Jump to content

internet is slow


Recommended Posts

Hi all,

I've a Windows 7 64bit pc with an i7 cpu and have fibre optic broadband and I usually get great speeds but a few weeks ago my internet went really slow,at first I thought it was my isp or the router so I contacted them an engineer was sent and checks made and everything was fine.

My next step was to check for viruses and I found a trojan that I didn't seem to be able to get rid off,so I formatted the hard drive and reinstalled windows.

Sorry but I can't remember the name of the trojan,but anyway after reinstalling windows everything was fine for a few weeks now the problems back!

I seem to have loads of connections running,I've tried running lots of different adware programs but I can't find the problem (also I bought Kaspersky and installed it as soon as I had installed windows again but it's found nothing)

Adwcleaner log

# AdwCleaner v2.104 - Logfile created 01/06/2013 at 12:14:17

# Updated 29/12/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : ian - IAN-PC

# Boot Mode : Normal

# Running from : C:\Users\ian\Downloads\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Users\ian\AppData\Local\Wajam

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\ian\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [884 octets] - [06/01/2013 11:59:36]

AdwCleaner[R2].txt - [816 octets] - [06/01/2013 12:14:18]

########## EOF - C:\AdwCleaner[R2].txt - [875 octets] ##########

malwarebytes

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.05.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

ian :: IAN-PC [administrator]

06/01/2013 12:15:48

mbam-log-2013-01-06 (12-15-48).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 228123

Time elapsed: 1 minute(s), 35 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

dds

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2

Run by ian at 12:20:22 on 2013-01-06

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8144.6085 [GMT 0:00]

.

AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\System32\svchost.exe -k secsvcs

c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll

mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [RUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe"

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm

IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

TCP: NameServer = 192.168.1.254 192.168.1.254

TCP: Interfaces\{FA5BF22E-0260-4B31-BEEE-79796DE08141} : DHCPNameServer = 192.168.1.254 192.168.1.254

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll

x64-Run: [CAHS1Sound] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CAHS1.dll,CMICtrlWnd

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4

x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2012-12-15 562456]

R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2012-12-15 23832]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504]

R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-6-8 54104]

R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178008]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-12-14 98208]

R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-8-17 356376]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]

R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-5-25 29016]

R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-7-25 29528]

R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2012-11-19 13368]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-12-14 539240]

R3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);C:\Windows\System32\drivers\rusb3hub.sys [2011-9-15 100352]

R3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);C:\Windows\System32\drivers\rusb3xhc.sys [2011-9-15 216064]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S3 CorsairCAHS1;CA-HS1 Interface;C:\Windows\System32\drivers\CAHS164.sys [2011-6-16 1308160]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-16 80384]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-16 180736]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-17 19456]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-17 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-17 30208]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-17 1255736]

.

=============== Created Last 30 ================

.

2013-01-06 11:55:23 -------- d-----w- C:\Program Files\CCleaner

2013-01-05 19:36:50 -------- d-sh--w- C:\$RECYCLE.BIN

2013-01-05 19:24:32 98816 ----a-w- C:\Windows\sed.exe

2013-01-05 19:24:32 256000 ----a-w- C:\Windows\PEV.exe

2013-01-05 19:24:32 208896 ----a-w- C:\Windows\MBR.exe

2013-01-05 19:24:29 -------- d-----w- C:\ComboFix

2013-01-05 15:58:42 12872 ----a-w- C:\Windows\System32\bootdelete.exe

2013-01-05 15:55:46 -------- d-----w- C:\ProgramData\HitmanPro

2013-01-05 15:19:20 -------- d-----w- C:\Users\ian\AppData\Roaming\SUPERAntiSpyware.com

2013-01-05 15:19:15 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2013-01-05 15:19:15 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2013-01-05 13:03:20 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2013-01-05 13:03:20 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2013-01-05 12:31:14 -------- d-----w- C:\Users\ian\AppData\Local\Wajam

2013-01-05 11:30:35 -------- d-----w- C:\Windows\pss

2013-01-05 11:25:02 -------- d-----w- C:\Users\ian\AppData\Roaming\Malwarebytes

2013-01-05 11:24:56 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-01-05 11:24:56 -------- d-----w- C:\ProgramData\Malwarebytes

2013-01-05 11:24:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-01-05 11:24:45 -------- d-----w- C:\Users\ian\AppData\Local\Programs

2013-01-04 08:30:41 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CFCFD804-A8F6-4E3D-A8D1-71F6C7285212}\mpengine.dll

2013-01-02 16:24:15 -------- d-----w- C:\ProgramData\EA Core

2013-01-02 16:24:03 -------- d-----w- C:\ProgramData\EA Logs

2013-01-02 16:22:16 -------- d-----w- C:\Users\ian\AppData\Local\ESN Sonar

2013-01-02 16:04:42 -------- d-----w- C:\Users\ian\AppData\Local\ESN

2013-01-02 16:04:41 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins

2013-01-01 20:59:15 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller

2013-01-01 20:22:44 -------- d-----w- C:\Users\ian\AppData\Roaming\Origin

2013-01-01 20:22:43 -------- d-----w- C:\Program Files (x86)\Origin Games

2013-01-01 20:22:34 -------- d-----w- C:\Users\ian\AppData\Local\Origin

2013-01-01 20:21:53 -------- d-----w- C:\ProgramData\Origin

2013-01-01 20:21:52 -------- d-----w- C:\ProgramData\Electronic Arts

2013-01-01 20:21:43 -------- d-----w- C:\Program Files (x86)\Origin

2013-01-01 19:37:28 -------- d-----w- C:\Program Files\Speccy

2012-12-29 14:14:12 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

2012-12-28 21:07:46 -------- d-----w- C:\Users\ian\AppData\Local\NBGI

2012-12-22 17:50:02 890216 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-12-22 17:50:02 63336 ----a-w- C:\Windows\System32\nvshext.dll

2012-12-22 17:50:02 6223208 ----a-w- C:\Windows\System32\nvcpl.dll

2012-12-22 17:50:02 3663213 ----a-w- C:\Windows\System32\nvcoproc.bin

2012-12-22 17:50:02 3311464 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-12-22 17:50:02 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll

2012-12-22 17:50:02 118120 ----a-w- C:\Windows\System32\nvmctray.dll

2012-12-22 17:46:30 -------- d-----w- C:\NVIDIA

2012-12-22 17:36:40 -------- d-----w- C:\Program Files (x86)\Phyxion.net

2012-12-22 01:22:09 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-22 01:22:09 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-22 01:22:08 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-22 01:22:07 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-21 19:06:37 -------- d-----w- C:\Users\ian\AppData\Local\My Games

2012-12-18 15:27:54 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-12-18 15:27:50 -------- d-----w- C:\Users\ian\AppData\Local\PunkBuster

2012-12-18 11:56:21 -------- d-----w- C:\Users\ian\AppData\Local\CrashRpt

2012-12-18 11:54:59 281032 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-12-18 11:54:59 280792 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-12-18 11:54:58 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2012-12-17 21:47:47 -------- d-----w- C:\Users\ian\AppData\Roaming\Corsair

2012-12-17 21:47:46 8724480 ------w- C:\Windows\SysWow64\CAHS1.dll

2012-12-17 21:47:46 798208 ------w- C:\Windows\System32\CAHS1.exe

2012-12-17 21:47:46 401920 ------w- C:\Windows\System32\CAHS1.cpl

2012-12-17 21:47:46 200704 ------w- C:\Windows\SysWow64\cmpaHS1.dll

2012-12-17 21:47:46 143360 ------w- C:\Windows\VmixHS1.dll

2012-12-17 21:47:46 -------- d-----w- C:\Program Files\Corsair USB Headset

2012-12-17 21:47:43 354304 ------w- C:\Windows\System32\CmiInstallResAll64.dll

2012-12-17 18:58:30 -------- d-----w- C:\Users\ian\AppData\Local\ElevatedDiagnostics

2012-12-17 18:40:21 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-12-17 18:38:22 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls

2012-12-17 17:01:57 -------- d-----w- C:\Users\ian\AppData\Local\SCE

2012-12-17 15:23:20 -------- d-----w- C:\Windows\SysWow64\directx

2012-12-17 15:22:56 -------- d-----w- C:\Program Files (x86)\MSI Afterburner

2012-12-17 08:13:13 -------- d-----w- C:\Windows\SysWow64\Wat

2012-12-17 08:13:12 -------- d-----w- C:\Windows\System32\Wat

2012-12-17 02:01:17 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2012-12-17 02:01:17 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2012-12-17 02:01:17 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2012-12-17 02:01:17 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2012-12-17 01:55:14 294912 ----a-w- C:\Windows\System32\browserchoice.exe

2012-12-17 01:50:06 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2012-12-17 01:50:06 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2012-12-17 01:50:06 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2012-12-17 01:50:06 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2012-12-17 01:50:05 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2012-12-17 01:50:05 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2012-12-17 01:50:05 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2012-12-17 01:48:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-12-17 01:48:50 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-12-17 01:48:50 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-12-17 01:48:50 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-12-17 01:48:50 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-12-16 10:07:57 -------- d-----w- C:\Program Files (x86)\FinalWire

2012-12-16 06:42:57 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-12-16 06:40:56 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-12-16 06:39:46 64512 ----a-w- C:\Windows\SysWow64\devobj.dll

2012-12-16 06:38:58 1731920 ----a-w- C:\Windows\System32\ntdll.dll

2012-12-16 06:38:58 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll

2012-12-16 06:38:55 751104 ----a-w- C:\Windows\System32\win32spl.dll

2012-12-16 06:38:55 67072 ----a-w- C:\Windows\splwow64.exe

2012-12-16 06:38:55 559104 ----a-w- C:\Windows\System32\spoolsv.exe

2012-12-16 06:38:55 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2012-12-16 06:38:48 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-12-16 06:38:48 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2012-12-16 06:38:48 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-12-16 06:38:47 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-12-16 06:38:47 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-12-16 06:38:47 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-12-16 06:35:38 77312 ----a-w- C:\Windows\System32\packager.dll

2012-12-16 06:35:38 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-12-16 06:34:01 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-12-15 14:15:06 -------- d-----w- C:\Users\ian\AppData\Roaming\.minecraft

2012-12-15 14:13:36 916456 ----a-w- C:\Windows\System32\deployJava1.dll

2012-12-15 14:13:35 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll

2012-12-15 14:13:31 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2012-12-15 14:08:10 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-12-15 14:08:10 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-12-15 14:08:06 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-12-15 03:43:36 -------- d-----w- C:\Windows\Panther

2012-12-15 03:43:04 -------- d-----w- C:\Windows\System32\OEM

2012-12-15 03:43:04 -------- d-----w- C:\Hotfix

2012-12-15 03:43:04 -------- d-----w- C:\Drivers

2012-12-15 03:27:06 562456 ----a-w- C:\Windows\System32\drivers\iaStorA.sys

2012-12-15 03:27:06 23832 ----a-w- C:\Windows\System32\drivers\iaStorF.sys

2012-12-14 23:35:58 508264 ----a-w- C:\Windows\System32\d3dx10_36.dll

2012-12-14 23:34:51 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll

2012-12-14 23:34:51 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll

2012-12-14 23:34:51 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll

2012-12-14 23:34:19 -------- d-----w- C:\Windows\SysWow64\xlive

2012-12-14 23:34:15 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE

2012-12-14 22:52:56 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2012-12-14 22:52:55 -------- d-----w- C:\Program Files (x86)\Steam

2012-12-14 21:54:05 -------- d-----r- C:\Program Files (x86)\Skype

2012-12-14 21:48:29 -------- d-----w- C:\Users\ian\AppData\Local\Google

2012-12-14 21:48:21 -------- d-----w- C:\Users\ian\AppData\Local\Deployment

2012-12-14 21:48:21 -------- d-----w- C:\Users\ian\AppData\Local\Apps

2012-12-14 21:43:28 8192 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll

2012-12-14 21:43:14 56600 ----a-w- C:\Windows\System32\drivers\HECIx64.sys

2012-12-14 21:33:24 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll

2012-12-14 21:33:14 -------- d-----w- C:\Intel

2012-12-14 21:16:34 60776 ----a-w- C:\Windows\System32\OpenCL.dll

2012-12-14 21:16:34 52584 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2012-12-14 21:16:18 64856 ----a-w- C:\Windows\System32\klfphc.dll

2012-12-14 21:15:54 -------- d-----w- C:\Windows\ELAMBKUP

2012-12-14 21:15:50 -------- d-----w- C:\ProgramData\Kaspersky Lab

2012-12-14 21:15:50 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab

2012-12-14 21:15:44 89432 ----a-w- C:\Windows\System32\drivers\klflt.sys

2012-12-14 21:15:09 -------- d-----w- C:\Program Files\NVIDIA Corporation

2012-12-14 21:15:09 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation

2012-12-14 21:12:48 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-12-14 21:12:48 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-12-14 21:12:48 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-12-14 21:09:27 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-12-14 21:09:23 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-12-14 21:09:19 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-12-14 21:09:19 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-12-14 21:08:34 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll

2012-12-14 21:08:34 539240 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys

2012-12-14 21:08:34 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll

2012-12-14 20:58:59 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll

2012-12-14 20:58:59 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll

2012-12-14 20:58:59 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2012-12-14 20:58:59 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll

2012-12-14 20:58:59 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll

2012-12-14 20:58:59 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll

2012-12-14 20:19:02 -------- d-----w- C:\Users\ian\AppData\Local\Diagnostics

2012-12-14 19:55:08 -------- d-----w- C:\dell

.

==================== Find3M ====================

.

2012-12-14 21:32:02 54104 ----a-w- C:\Windows\System32\drivers\kltdi.sys

2012-12-14 21:32:02 29528 ----a-w- C:\Windows\System32\drivers\klmouflt.sys

2012-12-14 21:32:02 29016 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys

2012-11-30 22:43:52 438632 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

.

============= FINISH: 12:20:52.39 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 14/12/2012 19:50:44

System Uptime: 06/01/2013 12:02:25 (0 hours ago)

.

Motherboard: Alienware | | 07JNH0

Processor: Intel® Core i7-3930K CPU @ 3.20GHz | CPU 1 | 3201/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 820.549 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

AIDA64 Extreme Edition v2.70

Batman: Arkham City™

Battlefield 3™

Battlelog Web Plugins

CCleaner

Corsair USB Headset

Dark Souls: Prepare to Die Edition

Dota 2

Driver Sweeper version 3.2.0

ESN Sonar

Garry's Mod

Google Chrome

Google Update Helper

Intel® Management Engine Components

Java 7 Update 9

Java 7 Update 9 (64-bit)

Java Auto Updater

Kaspersky Internet Security 2013

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft .NET Framework 4 Client Profile

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)

Microsoft Games for Windows - LIVE Redistributable

Microsoft Silverlight

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MSI Afterburner 2.3.0

NVIDIA 3D Vision Controller Driver 310.70

NVIDIA 3D Vision Driver 310.70

NVIDIA Control Panel 310.70

NVIDIA Graphics Driver 310.70

NVIDIA HD Audio Driver 1.3.18.0

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.1031

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.11.3

NVIDIA Update Components

Origin

PlanetSide 2

PunkBuster Services

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Red Orchestra 2: Heroes of Stalingrad

Renesas Electronics USB 3.0 Host Controller Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Sid Meier's Civilization V

Skype™ 6.0

Speccy

Steam

SUPERAntiSpyware

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Windows Live ID Sign-in Assistant

WinRAR 4.20 (64-bit)

.

==== Event Viewer Messages From Past Week ========

.

05/01/2013 19:48:54, Error: bowser [8003] - The master browser has received a server announcement from the computer ADHARRY-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{FA5BF22E-0260-4B31-BEEE-79796DE08141}. The master browser is stopping or an election is being forced.

05/01/2013 19:28:35, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

05/01/2013 19:28:33, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

05/01/2013 19:28:09, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

05/01/2013 19:24:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

05/01/2013 18:33:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

05/01/2013 18:33:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

05/01/2013 18:33:37, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

05/01/2013 18:33:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

05/01/2013 18:33:23, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache KLIF kneps SASDIFSV SASKUTIL spldr Wanarpv6

05/01/2013 15:40:08, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

05/01/2013 15:40:08, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

05/01/2013 14:31:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service gupdatem with arguments "/comsvc" in order to run the server: {9465B4B4-5216-4042-9A2C-754D3BCDC410}

05/01/2013 14:31:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

05/01/2013 13:42:37, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache KLIF kneps spldr Wanarpv6

04/01/2013 11:35:28, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

.

==== End Of File ===========================modify_inline.gif

Hijack this

ogfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:45:42, on 06/01/2013

Platform: Unknown Windows (WinNT 6.01.3505 SP1)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll

O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [RUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe"

O4 - HKUS\S-1-5-21-2940810599-3561592805-2472969296-1002\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-2940810599-3561592805-2472969296-1002\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm

O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O13 - Gopher Prefix:

O15 - Trusted Zone: *.clonewarsadventures.com

O15 - Trusted Zone: *.freerealms.com

O15 - Trusted Zone: *.soe.com

O15 - Trusted Zone: *.sony.com

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 9353 bytes

Link to post
Share on other sites

:welcome: I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. :)

Please read all these directions before proceeding.

When you have the .ISO file downloaded, you need to create a bootable disk or flash drive with it, using a clean PC to do that. The .ISO file is a disk image. It should NOT be burned as a regular file. You need a program like ImgBurn that can burn an .ISO image. I think a CD is best as there is no way anything can write on it after it is made, but the USB may be more convenient and easier.

Be sure to read these:

Download Kaspersky Rescue Disk 10

How to record Kaspersky Rescue Disk 10 to an USB device and boot my computer from it?

How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?

  • Please go to a clean computer
  • Download the .iso image file.
  • Create a CD (or flash drive if you prefer).
  • On the infected computer: put the disk in the drive and reboot.

Follow the directions here, but you will find some differences.

Familiarise yourself with How to create a report file in Kaspersky Rescue Disk 10?

Then, please print the following directions:

Boot from Kaspersky Rescue Disk 10:

Restart your computer and put the disk in the drive while booting.

Press any key. A loading wizard will start (you will see the menu to select the required language). If you do not press any key in 10 seconds, the computer boots from hard drive automatically.

Select the required interface language using the arrow-keys on your keyboard.

Press the Enter key on the keyboard.

In the start up wizard window that opens, select the Kaspersky Rescue Disk. Graphic Mode

Click Enter.

Click 'A' to accept the agreement.

Select operating system from dropdown menu (select Windows whatever).

Select Objects to scan: check Disk boot sectors, Hidden startup objects, C:

Click My Update Center and update.

Back to other tab and click Start Object Scan.

When scan has completed save a report:

On the upper part of the Kaspersky Rescue Disk window, click on the Report link.

On the bottom right hand corner of the Protection status - Kaspersky Rescue Disk window, click on the Detailed Report button.

On the upper right hand corner of the Detailed report window, click on the Save button.

After clicking Detailed Report and 'SAVE', a browse window opens.

Double-click on the \

Click 'disks'.

All your drives will be shown and you can easily double-click C and save the report to C:\KasperskyRescueDisk10.txt.

Click on the Save button.

The report has been saved to the file.

Remove the disk from the drive (or disconnect USB) and reboot normally.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.