Blocked access to malicious website. outgoing

[quickcougar03]

Hello, Malwarebytes has been successfully blocking access to a potentially malicious website quite often. It repetitively blocks the same 3 or 4 ip addresses. I ran a variety of tools last night, and it still happened. I gave up, but I saved all of the logs from each tool I ran. Additionally Malwarebytes didn't detect anything after running a full scan. Can you please help me?

I thought i would give a few more details that might help. Repetitively blocking sites: 50.23.124.152, 50.97.218.220, 50.97.214.162 as far as I have noticed. All were outgoing from a variety of different ports using Chrome.

Ran a full scan using Malwarebytes and MSE with both coming up empty. Also, TDSSKiller and rkill didn't find much of anything. Before giving up, I ran ComboFix which deleted

c:\programdata\boost_interprocess\20130407195053.101347

c:\users\Dustin\Uninstall.exe

c:\windows\assembly\tmp\U

I'm wandering if these could be false positives then. Each of the IPs are linked to the ISP SoftLayer Technologies in Dallas Texas. However, the organization for each IP is different.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.17.2

Run by Dustin at 13:34:18 on 2013-04-16

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7989.5095 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\D-Link\SharePort Utility\Connect.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\WLANExt.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Users\Dustin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dustin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dustin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dustin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dustin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dustin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.com/

mStart Page = hxxp://google.com/

uProxyOverride = <local>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Akamai NetSession Interface] "C:\Users\Dustin\AppData\Local\Akamai\netsession_win.exe"

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [Z1] cmd /c "C:\Users\Dustin\Desktop\mbar-1.05.0.1001\mbar\mbar.exe" /cleanup /s

StartupFolder: C:\Users\Dustin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe

StartupFolder: C:\Users\Dustin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EPSONA~1.LNK - E:\Common\EpsonReg\EpsonReg.exe

StartupFolder: C:\Users\Dustin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SHAREP~1.LNK - C:\Program Files\D-Link\SharePort Utility\Connect.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe

DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{7D3FF065-C1EA-40C0-BCC3-4548143CB089} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{7D3FF065-C1EA-40C0-BCC3-4548143CB089}\05F6471647F6C416B656 : DHCPNameServer = 24.116.2.50 24.116.2.34

TCP: Interfaces\{7D3FF065-C1EA-40C0-BCC3-4548143CB089}\17579636B636F6577616270333 : DHCPNameServer = 24.116.2.50 24.116.2.34

TCP: Interfaces\{7D3FF065-C1EA-40C0-BCC3-4548143CB089}\C696E6B6379737 : DHCPNameServer = 24.220.0.10 24.220.0.11

TCP: Interfaces\{7D3FF065-C1EA-40C0-BCC3-4548143CB089}\E4443534353616D607573774 : DHCPNameServer = 134.129.111.111 134.129.201.29

TCP: Interfaces\{7D3FF065-C1EA-40C0-BCC3-4548143CB089}\F6C646F5D61696E6F51343F5D69636B6 : DHCPNameServer = 134.129.111.111 134.129.201.29

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

x64-mStart Page = hxxp://google.com/

x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll

x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\yshz0piy.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll

FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Dustin\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Users\Dustin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Dustin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\Dustin\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\Users\Dustin\npAmazonMP3DownloaderPlugin1017325.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.searchya.hmpg - true

FF - user.js: extensions.searchya.hmpgUrl - hxxp://www.searchya.com/?f=1&a=dnldyho&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0FyDtC0FtByB0FyCtByEyCtN0D0Tzu0CyEtCtBtN1L2XzutBtFtBtFtCtFyEyBzztN1L1Czu1Q1G1I1Q2U1M1F&cr=779490619&ir=

FF - user.js: extensions.searchya.dfltSrch - true

FF - user.js: extensions.searchya.srchPrvdr - SearchYa!

FF - user.js: extensions.searchya.dnsErr - true

FF - user.js: extensions.searchya_i.newTab - false

FF - user.js: extensions.searchya.newTabUrl - hxxp://www.searchya.com/?f=2&a=dnldyho&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0FyDtC0FtByB0FyCtByEyCtN0D0Tzu0CyEtCtBtN1L2XzutBtFtBtFtCtFyEyBzztN1L1Czu1Q1G1I1Q2U1M1F&cr=779490619&ir=

FF - user.js: extensions.searchya.tlbrSrchUrl - hxxp://www.searchya.com/?f=3&a=dnldyho&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0FyDtC0FtByB0FyCtByEyCtN0D0Tzu0CyEtCtBtN1L2XzutBtFtBtFtCtFyEyBzztN1L1Czu1Q1G1I1Q2U1M1F&cr=779490619&ir=&q=

FF - user.js: extensions.searchya.id - B8AC6F51F27F6246

FF - user.js: extensions.searchya.instlDay - 15751

FF - user.js: extensions.searchya.vrsn - 1.8.8.0

FF - user.js: extensions.searchya.vrsni - 1.8.8.0

FF - user.js: extensions.searchya_i.vrsnTs - 1.8.8.013:2:3

FF - user.js: extensions.searchya.prtnrId - searchya

FF - user.js: extensions.searchya.prdct - searchya

FF - user.js: extensions.searchya.aflt - dnldyho

FF - user.js: extensions.searchya_i.smplGrp - none

FF - user.js: extensions.searchya.tlbrId - base

FF - user.js: extensions.searchya.instlRef -

FF - user.js: extensions.searchya.dfltLng -

FF - user.js: extensions.searchya.appId - {1973277F-87B0-4EA3-9ED2-470A91D284CF}

FF - user.js: extensions.searchya.excTlbr - false

FF - user.js: extensions.searchya_i.hmpg - true

FF - user.js: extensions.irspeeddial.aflt - dnldyho

FF - user.js: extensions.irspeeddial.instlRef -

FF - user.js: extensions.irspeeddial.cr - 779490619

FF - user.js: extensions.irspeeddial.cd - 2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0FyDtC0FtByB0FyCtByEyCtN0D0Tzu0CyEtCtBtN1L2XzutBtFtBtFtCtFyEyBzztN1L1Czu1Q1G1I1Q2U1M1F

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-1 55280]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-9 92160]

R2 D-Link SharePort Helper;D-Link SharePort Helper;C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe [2011-9-27 49152]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-9-27 166400]

R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-9-27 128512]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-11 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-11 701512]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]

R2 NovacomD;Palm Novacom;C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-3-15 71168]

R2 sxuptp;SXUPTP Driver;C:\Windows\System32\drivers\sxuptp.sys [2009-7-3 291336]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-3-1 172704]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]

R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2013-2-9 158976]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-2-9 271872]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-9-1 25928]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-16 19456]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-7-16 220672]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-16 57856]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-21 1255736]

.

=============== Created Last 30 ================

.

2013-04-16 09:21:59 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{77A03D2C-B84C-468B-88DC-1B84141C8233}\mpengine.dll

2013-04-16 08:27:40 98816 ----a-w- C:\Windows\sed.exe

2013-04-16 08:27:40 256000 ----a-w- C:\Windows\PEV.exe

2013-04-16 08:27:40 208896 ----a-w- C:\Windows\MBR.exe

2013-04-14 21:40:53 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-04-14 10:52:15 26520 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe

2013-04-09 09:11:57 -------- d-----w- C:\ProgramData\boost_interprocess

2013-04-09 09:11:41 -------- d-----w- C:\Users\Dustin\AppData\Roaming\Bitcoin

2013-04-07 20:11:59 -------- dc----w- C:\Cisco Packet Tracer 5.3.3

2013-03-27 19:45:59 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-21 02:21:34 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AAB55064-25EF-4611-9519-1EA22CE5AC47}\gapaengine.dll

.

==================== Find3M ====================

.

2013-04-13 08:52:41 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-04-13 08:52:41 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-04-04 19:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-04-02 10:34:28 282744 ------w- C:\Windows\System32\MpSigStub.exe

2013-03-27 19:45:50 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

2013-03-02 05:56:00 1188864 ----a-w- C:\Windows\System32\wininet.dll

2013-03-02 04:58:26 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-03-02 03:57:05 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2013-03-02 03:22:06 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-02-08 08:03:54 208216 ----a-w- C:\Windows\System32\drivers\92682744.sys

2013-01-28 01:33:43 21712 ----a-w- C:\Windows\SysWow64\drivers\DrvAgent64.SYS

2013-01-25 01:29:10 1228608 ----a-w- C:\Users\Dustin\Photoshop_13_LS16.exe

2013-01-24 06:01:01 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys

2013-01-20 21:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2013-01-20 21:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

.

============= FINISH: 13:34:58.79 ===============

attach.txt

[Maurice Naggar]

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
   
2. Click Start
   
3. When asked, allow the ActiveX control to install
   
4. Click Start
   
5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
   
6. Click Scan
   Wait for the scan to finish
   
7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
   
8. Copy and paste that log as a reply to this topic
   

Next, download my Security Check from here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Let me know how things are running now and what issues remain.

P.S. Do NOT use the attach option to put logs. Please always use NOTEPAD & Copy > Paste the contents directly into main body of the reply box.

Use a separate reply for each log, if needed.

[Maurice Naggar]

How is it going ? Do you still need help? I need to hear back from you, otherwise I will begin to think that this is abandoned by you.

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!