Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Internet not working from maleware

Started by musicfrk , May 08 2013 01:30 PM

  • Please log in to reply

#1
musicfrk
Posted 08 May 2013 - 01:30 PM

musicfrk

    Member

  • Member
  • PipPip
  • 87 posts
About 4 days ago I was on Facebook when I stupidly clicked on a Facebook link from a friend whose account it turned out had been hacked. When I clicked on the link my antivirus(kaspersky) popped up and told me that it was a phishing url and it did not open the link. I thought my antivirus had taken care of the problem however in the following days my internet has been more and more unresponsive. Recently it is almost completely unusable. I have never had any internet problems before with this computer and the timing leads me to believe that I may be infected with something. Also yesterday I noticed that my antivirus turned off randomly for a couple of seconds before turning back on which is also very suspicious. Ive run full scans with kaspersky both normally and in safe mode without networking but have been unable to find any problem. Any help you can offer would be greatly appreciated.
Here is my otl log.
OTL logfile created on: 5/8/2013 3:11:01 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Daniel\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.47 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 71.96% Memory free
6.94 Gb Paging File | 5.47 Gb Available in Paging File | 78.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 629.05 Gb Free Space | 67.54% Space Free | Partition Type: NTFS
Drive D: | 620.40 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 4.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 495.84 Mb Total Space | 82.39 Mb Free Space | 16.62% Space Free | Partition Type: FAT

Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/08 15:05:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
PRC - [2013/05/03 19:35:30 | 001,635,752 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2013/05/03 19:35:30 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2013/03/07 18:53:35 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2013/01/18 10:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013/01/18 10:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/12/03 11:39:40 | 001,259,880 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/11/29 22:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/08/13 11:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 11:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2012/08/10 00:12:18 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/07/17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/06/25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/06/12 09:42:02 | 005,708,432 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
PRC - [2012/04/20 15:11:32 | 000,462,048 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe
PRC - [2011/04/24 22:01:02 | 000,219,008 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHSA.EXE
PRC - [2011/04/24 22:00:02 | 000,130,944 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 21:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE


========== Modules (No Company Name) ==========

MOD - [2013/05/03 19:35:30 | 001,114,536 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2013/04/23 22:30:08 | 000,652,800 | ---- | M] () -- C:\Program Files\Steam\SDL2.dll
MOD - [2013/03/26 20:16:40 | 020,341,672 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2012/12/11 13:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-53.dll
MOD - [2012/12/11 13:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-53.dll
MOD - [2012/12/11 13:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-51.dll
MOD - [2012/11/28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/08/17 22:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2012/08/10 17:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll


========== Services (SafeList) ==========

SRV - [2013/05/03 19:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/04/11 23:17:56 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/02 17:06:52 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/07 18:53:35 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/01/06 01:19:12 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/12/03 11:39:40 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/07/17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/06/25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/04/20 15:11:32 | 000,462,048 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2011/04/24 22:00:02 | 000,130,944 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE -- (EPSON_PM_RPCV4_05)
SRV - [2010/11/20 17:29:25 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 17:29:25 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 17:29:25 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2013/04/24 08:40:55 | 000,594,528 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2013/04/24 08:40:55 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2013/04/24 08:40:55 | 000,044,432 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2013/03/07 19:05:08 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2013/03/07 19:05:08 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2013/02/26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/08/02 16:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2012/07/02 16:16:00 | 000,055,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2012/06/19 18:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2010/11/20 17:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 17:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 17:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 0A 19 61 89 F2 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4307
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/04/24 08:40:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/04/24 08:40:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/04/24 08:40:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/04/24 08:40:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/04/24 08:40:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/11 23:17:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/11 23:17:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/01/05 22:02:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions
[2013/03/23 18:03:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\qjwbw9xn.default\extensions
[2013/03/23 18:03:47 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\qjwbw9xn.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/03/08 10:22:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/24 08:40:57 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\[email protected]
[2013/04/11 23:17:56 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/29 04:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/27 00:28:17 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIHSA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [1998/12/13 03:43:32 | 000,000,040 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2005/08/30 11:08:52 | 000,000,145 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010/11/06 23:49:34 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{3b5596ff-b7e9-11e2-a353-3085a9b2d3bd}\Shell - "" = AutoRun
O33 - MountPoints2\{3b5596ff-b7e9-11e2-a353-3085a9b2d3bd}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2005/08/30 11:08:52 | 000,925,696 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/08 15:10:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
[2013/05/08 13:44:48 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Diagnostics
[2013/05/03 13:27:13 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Might & Magic Heroes VI
[2013/05/03 13:27:13 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Might & Magic Heroes VI
[2013/04/29 17:38:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BOSS
[2013/04/29 17:38:03 | 000,000,000 | ---D | C] -- C:\BOSS
[2013/04/27 09:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/04/27 09:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/04/27 09:48:31 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Google
[2013/04/27 09:48:29 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/04/26 17:05:48 | 000,000,000 | ---D | C] -- C:\inetpub
[2013/04/26 17:05:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\BestPractices
[2013/04/26 17:00:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2013/04/26 16:59:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive
[2013/04/26 16:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2013/04/26 16:56:16 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Fallout3
[2013/04/13 13:01:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2013/04/13 13:01:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2013/04/13 13:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/08 15:12:17 | 000,681,636 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/08 15:12:17 | 000,125,548 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/08 15:05:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
[2013/05/08 14:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/08 10:19:13 | 000,020,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/08 10:19:13 | 000,020,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/08 10:12:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/08 10:11:58 | 2795,778,048 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/03 11:03:22 | 000,000,215 | ---- | M] () -- C:\Users\Daniel\Desktop\Might & Magic Heroes VI.url
[2013/04/29 17:15:54 | 000,001,047 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2013/04/27 09:56:40 | 000,124,772 | ---- | M] () -- C:\Users\Daniel\Documents\cc_20130427_095625.reg
[2013/04/27 09:50:05 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/04/26 15:03:26 | 000,000,215 | ---- | M] () -- C:\Users\Daniel\Desktop\Fallout 3 - Game of the Year Edition.url
[2013/04/25 21:00:09 | 000,001,652 | ---- | M] () -- C:\Users\Public\Desktop\Fallout 2.lnk
[2013/04/24 08:40:55 | 000,594,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klif.sys
[2013/04/24 08:40:55 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\kneps.sys
[2013/04/24 08:40:55 | 000,044,432 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\kltdi.sys
[2013/04/24 08:40:54 | 000,074,848 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\klflt.sys
[2013/04/23 17:40:02 | 000,137,992 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013/04/23 17:39:53 | 000,291,088 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2013/04/23 17:39:28 | 000,280,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2013/04/14 10:21:54 | 000,001,593 | ---- | M] () -- C:\Users\Public\Desktop\Fallout.lnk
[2013/04/10 08:54:32 | 000,294,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/03 11:03:22 | 000,000,215 | ---- | C] () -- C:\Users\Daniel\Desktop\Might & Magic Heroes VI.url
[2013/04/27 09:56:28 | 000,124,772 | ---- | C] () -- C:\Users\Daniel\Documents\cc_20130427_095625.reg
[2013/04/27 09:50:05 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/04/26 15:03:26 | 000,000,215 | ---- | C] () -- C:\Users\Daniel\Desktop\Fallout 3 - Game of the Year Edition.url
[2013/04/25 21:00:09 | 000,001,652 | ---- | C] () -- C:\Users\Public\Desktop\Fallout 2.lnk
[2013/04/14 10:21:54 | 000,001,593 | ---- | C] () -- C:\Users\Public\Desktop\Fallout.lnk
[2013/03/20 14:08:13 | 000,138,056 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\PnkBstrK.sys
[2013/03/17 15:21:22 | 000,035,281 | ---- | C] () -- C:\Windows\scunin.dat
[2013/02/04 19:59:57 | 000,017,408 | ---- | C] () -- C:\Users\Daniel\AppData\Local\WebpageIcons.db
[2013/01/05 03:08:20 | 000,290,813 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2013/01/05 03:07:27 | 000,046,067 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2013/01/05 03:04:36 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013/01/05 03:04:31 | 000,033,715 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2013/01/04 18:34:04 | 000,000,531 | ---- | C] () -- C:\Windows\eReg.dat
[2013/01/04 16:41:01 | 000,137,992 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013/01/04 16:38:44 | 000,291,088 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2013/01/04 16:38:41 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/09/28 11:45:16 | 000,246,272 | ---- | C] () -- C:\Windows\System32\rtvcvfw64.dll
[2012/09/28 11:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\System32\rtvcvfw32.dll
[2012/04/20 14:57:00 | 000,001,536 | ---- | C] () -- C:\Windows\System32\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 17:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/08 16:12:33 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\.minecraft
[2013/01/04 15:04:59 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\CheckPoint
[2013/01/04 14:44:18 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\MailFrontier
[2013/05/08 12:45:43 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Might & Magic Heroes VI
[2013/01/19 00:02:06 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\OpenOffice.org
[2013/01/17 15:27:28 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Origin
[2013/01/17 16:55:27 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\SPORE
[2013/01/25 14:53:11 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\The Creative Assembly
[2013/04/27 09:56:08 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TS3Client
[2013/01/15 15:53:17 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ts3overlay
[2013/04/27 09:56:08 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\uTorrent

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Jintan
Posted 15 May 2013 - 07:12 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Hello musicfrk, and sorry for the wait. Let's take a look, if you still need assistance.


The system is Windows 7, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"



To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Download HijackThis from Here. Then click on the downloaded file, and install HijackThis.

In HijackThis, click Config - Misc Tools - Open Uninstall Manager.

Click on Save List, then save that to a location you can locate again (such as the desktop). Copy/paste the contents of that back here please.

-------

Download RogueKiller from here to your desktop.

Close all open programs
Remember to right click -> run as administrator, and click the downloaded file.
Wen RogueKiller finises it's opening scan, press the Scan button..
A RKreport.txt will be created in the same location as the RogueKiller file.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe, and try again.

Please post the contents of the RKreport.txt.
  • 0

#3
musicfrk
Posted 19 May 2013 - 06:10 PM

musicfrk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
After some more messing around and looking online I was able to solve my problem on my own. Thank you for the reply however.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP