Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Kaspersky found vulnerbilities on my PC

This is a discussion on Kaspersky found vulnerbilities on my PC within the Resolved HJT Threads forums, part of the Tech Support Forum category. Here is dds.txt (header removed for privacy reasons):- AV: Kaspersky Internet Security *Disabled/Updated* {B41C7598-35F6-4D89-7D0E-7ADE69B4047B} SP: Kaspersky Internet Security *Enabled/Updated* {0F7D947C-13CC-4207-47BE-41AC12334EC6}


 
 
Thread Tools Search this Thread
Old 06-07-2017, 04:40 PM   #1
Registered Member
 
Join Date: Jun 2017
Posts: 18
OS: Win7



Here is dds.txt (header removed for privacy reasons):-

AV: Kaspersky Internet Security *Disabled/Updated* {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
SP: Kaspersky Internet Security *Enabled/Updated* {0F7D947C-13CC-4207-47BE-41AC12334EC6}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Extreme Picture Finder 3\EPF.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
uRun: [SuperCopier2.exe] c:\program files\supercopier2\SuperCopier2.exe
mRun: [USB Security] c:\program files\usb disk security\USBGuard.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2013\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
TCP: NameServer = 192.168.10.1
TCP: Interfaces\{091DB5C2-36F9-423B-B070-492FA38509E8} : DHCPNameServer = 192.168.10.1
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\moaxxam\appdata\roaming\mozilla\firefox\profiles\d4o397bv.default\
FF - plugin: c:\program files\verimatrix\viewright web\npViewRight.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-3-28 24064]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2012-8-2 25696]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2013-3-6 44000]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 145224]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2013-3-6 356128]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6032.sys [2009-7-14 164864]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2013-3-6 25696]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2013-3-6 25696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2017-4-5 317400]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2017-06-07 21:39:22 -------- d-----w- c:\programdata\Extreme Picture Finder
2017-06-07 21:39:22 -------- d-----w- c:\program files\Extreme Picture Finder 3
2017-06-07 20:59:24 -------- d-----w- c:\program files\ConvertHelper3
2017-06-07 20:59:17 -------- d-----w- c:\users\moaxxam\appdata\local\Programs
2017-06-07 20:29:15 -------- d-----w- c:\users\moaxxam\dwhelper
2017-06-07 20:02:00 -------- d-----w- c:\users\moaxxam\Tracing
2017-06-07 20:01:49 -------- d-----r- c:\program files\Skype
2017-06-07 19:58:13 -------- d-----w- c:\programdata\Package Cache
2017-06-07 14:30:39 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2017-06-07 14:29:42 -------- d-----w- c:\programdata\Verimatrix
2017-06-07 07:40:02 -------- d-----w- c:\users\moaxxam\appdata\roaming\WhatsApp
2017-06-07 07:39:48 -------- d-----w- c:\users\moaxxam\appdata\local\WhatsApp
2017-06-07 07:39:31 -------- d-----w- c:\users\moaxxam\appdata\local\SquirrelTemp
2017-06-07 07:19:34 -------- d-----w- c:\program files\common files\AV
2017-06-07 07:11:32 -------- d-----w- c:\windows\Migration
2017-06-07 07:05:18 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2017-06-07 07:05:18 49472 ----a-w- c:\windows\system32\netfxperf.dll
2017-06-07 07:05:18 297808 ----a-w- c:\windows\system32\mscoree.dll
2017-06-07 07:05:18 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2017-06-07 07:05:18 1130824 ----a-w- c:\windows\system32\dfshim.dll
2017-06-07 07:03:34 -------- d-----w- c:\windows\ELAMBKUP
2017-06-07 07:03:32 -------- d-----w- c:\programdata\Kaspersky Lab
2017-06-07 07:03:32 -------- d-----w- c:\program files\Kaspersky Lab
2017-06-07 07:03:27 74848 ----a-w- c:\windows\system32\drivers\klflt.sys
2017-06-07 06:43:40 10555024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2d18c77f-f06c-4051-b7a6-584794d2b011}\mpengine.dll
2017-06-07 06:32:53 736952 ----a-w- c:\programdata\microsoft\ehome\packages\sportsv2\sportstemplatecore\Microsoft.MediaCenter.Sports.UI.dll
2017-06-07 06:32:20 1707160 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup\markup.dll
2017-06-07 06:31:32 42168 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\dsm\StartResources.dll
2017-06-07 06:31:23 539984 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2017-06-07 06:25:31 -------- d-----w- c:\users\moaxxam\appdata\roaming\Opera Software
2017-06-07 06:25:31 -------- d-----w- c:\users\moaxxam\appdata\local\Opera Software
2017-06-06 06:31:44 -------- d-----w- c:\users\moaxxam\appdata\local\Microsoft Help
2017-06-02 19:21:47 -------- d-----w- c:\users\moaxxam\appdata\local\ACDPhotoEditor
2017-06-01 19:11:08 -------- d-----w- c:\users\moaxxam\appdata\roaming\MPC-HC
2017-05-31 20:11:56 -------- d-----w- c:\program files\SuperCopier2
2017-05-31 07:01:14 315904 ----a-w- c:\windows\IsUninst.exe
2017-05-22 17:55:36 -------- d-----w- c:\windows\Panther
2017-05-22 06:57:44 -------- d-----w- c:\programdata\ACD Systems
2017-05-22 06:57:44 -------- d-----w- c:\program files\common files\ACD Systems
2017-05-22 06:57:44 -------- d-----w- c:\program files\ACD Systems
2017-05-22 06:55:59 -------- d-----w- c:\windows\Downloaded Installations
2017-05-22 06:45:19 30512 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
2017-05-22 06:45:19 30512 ----a-w- c:\windows\system32\mdimon.dll
2017-05-22 06:44:51 -------- d-----w- c:\windows\PCHEALTH
2017-05-22 06:44:09 -------- d-sh--w- c:\windows\Installer
2017-05-22 05:15:51 217176 ----a-w- c:\windows\system32\unrar.dll
2017-05-22 05:15:49 -------- d-----w- c:\program files\K-Lite Codec Pack
2017-05-22 05:15:31 -------- d-----w- c:\program files\VideoLAN
2017-05-22 05:15:04 -------- d-----w- c:\program files\USB Disk Security
2017-05-22 05:14:18 -------- d-----w- c:\windows\system32\wbem\Performance
2017-05-22 05:10:25 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
2017-06-07 07:18:30 44000 ----a-w- c:\windows\system32\drivers\kltdi.sys
2017-06-07 07:18:30 145224 ----a-w- c:\windows\system32\drivers\kneps.sys
2017-06-07 07:18:29 25696 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2017-06-07 07:18:29 25696 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2017-06-07 07:18:29 25696 ----a-w- c:\windows\system32\drivers\klim6.sys
2017-06-07 07:18:27 135776 ----a-w- c:\windows\system32\drivers\kl1.sys
.
============= FINISH: 4:21:14.25 ===============

attach.txt is attached.
I don't have boot cd.

Original post can be found here:-

hxxp://www.techsupportforum.com/forums/f112/kaspersky-2013-i-s-found-vulnerbilities-what-should-i-do-1196706.html

Thank you in advance.
Attached Files
File Type: txt attach.txt (7.3 KB, 7 views)
octcube is offline  
Sponsored Links
Advertisement
 
Old 06-07-2017, 10:09 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Sorry, moaxxam, but if you cut out pieces of logs, I can't help you.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

Note: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe

Next, go File > New Task(Run...) and type explorer then press 'Enter'.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-08-2017, 10:43 AM   #3
Registered Member
 
Join Date: Jun 2017
Posts: 18
OS: Win7



Can you please redact my name from your post and also from elsewhere?
I've begun the process that you've mentioned.
Thanks.
octcube is offline  
Sponsored Links
Advertisement
 
Old 06-08-2017, 11:06 AM   #4
Registered Member
 
Join Date: Jun 2017
Posts: 18
OS: Win7



# AdwCleaner v6.047 - Logfile created 08/06/2017 at 23:01:06
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-07.1 [Server]
# Operating System : Windows 7 Ultimate (X86)
# Username : MoaxxaM - MAK-PC
# Running from : C:\Users\MoaxxaM\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****
octcube is offline  
Old 06-08-2017, 11:20 AM   #5
Registered Member
 
Join Date: Jun 2017
Posts: 18
OS: Win7



ComboFix 17-05-16.01 - MoaxxaM 2017-06-08 23:07:42.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3543.2650 [GMT 5:00]
Running from: c:\users\MoaxxaM\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
FW: Kaspersky Internet Security *Disabled* {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
SP: Kaspersky Internet Security *Disabled/Updated* {0F7D947C-13CC-4207-47BE-41AC12334EC6}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2017-05-08 to 2017-06-08 )))))))))))))))))))))))))))))))
.
.
2017-06-08 18:11 . 2017-06-08 18:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-06-08 17:59 . 2017-06-08 18:01 -------- d-----w- C:\AdwCleaner
2017-06-07 21:39 . 2017-06-08 00:01 -------- d-----w- c:\programdata\Extreme Picture Finder
2017-06-07 21:39 . 2017-06-07 21:39 -------- d-----w- c:\program files\Extreme Picture Finder 3
2017-06-07 20:59 . 2017-06-07 20:59 -------- d-----w- c:\program files\ConvertHelper3
2017-06-07 20:01 . 2017-06-07 20:01 -------- d-----w- c:\program files\Common Files\Skype
2017-06-07 20:01 . 2017-06-07 20:01 -------- d-----r- c:\program files\Skype
2017-06-07 20:01 . 2017-06-07 20:01 -------- d-----w- c:\programdata\Skype
2017-06-07 19:58 . 2017-06-07 19:58 -------- d-----w- c:\programdata\Package Cache
2017-06-07 14:30 . 2007-03-12 11:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2017-06-07 14:29 . 2017-06-07 14:29 -------- d-----w- c:\programdata\Verimatrix
2017-06-07 12:40 . 2017-06-07 12:40 -------- d-----w- c:\program files\Mozilla Maintenance Service
2017-06-07 07:19 . 2017-06-07 07:40 -------- d-----w- c:\program files\Common Files\AV
2017-06-07 07:11 . 2017-06-07 07:11 -------- d-----w- c:\windows\Migration
2017-06-07 07:05 . 2009-11-25 06:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2017-06-07 07:05 . 2009-11-25 06:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2017-06-07 07:05 . 2009-11-25 06:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2017-06-07 07:05 . 2009-11-25 06:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2017-06-07 07:05 . 2009-11-25 06:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2017-06-07 07:03 . 2017-06-07 07:03 -------- d-----w- c:\windows\ELAMBKUP
2017-06-07 07:03 . 2017-06-08 18:04 -------- d-----w- c:\programdata\Kaspersky Lab
2017-06-07 07:03 . 2017-06-07 07:03 -------- d-----w- c:\program files\Kaspersky Lab
2017-06-07 07:03 . 2017-06-07 07:18 74848 ----a-w- c:\windows\system32\drivers\klflt.sys
2017-06-07 06:43 . 2017-06-07 06:43 10555024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D18C77F-F06C-4051-B7A6-584794D2B011}\mpengine.dll
2017-06-07 06:32 . 2017-06-07 06:32 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2017-06-07 06:32 . 2017-06-07 06:32 1707160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2017-06-07 06:31 . 2017-06-07 06:31 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2017-06-07 06:31 . 2017-06-07 06:31 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2017-06-07 06:25 . 2017-06-07 06:25 -------- d-----w- c:\program files\Opera
2017-05-31 20:11 . 2017-05-31 20:11 -------- d-----w- c:\program files\SuperCopier2
2017-05-31 19:52 . 2017-06-07 20:29 -------- d-----w- c:\users\MoaxxaM
2017-05-31 07:01 . 1997-08-26 06:06 315904 ----a-w- c:\windows\IsUninst.exe
2017-05-22 17:55 . 2017-05-22 16:59 -------- d-----w- c:\windows\Panther
2017-05-22 06:57 . 2017-05-22 06:57 -------- d-----w- c:\programdata\ACD Systems
2017-05-22 06:57 . 2017-05-22 06:57 -------- d-----w- c:\program files\Common Files\ACD Systems
2017-05-22 06:57 . 2017-05-22 06:57 -------- d-----w- c:\program files\ACD Systems
2017-05-22 06:55 . 2017-05-22 06:55 -------- d-----w- c:\windows\Downloaded Installations
2017-05-22 06:45 . 2006-10-26 14:58 30512 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2017-05-22 06:45 . 2006-10-26 14:58 30512 ----a-w- c:\windows\system32\mdimon.dll
2017-05-22 06:44 . 2017-05-22 06:44 -------- d-----w- c:\program files\Microsoft Works
2017-05-22 06:44 . 2017-06-07 07:11 -------- d-----w- c:\program files\Microsoft.NET
2017-05-22 06:44 . 2017-05-22 06:44 -------- d-----w- c:\windows\PCHEALTH
2017-05-22 06:44 . 2017-05-22 06:48 -------- d-----w- c:\programdata\Microsoft Help
2017-05-22 06:44 . 2017-06-07 20:01 -------- d-sh--w- c:\windows\Installer
2017-05-22 06:43 . 2017-05-22 06:43 -------- d-----r- C:\MSOCache
2017-05-22 05:16 . 2017-05-22 05:16 -------- d-----w- c:\program files\Analog Devices
2017-05-22 05:16 . 2017-05-22 05:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2017-05-22 05:16 . 2007-11-12 09:27 49152 ----a-w- c:\windows\system32\DSndUp.exe
2017-05-22 05:16 . 2005-05-04 05:20 53248 ----a-w- c:\windows\system32\wdmioctl.dll
2017-05-22 05:16 . 2001-09-11 11:20 1285632 ----a-w- c:\windows\system32\SMMedia.dll
2017-05-22 05:16 . 2017-05-22 05:16 -------- d-----w- C:\swsetup
2017-05-22 05:16 . 2017-05-22 05:16 -------- d-----w- c:\program files\Common Files\InstallShield
2017-05-22 05:15 . 2013-08-22 18:09 217176 ----a-w- c:\windows\system32\unrar.dll
2017-05-22 05:15 . 2017-05-22 05:15 -------- d-----w- c:\program files\K-Lite Codec Pack
2017-05-22 05:15 . 2017-05-22 05:15 -------- d-----w- c:\program files\VideoLAN
2017-05-22 05:15 . 2017-05-22 05:15 -------- d-----w- c:\program files\USB Disk Security
2017-05-22 05:14 . 2017-06-08 18:09 -------- d-----w- c:\windows\system32\wbem\Performance
2017-05-22 05:10 . 2017-05-22 05:10 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-06-07 07:18 . 2013-03-06 08:24 44000 ----a-w- c:\windows\system32\drivers\kltdi.sys
2017-06-07 07:18 . 2012-08-13 11:49 145224 ----a-w- c:\windows\system32\drivers\kneps.sys
2017-06-07 07:18 . 2013-03-06 08:24 25696 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2017-06-07 07:18 . 2013-03-06 08:24 25696 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2017-06-07 07:18 . 2012-08-02 10:09 25696 ----a-w- c:\windows\system32\drivers\klim6.sys
2017-06-07 07:18 . 2012-06-19 12:28 135776 ----a-w- c:\windows\system32\drivers\kl1.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Security"="c:\program files\USB Disk Security\USBGuard.exe" [2015-02-03 695528]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2017-06-07 356128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2008-07-17 08:10 888832 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2008-12-11 08:08 1044480 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2017-04-05 317400]
R3 Generalusbserialser2067;ZTEMT Legacy Serial Communication 2067;c:\windows\system32\DRIVERS\CT_U_USBSER.sys [x]
S0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-03-28 24064]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2017-06-07 25696]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2017-06-07 44000]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2017-06-07 145224]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6032.sys [2009-07-13 164864]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2017-06-07 25696]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2017-06-07 25696]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - c:\users\MoaxxaM\AppData\Roaming\Mozilla\Firefox\Profiles\d4o397bv.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-06-08 23:12:10
ComboFix-quarantined-files.txt 2017-06-08 18:12
ComboFix2.txt 2017-06-08 17:50
.
Pre-Run: 2,919,677,952 bytes free
Post-Run: 2,882,527,232 bytes free
.
- - End Of File - - AA0A5FC0831A360764559C182BF94245
A36C5E4F47E84449FF07ED3517B43A31
octcube is offline  
Old 06-08-2017, 09:47 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



It appears you didn't post the entire AdwCleaner log. The bottom part is missing.

I'm not seeing anything malicious in your logs. What exactly did Kaspersky find?

------------------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mbam-setup-bc.1878-2.2.1.1043.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-09-2017, 05:30 PM   #7
Registered Member
 
Join Date: Jun 2017
Posts: 18
OS: Win7



the list of vulnerabilities is here
hxxp://www.techsupportforum.com/forums/f112/kaspersky-2013-i-s-found-vulnerbilities-what-should-i-do-1196706.html
octcube is offline  
Old 06-10-2017, 12:50 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, octcube. I still need to see the logs from MBAM and ESET. Thanks.

Also, are you aware you have no system restore points? Did you disable System Restore? Are you able to turn it back on?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-11-2017, 02:21 AM   #9
Registered Member
 
Join Date: Jun 2017
Posts: 18
OS: Win7



sys restore is working, just made a new backup.
octcube is offline  
Old 06-11-2017, 02:23 AM   #10
Registered Member
 
Join Date: Jun 2017
Posts: 18
OS: Win7



Quote:
Originally Posted by chemist View Post
It appears you didn't post the entire AdwCleaner log. The bottom part is missing.

------------------------------------------------------
this is the log I got, no edits are made.
octcube is offline  
Old 06-11-2017, 03:17 AM   #11
Registered Member
 
Join Date: Jun 2017
Posts: 18
OS: Win7



Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2017-06-11
Scan Time: 15:01
Logfile: a.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.06.11.01
Rootkit Database: v2017.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7
CPU: x86
File System: NTFS
User: MoaxxaM

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 231386
Time Elapsed: 8 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
octcube is offline  
Old 06-11-2017, 07:57 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Thanks. And the ESET log? Any threats found?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-11-2017, 11:42 PM   #13
Registered Member
 
Join Date: Jun 2017
Posts: 18
OS: Win7



ESET log

E:\Software\awesome_photo_finder.exe Win32/OpenCandy potentially unsafe application
E:\Software\FFSetup295.exe multiple threats,a variant of Win32/Hao123.A potentially unwanted application,a variant of Win32/Adware.ELEX.PAG application,a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application,a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
E:\Software\FFSetup3.5.0.0.rar a variant of Win32/Hao123.A potentially unwanted application,a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
E:\Software\FreeWebMVideoConverter.exe a variant of Win32/Toolbar.Conduit.AU potentially unwanted application,Win32/OpenCandy potentially unsafe application
E:\Software\KMPlayer_3.5.0.81_00_20130307062529.zip a variant of Win32/Bundled.Toolbar.Ask.C potentially unsafe application
E:\Software\New WinRAR ZIP archive.zip multiple threats,a variant of Win32/Bundled.Toolbar.Ask.C potentially unsafe application,Win32/Slugin.A virus
E:\Software\rcsetup149.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
octcube is offline  
Old 06-12-2017, 12:18 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, octcube. Up to you whether to delete those ESET finds. Nothing there is malicious, just potentially unsafe applications.

I'm not familiar with Kaspersky AV products. Vulnerabilities aren't the same as infections.

You might want to contact Kaspersky for help or questions about vulnerability scan results.

Kaspersky Lab Technical Support

As long as Kaspersky and other malware scanners don't detect infections, I wouldn't worry too much about those Kaspersky results.

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.

Please disable Security Essentials before uninstalling ComboFix and then re-enable it after doing so.

Press the Windows "logo" key and "R" key and Copy/Paste the following single-line command into the Run box and click OK:

combofix /uninstall

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Scan('Threat Scan' by default, or 'Scan Now' under the Dashboard tab) weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

Please read this and, if possible, contribute as much as you can:

https://www.bleepingcomputer.com/anno...dom-of-speech/

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

https://windows.microsoft.com/en-US/w...up-and-restore

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 7 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 06-12-2017, 01:25 PM   #15
Registered Member
 
Join Date: Jun 2017
Posts: 18
OS: Win7



done as you stated.
Thanks alot.
octcube is offline  
Old 06-13-2017, 07:28 PM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome! Glad to have helped.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
CPU at 100% most of the time.
Hi guys, Lately I have been having a problem with my PC. On several occasions my PC has slowed right down and virtually ground to a halt. When I've checked it with Task Manager, it shows that the processor is running at 100%, and that there are over 40 processes running at once. This can happen...
Hairymartin1966 Resolved HJT Threads 35 08-09-2013 11:33 AM
[SOLVED] VGRABBER
After posting this subject in the main Forum, I followed MasterchiefXX17 instructions which I will attached the results here. Basically I first notice Vgrabber v1.5 Toolbar in my uninstall list which I was unable to remove. When I searched for Vgrabber it cannot be found but I just noticed it is...
loftytopp Virus/Trojan/Spyware Help 6 06-30-2013 05:28 AM
Unable to open programs
Good Morning, A friend called me the other night. He was unable to open any programs on his PC. Gets a message like: The specified service does not exist as an installed service. Click help for more information error code 0x80070424". I picked it up from him and tried to install Anti...
mrmuggyd Resolved HJT Threads 28 02-27-2013 02:34 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:38 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts