22 09:46 - 00014952 _____ () C:\Windows\setupact.log
2014-04-20 20:21 - 2014-04-20 20:21 - 00000000 ____D () C:\Users\Keith\AppData\Roaming\ManyCam
2014-04-20 20:20 - 2014-04-20 20:20 - 00000000 ____D () C:\ProgramData\EmailNotifier
2014-04-20 20:20 - 2014-04-20 20:20 - 00000000 ____D () C:\Program Files (x86)\mystarttb
2014-04-20 20:18 - 2014-04-20 20:18 - 00003090 _____ () C:\Windows\System32\Tasks\{ED4ED269-9AFB-460F-9ED7-957E07D0B8BF}
2014-04-20 19:10 - 2014-04-20 19:10 - 22081088 _____ (Visicom Media Inc.) C:\Users\Keith\Downloads\ManyCamSetup.exe
2014-04-20 08:42 - 2014-04-20 08:42 - 00000033 _____ () C:\Users\Keith\Documents\gnu.txt
2014-04-20 03:53 - 2013-12-15 07:56 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-20 02:53 - 2014-01-11 16:45 - 00000000 ____D () C:\Users\Keith\Animes and Movies
2014-04-20 02:48 - 2014-04-20 02:48 - 00001092 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2014-04-19 23:50 - 2013-12-21 14:11 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-19 23:50 - 2013-12-15 06:53 - 00000000 ____D () C:\Users\Keith
2014-04-19 23:46 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\registration
2014-04-19 23:43 - 2014-04-19 23:35 - 00000000 ____D () C:\ProgramData\VMware
2014-04-19 23:35 - 2014-04-19 23:35 - 00000000 ____D () C:\Program Files (x86)\VMware
2014-04-19 22:08 - 2014-04-19 22:08 - 00000000 ____D () C:\Program Files\Oracle
2014-04-19 17:38 - 2014-02-25 23:37 - 00000000 ____D () C:\Users\Keith\Downloads\fa
2014-04-19 17:35 - 2014-01-18 02:14 - 00000000 ____D () C:\Users\Keith\Downloads\g
2014-04-19 06:45 - 2013-12-25 13:20 - 00000000 ____D () C:\ProgramData\Origin
2014-04-19 06:22 - 2014-03-08 23:01 - 00000000 ____D () C:\Users\Keith\Desktop\foobar2000
2014-04-19 05:51 - 2014-04-06 01:52 - 00000060 _____ () C:\Users\Keith\Documents\anime.txt
2014-04-19 03:12 - 2014-04-19 03:12 - 00000852 _____ () C:\Users\Keith\Downloads\Downloads - Shortcut.lnk
2014-04-18 20:58 - 2013-12-19 22:00 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-04-18 20:49 - 2013-12-19 22:00 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-04-18 20:40 - 2013-12-25 13:20 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-04-18 20:21 - 2013-12-29 06:02 - 00000000 ____D () C:\Program Files\PeerBlock
2014-04-18 18:49 - 2014-04-18 18:49 - 03001655 _____ () C:\Users\Keith\Downloads\1397508599032.webm
2014-04-18 01:49 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-04-17 21:09 - 2014-04-17 21:09 - 00000028 _____ () C:\Users\Keith\Documents\kjkk.txt
2014-04-17 19:50 - 2013-12-31 00:55 - 00000000 ___HD () C:\Users\Keith\Documents\New folder
2014-04-17 00:15 - 2014-03-24 13:55 - 00000000 ____D () C:\Users\Keith\AppData\Roaming\X-Chat 2
2014-04-16 23:30 - 2014-04-16 23:30 - 00001625 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-04-16 23:30 - 2014-04-16 23:30 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-04-16 23:30 - 2014-04-16 23:30 - 00000000 ____D () C:\Riot Games
2014-04-16 23:28 - 2014-04-16 23:28 - 00000000 ____D () C:\Users\Keith\AppData\Local\PMB Files
2014-04-16 23:28 - 2014-04-16 23:28 - 00000000 ____D () C:\ProgramData\PMB Files
2014-04-16 23:27 - 2014-04-16 23:27 - 00000000 ____D () C:\Users\Keith\AppData\Roaming\Riot Games
2014-04-16 23:27 - 2014-04-16 23:27 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-04-16 16:04 - 2013-12-15 06:54 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-16 15:02 - 2014-01-16 22:00 - 00000000 ____D () C:\Users\Keith\Downloads\usb
2014-04-16 02:09 - 2014-02-11 05:11 - 00000000 ____D () C:\Users\Keith\Downloads\fit
2014-04-15 18:06 - 2014-04-15 18:06 - 02871687 _____ () C:\Users\Keith\Downloads\1397596647673.webm
2014-04-14 01:02 - 2014-04-14 01:02 - 00000042 _____ () C:\Users\Keith\Documents\snapchat.txt
2014-04-13 14:16 - 2014-04-13 14:16 - 00000015 _____ () C:\Users\Keith\Documents\and cereal.txt
2014-04-13 10:45 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-04-12 05:30 - 2014-02-23 22:43 - 00000088 _____ () C:\Users\Keith\Documents\passwords.txt
2014-04-11 02:09 - 2013-12-16 18:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-11 02:04 - 2013-12-16 18:14 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 20:44 - 2014-04-09 20:44 - 02644429 _____ () C:\Users\Keith\Downloads\1397085186976.webm
2014-04-09 19:24 - 2014-04-09 19:24 - 00025715 _____ () C:\Users\Keith\Downloads\Prank of all time.txt
2014-04-09 15:52 - 2014-04-09 15:52 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 15:52 - 2014-04-09 15:52 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-08 20:00 - 2014-04-08 19:46 - 00000000 ____D () C:\Users\Keith\Downloads\skyrim
2014-04-08 19:45 - 2014-01-03 09:59 - 00000000 ____D () C:\Users\Keith\AppData\Local\Skyrim
2014-04-08 14:59 - 2014-04-08 14:59 - 00002153 _____ () C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2014-04-08 14:59 - 2013-12-15 07:56 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-04-08 14:36 - 2013-12-15 08:09 - 00000000 ____D () C:\Users\Keith\AppData\Local\NVIDIA Corporation
2014-04-08 14:36 - 2013-12-15 07:56 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-04-08 14:32 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-04-07 07:43 - 2014-04-07 07:40 - 00493319 _____ () C:\Users\Keith\Documents\-car.xlsx
2014-04-07 07:39 - 2014-04-07 06:42 - 00000000 ____D () C:\Users\Keith\Downloads\car proj
2014-04-06 00:09 - 2013-12-19 23:04 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-04-02 08:27 - 2013-12-15 08:07 - 01225920 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-04-02 08:27 - 2013-12-15 08:07 - 01081112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-04-02 03:16 - 2014-04-02 03:16 - 00000009 _____ () C:\Users\Keith\Documents\tax.txt
2014-04-01 01:18 - 2014-04-01 01:18 - 00297128 _____ () C:\Windows\Minidump\040114-17046-01.dmp
2014-04-01 01:18 - 2014-01-11 19:48 - 00000000 ____D () C:\Windows\Minidump
2014-03-31 22:12 - 2014-03-05 22:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-31 21:13 - 2013-08-22 08:25 - 00000169 _____ () C:\Windows\win.ini
2014-03-31 16:23 - 2013-12-17 09:22 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-31 16:23 - 2013-12-17 09:22 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-31 04:55 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-03-31 04:50 - 2014-01-08 16:03 - 00001982 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-31 04:49 - 2014-03-31 04:49 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-31 04:49 - 2013-12-24 16:46 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-03-31 04:49 - 2013-12-15 07:55 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-31 04:49 - 2013-12-15 07:55 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-31 04:49 - 2013-12-15 07:55 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-31 04:49 - 2013-12-15 07:55 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-31 04:49 - 2013-12-15 07:55 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-31 04:49 - 2013-12-15 07:55 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-31 04:49 - 2013-12-15 07:55 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-30 20:16 - 2014-04-09 15:53 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-30 18:57 - 2014-04-09 15:53 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-29 19:01 - 2014-03-29 19:01 - 130757055 _____ () C:\Users\Keith\Downloads\The Hand(s) That Thieve(s).rar
2014-03-28 19:48 - 2014-03-28 19:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 18:52 - 2013-08-22 09:44 - 00392336 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-28 00:32 - 2014-03-28 00:32 - 00000000 ____D () C:\Users\Keith\Downloads\TheSharpening
2014-03-28 00:31 - 2014-03-16 21:08 - 00830271 _____ () C:\Users\Keith\Downloads\TheSharpening.zip
2014-03-27 07:45 - 2014-04-08 14:54 - 31270856 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-27 07:45 - 2014-04-08 14:54 - 25257416 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-27 07:45 - 2014-04-08 14:54 - 23785416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-27 07:45 - 2014-04-08 14:54 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-27 07:45 - 2014-04-08 14:54 - 17467048 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-27 07:45 - 2014-04-08 14:54 - 13158232 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-27 07:45 - 2014-04-08 14:54 - 11644392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-27 07:45 - 2014-04-08 14:54 - 11598560 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-27 07:45 - 2014-04-08 14:54 - 09734744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-27 07:45 - 2014-04-08 14:54 - 09697128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-27 07:45 - 2014-04-08 14:54 - 03139928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-27 07:45 - 2014-04-08 14:54 - 02949976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-27 07:45 - 2014-04-08 14:54 - 02785056 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-27 07:45 - 2014-04-08 14:54 - 02413344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-27 07:45 - 2014-04-08 14:54 - 01890080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433750.dll
2014-03-27 07:45 - 2014-04-08 14:54 - 01539416 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433750.dll
2014-03-27 07:45 - 2014-04-08 14:54 - 00894752 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-27 07:45 - 2014-04-08 14:54 - 00891168 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-27 07:45 - 2014-04-08 14:54 - 00864600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-27 07:45 - 2014-04-08 14:54 - 00859592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-27 07:45 - 2014-04-08 14:54 - 00836544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-03-27 07:45 - 2014-04-08 14:54 - 00491864 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-03-27 07:45 - 2014-04-08 14:54 - 00415008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-03-27 07:45 - 2014-04-08 14:54 - 00382240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-03-27 07:45 - 2014-04-08 14:54 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-03-27 07:45 - 2014-04-08 14:54 - 00336672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-03-27 07:45 - 2014-04-08 14:54 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-03-27 07:45 - 2014-04-08 14:54 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-03-27 07:45 - 2014-04-08 14:54 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-03-27 07:45 - 2014-02-19 07:02 - 15964736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-03-27 07:45 - 2013-12-15 08:06 - 18493952 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-03-27 07:45 - 2013-12-15 08:06 - 14422856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-03-27 07:45 - 2013-12-15 08:06 - 03106688 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-03-27 07:45 - 2013-12-15 08:06 - 02728160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-03-27 07:45 - 2013-12-15 08:06 - 00952440 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-03-27 07:45 - 2013-12-15 08:06 - 00026011 _____ () C:\Windows\system32\nvinfo.pb
2014-03-27 01:41 - 2014-03-27 01:41 - 77169663 _____ () C:\Users\Keith\Downloads\Melt-Banana-Fetch[2013].zip
2014-03-26 21:11 - 2013-12-15 08:06 - 06768584 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-03-26 21:11 - 2013-12-15 08:06 - 03512664 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-03-26 21:11 - 2013-12-15 08:06 - 00927520 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-03-26 21:11 - 2013-12-15 08:06 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-03-26 21:11 - 2013-12-15 08:06 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-03-26 19:01 - 2014-04-20 02:48 - 00254240 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2014-03-26 19:00 - 2014-04-20 02:48 - 00128288 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2014-03-26 19:00 - 2014-03-26 19:00 - 00156448 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys
2014-03-26 19:00 - 2014-03-26 19:00 - 00141600 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2014-03-26 18:58 - 2014-03-26 18:58 - 00204064 _____ (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll
2014-03-26 16:40 - 2014-04-08 14:59 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-03-26 00:05 - 2014-03-26 00:05 - 03822704 _____ () C:\Users\Keith\Downloads\battlelog-web-plugins_2.3.2_133.exe
2014-03-25 20:13 - 2013-12-15 07:55 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-25 20:13 - 2013-12-15 07:55 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-25 05:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-24 13:55 - 2014-03-24 13:55 - 00001026 _____ () C:\Users\Keith\Desktop\X-Chat 2.lnk
2014-03-24 13:55 - 2014-03-24 13:55 - 00000000 ____D () C:\Program Files (x86)\X-Chat 2
2014-03-24 13:54 - 2014-03-24 13:54 - 08549657 _____ (SilvereX ) C:\Users\Keith\Downloads\xchat-2.8.6-2.exe
2014-03-24 13:29 - 2014-02-06 01:29 - 00000000 ____D () C:\Users\Keith\Downloads\muscle
2014-03-24 05:31 - 2013-12-15 08:06 - 03683457 _____ () C:\Windows\system32\nvcoproc.bin
2014-03-24 02:29 - 2014-03-24 02:29 - 00000104 _____ () C:\Users\Keith\Documents\hentai.txt
2014-03-22 04:52 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache

Some content of TEMP:
====================
C:\Users\Keith\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Keith\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Keith\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Keith\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Keith\AppData\Local\Temp\nvStInst.exe
C:\Users\Keith\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Keith\AppData\Local\Temp\sfextra.dll
C:\Users\Keith\AppData\Local\Temp\sonarinst.exe
C:\Users\Keith\AppData\Local\Temp\swt-win32-3349.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-18 18:07

==================== End Of Log ============================

 

Addition.txt

mbam-log-2014-04-20 (20-27-29).txt

Link to post
Share on other sites

Hi Keith_, and welcome to Malwarebytes.

 

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 

start

 

SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.mystart.c...&ent=ch_5007&q={searchTerms}
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File

 

end

 

Save the file as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will create a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

 

Please post the log from FRST (Fixlog.txt) in your next reply.

 

 

Please download AdwCleaner by Xplode onto your Desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found.  Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner

 

Please download Junkware Removal Tool to your Desktop.

  • Disconnect from the Internet (unplug your connection to your router or modem).
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Restart your security software and reconnect to the Internet.
  • Please post the contents of JRT.txt into your reply.

 

You are running an outdated version of Malwarebytes Anti-Malware.
To update from within the program, open MBAM, select the Update tab and click the 'Click here to find out more and check it out!' link - see image.

MB_screenshot1.jpg

To update via the website follow this link http://www.malwarebytes.org/update/

  • After you have updated, open up MBAM. If it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, click the Quarantine All button.
  • While still on the Scan tab, click the Export Log button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

 

Your Adobe Flash Player Plugin is outdated and vulnerable. Please go to Start > Control Panel > Programs and Features and uninstall the following program:

Adobe Flash Player 12 Plugin

 

Then go to http://get.adobe.com/flashplayer/ to download and install the current version.

 

Please post the logs from FRST (Fixlog.txt), Adwcleaner, Junkware Removal tool, the new log from MBAM, and note any errors encountered.

 

 

Link to post
Share on other sites

Sorry for the late reply, was a bit busy this weekend. Will attach the logs (there's two logs for adcleaner, one for the scan and one for the cleaning). Had a little trouble installing the newest flash player but worked it out, also it takes a while (about ~2 minutes) for any program except for my media player or firefox to run after I restart my computer, but this isn't a new issue.

Fixlog.txt

AdwCleanerR0.txt

AdwCleanerS0.txt

JRT.txt

mbamlog.txt

Link to post
Share on other sites

Yours was actually one of the cleaner logs I've seen in some time. :D

 

We can now start some cleanup, and you can delete the below utilities that we used, and any logs that they created:

Farbar Recovery Scan Tool (and delete the folder C:\FRST)

AdwCleaner (run the program and click Uninstall)
Junkware Removal Tool

 

To help keep malware off your system:

  • Keep Windows updated at Windows Update or Microsoft Update.
  • Keep your other applications updated, there are vulnerabilities that rely on exploits through other programs like Java, Microsoft Office, Adobe Reader, Flash, and others.
  • Run a program like Secunia Online Software Inspector or FileHippo Update Checker to see what programs need to be updated.
  • Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.
  • Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.
  • Don't click on links received in instant message programs.
  • In place of Internet Explorer, browse with Firefox with the NoScript and AdBlock Plus add-ons.
  • A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at http://www.mvps.org/...p2002/hosts.htm
  • A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster available at http://www.javacools...m/products.html
  • I recommend reading Tony Klein's article So How did I get Infected in the First Place? at http://www.spywarein...showtopic=60955

Does your problem appear resolved?

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.