Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus Protection Stops Internet Connection [Solved]

Started by FCM , Sep 20 2013 05:25 PM

  • This topic is locked This topic is locked

#1
FCM
Posted 20 September 2013 - 05:25 PM

FCM

    Member

  • Member
  • PipPip
  • 14 posts
Hello,
I started getting cannot connect try again messages, try again would not help. I would check the diagnose internet connection button, and reboot.sometimes it would connect and sometimes not. Although after connecting I would not be able to navigate off of that first page. Also at one point I was getting "winsock error 10061". The computer has Kaspersky on it, to make sure it wasn't that I also used Avast and AVG, both with the same results, with security no connection, without I get a connection.
Below is the OTL print out
Thank you

OTL logfile created on: 9/20/2013 6:26:28 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.00 Mb Total Physical Memory | 362.88 Mb Available Physical Memory | 47.37% Memory free
2.75 Gb Paging File | 2.29 Gb Available in Paging File | 83.28% Paging File free
Paging file location(s): C:\pagefile.sys 2100 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 23.40 Gb Free Space | 62.80% Space Free | Partition Type: NTFS
Drive F: | 7.46 Gb Total Space | 7.44 Gb Free Space | 99.70% Space Free | Partition Type: FAT32

Computer Name: PC-D7A412A54DF8 | User Name: Owner | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/20 18:21:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2013/09/13 20:08:25 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2012/02/07 20:54:54 | 000,078,624 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2012/02/07 20:54:54 | 000,078,624 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\OFFICEVIRT.EXE


========== Services (SafeList) ==========

SRV - File not found [Disabled | Unknown] -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo)
SRV - File not found [Disabled | Unknown] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Unknown] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/09/13 20:08:25 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Unknown] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2013/09/13 18:24:08 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Unknown] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/10 22:26:44 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Unknown] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/10/01 01:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 01:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Unknown] -- -- (PCIDump)
DRV - File not found [Kernel | System | Unknown] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Unknown] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Unknown] -- -- (Changer)
DRV - [2013/09/17 12:31:18 | 000,048,728 | ---- | M] (MalwareBytes) [File_System | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2013/09/13 20:11:24 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\kneps.sys -- (kneps)
DRV - [2013/09/13 20:11:24 | 000,044,000 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\kltdi.sys -- (kltdi)
DRV - [2013/09/13 20:11:24 | 000,024,920 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2013/09/13 20:11:23 | 000,591,968 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Unknown] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2013/09/13 20:11:23 | 000,024,408 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2013/03/06 18:33:23 | 000,199,384 | ---- | M] (AVAST Software) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2013/03/06 18:33:22 | 000,101,656 | ---- | M] (AVAST Software) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\aswFW.sys -- (aswFW)
DRV - [2013/03/06 18:33:22 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Unknown] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013/03/06 18:11:20 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2012/06/27 14:09:08 | 000,035,672 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2012/06/19 17:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2011/10/01 01:30:42 | 000,018,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\Sftvolxp.sys -- (Sftvol)
DRV - [2011/10/01 01:30:40 | 000,020,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\Sftredirxp.sys -- (Sftredir)
DRV - [2011/10/01 01:30:38 | 000,209,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\Sftplayxp.sys -- (Sftplay)
DRV - [2011/10/01 01:30:36 | 000,584,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\Sftfsxp.sys -- (Sftfs)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/06/30 18:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gccnj.edu/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.gccnj.edu/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/09/13 20:12:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/09/13 20:12:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/09/13 20:11:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/09/13 20:11:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/09/13 20:11:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/20 03:38:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/09 18:07:45 | 000,000,000 | ---D | M]

[2013/09/17 13:07:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2013/06/20 03:38:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/09/17 13:07:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/01/18 19:57:09 | 000,302,904 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2012/01/18 19:56:52 | 000,176,952 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll

O1 HOSTS File: ([2010/01/19 21:51:47 | 000,373,451 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12872 more lines...
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - http://tbedits.myscr...2013050110&cv=1 File not found
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105 File not found
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1362784314156 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E24321E-21E3-477D-86C0-5B662D492C15}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/22 10:50:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0dd09018-d6e5-11df-8544-000bdbb595f5}\Shell - "" = AutoRun
O33 - MountPoints2\{0dd09018-d6e5-11df-8544-000bdbb595f5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0dd09018-d6e5-11df-8544-000bdbb595f5}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/18 19:30:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2013/09/18 16:55:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Home and Student (English)
[2013/09/18 16:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/09/18 16:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\SoftGrid Client
[2013/09/18 16:52:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2013/09/18 16:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
[2013/09/17 14:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/09/17 14:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/09/17 13:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\LogMeIn Rescue Applet
[2013/09/17 13:07:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2013/09/17 13:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/09/17 12:33:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/09/17 12:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2013/09/17 12:31:18 | 000,048,728 | ---- | C] (MalwareBytes) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/09/17 12:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2013/09/15 16:48:49 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/09/13 19:38:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Internet Security 2013
[2013/09/13 19:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2013/09/13 19:35:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2013/09/13 19:35:12 | 000,591,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\klif.sys
[2013/09/13 19:35:12 | 000,074,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\klflt.sys
[2013/09/13 18:35:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IECompatCache
[2013/09/13 18:17:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\PrivacIE
[2013/09/13 18:12:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Pictures
[2013/09/13 18:12:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Music
[2013/09/13 18:12:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IETldCache
[2013/09/13 17:57:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2013/09/13 17:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2013/09/13 17:51:34 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/09/11 19:02:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/09/11 19:01:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2013/09/11 18:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Add-in Express
[2013/09/11 17:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
[2013/09/10 16:54:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PCHealth
[2013/09/09 20:27:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2013/09/09 19:00:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG2014
[2013/09/09 18:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2013/09/09 18:52:49 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/09/09 18:52:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2013/09/09 18:37:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/09/09 18:37:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\MFAData
[2013/09/09 18:37:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/09/09 18:37:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Avg2014
[2013/09/07 16:08:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java(2)
[2013/09/07 15:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2013/09/07 14:54:17 | 000,000,000 | ---D | C] -- C:\Config.Msi
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/20 18:04:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/20 18:04:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/18 18:55:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/18 16:52:59 | 000,493,600 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/09/18 16:52:59 | 000,091,416 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/09/17 14:16:03 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/09/17 13:07:35 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/09/17 13:07:29 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/09/17 12:31:18 | 000,048,728 | ---- | M] (MalwareBytes) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/09/15 15:26:42 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2013/09/14 09:28:33 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/13 20:11:24 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kneps.sys
[2013/09/13 20:11:24 | 000,044,000 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kltdi.sys
[2013/09/13 20:11:24 | 000,024,920 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klmouflt.sys
[2013/09/13 20:11:23 | 000,591,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\klif.sys
[2013/09/13 20:11:23 | 000,024,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klkbdflt.sys
[2013/09/13 20:11:22 | 000,074,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\klflt.sys
[2013/09/13 19:42:12 | 000,001,981 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Safe Money.lnk
[2013/09/13 19:38:15 | 000,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kaspersky Internet Security 2013.lnk
[2013/09/13 18:13:06 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/09 17:29:26 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/08/30 03:47:32 | 000,229,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/17 13:07:35 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/09/17 13:07:28 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013/09/17 13:07:28 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/09/13 19:42:12 | 000,001,981 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Safe Money.lnk
[2013/09/13 19:38:51 | 000,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kaspersky Internet Security 2013.lnk
[2013/09/13 18:13:04 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk
[2013/09/09 17:29:26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/06/12 18:25:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Framework
[2012/02/15 14:03:58 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/02/24 12:51:38 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\Owner\g2mdlhlpx.exe
[2010/10/05 11:50:29 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Owner\WINWORD.box
[2010/03/27 08:48:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\IVOPEN.$$$
[2010/01/23 19:48:15 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/11 17:54:17 | 000,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/10/30 12:03:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Generic
[2009/10/30 12:03:09 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT

========== ZeroAccess Check ==========

[2009/10/27 19:04:47 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/07/25 04:12:59 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/07/09 21:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2013/09/17 16:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/09/13 18:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2013/09/09 18:37:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/10/30 12:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2013/09/13 18:45:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/04/08 18:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2013/03/02 15:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/30 12:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2012/07/13 12:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virtualized Applications
[2012/07/20 12:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2011/03/02 11:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/09/09 19:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG2014
[2012/11/17 15:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitTorrent
[2011/12/09 23:57:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImageDesktop.70A796F90E3A41D1B0A2F1D200C8BD1EF0788CF6.1
[2013/09/17 12:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2009/10/30 12:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nikon
[2009/10/22 13:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2013/04/08 18:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RoboForm
[2013/09/18 17:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SoftGrid Client
[2013/09/18 16:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TP
[2013/09/09 18:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2012/01/18 19:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\webex
[2009/10/27 19:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2009/10/30 18:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 27925 bytes -> C:\WINDOWS\Diseases and Disorders: A Nursing Therapeutics Manual Setup Log.txt
@Alternate Data Stream - 25268 bytes -> C:\WINDOWS\RNotes®: Nurse's Clinical Pocket Guide Setup Log.txt
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 21 September 2013 - 07:45 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there will be no guarantees with this but lets try

First you will need to uninstall Avast

Download Uninstall Utility to your Desktop.
Disconnect from the net
Uninstall Avast via control panel

  • Run aswClear
  • It will offer to reboot to safe mode .. Accept that
    Posted Image
  • Once it has rebooted to safe mode
  • In the Select Product to Uninstall dropdown choose the version of Avast that is on your system.
  • Press Uninstall
  • Once complete reboot your system to Normal Mode
----------

THEN

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
[2013/09/09 19:00:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG2014
[2013/09/09 18:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2013/09/09 18:52:49 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/09/09 18:52:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2013/09/09 18:37:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/09/09 18:37:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\MFAData
[2013/09/09 18:37:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/09/09 18:37:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Avg2014
[2010/07/09 21:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2013/09/13 18:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014

:Files
netsh int ip reset c:\resetlog.txt /c
netsh winsock reset /c
ipconfig /release /c 
ipconfig /flushdns /c 
ipconfig /renew /c 

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#3
FCM
Posted 21 September 2013 - 10:53 AM

FCM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello Essexboy.
I've completed you're instructions, below is the OTL log.
The computer that has the problem belongs to my niece, it now has low connectivity, and I cannot connect to the internet at all.
I remove the line and place it into my computer to connect with you, so there is no problem with the connection beyond the computer.

OTL logfile created on: 9/21/2013 12:13:40 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.00 Mb Total Physical Memory | 292.06 Mb Available Physical Memory | 38.13% Memory free
2.75 Gb Paging File | 2.37 Gb Available in Paging File | 85.96% Paging File free
Paging file location(s): C:\pagefile.sys 2100 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 23.37 Gb Free Space | 62.73% Space Free | Partition Type: NTFS

Computer Name: PC-D7A412A54DF8 | User Name: Owner | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/20 18:21:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2013/09/13 20:08:25 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Unknown] -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo)
SRV - File not found [Disabled | Unknown] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Unknown] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/09/13 20:08:25 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Unknown] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2013/09/13 18:24:08 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Unknown] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/10 22:26:44 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Unknown] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/26 19:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Unknown] -- -- (PCIDump)
DRV - File not found [Kernel | System | Unknown] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Unknown] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Unknown] -- -- (Changer)
DRV - [2013/09/17 12:31:18 | 000,048,728 | ---- | M] (MalwareBytes) [File_System | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2013/09/13 20:11:24 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\kneps.sys -- (kneps)
DRV - [2013/09/13 20:11:24 | 000,044,000 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\kltdi.sys -- (kltdi)
DRV - [2013/09/13 20:11:24 | 000,024,920 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2013/09/13 20:11:23 | 000,591,968 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Unknown] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2013/09/13 20:11:23 | 000,024,408 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2013/06/26 19:23:04 | 000,019,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\Sftvolxp.sys -- (Sftvol)
DRV - [2013/06/26 19:23:02 | 000,023,208 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\Sftredirxp.sys -- (Sftredir)
DRV - [2013/06/26 19:23:00 | 000,213,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\Sftplayxp.sys -- (Sftplay)
DRV - [2013/06/26 19:22:58 | 000,587,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\Sftfsxp.sys -- (Sftfs)
DRV - [2013/03/06 18:33:23 | 000,199,384 | ---- | M] (AVAST Software) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2013/03/06 18:33:22 | 000,101,656 | ---- | M] (AVAST Software) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\aswFW.sys -- (aswFW)
DRV - [2013/03/06 18:33:22 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Unknown] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013/03/06 18:11:20 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2012/06/27 14:09:08 | 000,035,672 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2012/06/19 17:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/06/30 18:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gccnj.edu/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.gccnj.edu/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/09/13 20:12:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/09/13 20:12:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/09/13 20:11:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/09/13 20:11:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/09/13 20:11:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/20 03:38:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/09 18:07:45 | 000,000,000 | ---D | M]

[2013/09/17 13:07:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2013/06/20 03:38:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/09/17 13:07:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/01/18 19:57:09 | 000,302,904 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2012/01/18 19:56:52 | 000,176,952 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll

O1 HOSTS File: ([2010/01/19 21:51:47 | 000,373,451 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12872 more lines...
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - http://tbedits.myscr...2013050110&cv=1 File not found
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105 File not found
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1362784314156 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/22 10:50:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0dd09018-d6e5-11df-8544-000bdbb595f5}\Shell - "" = AutoRun
O33 - MountPoints2\{0dd09018-d6e5-11df-8544-000bdbb595f5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0dd09018-d6e5-11df-8544-000bdbb595f5}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/21 12:09:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/09/20 18:21:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/09/18 19:30:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2013/09/18 16:55:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Home and Student (English)
[2013/09/18 16:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/09/18 16:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\SoftGrid Client
[2013/09/18 16:52:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2013/09/18 16:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
[2013/09/17 14:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/09/17 14:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/09/17 13:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\LogMeIn Rescue Applet
[2013/09/17 13:07:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2013/09/17 13:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/09/17 12:33:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/09/17 12:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2013/09/17 12:31:18 | 000,048,728 | ---- | C] (MalwareBytes) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/09/17 12:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2013/09/15 16:48:49 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/09/13 19:38:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Internet Security 2013
[2013/09/13 19:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2013/09/13 19:35:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2013/09/13 19:35:12 | 000,591,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\klif.sys
[2013/09/13 19:35:12 | 000,074,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\klflt.sys
[2013/09/13 18:35:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IECompatCache
[2013/09/13 18:17:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\PrivacIE
[2013/09/13 18:12:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Pictures
[2013/09/13 18:12:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Music
[2013/09/13 18:12:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IETldCache
[2013/09/13 17:57:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2013/09/13 17:53:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2013/09/13 17:51:34 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/09/11 19:02:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/09/11 19:01:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2013/09/11 18:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Add-in Express
[2013/09/11 17:19:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
[2013/09/10 16:54:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PCHealth
[2013/09/09 20:27:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2013/09/09 18:52:49 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/09/09 18:52:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2013/09/07 16:08:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java(2)
[2013/09/07 15:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2013/09/07 14:54:17 | 000,000,000 | ---D | C] -- C:\Config.Msi
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/21 12:11:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/21 11:55:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/21 11:29:21 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to aswclear.lnk
[2013/09/21 11:13:35 | 000,493,600 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/09/21 11:13:35 | 000,091,416 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/09/20 18:21:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/09/20 18:04:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/17 14:16:03 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/09/17 13:07:35 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/09/17 13:07:29 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/09/17 12:31:18 | 000,048,728 | ---- | M] (MalwareBytes) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/09/15 15:26:42 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2013/09/14 09:28:33 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/13 20:11:24 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kneps.sys
[2013/09/13 20:11:24 | 000,044,000 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kltdi.sys
[2013/09/13 20:11:24 | 000,024,920 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klmouflt.sys
[2013/09/13 20:11:23 | 000,591,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\klif.sys
[2013/09/13 20:11:23 | 000,024,408 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klkbdflt.sys
[2013/09/13 20:11:22 | 000,074,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\klflt.sys
[2013/09/13 19:42:12 | 000,001,981 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Safe Money.lnk
[2013/09/13 19:38:15 | 000,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kaspersky Internet Security 2013.lnk
[2013/09/13 18:13:06 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/09 17:29:26 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/08/30 03:47:32 | 000,229,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/21 11:29:21 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to aswclear.lnk
[2013/09/17 13:07:35 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/09/17 13:07:28 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013/09/17 13:07:28 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/09/13 19:42:12 | 000,001,981 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Safe Money.lnk
[2013/09/13 19:38:51 | 000,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kaspersky Internet Security 2013.lnk
[2013/09/13 18:13:04 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk
[2013/09/09 17:29:26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/06/12 18:25:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Framework
[2012/02/15 14:03:58 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/02/24 12:51:38 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\Owner\g2mdlhlpx.exe
[2010/10/05 11:50:29 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Owner\WINWORD.box
[2010/03/27 08:48:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\IVOPEN.$$$
[2010/01/23 19:48:15 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/11 17:54:17 | 000,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/10/30 12:03:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Generic
[2009/10/30 12:03:09 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT

========== ZeroAccess Check ==========

[2009/10/27 19:04:47 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/07/25 04:12:59 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/07/09 21:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2013/09/17 16:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/09/13 18:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2009/10/30 12:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2013/04/08 18:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2013/03/02 15:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/30 12:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2012/07/13 12:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virtualized Applications
[2012/07/20 12:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2011/03/02 11:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/11/17 15:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitTorrent
[2011/12/09 23:57:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImageDesktop.70A796F90E3A41D1B0A2F1D200C8BD1EF0788CF6.1
[2013/09/17 12:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2009/10/30 12:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nikon
[2009/10/22 13:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2013/04/08 18:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\RoboForm
[2013/09/20 19:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SoftGrid Client
[2013/09/18 16:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TP
[2012/01/18 19:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\webex
[2009/10/27 19:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2009/10/30 18:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 27925 bytes -> C:\WINDOWS\Diseases and Disorders: A Nursing Therapeutics Manual Setup Log.txt
@Alternate Data Stream - 25268 bytes -> C:\WINDOWS\RNotes®: Nurse's Clinical Pocket Guide Setup Log.txt
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Edited by FCM, 21 September 2013 - 10:59 AM.

  • 0

#4
Essexboy
Posted 21 September 2013 - 11:20 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The winsock error indicates a rejection by the server

Lets totally uninstall and then reinstall Kaspersky

First ensure you have a copy of the Kaspersky licence
Download the Kaspersky removal tool
Download your version of Kasperky product

Uninstall Kaspersky via control panel
Reboot and then run the Kaspersky removal tool
Reboot then re-install the Kaspersky suite
  • 0

#5
FCM
Posted 21 September 2013 - 01:24 PM

FCM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
When I try to remove Kaspersky from control panel, it says I need administrative permission. When I go to user accounts there is no option to create another account or change the current account. This was not the case a couple of days ago, there was an option to create new accounts, and change admin rights. At that time I created an administrative account but could not log in with it, which is why I am using this current account with limited rights.
  • 0

#6
Essexboy
Posted 21 September 2013 - 02:01 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Can you reboot to safe mode and log in to the administrator account there ?

If not in normal windows press ctrl+alt+del two or three times until a login dialog appears. The username is Administrator and no password.

Let me know how you progress there
  • 0

#7
FCM
Posted 21 September 2013 - 02:51 PM

FCM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Yes I rebooted in safe mode and logged in as admin, I created a new admin account logged in to control panel removed Kaspersky, rebooted into safemode and ran Kavremover.exe
  • 0

#8
Essexboy
Posted 21 September 2013 - 03:09 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Grand :)

You also said that you had installed AVG as well so I would recommend that you run their removal tool as well http://download.avg....6_2014_4116.exe

Once you have re-installed Kaspersky can you let me know if the net functions properly, if not could you let me know what errors you get
  • 0

#9
FCM
Posted 21 September 2013 - 03:53 PM

FCM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I forgot to mention I reinstalled Kaspersky, it made a connection and took my activation code, and ran an update. When I clicked on mozzila browser no connection, when I pause protection from Kaspersky I can connect. I will run the AVG uninstall.
  • 0

#10
Essexboy
Posted 22 September 2013 - 04:05 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you try this please

1. go to kaspersky option.
2. open the program.
3. go to setting option
4. there you will see network option.
5. under that you will see the network configuration setting.
check that are they all right.
6. now go to the blocked option.
7. here uncheck the option >> block the network connection.
  • 0

Advertisements

#11
FCM
Posted 22 September 2013 - 10:00 AM

FCM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
This is what I'm seeing, see attachments. I disabled network attack blocker? still no connection.

Attached Thumbnails

  • kas1.JPG
  • kas2.JPG

  • 0

#12
Essexboy
Posted 22 September 2013 - 10:17 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I have never used Kaspersky so I am trolling around their forums looking for data

Could you temporarily stop the web antivirus element and see if that resolves the issue
  • 0

#13
FCM
Posted 22 September 2013 - 10:48 AM

FCM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I disabled web antivirus, still no connection. Did you see something in the log that pointed to Kaspersky, I thought it may have been that but I have that same disk running on two other computers with no problem. But to be sure I disabled it and ran Avast and AVG, but got the same results. One other thing I noticed I did not run OTL under administrator , do not know if that makes a difference.

Edited by FCM, 22 September 2013 - 10:48 AM.

  • 0

#14
Essexboy
Posted 22 September 2013 - 10:54 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Run another OTL scan under administrator please just in case there is something there

When you tried Avast had you fully uninstalled Kaspersky ?
  • 0

#15
FCM
Posted 22 September 2013 - 11:05 AM

FCM

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I honestly couldn't tell you, I know I either had it paused or removed, I've had kaspersky removed three times this week, I will run a new OTL under Admin and post it.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP