Jump to content

Malwarebytes frequently blocking malicious websites.


Truwen

Recommended Posts

DDS Log:

Attach.txt log:

.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 8 Pro with Media CenterBoot Device: \Device\HarddiskVolume1Install Date: 5/26/2013 3:16:05 PMSystem Uptime: 9/20/2013 5:24:02 AM (120 hours ago).Motherboard:  EVGA  |  | X58 SLI ClassifiedProcessor: Intel(R) Core(TM) i7 CPU         920  @ 2.67GHz | Socket 423 | 2653/133mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 1863 GiB total, 1293.677 GiB free.D: is RemovableE: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP35: 9/9/2013 3:04:11 AM - Scheduled CheckpointRP36: 9/11/2013 8:32:06 PM - Installed DirectXRP37: 9/19/2013 3:22:30 AM - Scheduled CheckpointRP38: 9/24/2013 8:40:17 PM - Windows Update.==== Installed Programs ======================.µTorrentAdobe Flash Media Live Encoder 3.2Adobe Flash Player 11 PluginAdobe Reader XI (11.0.04)Advanced Combat Tracker (remove only)Amazon Cloud PlayerAmazon MP3 Downloader 1.0.18Amazon Unbox VideoApple Application SupportApple Software UpdateArcSoft TotalMedia Theatre 6Ask ToolbarASUS Xonar Essence STX AudioAutoHotkey 1.1.11.02Baldur's Gate: Enhanced EditionBatman: Arkham Asylum GOTY EditionBatman: Arkham City GOTYBioShock 2BitRaider Web ClientcalibreCanon MP210 seriesCCleanerCurse Clientd20ProDC Universe Online LiveDEFIANCEDefianceRuntimesDiablo IIIDragon Age: OriginsDragon Age: Origins - AwakeningDragons ProphetDropboxDungeon Siege IIIEQ2MAP Updater 1.2.10EVE Online (remove only)EVEMonEverQuestEverQuest IIEVGA E-LEET TUNING UTILITY 1.10.4EVGA Precision X 4.2.1Fallout 3 - Game of the Year EditionFallout: New Vegasfoobar2000 v1.2.8GeForce Experience NvStream Client ComponentsGIMP 2.8.6Google ChromeGrand Theft Auto IVGrand Theft Auto: Episodes from Liberty CityGuild Wars 2HawkenHero Lab 4.2bICQ 8.0 (build 6019)Java 7 Update 25Java Auto UpdaterJava(TM) 6 Update 39 (64-bit)Left 4 DeadLeft 4 Dead 2Legends of NorrathLogitech Gaming SoftwareLogitech Gaming Software 8.50Malwarebytes Anti-Malware version 1.75.0.1300Marvel HeroesMarvell Miniport DriverMicrosoft .NET Framework 1.1Microsoft Games for Windows - LIVE RedistributableMicrosoft Games for Windows MarketplaceMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Excel MUI (English) 2007Microsoft Office Office 64-bit Components 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Professional 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219Mozilla Firefox 24.0 (x86 en-US)Mozilla Maintenance ServicemSecureNeverwinterNo-IP DUCNotepad++NVIDIA 3D Vision Controller Driver 326.01NVIDIA 3D Vision Driver 327.23NVIDIA Control Panel 327.23NVIDIA GeForce Experience 1.6.1NVIDIA Graphics Driver 327.23NVIDIA HD Audio Driver 1.3.26.4NVIDIA Install ApplicationNVIDIA PhysXNVIDIA PhysX System Software 9.13.0725NVIDIA Stereoscopic 3D DriverNVIDIA Update 8.3.14NVIDIA Update ComponentsNVIDIA Virtual Audio 1.2.5Open Broadcaster SoftwareOpenALOracle VM VirtualBox 4.2.16Pando Media BoosterPCGen6001PDFCanvas V1.5PlanetSide 2Python 3.3.2QuickTimeRaidCallRazer Game BoosterRazer Synapse 2.0Sacred 2 GoldSecurity Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition SHIELD StreamingSkype™ 6.6Star Wars The Old RepublicStar Wars: The Old RepublicSteamTeamSpeak 3 ClientThe Elder Scrolls V: SkyrimThe Lord of the Rings Online™ v1100.0052.1373.8030The Witcher 2: Assassins of Kings Enhanced EditionTom Clancy's Splinter Cell BlacklistTom Clancy's Splinter Cell: ConvictionTorchlight IIUbisoft Game LauncherUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596660) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596848) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Access 2007 Help (KB963663)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit EditionUpdate for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Publisher 2007 Help (KB963667)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Ventrilo Client for Windows x64Virtual Audio Cable 4.12VLC media player 2.0.8War Thunder Launcher 1.0.1.252Windows Speech Recognition MacrosWinRAR 4.20 (32-bit)World of TanksWorld of WarcraftwxPython 2.8.10.1 (unicode) for Python 2.6.==== Event Viewer Messages From Past Week ========.9/25/2013 5:51:53 AM, Error: Service Control Manager [7034]  - The pcCMService64 service terminated unexpectedly.  It has done this 1 time(s).9/25/2013 5:51:53 AM, Error: Service Control Manager [7034]  - The pcCMService service terminated unexpectedly.  It has done this 1 time(s).9/23/2013 9:38:29 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.9/23/2013 9:38:29 PM, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.9/23/2013 1:15:39 AM, Error: NetBT [4307]  - Initialization failed because the transport refused to open initial addresses.9/20/2013 5:24:12 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35]  - Performance power management features on processor 7 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.9/20/2013 5:24:12 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35]  - Performance power management features on processor 6 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.9/20/2013 5:24:12 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35]  - Performance power management features on processor 5 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.9/20/2013 5:24:12 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35]  - Performance power management features on processor 4 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.9/20/2013 5:24:12 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35]  - Performance power management features on processor 3 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.9/20/2013 5:24:12 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35]  - Performance power management features on processor 2 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.9/20/2013 5:24:12 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35]  - Performance power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.9/20/2013 5:24:12 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35]  - Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.9/20/2013 5:08:15 AM, Error: bowser [8003]  - The master browser has received a server announcement from the computer GIRLSBEECROFT that believes that it is the master browser for the domain on transport NetBT_Tcpip_{DF21C123-C5AF-44F1-AB76-1B7345F1C117}. The master browser is stopping or an election is being forced..==== End Of File ===========================
Link to post
Share on other sites

