Jump to content

NSho

Members
  • Posts

    11
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hello, is this topic still being reviewed? I still have the problem with Malwarebytes. Is it a legitimate infection or is it Malwarebytes being "paranoid" and blocking a pop-up or something else?
  2. Malwarebytes Anti-Malware www.malwarebytes.org Protection, 9/8/2014 12:47:16 PM, SYSTEM, MIO-CHAN, Protection, Malware Protection, Starting, Protection, 9/8/2014 12:47:16 PM, SYSTEM, MIO-CHAN, Protection, Malware Protection, Started, Protection, 9/8/2014 12:47:16 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Starting, Protection, 9/8/2014 12:47:25 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Started, Protection, 9/8/2014 12:50:39 PM, SYSTEM, MIO-CHAN, Protection, Malware Protection, Stopping, Protection, 9/8/2014 12:50:39 PM, SYSTEM, MIO-CHAN, Protection, Malware Protection, Stopped, Protection, 9/8/2014 12:50:41 PM, SYSTEM, MIO-CHAN, Protection, Malware Protection, Starting, Protection, 9/8/2014 12:50:41 PM, SYSTEM, MIO-CHAN, Protection, Malware Protection, Started, Protection, 9/8/2014 12:51:27 PM, SYSTEM, MIO-CHAN, Protection, Malware Protection, Stopping, Protection, 9/8/2014 12:51:27 PM, SYSTEM, MIO-CHAN, Protection, Malware Protection, Stopped, Protection, 9/8/2014 12:51:28 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Stopping, Protection, 9/8/2014 12:51:28 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Stopped, Update, 9/8/2014 1:02:17 PM, SYSTEM, MIO-CHAN, Scheduler, Malware Database, 2014.9.8.1, 2014.9.8.5, Protection, 9/8/2014 1:02:18 PM, SYSTEM, MIO-CHAN, Protection, Refresh, Starting, Protection, 9/8/2014 1:02:22 PM, SYSTEM, MIO-CHAN, Protection, Refresh, Success, Update, 9/8/2014 2:56:16 PM, SYSTEM, MIO-CHAN, Scheduler, Malware Database, 2014.9.8.5, 2014.9.8.6, Protection, 9/8/2014 2:56:17 PM, SYSTEM, MIO-CHAN, Protection, Refresh, Starting, Protection, 9/8/2014 2:57:15 PM, SYSTEM, MIO-CHAN, Protection, Refresh, Success, Update, 9/8/2014 4:07:52 PM, SYSTEM, MIO-CHAN, Scheduler, Malware Database, 2014.9.8.6, 2014.9.8.7, Protection, 9/8/2014 4:07:53 PM, SYSTEM, MIO-CHAN, Protection, Refresh, Starting, Protection, 9/8/2014 4:08:14 PM, SYSTEM, MIO-CHAN, Protection, Refresh, Success, Update, 9/8/2014 7:02:00 PM, SYSTEM, MIO-CHAN, Scheduler, Malware Database, 2014.9.8.7, 2014.9.8.8, Protection, 9/8/2014 7:02:01 PM, SYSTEM, MIO-CHAN, Protection, Refresh, Starting, Protection, 9/8/2014 7:02:05 PM, SYSTEM, MIO-CHAN, Protection, Refresh, Success, Update, 9/8/2014 7:52:49 PM, SYSTEM, MIO-CHAN, Scheduler, Malware Database, 2014.9.8.8, 2014.9.8.10, Protection, 9/8/2014 7:52:50 PM, SYSTEM, MIO-CHAN, Protection, Refresh, Starting, Protection, 9/8/2014 7:52:55 PM, SYSTEM, MIO-CHAN, Protection, Refresh, Success, Protection, 9/8/2014 11:53:52 PM, SYSTEM, MIO-CHAN, Protection, Malware Protection, Starting, Protection, 9/8/2014 11:53:52 PM, SYSTEM, MIO-CHAN, Protection, Malware Protection, Started, Protection, 9/8/2014 11:53:52 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Starting, Protection, 9/8/2014 11:53:53 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Started, (end) ====================================== Malwarebytes Anti-Malware www.malwarebytes.org Update, 9/7/2014 2:56:09 PM, SYSTEM, MIO-CHAN, Scheduler, Malware Database, 2014.9.6.8, 2014.9.7.7, Protection, 9/7/2014 2:56:13 PM, SYSTEM, MIO-CHAN, Protection, Refresh, Starting, Protection, 9/7/2014 2:56:13 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Stopping, Protection, 9/7/2014 2:56:13 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Stopped, Protection, 9/7/2014 2:56:55 PM, SYSTEM, MIO-CHAN, Protection, Refresh, Success, Protection, 9/7/2014 2:56:56 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Starting, Protection, 9/7/2014 2:56:56 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Started, Detection, 9/7/2014 4:02:35 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, IP, 222.186.56.8, 1433, Inbound, C:\Windows\System32\svchost.exe, Detection, 9/7/2014 4:02:35 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, IP, 222.186.56.8, 1433, Inbound, C:\Windows\System32\svchost.exe, Protection, 9/7/2014 6:12:55 PM, SYSTEM, MIO-CHAN, Protection, Malware Protection, Starting, Protection, 9/7/2014 6:12:55 PM, SYSTEM, MIO-CHAN, Protection, Malware Protection, Started, Protection, 9/7/2014 6:12:55 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Starting, Protection, 9/7/2014 6:13:02 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Started, Detection, 9/7/2014 6:55:19 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, IP, 222.186.34.214, 81, Inbound, C:\Windows\System32\svchost.exe, Detection, 9/7/2014 6:55:19 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, IP, 222.186.34.214, 81, Inbound, C:\Windows\System32\svchost.exe, Update, 9/7/2014 7:12:05 PM, SYSTEM, MIO-CHAN, Scheduler, Malware Database, 2014.9.7.7, 2014.9.7.8, Protection, 9/7/2014 7:12:07 PM, SYSTEM, MIO-CHAN, Protection, Refresh, Starting, Protection, 9/7/2014 7:12:07 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Stopping, Protection, 9/7/2014 7:12:07 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Stopped, Protection, 9/7/2014 7:12:10 PM, SYSTEM, MIO-CHAN, Protection, Refresh, Success, Protection, 9/7/2014 7:12:10 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Starting, Protection, 9/7/2014 7:12:11 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Started, Detection, 9/7/2014 9:01:50 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, IP, 94.102.51.229, 5900, Inbound, C:\Windows\System32\svchost.exe, Detection, 9/7/2014 9:01:50 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, IP, 94.102.51.229, 5900, Inbound, C:\Windows\System32\svchost.exe, Detection, 9/7/2014 9:52:04 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, IP, 94.102.51.229, 5900, Inbound, C:\Windows\System32\svchost.exe, Update, 9/7/2014 10:04:21 PM, SYSTEM, MIO-CHAN, Manual, Malware Database, 2014.9.7.8, 2014.9.8.1, Protection, 9/7/2014 10:04:23 PM, SYSTEM, MIO-CHAN, Protection, Refresh, Starting, Protection, 9/7/2014 10:04:23 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Stopping, Protection, 9/7/2014 10:04:23 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Stopped, Protection, 9/7/2014 10:05:01 PM, SYSTEM, MIO-CHAN, Protection, Refresh, Success, Protection, 9/7/2014 10:05:02 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Starting, Protection, 9/7/2014 10:05:02 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Started, Detection, 9/7/2014 10:12:22 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, IP, 93.174.93.51, 40156, Inbound, C:\Windows\System32\svchost.exe, Detection, 9/7/2014 10:12:23 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, IP, 93.174.93.51, 40156, Inbound, C:\Windows\System32\svchost.exe, (end) ===================================== Malwarebytes Anti-Malware www.malwarebytes.org Update, 9/6/2014 10:54:14 AM, SYSTEM, MIO-CHAN, Scheduler, Malware Database, 2014.9.6.1, 2014.9.6.3, Protection, 9/6/2014 10:54:16 AM, SYSTEM, MIO-CHAN, Protection, Refresh, Starting, Protection, 9/6/2014 10:54:16 AM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Stopping, Protection, 9/6/2014 10:54:16 AM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Stopped, Protection, 9/6/2014 10:54:20 AM, SYSTEM, MIO-CHAN, Protection, Refresh, Success, Protection, 9/6/2014 10:54:20 AM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Starting, Protection, 9/6/2014 10:54:20 AM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Started, Update, 9/6/2014 11:52:58 AM, SYSTEM, MIO-CHAN, Scheduler, Malware Database, 2014.9.6.3, 2014.9.6.5, Protection, 9/6/2014 11:52:59 AM, SYSTEM, MIO-CHAN, Protection, Refresh, Starting, Protection, 9/6/2014 11:52:59 AM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Stopping, Protection, 9/6/2014 11:52:59 AM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Stopped, Protection, 9/6/2014 11:53:17 AM, SYSTEM, MIO-CHAN, Protection, Refresh, Success, Protection, 9/6/2014 11:53:17 AM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Starting, Protection, 9/6/2014 11:53:17 AM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Started, Update, 9/6/2014 12:59:26 PM, SYSTEM, MIO-CHAN, Scheduler, Malware Database, 2014.9.6.5, 2014.9.6.6, Protection, 9/6/2014 12:59:27 PM, SYSTEM, MIO-CHAN, Protection, Refresh, Starting, Protection, 9/6/2014 12:59:27 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Stopping, Protection, 9/6/2014 12:59:27 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Stopped, Protection, 9/6/2014 12:59:31 PM, SYSTEM, MIO-CHAN, Protection, Refresh, Success, Protection, 9/6/2014 12:59:31 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Starting, Protection, 9/6/2014 12:59:31 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Started, Update, 9/6/2014 1:54:07 PM, SYSTEM, MIO-CHAN, Scheduler, Malware Database, 2014.9.6.6, 2014.9.6.7, Protection, 9/6/2014 1:54:08 PM, SYSTEM, MIO-CHAN, Protection, Refresh, Starting, Protection, 9/6/2014 1:54:08 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Stopping, Protection, 9/6/2014 1:54:08 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Stopped, Protection, 9/6/2014 1:54:12 PM, SYSTEM, MIO-CHAN, Protection, Refresh, Success, Protection, 9/6/2014 1:54:12 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Starting, Protection, 9/6/2014 1:54:12 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Started, Detection, 9/6/2014 2:29:29 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, IP, 222.186.34.100, 1433, Inbound, C:\Windows\System32\svchost.exe, Detection, 9/6/2014 2:29:29 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, IP, 222.186.34.100, 1433, Inbound, C:\Windows\System32\svchost.exe, Detection, 9/6/2014 6:09:52 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, IP, 91.220.163.24, 8081, Inbound, C:\Windows\System32\svchost.exe, Detection, 9/6/2014 6:09:52 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, IP, 91.220.163.24, 8081, Inbound, C:\Windows\System32\svchost.exe, Detection, 9/6/2014 6:24:09 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, IP, 222.186.42.31, 1433, Inbound, C:\Windows\System32\svchost.exe, Detection, 9/6/2014 6:24:09 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, IP, 222.186.42.31, 1433, Inbound, C:\Windows\System32\svchost.exe, Detection, 9/6/2014 6:32:07 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, IP, 195.3.144.83, 22, Inbound, C:\Windows\System32\svchost.exe, Detection, 9/6/2014 6:32:08 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, IP, 195.3.144.83, 22, Inbound, C:\Windows\System32\svchost.exe, Update, 9/6/2014 7:29:13 PM, SYSTEM, MIO-CHAN, Scheduler, Malware Database, 2014.9.6.7, 2014.9.6.8, Protection, 9/6/2014 7:29:13 PM, SYSTEM, MIO-CHAN, Protection, Refresh, Starting, Protection, 9/6/2014 7:29:13 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Stopping, Protection, 9/6/2014 7:29:14 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Stopped, Protection, 9/6/2014 7:29:50 PM, SYSTEM, MIO-CHAN, Protection, Refresh, Success, Protection, 9/6/2014 7:29:50 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Starting, Protection, 9/6/2014 7:29:51 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Started, (end) =============================== Malwarebytes Anti-Malware www.malwarebytes.org Update, 9/5/2014 1:55:05 PM, SYSTEM, MIO-CHAN, Scheduler, Malware Database, 2014.9.4.12, 2014.9.5.6, Protection, 9/5/2014 1:55:08 PM, SYSTEM, MIO-CHAN, Protection, Refresh, Starting, Protection, 9/5/2014 1:55:08 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Stopping, Protection, 9/5/2014 1:55:08 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Stopped, Protection, 9/5/2014 1:55:32 PM, SYSTEM, MIO-CHAN, Protection, Refresh, Success, Protection, 9/5/2014 1:55:32 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Starting, Protection, 9/5/2014 1:55:33 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Started, Update, 9/5/2014 3:41:16 PM, SYSTEM, MIO-CHAN, Scheduler, Malware Database, 2014.9.5.6, 2014.9.5.7, Protection, 9/5/2014 3:41:16 PM, SYSTEM, MIO-CHAN, Protection, Refresh, Starting, Protection, 9/5/2014 3:41:16 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Stopping, Protection, 9/5/2014 3:41:17 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Stopped, Protection, 9/5/2014 3:41:42 PM, SYSTEM, MIO-CHAN, Protection, Refresh, Success, Protection, 9/5/2014 3:41:42 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Starting, Protection, 9/5/2014 3:41:43 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Started, Detection, 9/5/2014 4:00:34 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, IP, 222.216.28.248, 80, Inbound, C:\Windows\System32\svchost.exe, Detection, 9/5/2014 4:00:34 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, IP, 222.216.28.248, 80, Inbound, C:\Windows\System32\svchost.exe, Update, 9/5/2014 4:33:02 PM, SYSTEM, MIO-CHAN, Scheduler, Malware Database, 2014.9.5.7, 2014.9.5.9, Protection, 9/5/2014 4:33:03 PM, SYSTEM, MIO-CHAN, Protection, Refresh, Starting, Protection, 9/5/2014 4:33:03 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Stopping, Protection, 9/5/2014 4:33:03 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Stopped, Protection, 9/5/2014 4:33:07 PM, SYSTEM, MIO-CHAN, Protection, Refresh, Success, Protection, 9/5/2014 4:33:07 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Starting, Protection, 9/5/2014 4:33:07 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Started, Update, 9/5/2014 7:33:57 PM, SYSTEM, MIO-CHAN, Scheduler, Malware Database, 2014.9.5.9, 2014.9.5.10, Protection, 9/5/2014 7:33:57 PM, SYSTEM, MIO-CHAN, Protection, Refresh, Starting, Protection, 9/5/2014 7:33:57 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Stopping, Protection, 9/5/2014 7:33:57 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Stopped, Protection, 9/5/2014 7:34:01 PM, SYSTEM, MIO-CHAN, Protection, Refresh, Success, Protection, 9/5/2014 7:34:01 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Starting, Protection, 9/5/2014 7:34:02 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Started, Protection, 9/5/2014 9:25:23 PM, SYSTEM, MIO-CHAN, Protection, Malware Protection, Starting, Protection, 9/5/2014 9:25:23 PM, SYSTEM, MIO-CHAN, Protection, Malware Protection, Started, Protection, 9/5/2014 9:25:23 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Starting, Protection, 9/5/2014 9:25:42 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Started, Detection, 9/5/2014 10:21:03 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, IP, 222.186.56.8, 1433, Inbound, C:\Windows\System32\svchost.exe, Detection, 9/5/2014 10:21:03 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, IP, 222.186.56.8, 1433, Inbound, C:\Windows\System32\svchost.exe, Update, 9/5/2014 11:51:58 PM, SYSTEM, MIO-CHAN, Scheduler, Malware Database, 2014.9.5.10, 2014.9.6.1, Protection, 9/5/2014 11:52:00 PM, SYSTEM, MIO-CHAN, Protection, Refresh, Starting, Protection, 9/5/2014 11:52:00 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Stopping, Protection, 9/5/2014 11:52:00 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Stopped, Protection, 9/5/2014 11:52:24 PM, SYSTEM, MIO-CHAN, Protection, Refresh, Success, Protection, 9/5/2014 11:52:24 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Starting, Protection, 9/5/2014 11:52:24 PM, SYSTEM, MIO-CHAN, Protection, Malicious Website Protection, Started, (end) ================================================= Here they are.
  3. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 9/8/2014 Scan Time: 7:55:02 PM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.09.08.10 Rootkit Database: v2014.08.21.01 License: Premium Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Nicholas Scan Type: Threat Scan Result: Completed Objects Scanned: 327706 Time Elapsed: 13 min, 0 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) ================================= Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 9/7/2014 Scan Time: 10:04:22 PM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.09.08.01 Rootkit Database: v2014.08.21.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Nicholas Scan Type: Threat Scan Result: Completed Objects Scanned: 331595 Time Elapsed: 17 min, 47 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) ============================ Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 9/6/2014 Scan Time: 7:58:00 PM Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.09.06.08 Rootkit Database: v2014.08.21.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Nicholas Scan Type: Threat Scan Result: Completed Objects Scanned: 326508 Time Elapsed: 11 min, 4 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Here they are.
  4. JavaRa: JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Tue Sep 09 15:58:12 2014 Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Found and removed: SOFTWARE\JavaSoft Found and removed: SOFTWARE\JreMetrics Found and removed: SOFTWARE\MozillaPlugins ------------------------------------ Finished reporting. Attached is the Combofix Log as well. How close are we to finding the reason Malwarebytes continues to pop up with the malicious website block? ComboFix.txt
  5. JRT: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by Nicholas on Mon 09/08/2014 at 12:05:31.82 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 09/08/2014 at 12:13:36.15 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner: # AdwCleaner v3.309 - Report created 08/09/2014 at 12:43:24 # Updated 02/09/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Nicholas - MIO-CHAN # Running from : C:\Users\Nicholas\Desktop\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4 ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17239 -\\ Google Chrome v37.0.2062.103 [ File : C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found [Extension] : eofcbnmajmjmplflapaojjnihcjkigck ************************* AdwCleaner[R0].txt - [4748 octets] - [04/07/2014 17:31:32] AdwCleaner[R1].txt - [1338 octets] - [04/07/2014 23:33:25] AdwCleaner[R2].txt - [1458 octets] - [05/07/2014 15:13:08] AdwCleaner[R3].txt - [1578 octets] - [06/07/2014 15:58:15] AdwCleaner[R4].txt - [1698 octets] - [17/07/2014 01:03:46] AdwCleaner[R5].txt - [1242 octets] - [08/09/2014 12:43:24] AdwCleaner[s0].txt - [4740 octets] - [04/07/2014 17:38:20] AdwCleaner[s1].txt - [1409 octets] - [04/07/2014 23:34:05] AdwCleaner[s2].txt - [1529 octets] - [05/07/2014 15:14:36] AdwCleaner[s3].txt - [1649 octets] - [06/07/2014 16:07:16] AdwCleaner[s4].txt - [1769 octets] - [17/07/2014 01:04:46] ########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [1602 octets] ########## Farbar: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01 Ran by Nicholas (administrator) on MIO-CHAN on 08-09-2014 16:50:45 Running from C:\Users\Nicholas\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (HP) C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\SystemGuardAlerter.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (HP) C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe (HP) C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Windows ® Win 7 DDK provider) C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-02] (IDT, Inc.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [setDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation) HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-01] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [47616 2011-08-11] (Windows ® Win 7 DDK provider) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-07] (Hewlett-Packard Company) HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [bDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2012-07-28] (cyberlink) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-13] (AVAST Software) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1 HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1 HKU\S-1-5-21-2856398963-3694364835-3706845452-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [1939136 2014-08-28] (Valve Corporation) HKU\S-1-5-21-2856398963-3694364835-3706845452-1000\...\Run: [iFunBoxConnector] => C:\Users\Nicholas\Documents\IFUN BOX\ifunbox.win\ifb_conn.exe [812544 2012-12-02] () HKU\S-1-5-21-2856398963-3694364835-3706845452-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation) Startup: C:\Users\Nicholas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File BootExecute: ጦ潔瑰ᦐɖጦ꒐ܵጣ熰ݳ燐Ƚ ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {78788CF2-2AB7-4410-B172-02DD3DD1EC27} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKCU - {12EBA4A3-DFB4-4B2E-898E-5DAE244524C5} URL = https://dhpdse.googlegoro.com/search?q={searchTerms} SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Tcpip\Parameters: [DhcpNameServer] 66.253.214.16 50.30.184.16 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Nicholas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-26] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/webhp?complete=0&hl=en CHR StartupUrls: Default -> "hxxp://www.google.com/webhp?source=search_app" CHR DefaultSearchKeyword: Default -> 3DD38AD61BCFB7DA9F220D9923861CBF6B45BDAC4F10B3B5B5EF477EC04A52E3 CHR DefaultSearchURL: Default -> 1998377D94201D52B0BFA26BBF1530F7D3E27D88DD68E6A5A8852E147BFC5DA7 CHR Profile: C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-19] CHR Extension: (Google Drive) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-19] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-31] CHR Extension: (YouTube) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-19] CHR Extension: (Google Search) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-19] CHR Extension: (AdBlock) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-19] CHR Extension: (avast! Online Security) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-18] CHR Extension: (Google Wallet) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-18] CHR Extension: (Gmail) - C:\Users\Nicholas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-19] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-04] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2011-08-11] (SUPERAntiSpyware.com) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-04] (AVAST Software) S4 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [244720 2012-02-08] (CyberLink) R2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2014-04-13] (Realsil Microelectronics Inc.) [File not signed] R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4492776 2014-03-13] (iolo technologies, LLC) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-04] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-04] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-04] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-04] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-04] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-04] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-04] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-04] () R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2012-08-02] (EldoS Corporation) R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [65536 2012-03-02] (Fresco Logic) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-08] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) S3 USBHD; C:\Windows\System32\drivers\AVerFx2HDamd64.sys [254720 2011-07-25] (AVerMedia TECHNOLOGIES, Inc.) [File not signed] S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 dasnbhrd; dasnbhrd.sys [X] S3 hzuncsoh; hzuncsoh.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-08 16:50 - 2014-09-08 16:50 - 02105344 _____ (Farbar) C:\Users\Nicholas\Desktop\FRST64.exe 2014-09-08 16:50 - 2014-09-08 16:50 - 00022383 _____ () C:\Users\Nicholas\Desktop\FRST.txt 2014-09-08 12:42 - 2014-09-08 12:42 - 01370467 _____ () C:\Users\Nicholas\Desktop\AdwCleaner.exe 2014-09-08 11:55 - 2014-09-08 11:55 - 01016261 _____ (Thisisu) C:\Users\Nicholas\Desktop\JRT.exe 2014-09-07 23:03 - 2014-09-07 23:03 - 05427288 _____ () C:\Users\Nicholas\Desktop\RogueKillerX64.exe 2014-09-07 22:03 - 2014-09-07 22:03 - 00000928 _____ () C:\Users\Nicholas\Desktop\NTREGOPT.lnk 2014-09-07 22:03 - 2014-09-07 22:03 - 00000909 _____ () C:\Users\Nicholas\Desktop\ERUNT.lnk 2014-09-07 22:03 - 2014-09-07 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2014-09-07 22:03 - 2014-09-07 22:03 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-09-07 22:01 - 2014-09-07 22:01 - 00791393 _____ (Lars Hederer ) C:\Users\Nicholas\Desktop\erunt-setup.exe 2014-09-07 21:54 - 2014-09-07 21:54 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Nicholas\Desktop\rkill.exe 2014-09-05 18:39 - 2014-09-05 18:40 - 00000000 ____D () C:\Users\Nicholas\Desktop\Anthro 2014-09-05 18:39 - 2014-09-05 18:39 - 00000000 ____D () C:\Users\Nicholas\Desktop\Physics Lab 2014-09-05 18:39 - 2014-09-05 18:39 - 00000000 ____D () C:\Users\Nicholas\Desktop\Organic Chem Lab 2014-09-05 18:38 - 2014-09-07 18:20 - 00000000 ____D () C:\Users\Nicholas\Desktop\Genetics 2014-09-05 18:38 - 2014-09-05 18:38 - 00000000 ____D () C:\Users\Nicholas\Desktop\Micro 2014-08-28 10:20 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-28 10:20 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-28 10:20 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-21 14:24 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-21 14:24 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-21 14:24 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-08-21 14:24 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-21 14:24 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-21 14:24 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-08-21 14:24 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-08-21 14:24 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-21 14:24 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-21 14:24 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-08-21 14:23 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-21 14:23 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-08-21 14:23 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-21 14:23 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-08-13 13:16 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-13 13:16 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2014-08-13 13:16 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-08-13 13:16 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-13 13:16 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-13 13:16 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-13 13:16 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2014-08-13 13:16 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2014-08-12 19:13 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-12 19:13 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-08-12 19:13 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-12 19:13 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-08-12 19:13 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-08-12 19:13 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-12 19:13 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-08-12 19:13 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-12 19:13 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-12 19:13 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-12 19:13 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-08-12 19:13 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-12 19:13 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-08-12 19:13 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-12 19:13 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-08-12 19:13 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-08-12 19:13 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-08-12 19:13 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-08-12 19:13 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-08-12 19:13 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-08-12 19:13 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-08-12 19:13 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-08-12 19:13 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-08-12 19:13 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-12 19:13 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-08-12 19:13 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-08-12 19:13 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-08-12 19:13 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-08-12 19:13 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-12 19:13 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-08-12 19:13 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-12 19:13 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-12 19:13 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-08-12 19:13 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-08-12 19:13 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-08-12 19:13 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-12 19:13 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-08-12 19:13 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-08-12 19:13 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-08-12 19:13 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-08-12 19:13 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-12 19:13 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-08-12 19:13 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-08-12 19:13 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-08-12 19:13 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-12 19:13 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-08-12 19:13 - 2014-06-12 03:52 - 00986560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-12 19:13 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-12 19:13 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-12 19:13 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-12 19:13 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-12 19:13 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-08-12 19:13 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-08-12 19:13 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-08-12 19:12 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-12 19:12 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-12 19:12 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-08-12 19:12 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-12 19:12 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-08-12 19:12 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-08-12 19:12 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-12 19:12 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-12 19:12 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-12 19:12 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-08-12 19:12 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-12 19:12 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-08-12 19:12 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-12 19:12 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-08 16:51 - 2014-09-08 16:50 - 00022383 _____ () C:\Users\Nicholas\Desktop\FRST.txt 2014-09-08 16:50 - 2014-09-08 16:50 - 02105344 _____ (Farbar) C:\Users\Nicholas\Desktop\FRST64.exe 2014-09-08 16:50 - 2014-07-04 23:43 - 00000000 ____D () C:\FRST 2014-09-08 16:46 - 2012-11-30 18:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-08 16:23 - 2013-08-28 21:52 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-08 16:07 - 2014-07-15 18:07 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-08 13:33 - 2012-03-18 22:33 - 01091010 _____ () C:\Windows\WindowsUpdate.log 2014-09-08 13:23 - 2013-08-28 21:52 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-08 12:54 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-08 12:54 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-08 12:48 - 2012-11-02 14:43 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-09-08 12:47 - 2014-04-06 13:12 - 00010232 _____ () C:\Windows\setupact.log 2014-09-08 12:47 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-08 12:46 - 2014-04-23 16:04 - 00193386 _____ () C:\Windows\PFRO.log 2014-09-08 12:45 - 2014-07-04 17:31 - 00000000 ____D () C:\AdwCleaner 2014-09-08 12:43 - 2014-07-15 18:45 - 00000000 ____D () C:\Users\Nicholas\Desktop\Reports 2014-09-08 12:42 - 2014-09-08 12:42 - 01370467 _____ () C:\Users\Nicholas\Desktop\AdwCleaner.exe 2014-09-08 12:42 - 2014-07-04 18:56 - 00000000 ____D () C:\Users\Nicholas\Desktop\AntiVirus 2014-09-08 11:55 - 2014-09-08 11:55 - 01016261 _____ (Thisisu) C:\Users\Nicholas\Desktop\JRT.exe 2014-09-07 23:03 - 2014-09-07 23:03 - 05427288 _____ () C:\Users\Nicholas\Desktop\RogueKillerX64.exe 2014-09-07 22:57 - 2014-07-08 14:41 - 00036456 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-09-07 22:03 - 2014-09-07 22:03 - 00000928 _____ () C:\Users\Nicholas\Desktop\NTREGOPT.lnk 2014-09-07 22:03 - 2014-09-07 22:03 - 00000909 _____ () C:\Users\Nicholas\Desktop\ERUNT.lnk 2014-09-07 22:03 - 2014-09-07 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2014-09-07 22:03 - 2014-09-07 22:03 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-09-07 22:03 - 2014-07-05 00:41 - 00000000 ____D () C:\Windows\erdnt 2014-09-07 22:01 - 2014-09-07 22:01 - 00791393 _____ (Lars Hederer ) C:\Users\Nicholas\Desktop\erunt-setup.exe 2014-09-07 21:57 - 2014-07-04 18:51 - 00000000 ____D () C:\Users\Nicholas\AppData\Roaming\Lavasoft 2014-09-07 21:54 - 2014-09-07 21:54 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Nicholas\Desktop\rkill.exe 2014-09-07 20:35 - 2012-07-26 17:10 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4C8DED5E-74C2-4ACE-B5E7-AA1A7286569A} 2014-09-07 18:20 - 2014-09-05 18:38 - 00000000 ____D () C:\Users\Nicholas\Desktop\Genetics 2014-09-07 18:12 - 2014-01-20 00:25 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForNicholas.job 2014-09-06 10:39 - 2014-01-20 00:25 - 00003204 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForNicholas 2014-09-06 10:38 - 2012-07-28 17:51 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-09-06 10:38 - 2012-07-28 11:22 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-09-05 21:27 - 2012-07-26 17:11 - 00090360 _____ () C:\Users\Nicholas\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-05 21:25 - 2009-07-14 00:45 - 00354864 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-05 21:24 - 2013-04-06 14:00 - 00000000 ____D () C:\Program Files\WinRAR 2014-09-05 18:45 - 2013-08-14 17:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TI Tools 2014-09-05 18:45 - 2013-08-14 17:01 - 00000000 ____D () C:\Program Files (x86)\TI Education 2014-09-05 18:42 - 2014-02-26 22:50 - 00000000 ____D () C:\Windows\Driver Cache 2014-09-05 18:41 - 2014-07-05 13:51 - 00000000 ____D () C:\Program Files\HitmanPro 2014-09-05 18:40 - 2014-09-05 18:39 - 00000000 ____D () C:\Users\Nicholas\Desktop\Anthro 2014-09-05 18:40 - 2014-06-26 20:32 - 00000000 ____D () C:\Users\Nicholas\Desktop\College 2014-09-05 18:40 - 2014-06-26 20:01 - 00000000 ____D () C:\Users\Nicholas\Desktop\Wallpapers 2014-09-05 18:40 - 2014-06-06 16:41 - 00000000 ____D () C:\Users\Nicholas\Desktop\PM Mods 2014-09-05 18:39 - 2014-09-05 18:39 - 00000000 ____D () C:\Users\Nicholas\Desktop\Physics Lab 2014-09-05 18:39 - 2014-09-05 18:39 - 00000000 ____D () C:\Users\Nicholas\Desktop\Organic Chem Lab 2014-09-05 18:38 - 2014-09-05 18:38 - 00000000 ____D () C:\Users\Nicholas\Desktop\Micro 2014-09-05 18:27 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-09-04 19:48 - 2013-01-30 20:55 - 00000000 ____D () C:\Windows\Minidump 2014-09-04 12:31 - 2009-07-14 01:13 - 00796162 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-01 23:39 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-08-24 13:52 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache 2014-08-22 22:07 - 2014-08-28 10:20 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-22 21:45 - 2014-08-28 10:20 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-22 20:59 - 2014-08-28 10:20 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-20 19:16 - 2013-08-21 15:21 - 00000000 ____D () C:\Users\Nicholas\AppData\Roaming\.minecraft 2014-08-14 11:54 - 2012-08-25 17:46 - 00000000 ____D () C:\Users\Nicholas\AppData\Local\PMB Files 2014-08-14 11:54 - 2012-08-25 17:46 - 00000000 ____D () C:\ProgramData\PMB Files 2014-08-13 21:50 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-08-13 13:34 - 2012-07-27 18:48 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-08-13 13:27 - 2013-07-18 00:55 - 00000000 ____D () C:\Windows\system32\MRT 2014-08-13 13:23 - 2013-03-13 20:38 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-08-12 19:04 - 2012-07-26 17:06 - 00000000 ____D () C:\Users\Nicholas 2014-08-10 19:45 - 2012-08-25 13:06 - 00000000 ____D () C:\Users\Nicholas\AppData\Roaming\Skype Some content of TEMP: ==================== C:\Users\Nicholas\AppData\Local\Temp\HitmanPro_x64.exe C:\Users\Nicholas\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-06 11:12 ==================== End Of Log =========================== Here are the other scans. Do you see anything that could cause Malwarebytes to continue popping up every time I get on the internet?
  6. RKILL: Rkill 2.6.8 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2014 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 09/07/2014 09:58:26 PM in x64 mode.Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost Program finished at: 09/07/2014 10:00:26 PMExecution time: 0 hours(s), 2 minute(s), and 0 seconds(s) MBAM:Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 9/7/2014Scan Time: 10:04:22 PMLogfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.09.08.01Rootkit Database: v2014.08.21.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Nicholas Scan Type: Threat ScanResult: CompletedObjects Scanned: 331595Time Elapsed: 17 min, 47 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) Rogue Killer: RogueKiller V9.2.9.0 (x64) [Jul 11 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : https://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Nicholas [Admin rights]Mode : Scan -- Date : 09/07/2014 23:01:57 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 25 ¤¤¤[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 66.253.214.16 50.30.184.16 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 66.253.214.16 50.30.184.16 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 66.253.214.16 50.30.184.16 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{40D59797-77F1-4893-B919-B9990F3C0ABB} | DhcpNameServer : 66.253.214.16 50.30.184.16 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4C0944F6-6AF2-46C3-8678-1D9CEB0183CA} | DhcpNameServer : 66.253.214.16 50.30.184.16 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{40D59797-77F1-4893-B919-B9990F3C0ABB} | DhcpNameServer : 66.253.214.16 50.30.184.16 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4C0944F6-6AF2-46C3-8678-1D9CEB0183CA} | DhcpNameServer : 66.253.214.16 50.30.184.16 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{40D59797-77F1-4893-B919-B9990F3C0ABB} | DhcpNameServer : 66.253.214.16 50.30.184.16 -> FOUND[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4C0944F6-6AF2-46C3-8678-1D9CEB0183CA} | DhcpNameServer : 66.253.214.16 50.30.184.16 -> FOUND[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> FOUND [PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> FOUND [PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> FOUND [PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> FOUND [PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> FOUND [PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> FOUND [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2856398963-3694364835-3706845452-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> FOUND [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2856398963-3694364835-3706845452-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> FOUND [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> FOUND [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 1 ¤¤¤[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: WDC WD7500BPVT-60HXZT3 +++++--- User ---[MBR] 0620568a4e92b1a57cf1f725971cb351[bSP] e71a258848592aa13e93040422faf414 : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 689299 MB2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1412093952 | Size: 21842 MB3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1456826368 | Size: 4062 MBUser = LL1 ... OKUser = LL2 ... OK ============================================RKreport_DEL_07082014_144705.log - RKreport_SCN_07032014_202402.log - RKreport_SCN_07042014_013708.log - RKreport_SCN_07042014_184532.logRKreport_SCN_07042014_214712.log - RKreport_SCN_07042014_215557.log - RKreport_SCN_07082014_144558.log - RKreport_SCN_07152014_175538.logRKreport_SCN_07152014_181940.log - RKreport_SCN_07272014_180429.log - RKreport_SCN_09052014_185054.log Here is everything you asked for. Is there anything in there that is causing Malwarebytes to pop up with a warning EVERY time I go to a website?
  7. Yes I still need assistance. Malwarebytes continues to " Block a malicious Website" everytime I go on any website. It says it comes from varying IP addresses and the WIndows/System32/svchost.exe. I do not know why this is and every single scan I have run comes up empty.
  8. I have Malwarebytes Premium installed and I have realtime protection enabled. Every time I get online there is at least one malicious website being blocked. I am fed up with seeing this pop up. I want to know if it is an infection or not. The IP Address varies It is Inbound And it comes from Windows/System32/svchost.exe Any help at all would be greatly appreciated.
  9. Hello, Malwarebytes continues to block a malicious website with varying IP addresses. It's Inbound and the Port number varies. It says the process is trying to come from Windows/System32/svchost.exe I have tried scanning with numerous different programs and it always come back clean. I have been suffering from this issue for the past week and a half and I am quite fed up with it. I just want to know if I have a legitimate infection or if it is a false positive. Any help would be greatly appreciated!!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.