Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

iStart Browser Hijacker and Co.


  • This topic is locked This topic is locked
8 replies to this topic

#1 GamerGuy1

GamerGuy1

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 26 July 2014 - 11:08 PM

Hey guys, I'm in a bit of a hickey. Three nights ago I received an eerie message from my Avast antivirus that a suspicious website was blocked, only to find out that the next time I opened up Google Chrome an icky browser hijacker called iStart had taken control. I scanned it with Malware Anti-Bytes and uninstalled both it and something called 'WindowsProtectManager' or something like that manually and removed several viruses. A few of which were .exe files called 'PluginService.exe' found in my Program Files folder, and a couple weirder ones like SupTab.dll, GPUpd53D46ADD1.exe and a long string of random numbers and letters with dashes, the first of which was in its own folder in Program Files (86x) called /SupTab/ and the last two in /AppData/Local/Temp. The eerie thing is, once I finished the scanned, quarantined and deleted the viruses, they came back yesterday. I did the same thing, and they're back again today. The GPUpd53 one is apparently a search hijacker, so I'm not entirely sure what that means, but it definitely does not sound good. I'd really appreciate it if I could get some help on how to remove this annoyance once and for all, because this is starting to make me uneasy. 

 

(I'd like to think I'm a safe surfer and a person with a reasonable amount of common sense. I don't visit shifty sites.)



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:59 AM

Posted 31 July 2014 - 10:32 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#3 GamerGuy1

GamerGuy1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 31 July 2014 - 11:15 AM

Thanks. Here is the AdwCleaner log.

 

 
# Updated 30/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : - - --PC
# Running from : C:\Users\-\Downloads\adwcleaner_3.302.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\GetPrivate
Folder Deleted : C:\Users\-\AppData\Roaming\GetPrivate
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKCU\Software\SupHpUISoft
Key Deleted : HKLM\Software\SupTab
Key Deleted : HKLM\Software\supWPM
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\-\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [1374 octets] - [31/07/2014 12:05:53]
AdwCleaner[S0].txt - [1268 octets] - [31/07/2014 12:07:25]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1328 octets] ##########
 
Here is the Farbar log.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 01
Ran by - (administrator) on --PC on 31-07-2014 12:11:32
Running from C:\Users\-\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) F:\AntiBad\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\runSW.exe
(Realtek) C:\Windows\SwUSB.exe
() C:\Program Files (x86)\D-Link\DWA-182\WlanWpsSvc.exe
() C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-182\wirelesscm.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(AVAST Software) F:\AntiBad\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506136 2013-12-06] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [RaidCall] => C:\Program Files (x86)\RaidCall\raidcall.exe [4136648 2014-06-11] (RAIDCALL.COM)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3816784 2014-07-21] (LogMeIn Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => F:\AntiBad\AvastUI.exe [4086432 2014-07-27] (AVAST Software)
HKU\S-1-5-21-2984736474-3936359553-800599283-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21446272 2014-05-08] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\DWA-182\wirelesscm.exe (D-Link Corp.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => F:\AntiBad\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC4B8B5757DA2CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> F:\AntiBad\aswWebRepIE64.dll (AVAST Software)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> F:\AntiBad\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\-\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - F:\AntiBad\WebRep\FF
FF Extension: avast! Online Security - F:\AntiBad\WebRep\FF [2014-07-27]
 
Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Docs) - C:\Users\-\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-20]
CHR Extension: (Google Drive) - C:\Users\-\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\-\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-20]
CHR Extension: (YouTube) - C:\Users\-\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-20]
CHR Extension: (Google Search) - C:\Users\-\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-20]
CHR Extension: (avast! SafePrice) - C:\Users\-\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-07-27]
CHR Extension: (avast! Online Security) - C:\Users\-\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-27]
CHR Extension: (Google Wallet) - C:\Users\-\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-20]
CHR Extension: (Gmail) - C:\Users\-\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-20]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - F:\AntiBad\WebRep\Chrome\aswWebRepChrome.crx [2014-07-27]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; F:\AntiBad\AvastSvc.exe [50344 2014-07-27] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-07-16] (LogMeIn, Inc.)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-07-02] ()
R2 RunSwUSB; C:\Windows\runSW.exe [36864 2012-12-14] () [File not signed]
R2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-182\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
R2 WNDA6200; C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe [53976 2013-03-26] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 A6200; C:\Windows\System32\DRIVERS\bcmwlhigh664.sys [2567984 2013-02-28] (Broadcom Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-27] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-27] ()
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21408 2013-08-01] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21920 2013-08-01] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-01] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-08-01] ()
R3 L1c; C:\Windows\System32\DRIVERS\l1c51x64.sys [114896 2013-06-19] (Atheros Communications, Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-30] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R1 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-26] (CACE Technologies, Inc.)
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation                           )
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2350152 2013-05-07] (Realtek Semiconductor Corporation                           )
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_3; \??\C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-31 12:11 - 2014-07-31 12:11 - 00016382 _____ () C:\Users\-\Downloads\FRST.txt
2014-07-31 12:11 - 2014-07-31 12:11 - 00000000 ____D () C:\FRST
2014-07-31 12:10 - 2014-07-31 12:10 - 02094080 _____ (Farbar) C:\Users\-\Downloads\FRST64.exe
2014-07-31 12:06 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-31 12:05 - 2014-07-31 12:07 - 00000000 ____D () C:\AdwCleaner
2014-07-31 12:05 - 2014-07-31 12:05 - 01361309 _____ () C:\Users\-\Downloads\adwcleaner_3.302.exe
2014-07-29 21:18 - 2014-07-29 21:18 - 00003100 _____ () C:\Windows\System32\Tasks\{B818CDF5-3827-45A5-85BF-6B122BCC34F1}
2014-07-29 21:18 - 2014-07-29 21:18 - 00000138 _____ () C:\Users\-\Desktop\D2Moddin Client.url
2014-07-29 21:18 - 2014-07-29 21:18 - 00000000 ____D () C:\Users\-\AppData\Roaming\D2MP
2014-07-29 21:18 - 2014-07-29 21:18 - 00000000 ____D () C:\Users\-\AppData\Local\d2mp
2014-07-27 00:44 - 2014-07-27 00:44 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-27 00:44 - 2014-07-27 00:44 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-27 00:44 - 2014-07-27 00:44 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-27 00:44 - 2014-07-27 00:44 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-27 00:44 - 2014-07-27 00:44 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-27 00:44 - 2014-07-27 00:44 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-07-27 00:44 - 2014-07-27 00:44 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-27 00:44 - 2014-07-27 00:44 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-27 00:44 - 2014-07-27 00:44 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-27 00:44 - 2014-07-27 00:44 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-27 00:44 - 2014-07-27 00:44 - 00004128 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-27 00:44 - 2014-07-27 00:44 - 00000714 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-27 00:44 - 2014-07-27 00:44 - 00000000 ____D () C:\Users\-\AppData\Roaming\AVAST Software
2014-07-27 00:44 - 2014-07-27 00:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-25 23:11 - 2014-07-27 00:32 - 04862664 _____ (AVAST Software) C:\Users\-\Downloads\avast_free_antivirus_setup_online.exe
2014-07-25 17:41 - 2014-07-25 17:41 - 00000000 ____D () C:\Users\-\AppData\Roaming\Macromedia
2014-07-25 00:30 - 2014-07-25 00:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-25 00:30 - 2014-07-25 00:30 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-07-24 01:02 - 2014-07-31 11:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-24 01:02 - 2014-07-24 01:02 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-24 01:02 - 2014-07-24 01:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-24 01:02 - 2014-07-24 01:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-24 01:02 - 2014-07-24 01:02 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-07-24 01:02 - 2014-07-24 01:02 - 00000000 ____D () C:\Windows\system32\Macromed
2014-07-22 19:57 - 2014-07-22 19:57 - 00000730 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk
2014-07-22 19:57 - 2014-07-22 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2014-07-22 19:35 - 2014-07-26 17:59 - 00000000 ____D () C:\Users\-\AppData\Local\Battle.net
2014-07-22 19:35 - 2014-07-24 17:43 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-22 19:35 - 2014-07-22 19:41 - 00000000 ____D () C:\Users\-\AppData\Roaming\Battle.net
2014-07-22 19:35 - 2014-07-22 19:35 - 00001144 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-07-22 19:35 - 2014-07-22 19:35 - 00000000 ____D () C:\Users\-\AppData\Local\Blizzard Entertainment
2014-07-22 19:35 - 2014-07-22 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-07-22 19:35 - 2014-07-22 19:35 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-07-22 19:30 - 2014-07-22 20:47 - 00000000 ____D () C:\ProgramData\Battle.net
2014-07-21 22:56 - 2014-07-30 22:56 - 00070144 _____ () C:\Windows\SysWOW64\tasks.dll
2014-07-21 17:40 - 2014-07-21 17:40 - 00000000 ____D () C:\Users\-\AppData\Local\Creative
2014-07-21 01:52 - 2014-07-21 01:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renegade X
2014-07-20 22:56 - 2014-07-20 22:56 - 00003240 _____ () C:\Windows\System32\Tasks\GPUP
2014-07-20 02:25 - 2014-07-20 02:25 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-20 02:25 - 2014-07-20 02:25 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-20 02:25 - 2014-07-20 02:25 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-20 02:25 - 2014-07-20 02:25 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-20 02:25 - 2014-07-20 02:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-20 02:25 - 2014-07-20 02:25 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-17 06:39 - 2009-03-18 18:35 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2014-07-09 01:18 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 01:18 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 01:18 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 01:18 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 01:18 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 01:18 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 01:18 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 01:18 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 01:18 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 01:18 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 01:18 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 01:18 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 01:18 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 01:18 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 01:18 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 01:18 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 01:18 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 01:18 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 01:18 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 01:18 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 01:18 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 01:18 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 01:18 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 01:18 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 01:18 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 01:18 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 01:18 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 01:18 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 01:18 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 01:18 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 01:18 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 01:18 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 01:18 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 01:18 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 01:18 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 01:18 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 01:18 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 01:18 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 01:18 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 01:18 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 01:18 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 01:18 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 01:18 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 01:18 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 01:18 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 01:18 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 01:18 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 01:18 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 01:18 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 01:18 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 01:18 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 01:18 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 01:18 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 01:18 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 01:18 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 01:18 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 01:18 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 01:18 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 01:18 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 01:18 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 01:18 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 01:18 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 01:18 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 01:18 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 01:18 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 01:18 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 01:18 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 01:18 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 01:18 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 01:18 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 01:18 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 01:18 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 01:18 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 01:18 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 01:18 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 01:18 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 01:18 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 01:18 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 01:14 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 01:14 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 01:14 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-08 01:46 - 2014-07-08 01:47 - 00000000 ____D () C:\Users\-\AppData\Roaming\Sony Online Entertainment
2014-07-08 01:34 - 2014-07-08 01:34 - 00000000 ____D () C:\Users\-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-07-07 22:50 - 2014-07-07 22:50 - 00002493 _____ () C:\Users\-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Planetside.lnk
2014-07-02 20:15 - 2014-07-26 15:32 - 00281032 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-02 19:59 - 2014-07-26 15:32 - 00281032 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-07-02 02:07 - 2014-07-02 02:07 - 00000202 _____ () C:\Users\-\Desktop\PlanetSide 2.url
2014-07-02 02:06 - 2014-07-02 02:06 - 00000000 ____D () C:\Windows\system32\Resources
2014-07-02 01:26 - 2014-07-02 01:26 - 00000000 ___RD () C:\Program Files (x86)\Recursion
2014-07-01 23:26 - 2014-07-01 23:26 - 00000935 _____ () C:\Users\-\Desktop\Open Broadcaster Software.lnk
2014-07-01 23:26 - 2014-07-01 23:26 - 00000000 ____D () C:\Users\-\AppData\Roaming\OBS
2014-07-01 23:26 - 2014-07-01 23:26 - 00000000 ____D () C:\Users\-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-07-01 23:26 - 2014-07-01 23:26 - 00000000 ____D () C:\Program Files\OBS
2014-07-01 23:26 - 2014-07-01 23:26 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-07-01 23:09 - 2014-07-01 23:09 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-01 23:08 - 2014-07-02 00:47 - 00000000 ____D () C:\Users\-\AppData\Local\RealTimeStatTracker
2014-07-01 23:08 - 2014-07-01 23:08 - 00001128 _____ () C:\Users\-\Desktop\Real Time Stat Tracker.lnk
2014-07-01 23:08 - 2014-07-01 23:08 - 00000000 ____D () C:\Users\-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recursion
2014-07-01 00:07 - 2014-07-30 23:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-01 00:07 - 2014-07-01 00:07 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-01 00:07 - 2014-07-01 00:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-01 00:07 - 2014-07-01 00:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-01 00:07 - 2014-07-01 00:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-01 00:07 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-01 00:07 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-01 00:07 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-31 12:11 - 2014-07-31 12:11 - 00016382 _____ () C:\Users\-\Downloads\FRST.txt
2014-07-31 12:11 - 2014-07-31 12:11 - 00000000 ____D () C:\FRST
2014-07-31 12:11 - 2014-06-26 14:08 - 376087133 _____ () C:\Windows\runSW.log
2014-07-31 12:11 - 2014-05-22 08:56 - 01481938 _____ () C:\Windows\WindowsUpdate.log
2014-07-31 12:10 - 2014-07-31 12:10 - 02094080 _____ (Farbar) C:\Users\-\Downloads\FRST64.exe
2014-07-31 12:10 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
2014-07-31 12:09 - 2014-06-27 22:50 - 00000000 ____D () C:\Users\-\AppData\Local\LogMeIn Hamachi
2014-07-31 12:09 - 2014-06-21 13:26 - 00000000 ____D () C:\Users\-\AppData\Roaming\Skype
2014-07-31 12:08 - 2014-06-20 22:37 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-31 12:08 - 2014-05-23 04:04 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-31 12:08 - 2010-11-20 23:47 - 00790330 _____ () C:\Windows\PFRO.log
2014-07-31 12:08 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-31 12:08 - 2009-07-14 00:51 - 00060207 _____ () C:\Windows\setupact.log
2014-07-31 12:07 - 2014-07-31 12:05 - 00000000 ____D () C:\AdwCleaner
2014-07-31 12:05 - 2014-07-31 12:05 - 01361309 _____ () C:\Users\-\Downloads\adwcleaner_3.302.exe
2014-07-31 11:42 - 2014-06-20 22:37 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-31 11:15 - 2014-07-24 01:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-30 23:00 - 2014-07-01 00:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-30 22:56 - 2014-07-21 22:56 - 00070144 _____ () C:\Windows\SysWOW64\tasks.dll
2014-07-30 16:56 - 2014-06-21 13:19 - 00000000 ____D () C:\Users\-\AppData\Roaming\TS3Client
2014-07-29 21:44 - 2014-06-21 20:11 - 00000000 ____D () C:\Users\-\AppData\Local\CrashDumps
2014-07-29 21:18 - 2014-07-29 21:18 - 00003100 _____ () C:\Windows\System32\Tasks\{B818CDF5-3827-45A5-85BF-6B122BCC34F1}
2014-07-29 21:18 - 2014-07-29 21:18 - 00000138 _____ () C:\Users\-\Desktop\D2Moddin Client.url
2014-07-29 21:18 - 2014-07-29 21:18 - 00000000 ____D () C:\Users\-\AppData\Roaming\D2MP
2014-07-29 21:18 - 2014-07-29 21:18 - 00000000 ____D () C:\Users\-\AppData\Local\d2mp
2014-07-27 01:35 - 2009-07-14 00:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-27 01:35 - 2009-07-14 00:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-27 01:34 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-27 00:44 - 2014-07-27 00:44 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-27 00:44 - 2014-07-27 00:44 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-27 00:44 - 2014-07-27 00:44 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-27 00:44 - 2014-07-27 00:44 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-27 00:44 - 2014-07-27 00:44 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-27 00:44 - 2014-07-27 00:44 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-07-27 00:44 - 2014-07-27 00:44 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-27 00:44 - 2014-07-27 00:44 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-27 00:44 - 2014-07-27 00:44 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-27 00:44 - 2014-07-27 00:44 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-27 00:44 - 2014-07-27 00:44 - 00004128 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-27 00:44 - 2014-07-27 00:44 - 00000714 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-27 00:44 - 2014-07-27 00:44 - 00000000 ____D () C:\Users\-\AppData\Roaming\AVAST Software
2014-07-27 00:44 - 2014-07-27 00:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-27 00:33 - 2014-06-20 23:10 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-27 00:32 - 2014-07-25 23:11 - 04862664 _____ (AVAST Software) C:\Users\-\Downloads\avast_free_antivirus_setup_online.exe
2014-07-27 00:29 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Resources
2014-07-26 23:47 - 2014-06-21 12:43 - 00001413 _____ () C:\Users\-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-26 23:47 - 2014-06-20 22:39 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-26 17:59 - 2014-07-22 19:35 - 00000000 ____D () C:\Users\-\AppData\Local\Battle.net
2014-07-26 15:32 - 2014-07-02 20:15 - 00281032 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-26 15:32 - 2014-07-02 19:59 - 00281032 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-07-26 00:12 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Vss
2014-07-25 17:41 - 2014-07-25 17:41 - 00000000 ____D () C:\Users\-\AppData\Roaming\Macromedia
2014-07-25 00:30 - 2014-07-25 00:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-07-25 00:30 - 2014-07-25 00:30 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-07-24 17:43 - 2014-07-22 19:35 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-24 01:02 - 2014-07-24 01:02 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-24 01:02 - 2014-07-24 01:02 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-24 01:02 - 2014-07-24 01:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-24 01:02 - 2014-07-24 01:02 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-07-24 01:02 - 2014-07-24 01:02 - 00000000 ____D () C:\Windows\system32\Macromed
2014-07-23 04:08 - 2014-06-21 13:19 - 00079660 _____ () C:\Windows\DirectX.log
2014-07-23 01:40 - 2014-06-20 23:39 - 00000000 ____D () C:\Users\-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-22 22:45 - 2014-06-21 23:18 - 00000000 _____ () C:\Windows\SysWOW64\filetrace.log
2014-07-22 20:47 - 2014-07-22 19:30 - 00000000 ____D () C:\ProgramData\Battle.net
2014-07-22 19:57 - 2014-07-22 19:57 - 00000730 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk
2014-07-22 19:57 - 2014-07-22 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2014-07-22 19:57 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-22 19:41 - 2014-07-22 19:35 - 00000000 ____D () C:\Users\-\AppData\Roaming\Battle.net
2014-07-22 19:35 - 2014-07-22 19:35 - 00001144 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-07-22 19:35 - 2014-07-22 19:35 - 00000000 ____D () C:\Users\-\AppData\Local\Blizzard Entertainment
2014-07-22 19:35 - 2014-07-22 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-07-22 19:35 - 2014-07-22 19:35 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-07-21 17:40 - 2014-07-21 17:40 - 00000000 ____D () C:\Users\-\AppData\Local\Creative
2014-07-21 04:20 - 2014-06-21 08:25 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-07-21 01:53 - 2014-06-21 20:56 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-07-21 01:52 - 2014-07-21 01:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renegade X
2014-07-20 22:56 - 2014-07-20 22:56 - 00003240 _____ () C:\Windows\System32\Tasks\GPUP
2014-07-20 22:19 - 2014-06-28 02:39 - 00281032 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-07-20 02:25 - 2014-07-20 02:25 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-20 02:25 - 2014-07-20 02:25 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-20 02:25 - 2014-07-20 02:25 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-20 02:25 - 2014-07-20 02:25 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-20 02:25 - 2014-07-20 02:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-20 02:25 - 2014-07-20 02:25 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-12 17:11 - 2014-06-28 22:34 - 00000000 ____D () C:\Users\-\Documents\My Games
2014-07-09 18:01 - 2014-06-27 21:54 - 00000000 ____D () C:\Users\-\AppData\Roaming\.minecraft
2014-07-09 14:08 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-07-09 11:00 - 2009-07-14 00:45 - 00268856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 10:59 - 2014-06-20 23:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 10:59 - 2011-04-12 04:28 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 10:59 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 10:59 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 02:46 - 2014-05-23 00:01 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 02:46 - 2014-05-23 00:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-08 01:47 - 2014-07-08 01:46 - 00000000 ____D () C:\Users\-\AppData\Roaming\Sony Online Entertainment
2014-07-08 01:34 - 2014-07-08 01:34 - 00000000 ____D () C:\Users\-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-07-07 22:50 - 2014-07-07 22:50 - 00002493 _____ () C:\Users\-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Planetside.lnk
2014-07-02 20:16 - 2014-06-28 02:39 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-07-02 02:07 - 2014-07-02 02:07 - 00000202 _____ () C:\Users\-\Desktop\PlanetSide 2.url
2014-07-02 02:06 - 2014-07-02 02:06 - 00000000 ____D () C:\Windows\system32\Resources
2014-07-02 01:26 - 2014-07-02 01:26 - 00000000 ___RD () C:\Program Files (x86)\Recursion
2014-07-02 00:47 - 2014-07-01 23:08 - 00000000 ____D () C:\Users\-\AppData\Local\RealTimeStatTracker
2014-07-01 23:26 - 2014-07-01 23:26 - 00000935 _____ () C:\Users\-\Desktop\Open Broadcaster Software.lnk
2014-07-01 23:26 - 2014-07-01 23:26 - 00000000 ____D () C:\Users\-\AppData\Roaming\OBS
2014-07-01 23:26 - 2014-07-01 23:26 - 00000000 ____D () C:\Users\-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2014-07-01 23:26 - 2014-07-01 23:26 - 00000000 ____D () C:\Program Files\OBS
2014-07-01 23:26 - 2014-07-01 23:26 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-07-01 23:09 - 2014-07-01 23:09 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-01 23:08 - 2014-07-01 23:08 - 00001128 _____ () C:\Users\-\Desktop\Real Time Stat Tracker.lnk
2014-07-01 23:08 - 2014-07-01 23:08 - 00000000 ____D () C:\Users\-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recursion
2014-07-01 00:07 - 2014-07-01 00:07 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-01 00:07 - 2014-07-01 00:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-01 00:07 - 2014-07-01 00:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-01 00:07 - 2014-07-01 00:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
 
Some content of TEMP:
====================
C:\Users\-\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-28 03:45
 
==================== End Of Log ============================
 
 
 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:59 AM

Posted 31 July 2014 - 12:59 PM

Clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
  • ===

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

    start
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    CHR Extension: (avast! SafePrice) - C:\Users\-\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-07-27]
    S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
    S3 MSICDSetup; \??\D:\CDriver64.sys [X]
    S3 NTIOLib_1_0_3; \??\C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [X]
    S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
    
    End
    
    Save the files as fixlist.txt into the same folder as FRST

    Run FRST and click Fix only once and wait.

    Restart the computer normally to reset the registry.

    The tool will create a log (Fixlog.txt) please post it to your reply.
    ---

    Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    p.s.
    If the SecurityCheck program fails to run for any reason, run it as an Administrator.

    If the site is busy or not available use this mirror site:
    http://www.bleepingcomputer.com/download/securitycheck/
    ===

    How is the computer running now?


#5 GamerGuy1

GamerGuy1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 31 July 2014 - 03:33 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-07-2014 01
Ran by - at 2014-07-31 16:27:22 Run:1
Running from C:\FRST
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
CHR Extension: (avast! SafePrice) - C:\Users\-\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-07-27]
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_3; \??\C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
 
End
*****************
 
"HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File" => Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File" => Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
C:\Users\-\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => Moved successfully.
BCM42RLY => Service deleted successfully.
MSICDSetup => Service deleted successfully.
NTIOLib_1_0_3 => Service deleted successfully.
NTIOLib_1_0_C => Service deleted successfully.
 
==== End of Fixlog ====
 
Couple of 'not founds.' I don't use Firefox or IE at all.
 

 Results of screen317's Security Check version 0.99.86  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 65  
 Adobe Flash Player 14.0.0.145  
 Google Chrome 35.0.1916.153  
 Google Chrome 36.0.1985.125  
````````Process Check: objlist.exe by Laurent````````  
 AvastSvc.exe    
 avastui.exe    
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 9% 
````````````````````End of Log`````````````````````` 
 
I don't see Malwarebytes there. Not sure why. 
 
I'm going to wait a bit and see what happens, but I'll sit tight for your response on these two logs.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:59 AM

Posted 01 August 2014 - 08:26 AM

If Malwarebytes is not giving you a problem then I would not worry about it.

How is the computer running now?

#7 GamerGuy1

GamerGuy1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 01 August 2014 - 11:08 AM

No more istart, checked the folders where the 'SupTab' and co. where hanging out for those three infections and it isn't there :) 

 

I think the infection won't be coming back, but I'll definitely come back here if it does. Preciate it nasdaq, you've been a great help! :D



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:59 AM

Posted 01 August 2014 - 12:46 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:59 AM

Posted 07 August 2014 - 01:05 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users