Hello Truwen and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please post your DDS.txt content.
Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16688  BrowserJavaVersion: 10.25.2
Run by Jeremiah at 5:56:23 on 2013-09-25
Microsoft Windows 8 Pro with Media Center  6.2.9200.0.1252.1.1033.18.6135.2055 [GMT -7:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskhostex.exe
C:\Windows\System32\rundll32.exe
C:\Windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Windows\System\HsMgr64.exe
C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Jeremiah\AppData\Roaming\ICQM\icq.exe
C:\Program Files (x86)\No-IP\DUC40.exe
C:\Users\Jeremiah\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Jeremiah\Desktop\Teamspeak\ts3server_win64.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\dwm.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Logitech Gaming Software\LU_1\LULnchr.exe
C:\Program Files\Logitech Gaming Software\LU_1\LogitechUpdate.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
C:\Program Files (x86)\mSeven Software\mSecure\mSecure.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\EVEMon\EVEMon.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\explorer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Comcast\pcBrowser.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mWinlogon: Userinit = userinit.exe
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [icq] C:\Users\Jeremiah\AppData\Roaming\ICQM\icq.exe -CU
uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [AmazonMP3DownloaderHelper] C:\Users\Jeremiah\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
uRun: [Amazon Cloud Player] C:\Users\Jeremiah\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
uRun: [CCleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
uRun: [speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
uRun: [NoIPDUCv4] "C:\Program Files (x86)\No-IP\DUC40.exe" /minimize
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [uTorrent] "C:\Users\Jeremiah\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [CleanComcast] "C:\Program Files\Common Files\Motive\Uninstall_AfterReboot.exe"
mRunOnce: [iHUComcast32] "C:\Program Files (x86)\Common Files\Motive\InstallHelper.exe" /UninstallVendor=Comcast /Dir="C:\Program Files (x86)\Common Files\Motive" /Platform=WIN32
mRunOnce: [iHUComcast64] "C:\Program Files\Common Files\Motive\InstallHelper.exe" /UninstallVendor=Comcast /Dir="C:\Program Files\Common Files\Motive" /Platform=x64
StartupFolder: C:\Users\Jeremiah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\Jeremiah\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jeremiah\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Jeremiah\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DUC.lnk - C:\Program Files (x86)\No-IP\DUC40.exe
StartupFolder: C:\Users\Jeremiah\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TS3SER~1.LNK - C:\Users\Jeremiah\Desktop\Teamspeak\ts3server_win64.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\AMAZON~1.LNK - C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\TOTALM~1.LNK - C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 6\TotalMedia Server\TM Server.exe
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001025-0002-0025-ABCDEFFEDCBC} - <orphaned>
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{2421FBF6-FAC2-4480-9F06-FB753B6B7F45} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{DF21C123-C5AF-44F1-AB76-1B7345F1C117} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
x64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke
x64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke



x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jeremiah\AppData\Roaming\Mozilla\Firefox\Profiles\ha4a26a6.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Users\Jeremiah\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll
FF - plugin: C:\Users\Jeremiah\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-07-29 21:01; toolbar_ORJ-V7@apn.ask.com; C:\Users\Jeremiah\AppData\Roaming\Mozilla\Firefox\Profiles\ha4a26a6.default\extensions\toolbar_ORJ-V7@apn.ask.com.xpi
.
============= SERVICES / DRIVERS ===============
.
R1 ArcCtrl;ArcCtrl;C:\Windows\System32\Drivers\ArcCtrl.sys [2013-8-26 604192]
R2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2013-7-8 44064]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-20 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-20 701512]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-8-1 14997280]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-9-12 414496]
R3 cmudaxp;ASUS Xonar Essence STX Audio Interface;C:\Windows\System32\Drivers\cmudaxp.sys [2013-8-11 2733568]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2013-6-4 103448]
R3 EuMusDesignVirtualAudioCableWdm;@oem62.inf,%DeviceName% (WDM);Virtual Audio Cable (WDM);C:\Windows\System32\Drivers\vrtaucbl.sys [2013-8-12 90624]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\Drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\Drivers\LGVirHid.sys [2009-11-23 16008]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-9-20 25928]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\Drivers\nvvad64v.sys [2013-9-7 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\Drivers\Rt64win7.sys [2013-4-10 849992]
R3 rzudd;Razer Mouse Driver;C:\Windows\System32\Drivers\rzudd.sys [2013-8-21 141496]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2013-6-4 203672]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2013-9-17 369152]
S2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-9-17 460288]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 BRSptSvc;BitRaider Mini-Support Service;C:\ProgramData\BitRaider\BRSptSvc.exe [2013-9-13 476936]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-8-27 160256]
S3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [2013-7-17 15176]
S3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2013-6-27 14544]
.
=============== Created Last 30 ================
.
2013-09-25 10:00:25    9694160    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{65201D23-F91B-4D47-94B0-9415CD3C07F8}\mpengine.dll
2013-09-24 10:00:28    9694160    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-09-23 10:00:28    9694160    ------w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{45C5770F-8C61-4841-BD58-08D07995785A}\mpengine.dll
2013-09-20 12:35:58    --------    d-----w-    C:\ProgramData\HitmanPro
2013-09-20 12:30:13    --------    d-----w-    C:\Users\Jeremiah\AppData\Roaming\Malwarebytes
2013-09-20 12:29:41    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-09-20 12:29:39    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-09-20 12:29:39    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-20 12:26:04    --------    d-----w-    C:\ProgramData\boost_interprocess
2013-09-20 12:22:08    --------    d-----w-    C:\AdwCleaner
2013-09-18 05:03:22    --------    d-----w-    C:\Program Files (x86)\Comcast
2013-09-18 05:02:24    --------    d-----w-    C:\Program Files (x86)\Common Files\Motive
2013-09-18 05:02:20    --------    d-----w-    C:\Program Files\Common Files\Motive
2013-09-18 01:45:28    --------    d-----w-    C:\Users\Jeremiah\AppData\Roaming\Guild Wars 2
2013-09-16 00:36:55    --------    d-----w-    C:\Users\Jeremiah\AppData\Roaming\raidcall
2013-09-16 00:36:42    --------    d-----w-    C:\Program Files (x86)\RaidCall
2013-09-14 19:25:57    965008    ------w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A02EEBEB-5557-4253-A4C3-651198346E70}\gapaengine.dll
2013-09-13 23:41:01    --------    d-----w-    C:\ProgramData\Curse Client
2013-09-13 23:39:31    --------    d-----w-    C:\Users\Jeremiah\AppData\Roaming\Curse Advertising
2013-09-13 23:36:17    --------    d-----w-    C:\Users\Jeremiah\AppData\Local\Apps
2013-09-13 23:36:14    --------    d-----w-    C:\Users\Jeremiah\AppData\Local\Deployment
2013-09-13 22:56:46    --------    d-----w-    C:\Users\Jeremiah\AppData\Roaming\Acreon
2013-09-13 22:56:41    --------    d-----w-    C:\Users\Jeremiah\AppData\Local\._Revolution_
2013-09-13 22:47:56    --------    d-----w-    C:\Users\Jeremiah\AppData\Local\Blizzard Entertainment
2013-09-13 19:56:38    --------    d-----w-    C:\Users\Jeremiah\AppData\Local\SWTOR
2013-09-13 19:10:25    --------    d-----w-    C:\Program Files (x86)\World of Warcraft
2013-09-13 17:53:55    --------    d-----w-    C:\ProgramData\BitRaider
2013-09-13 17:53:39    --------    d-----w-    C:\Users\Jeremiah\AppData\Local\SWTORPerf
2013-09-13 17:51:35    --------    d-----w-    C:\Program Files (x86)\Common Files\BioWare
2013-09-12 08:17:50    571168    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2013-09-07 22:27:48    39200    ----a-w-    C:\Windows\System32\drivers\nvvad64v.sys
2013-09-07 22:27:48    28448    ----a-w-    C:\Windows\SysWow64\nvaudcap32v.dll
2013-09-05 14:04:02    209272    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-08-31 01:01:01    --------    d-----w-    C:\Users\Jeremiah\AppData\Roaming\X-Chat 2
2013-08-31 01:00:58    --------    d-----w-    C:\Program Files (x86)\xchat
2013-08-31 01:00:05    --------    d-----w-    C:\Users\Jeremiah\AppData\Roaming\mIRC
2013-08-29 04:29:54    796672    ----a-w-    C:\Windows\SysWow64\rzdevicedll.dll
2013-08-28 21:36:26    238352    ----a-w-    C:\Windows\System32\drivers\VBoxDrv.sys
2013-08-28 21:36:19    120080    ----a-w-    C:\Windows\System32\drivers\VBoxUSBMon.sys
2013-08-28 16:38:45    --------    d-----w-    C:\Users\Jeremiah\AppData\Local\Chromium
2013-08-28 16:37:54    --------    d-----w-    C:\Users\Jeremiah\AppData\Local\The Lord of the Rings Online
2013-08-28 13:16:16    --------    d-----w-    C:\Users\Jeremiah\AppData\Local\Turbine
2013-08-28 12:28:46    --------    d-----w-    C:\Users\Jeremiah\AppData\Local\ApplicationHistory
2013-08-28 12:27:20    --------    d-----w-    C:\Windows\SysWow64\URTTEMP
2013-08-28 11:47:58    --------    d-----w-    C:\Program Files (x86)\Turbine
2013-08-28 05:17:03    --------    d-----w-    C:\Program Files\EVGA
2013-08-28 05:14:01    --------    d-----w-    C:\Program Files (x86)\RivaTuner Statistics Server
2013-08-28 05:13:38    --------    d-----w-    C:\Program Files (x86)\EVGA Precision X
2013-08-27 11:06:22    --------    d-----w-    C:\Users\Jeremiah\AppData\Local\PMB Files
2013-08-27 11:06:22    --------    d-----w-    C:\ProgramData\PMB Files
2013-08-27 11:06:03    --------    d-----w-    C:\Program Files (x86)\Pando Networks
2013-08-27 04:22:41    --------    d-----w-    C:\Users\Jeremiah\.tokentool
2013-08-27 04:20:35    --------    d-----w-    C:\Users\Jeremiah\.chartool
2013-08-27 00:45:07    --------    d-----w-    C:\Users\Jeremiah\.idlerc
2013-08-27 00:42:11    --------    d-----w-    C:\Python33
.
==================== Find3M  ====================
.
2013-09-18 23:26:35    78296    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-18 23:26:35    694232    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-12 07:25:43    6599968    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-09-12 07:25:43    3452192    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-09-12 07:25:40    920864    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-09-12 07:25:40    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-09-12 07:25:40    219424    ----a-w-    C:\Windows\System32\nvmctray.dll
2013-09-11 22:06:31    3361114    ----a-w-    C:\Windows\System32\nvcoproc.bin
2013-08-21 07:34:32    141496    ----a-w-    C:\Windows\System32\drivers\rzudd.sys
2013-08-21 04:12:06    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-08-21 04:11:59    915968    ----a-w-    C:\Windows\System32\uxtheme.dll
2013-08-21 04:11:59    53760    ----a-w-    C:\Windows\System32\UXInit.dll
2013-08-21 04:11:07    3959296    ----a-w-    C:\Windows\System32\jscript9.dll
2013-08-21 04:11:04    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-08-21 04:11:04    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-08-21 02:34:51    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-08-21 02:06:11    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-08-21 02:06:06    44032    ----a-w-    C:\Windows\SysWow64\UXInit.dll
2013-08-21 02:05:28    2876928    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-08-21 02:05:25    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-08-21 02:05:25    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-08-21 01:43:54    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-08-20 23:52:56    534528    ----a-w-    C:\Windows\SysWow64\uxtheme.dll
2013-08-20 13:32:58    29984    ----a-w-    C:\Windows\System32\nvaudcap64v.dll
2013-08-20 08:35:02    57344    ----a-w-    C:\Windows\SysWow64\rzdevinfo.dll
2013-08-20 08:35:02    154112    ----a-w-    C:\Windows\SysWow64\rztouchdll.dll
2013-08-20 08:34:58    117248    ----a-w-    C:\Windows\SysWow64\rzdisplaydll.dll
2013-08-20 08:34:56    296448    ----a-w-    C:\Windows\SysWow64\rzaudiodll.dll
2013-08-18 22:00:25    544688    ----a-w-    C:\Windows\System32\npdeployJava1.dll
2013-08-18 22:00:25    526256    ----a-w-    C:\Windows\System32\deployJava1.dll
2013-08-16 05:41:13    58200    ----a-w-    C:\Windows\System32\drivers\dam.sys
2013-08-16 05:39:26    2371728    ----a-w-    C:\Windows\System32\WSService.dll
2013-08-16 05:32:48    209200    ----a-w-    C:\Windows\System32\NotificationUI.exe
2013-08-16 05:22:22    40448    ----a-w-    C:\Windows\System32\wuapp.exe
2013-08-16 05:22:11    4917760    ----a-w-    C:\Windows\System32\sppsvc.exe
2013-08-16 05:20:30    105984    ----a-w-    C:\Windows\System32\WinSetupUI.dll
2013-08-15 22:43:21    35328    ----a-w-    C:\Windows\SysWow64\wuapp.exe
2013-08-15 22:43:07    84992    ----a-w-    C:\Windows\SysWow64\wudriver.dll
2013-08-15 22:43:07    126976    ----a-w-    C:\Windows\SysWow64\wuwebv.dll
2013-08-15 22:43:03    562688    ----a-w-    C:\Windows\SysWow64\WSShared.dll
2013-08-15 22:43:03    159232    ----a-w-    C:\Windows\SysWow64\WSSync.dll
2013-08-15 22:43:02    83968    ----a-w-    C:\Windows\SysWow64\OEMLicense.dll
2013-08-15 22:43:02    167424    ----a-w-    C:\Windows\SysWow64\WSClient.dll
2013-08-15 22:43:02    143872    ----a-w-    C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
2013-08-15 22:43:02    124928    ----a-w-    C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-08-15 22:42:52    76800    ----a-w-    C:\Windows\SysWow64\setupcln.dll
2013-08-15 22:42:47    91648    ----a-w-    C:\Windows\SysWow64\sppc.dll
2013-08-13 03:09:35    90624    ----a-w-    C:\Windows\System32\drivers\vrtaucbl.sys
2013-08-07 05:15:02    144896    ----a-w-    C:\Windows\System32\tssdisai.dll
2013-08-03 04:30:14    4038144    ----a-w-    C:\Windows\System32\win32k.sys
2013-07-30 03:44:38    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-30 03:44:36    867240    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-07-30 03:44:36    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-07-26 02:04:37    466456    ----a-w-    C:\Windows\System32\wrap_oal.dll
2013-07-26 02:04:37    444952    ----a-w-    C:\Windows\SysWow64\wrap_oal.dll
2013-07-26 02:04:37    122904    ----a-w-    C:\Windows\System32\OpenAL32.dll
2013-07-26 02:04:37    109080    ----a-w-    C:\Windows\SysWow64\OpenAL32.dll
2013-07-15 14:46:59    178800    ----a-w-    C:\Windows\SysWow64\CmdLineExt_x64.dll
2013-07-13 06:18:21    337408    ----a-w-    C:\Windows\System32\wintrust.dll
2013-07-13 06:16:06    68096    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-07-13 06:16:06    1889280    ----a-w-    C:\Windows\System32\crypt32.dll
2013-07-13 06:15:53    98304    ----a-w-    C:\Windows\System32\apprepsync.dll
2013-07-13 06:15:53    124416    ----a-w-    C:\Windows\System32\apprepapi.dll
2013-07-13 04:24:58    261120    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-07-13 04:23:11    1568256    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-07-13 04:23:03    87040    ----a-w-    C:\Windows\SysWow64\apprepapi.dll
2013-07-13 04:23:03    74240    ----a-w-    C:\Windows\SysWow64\apprepsync.dll
2013-07-09 08:04:07    120144    ----a-w-    C:\Windows\System32\drivers\msgpioclx.sys
2013-07-09 06:18:21    439488    ----a-w-    C:\Windows\System32\WerFault.exe
2013-07-09 06:07:17    2233168    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-07-09 04:25:45    385768    ----a-w-    C:\Windows\SysWow64\WerFault.exe
2013-07-09 03:57:19    245760    ----a-w-    C:\Windows\SysWow64\LocationApi.dll
2013-07-08 22:46:00    543744    ----a-w-    C:\Windows\System32\wwanmm.dll
2013-07-08 22:46:00    414208    ----a-w-    C:\Windows\System32\wwanconn.dll
2013-07-08 22:46:00    370688    ----a-w-    C:\Windows\System32\Wwanadvui.dll
2013-07-08 22:45:16    312832    ----a-w-    C:\Windows\System32\LocationApi.dll
2013-07-06 00:16:17    1025024    ----a-w-    C:\Windows\System32\localspl.dll
2013-07-04 22:57:00    146704    ----a-w-    C:\Windows\System32\drivers\VBoxNetFlt.sys
2013-07-04 22:57:00    131856    ----a-w-    C:\Windows\System32\drivers\VBoxNetAdp.sys
2013-07-04 22:56:58    204048    ----a-w-    C:\Windows\System32\VBoxNetFltNobj.dll
2013-07-03 00:23:43    391168    ----a-w-    C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-07-03 00:23:12    778752    ----a-w-    C:\Windows\System32\oleaut32.dll
2013-07-03 00:22:26    1300480    ----a-w-    C:\Windows\System32\gdi32.dll
2013-07-03 00:11:23    268800    ----a-w-    C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
2013-07-03 00:11:02    551424    ----a-w-    C:\Windows\SysWow64\oleaut32.dll
2013-07-02 00:44:14    36288    ----a-w-    C:\Windows\System32\drivers\WdBoot.sys
2013-07-01 22:08:49    247216    ----a-w-    C:\Windows\System32\drivers\WdFilter.sys
2013-06-30 22:30:14    67072    ----a-w-    C:\Windows\SysWow64\openfiles.exe
2013-06-30 22:29:22    77312    ----a-w-    C:\Windows\System32\openfiles.exe
2013-06-29 06:15:54    195416    ----a-w-    C:\Windows\System32\drivers\sdbus.sys
2013-06-29 06:15:47    125784    ----a-w-    C:\Windows\System32\drivers\dumpsd.sys
2013-06-29 05:43:16    327512    ----a-w-    C:\Windows\System32\drivers\Classpnp.sys
2013-06-29 01:12:01    1022464    ----a-w-    C:\Windows\SysWow64\gdi32.dll
.
============= FINISH:  5:56:34.18 ===============
 

Link to post
Share on other sites

Step 1

Please uninstall the following applications:

µTorrent

Ask Toolbar

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
Step
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

Adwcleaner Log File:

 

# AdwCleaner v3.005 - Report created 25/09/2013 at 18:47:04
# Updated 22/09/2013 by Xplode
# Operating System : Windows 8 Pro with Media Center  (64 bits)
# Username : Jeremiah - FROGSPC
# Running from : C:\Users\Jeremiah\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\boost_interprocess

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16688


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Jeremiah\AppData\Roaming\Mozilla\Firefox\Profiles\ha4a26a6.default\prefs.js ]


-\\ Google Chrome v29.0.1547.76

[ File : C:\Users\Jeremiah\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1754 octets] - [20/09/2013 05:22:11]
AdwCleaner[R1].txt - [1069 octets] - [25/09/2013 18:46:42]
AdwCleaner[s0].txt - [1697 octets] - [20/09/2013 05:22:48]
AdwCleaner[s1].txt - [996 octets] - [25/09/2013 18:47:04]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1055 octets] ##########

 

 

 

JRT Log File:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.2 (09.22.2013:1)
OS: Windows 8 Pro with Media Center x64
Ran by Jeremiah on Wed 09/25/2013 at 18:38:22.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
Failed to delete: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\Jeremiah\AppData\Roaming\mozilla\firefox\profiles\ha4a26a6.default\minidumps [21 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/25/2013 at 18:43:49.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


MBAM Log File:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.25.09

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16688
Jeremiah :: FROGSPC [administrator]

Protection: Enabled

9/25/2013 6:52:22 PM
mbam-log-2013-09-25 (18-52-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229618
Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Since I have been home tonight I have seen 2 blocks of malicious website.

 

Here is the Log. It looks like the same IP coming from skype.

 

2013/09/27 01:30:00 -0700    FROGSPC    Jeremiah    MESSAGE    Executing scheduled scan:  Full Scan | Daily | Silent | -remove | -terminate | -reboot
2013/09/27 01:30:00 -0700    FROGSPC    Jeremiah    MESSAGE    Scheduled scan executed successfully
2013/09/27 05:25:28 -0700    FROGSPC    Jeremiah    IP-BLOCK    94.102.49.120 (Type: incoming, Port: 19, Process: svchost.exe)
2013/09/27 06:15:54 -0700    FROGSPC    Jeremiah    IP-BLOCK    89.28.31.115 (Type: incoming, Port: 80, Process: skype.exe)
2013/09/27 06:15:54 -0700    FROGSPC    Jeremiah    IP-BLOCK    89.28.31.115 (Type: incoming, Port: 80, Process: skype.exe)
2013/09/27 06:15:54 -0700    FROGSPC    Jeremiah    IP-BLOCK    89.28.31.115 (Type: incoming, Port: 80, Process: skype.exe)
2013/09/27 06:16:02 -0700    FROGSPC    Jeremiah    IP-BLOCK    89.28.31.115 (Type: incoming, Port: 80, Process: skype.exe)
2013/09/27 06:16:10 -0700    FROGSPC    Jeremiah    IP-BLOCK    89.28.31.115 (Type: incoming, Port: 80, Process: skype.exe)
2013/09/27 06:16:26 -0700    FROGSPC    Jeremiah    IP-BLOCK    89.28.31.115 (Type: incoming, Port: 80, Process: skype.exe)
2013/09/27 08:20:32 -0700    FROGSPC    Jeremiah    IP-BLOCK    150.70.75.29 (Type: incoming, Port: 80, Process: skype.exe)
2013/09/27 08:20:32 -0700    FROGSPC    Jeremiah    IP-BLOCK    150.70.75.29 (Type: incoming, Port: 80, Process: skype.exe)
2013/09/27 08:20:40 -0700    FROGSPC    Jeremiah    IP-BLOCK    150.70.75.29 (Type: incoming, Port: 80, Process: skype.exe)
2013/09/27 08:38:41 -0700    FROGSPC    Jeremiah    IP-BLOCK    89.248.171.103 (Type: incoming, Port: 19, Process: svchost.exe)
2013/09/27 08:58:34 -0700    FROGSPC    Jeremiah    IP-BLOCK    89.248.174.54 (Type: incoming, Port: 53, Process: svchost.exe)
2013/09/27 11:07:22 -0700    FROGSPC    Jeremiah    IP-BLOCK    89.28.79.149 (Type: outgoing, Port: 15892, Process: skype.exe)
2013/09/27 15:51:16 -0700    FROGSPC    Jeremiah    IP-BLOCK    109.230.222.85 (Type: incoming, Port: 5060, Process: svchost.exe)
2013/09/27 17:04:48 -0700    FROGSPC    Jeremiah    IP-BLOCK    41.203.69.2 (Type: incoming, Port: 15892, Process: skype.exe)
2013/09/27 17:04:48 -0700    FROGSPC    Jeremiah    IP-BLOCK    41.203.69.2 (Type: incoming, Port: 15892, Process: skype.exe)
2013/09/27 17:04:48 -0700    FROGSPC    Jeremiah    IP-BLOCK    41.203.69.2 (Type: incoming, Port: 15892, Process: skype.exe)
2013/09/27 17:04:56 -0700    FROGSPC    Jeremiah    IP-BLOCK    41.203.69.2 (Type: incoming, Port: 15892, Process: skype.exe)
2013/09/27 17:04:56 -0700    FROGSPC    Jeremiah    IP-BLOCK    41.203.69.2 (Type: incoming, Port: 15892, Process: skype.exe)
2013/09/27 17:04:56 -0700    FROGSPC    Jeremiah    IP-BLOCK    41.203.69.2 (Type: incoming, Port: 15892, Process: skype.exe)
2013/09/27 18:37:08 -0700    FROGSPC    Jeremiah    IP-BLOCK    41.203.69.2 (Type: incoming, Port: 15892, Process: skype.exe)
2013/09/27 18:37:08 -0700    FROGSPC    Jeremiah    IP-BLOCK    41.203.69.2 (Type: incoming, Port: 15892, Process: skype.exe)
2013/09/27 18:37:08 -0700    FROGSPC    Jeremiah    IP-BLOCK    41.203.69.2 (Type: incoming, Port: 15892, Process: skype.exe)
2013/09/27 18:37:16 -0700    FROGSPC    Jeremiah    IP-BLOCK    41.203.69.2 (Type: incoming, Port: 15892, Process: skype.exe)
2013/09/27 18:37:16 -0700    FROGSPC    Jeremiah    IP-BLOCK    41.203.69.2 (Type: incoming, Port: 15892, Process: skype.exe)
2013/09/27 18:57:57 -0700    FROGSPC    Jeremiah    IP-BLOCK    41.203.69.2 (Type: incoming, Port: 15892, Process: skype.exe)
2013/09/27 18:58:05 -0700    FROGSPC    Jeremiah    IP-BLOCK    41.203.69.2 (Type: incoming, Port: 15892, Process: skype.exe)
2013/09/27 18:58:05 -0700    FROGSPC    Jeremiah    IP-BLOCK    41.203.69.2 (Type: incoming, Port: 15892, Process: skype.exe)
2013/09/27 18:58:05 -0700    FROGSPC    Jeremiah    IP-BLOCK    41.203.69.2 (Type: incoming, Port: 15892, Process: skype.exe)
2013/09/27 18:58:13 -0700    FROGSPC    Jeremiah    IP-BLOCK    41.203.69.2 (Type: incoming, Port: 15892, Process: skype.exe)
2013/09/27 18:58:13 -0700    FROGSPC    Jeremiah    IP-BLOCK    41.203.69.2 (Type: incoming, Port: 15892, Process: skype.exe)
2013/09/27 18:58:46 -0700    FROGSPC    Jeremiah    MESSAGE    Executing scheduled update:  Daily
2013/09/27 18:58:52 -0700    FROGSPC    Jeremiah    MESSAGE    Scheduled update executed successfully:  database updated from version v2013.09.26.09 to version v2013.09.28.01
2013/09/27 18:58:52 -0700    FROGSPC    Jeremiah    MESSAGE    Starting database refresh
2013/09/27 18:58:53 -0700    FROGSPC    Jeremiah    MESSAGE    Stopping IP protection
2013/09/27 18:58:53 -0700    FROGSPC    Jeremiah    MESSAGE    IP Protection stopped successfully
2013/09/27 18:58:55 -0700    FROGSPC    Jeremiah    MESSAGE    Database refreshed successfully
2013/09/27 18:58:55 -0700    FROGSPC    Jeremiah    MESSAGE    Starting IP protection
2013/09/27 18:58:57 -0700    FROGSPC    Jeremiah    MESSAGE    IP Protection started successfully
2013/09/27 22:06:19 -0700    FROGSPC    Jeremiah    IP-BLOCK    58.240.81.190 (Type: incoming, Port: 15892, Process: skype.exe)
2013/09/27 22:06:19 -0700    FROGSPC    Jeremiah    IP-BLOCK    58.240.81.190 (Type: incoming, Port: 15892, Process: skype.exe)
2013/09/27 22:06:27 -0700    FROGSPC    Jeremiah    IP-BLOCK    58.240.81.190 (Type: incoming, Port: 15892, Process: skype.exe)
2013/09/27 22:06:27 -0700    FROGSPC    Jeremiah    IP-BLOCK    58.240.81.190 (Type: incoming, Port: 15892, Process: skype.exe)
2013/09/27 22:06:27 -0700    FROGSPC    Jeremiah    IP-BLOCK    58.240.81.190 (Type: incoming, Port: 15892, Process: skype.exe)
2013/09/27 22:06:36 -0700    FROGSPC    Jeremiah    IP-BLOCK    58.240.81.190 (Type: incoming, Port: 15892, Process: skype.exe)
 

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.