Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

odd malware that redirects or disables google.com, imgur.com, imdb.com

Started by tr41nwr3ck , Jul 07 2014 11:49 PM

  • This topic is locked This topic is locked

#1
tr41nwr3ck
Posted 07 July 2014 - 11:49 PM

tr41nwr3ck

    Member

  • Member
  • PipPip
  • 20 posts

Recently I've been to some unreputable websites linked from reddit.com.  

 

For the past couple months I have sometimes had google.com unavailable and I would be redirected to yahoo developer console.  However I am able to access google.com through my mobile phone.  

 

For the past few weeks I've had imgur.com be unavailable with the message "sorry, this shop is currently unavailable."  However I am able to access the imgur.com site through my mobile phone.    

 

Today for the first time I've been unable to access imdb.com's message boards and when I try to access their message board I am given the message "Section Closed.  We're sorry, this section of IMDB is temporarily unavailable due to important maintenance work.  Occasionally we need to close parts of our site, although we do try to keep downtime to a minimum.  We apologize for the inconvenience."  However I am able to access the IMDB message boards through my mobile phone.  

 

Today I've been experiencing intermittent major lag spikes in the game World of Tanks, I also was logged into TeamSpeak3 and I was the only user experiencing garbled/delayed voice messages at that time.  I typically never experience any lag spikes, and there is no easily solved explanation of the cause of the issue (like too many devices connected to the internet).  I shut down and restarted my computer, but I still experience lag in world of tanks as well as imdb.com's message boards still being unavailable on my computer but available on my mobile phone.  

 

I've had this computer since 1/1/2013 and this is the first issue I've had with malware.  I do run AVG antivirus free edition 2013.  

 

here is my OTL log, I have moderate computer knowledge and I have successfully removed malware in the past thanks to geekstogo.com staff.  I am very appreciative of those who take time to make themselves available to help.  

 

OTL logfile created on: 7/7/2014 10:44:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jim\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.46 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 42.56% Memory free
6.92 Gb Paging File | 4.46 Gb Available in Paging File | 64.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1862.92 Gb Total Space | 1467.22 Gb Free Space | 78.76% Space Free | Partition Type: NTFS
 
Computer Name: GREENROOM | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/07 22:20:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Downloads\OTL.exe
PRC - [2014/06/30 14:46:50 | 001,753,280 | ---- | M] (Valve Corporation) -- C:\programs\Steam\Steam.exe
PRC - [2014/06/24 20:23:20 | 009,233,864 | ---- | M] (TeamSpeak Systems GmbH) -- C:\programs\TeamSpeak 3 Client\ts3client_win32.exe
PRC - [2014/06/21 11:42:05 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
PRC - [2014/06/05 06:58:39 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/05/28 22:42:20 | 003,588,952 | ---- | M] (Electronic Arts) -- C:\programs\Origin\Origin.exe
PRC - [2014/05/22 00:36:08 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2014/01/21 01:43:02 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/20 02:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/10/23 02:05:52 | 000,799,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013/07/10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/02/09 19:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/02/09 17:35:07 | 001,821,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013/02/09 17:35:07 | 000,866,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/11/22 19:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/09 15:59:16 | 000,103,272 | ---- | M] (Wondershare) -- C:\Program Files\Wondershare\Wondershare Application Center\WACService.exe
PRC - [2012/07/27 19:52:56 | 000,495,616 | ---- | M] (MSI) -- C:\Program Files\MSI\Super-Charger\Super-Charger.exe
PRC - [2012/07/17 02:10:32 | 000,364,416 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 02:10:30 | 000,276,864 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/07/17 02:10:16 | 000,165,760 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/07/03 10:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/06/29 18:56:30 | 000,136,704 | ---- | M] (MSI) -- C:\Program Files\MSI\Super-Charger\ChargeService.exe
PRC - [2012/06/11 22:42:02 | 005,708,432 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
PRC - [2012/04/20 15:11:32 | 000,462,048 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe
PRC - [2012/03/26 10:14:26 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/10 18:01:48 | 000,505,152 | ---- | M] (D-Link Corp.) -- C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe
PRC - [2008/06/26 20:09:36 | 000,167,936 | ---- | M] () -- C:\Program Files\D-Link\DWA-130 revE\WlanWpsSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/30 14:47:12 | 002,139,328 | ---- | M] () -- C:\programs\Steam\video.dll
MOD - [2014/06/30 14:46:52 | 001,116,864 | ---- | M] () -- C:\programs\Steam\bin\chromehtml.dll
MOD - [2014/06/26 15:40:28 | 000,764,416 | ---- | M] () -- C:\programs\Steam\SDL2.dll
MOD - [2014/06/24 20:23:19 | 000,105,416 | ---- | M] () -- C:\programs\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win32.dll
MOD - [2014/06/24 20:23:18 | 000,483,784 | ---- | M] () -- C:\programs\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
MOD - [2014/06/24 20:23:18 | 000,477,128 | ---- | M] () -- C:\programs\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
MOD - [2014/06/24 20:23:18 | 000,092,104 | ---- | M] () -- C:\programs\TeamSpeak 3 Client\soundbackends\directsound_win32.dll
MOD - [2014/06/05 06:58:38 | 000,414,536 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppgooglenaclpluginchrome.dll
MOD - [2014/06/05 06:58:37 | 014,612,296 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
MOD - [2014/06/05 06:58:36 | 004,217,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
MOD - [2014/06/05 06:58:32 | 000,716,616 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
MOD - [2014/06/05 06:58:31 | 000,126,280 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\libegl.dll
MOD - [2014/06/05 06:58:30 | 001,732,424 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
MOD - [2014/05/30 18:27:20 | 001,116,672 | ---- | M] () -- C:\programs\Steam\libavcodec-55.dll
MOD - [2014/05/30 18:27:20 | 000,438,784 | ---- | M] () -- C:\programs\Steam\libavutil-53.dll
MOD - [2014/05/30 18:27:20 | 000,399,360 | ---- | M] () -- C:\programs\Steam\libavformat-55.dll
MOD - [2014/05/30 18:27:20 | 000,331,264 | ---- | M] () -- C:\programs\Steam\libavresample-1.dll
MOD - [2014/05/28 22:42:20 | 000,962,560 | ---- | M] () -- C:\programs\Origin\platforms\qwindows.dll
MOD - [2014/05/28 22:42:20 | 000,302,592 | ---- | M] () -- C:\programs\Origin\imageformats\qtiff.dll
MOD - [2014/05/28 22:42:20 | 000,261,632 | ---- | M] () -- C:\programs\Origin\imageformats\qmng.dll
MOD - [2014/05/28 22:42:20 | 000,217,088 | ---- | M] () -- C:\programs\Origin\imageformats\qjpeg.dll
MOD - [2014/05/28 22:42:20 | 000,025,088 | ---- | M] () -- C:\programs\Origin\imageformats\qico.dll
MOD - [2014/05/28 22:42:20 | 000,024,064 | ---- | M] () -- C:\programs\Origin\imageformats\qgif.dll
MOD - [2014/05/28 22:42:20 | 000,019,968 | ---- | M] () -- C:\programs\Origin\imageformats\qtga.dll
MOD - [2014/05/28 22:42:20 | 000,018,944 | ---- | M] () -- C:\programs\Origin\imageformats\qwbmp.dll
MOD - [2014/05/01 16:35:22 | 020,628,160 | ---- | M] () -- C:\programs\Steam\bin\libcef.dll
MOD - [2014/04/28 17:37:22 | 000,519,168 | ---- | M] () -- C:\programs\Steam\libswscale-2.dll
MOD - [2014/03/14 19:37:43 | 000,864,768 | ---- | M] () -- C:\programs\TeamSpeak 3 Client\platforms\qwindows.dll
MOD - [2014/03/14 19:37:43 | 000,677,376 | ---- | M] () -- C:\programs\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
MOD - [2014/03/14 19:37:43 | 000,242,688 | ---- | M] () -- C:\programs\TeamSpeak 3 Client\imageformats\qjpeg.dll
MOD - [2014/03/14 19:37:43 | 000,148,480 | ---- | M] () -- C:\programs\TeamSpeak 3 Client\quazip.dll
MOD - [2014/03/14 19:37:43 | 000,123,904 | ---- | M] () -- C:\programs\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll
MOD - [2014/03/14 19:37:43 | 000,025,600 | ---- | M] () -- C:\programs\TeamSpeak 3 Client\imageformats\qgif.dll
MOD - [2013/06/14 16:49:12 | 001,100,800 | ---- | M] () -- C:\programs\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 16:49:12 | 000,192,000 | ---- | M] () -- C:\programs\Steam\bin\avformat-53.dll
MOD - [2013/06/14 16:49:12 | 000,124,416 | ---- | M] () -- C:\programs\Steam\bin\avutil-51.dll
MOD - [2012/11/28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/06 17:15:10 | 000,376,832 | ---- | M] () -- C:\Program Files\D-Link\DWA-130 revE\WlanDll.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/05/30 01:28:30 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/05/13 19:22:49 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/25 22:06:38 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/11/20 02:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/26 21:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/09 20:20:39 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/02/09 19:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/02/06 17:10:54 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/11/09 15:59:16 | 000,103,272 | ---- | M] (Wondershare) [Auto | Running] -- C:\Program Files\Wondershare\Wondershare Application Center\WACService.exe -- (WACService)
SRV - [2012/07/17 02:10:32 | 000,364,416 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 02:10:30 | 000,276,864 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/17 02:10:16 | 000,165,760 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/06/29 18:56:30 | 000,136,704 | ---- | M] (MSI) [Auto | Running] -- C:\Program Files\MSI\Super-Charger\ChargeService.exe -- (MSI_SuperCharger)
SRV - [2012/04/20 15:11:32 | 000,462,048 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008/06/26 20:09:36 | 000,167,936 | ---- | M] () [Auto | Running] -- C:\Program Files\D-Link\DWA-130 revE\WlanWpsSvc.exe -- (WlanWpsSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTIOLib.sys -- (NTIOLib_1_0_C)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\CDriver.sys -- (MSICDSetup)
DRV - [2014/04/15 13:35:26 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/11/25 02:48:36 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/10/23 02:05:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/10/23 02:05:10 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/03/31 22:27:09 | 000,034,216 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsadb.sys -- (androidusb)
DRV - [2013/02/09 20:20:39 | 008,944,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/12/18 22:41:53 | 000,154,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2012/07/26 11:14:46 | 000,013,880 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Super-Charger\ipadtst.sys -- (ipadtst)
DRV - [2012/07/24 11:37:56 | 000,040,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ISCTD.sys -- (ISCT)
DRV - [2012/07/02 00:16:00 | 000,055,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2012/03/26 10:13:20 | 000,792,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV - [2012/03/26 10:13:20 | 000,349,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\iusb3hub.sys -- (iusb3hub)
DRV - [2012/03/26 10:13:20 | 000,015,640 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV - [2010/11/20 14:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 14:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 14:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 14:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 14:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 14:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 14:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 14:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 14:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/12/30 14:55:14 | 000,007,680 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\Super-Charger\NTIOLib.sys -- (NTIOLib_1_0_3)
DRV - [2009/08/21 17:57:10 | 000,573,440 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7NDKB_enUS522
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programs\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Programs\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\gcswf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: ActiveGS = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhndampajkkhamolmmnalddigpojomph\3.7.1019_0\
CHR - Extension: Google Wallet = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Super-Charger] C:\Program Files\MSI\Super-Charger\Super-Charger.exe (MSI)
O4 - HKLM..\Run: [USB3MON] C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [AVG-Secure-Search-Update_0913a] C:\Users\Jim\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 864b3161a60b47d3a5add1447c41290c-ab6aa1f13e284812cdc01e31a03dbfc7f0359402 --CMPID 0913a File not found
O4 - HKCU..\Run: [EADM] C:\Programs\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [ROC_ROC_APR2013_AV] C:\Users\Jim\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 864b3161a60b47d3a5add1447c41290c-ab6aa1f13e284812cdc01e31a03dbfc7f0359402 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013 File not found
O4 - HKCU..\Run: [Steam] C:\Programs\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: mypestpac.com ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7781BF4-4D60-4DBA-8F01-60FE2179B8FA}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF7C1432-75AE-4B23-9942-20105AB289C1}: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5695de47-6ff1-11e2-ae10-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5695de47-6ff1-11e2-ae10-806e6f6e6963}\Shell\AutoRun\command - "" = D:\ctrun\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/17 12:26:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/06/14 07:28:46 | 000,000,000 | ---D | C] -- C:\Users\Jim\Desktop\nashville
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/07 22:22:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/07 22:09:37 | 000,025,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/07 22:09:37 | 000,025,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/07 22:02:30 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/07 22:02:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/07 22:02:18 | 2786,107,392 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/07 21:47:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/07 15:07:44 | 000,000,209 | ---- | M] () -- C:\Users\Jim\Desktop\Sid Meier's Civilization V.url
[2014/06/17 12:26:10 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/07/07 15:07:44 | 000,000,209 | ---- | C] () -- C:\Users\Jim\Desktop\Sid Meier's Civilization V.url
[2014/05/29 01:47:02 | 000,138,056 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2014/05/29 01:47:00 | 000,138,056 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\PnkBstrK.sys
[2014/05/29 01:46:45 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2014/05/29 01:46:44 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2014/04/17 23:02:18 | 002,592,080 | ---- | C] () -- C:\Users\Jim\ts3_recording_14_04_17_23_2_10.wav
[2014/04/06 22:27:00 | 000,000,027 | ---- | C] () -- C:\Windows\pversion.dat
[2013/05/29 12:55:17 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2013/03/31 22:12:22 | 000,134,144 | ---- | C] () -- C:\Windows\System32\sqlite3_mod_fts3.dll
[2013/03/31 22:12:22 | 000,059,392 | ---- | C] () -- C:\Windows\System32\sqlite3_mod_csvtable.dll
[2013/03/31 22:12:22 | 000,056,832 | ---- | C] () -- C:\Windows\System32\sqlite3_mod_extfunc.dll
[2013/03/31 22:12:22 | 000,055,808 | ---- | C] () -- C:\Windows\System32\sqlite3_mod_rtree.dll
[2013/03/31 22:12:22 | 000,055,296 | ---- | C] () -- C:\Windows\System32\sqlite3_mod_impexp.dll
[2013/03/31 22:12:22 | 000,000,191 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013/03/31 22:12:22 | 000,000,145 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/02/12 11:01:41 | 000,000,012 | ---- | C] () -- C:\Windows\Ulead32.ini
[2013/02/06 11:52:54 | 000,000,257 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2013/02/05 17:49:27 | 003,035,306 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2013/02/05 17:31:10 | 000,290,813 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/07/24 11:37:56 | 000,040,896 | ---- | C] () -- C:\Windows\System32\drivers\ISCTD.sys
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 19:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/04/24 15:04:36 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\.minecraft
[2013/02/05 18:01:49 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\AVG2013
[2013/02/12 11:30:50 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Leadertech
[2014/05/30 12:53:26 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Origin
[2013/11/05 19:37:37 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\SIX Networks
[2013/03/04 12:06:52 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\SplitMediaLabs
[2014/07/07 22:04:33 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\TS3Client
[2013/11/04 20:38:53 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\ts3overlay
[2013/02/05 18:01:04 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\TuneUp Software
[2013/02/14 16:24:41 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Ulead Systems
[2013/06/04 13:03:15 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Wargaming.net
[2013/03/31 22:26:36 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Wondershare
 
========== Purity Check ==========
 
 
 
< End of report >
 

  • 0

Advertisements

#2
tr41nwr3ck
Posted 12 July 2014 - 05:51 PM

tr41nwr3ck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Did I post my OTL log improperly?  Thank you.  


  • 0

#3
tr41nwr3ck
Posted 18 July 2014 - 03:09 AM

tr41nwr3ck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

any help is greatly appreciated.  Thank You


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP