1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Virus Infection Stopping Internet access

Discussion in 'Virus & Other Malware Removal' started by harpua81, May 15, 2015.

Thread Status:
Not open for further replies.
  1. harpua81

    harpua81 Thread Starter

    Apr 9, 2015
    Hi folks,
    In the past few days, I have noticed that my internet connection has become unstable. When I stream internet radio, it will work fine for 10 min. Then there will be nothing but dead air for 30-60 sec.. Then the stream will continue again. While online gaming, my computer will stop communication with the servers for 10-30 seconds, start working for 5-10 min, then stop communication again. Yesterday I tried to fix the problem myself. Malwarebytes found OpenCandy which it fixed, but the problem persists. I have attached my hijack this logfile. I've also posted my most recent Malwarebytes log file. Any help would be greatly appreciated.


    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 4:19:33 PM, on 5/15/2015
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.9600.17416)
    FIREFOX: 35.0.1 (x86 en-US)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\Grinding Gear Games\Path of Exile\PathOfExile.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Users\Support.com\Desktop\Virus Removal Tools\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O1 - Hosts: esolutions
    O1 - Hosts: vision
    O1 - Hosts: cuportal.cable.comcast.com
    O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
    O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
    O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
    O4 - HKLM\..\Run: [GamingMouse] C:\Program Files (x86)\Gaming Mouse\hid.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [Spark] C:\Program Files (x86)\Spark\Spark.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
    O4 - HKUS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-310 Series" (User '?')
    O4 - HKUS\S-1-5-21-3532716672-192860038-2888753106-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Spark] C:\Program Files (x86)\Spark\Spark.exe (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-310 Series" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-310 Series" (User 'Default user')
    O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: *.clonewarsadventures.com
    O15 - Trusted Zone: *.cable.comcast.com
    O15 - Trusted Zone: *.comtrac
    O15 - Trusted Zone: *.freerealms.com
    O15 - Trusted Zone: *.soe.com
    O15 - Trusted Zone: *.sony.com
    O15 - Trusted Zone: partnervpn.support.com
    O15 - Trusted Zone: *.vision
    O16 - DPF: {538793D5-659C-4639-A56C-A179AD87ED44} (Cisco AnyConnect Secure Mobility Client Web Control) - https://partnervpn1.support.com/CACHE/stc/1/binaries/vpnweb.cab
    O16 - DPF: {979B3FE4-7C7E-45AD-85E4-5A737690AF53} (ContactCTIServer Class) - http://einstein.cable.comcast.com/Einstein/CTIControls/v1010/ContactBehaviors.dll
    O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O20 - AppInit_DLLs: C:\WINDOWS\SysWOW64\nvinit.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
    O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
    O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
    O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
    O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
    O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HTCMonitorService - Nero AG - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
    O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
    O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
    O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: Launch Manager Service (LMSvc) - Acer Incorporate - C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
    O23 - Service: Nero Update (NAUpdate) - Unknown owner - c:\Program Files (x86)\Nero\Update\NASvc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
    O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
    O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    End of file - 11943 bytes

    Malwarebytes Anti-Malware
    Scan Date: 5/15/2015
    Scan Time: 4:12:51 PM
    Logfile: Malwarebytes.txt
    Administrator: Yes
    Malware Database: v2015.05.15.05
    Rootkit Database: v2015.05.14.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled
    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Support.com
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 403552
    Time Elapsed: 24 min, 55 sec
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
    Processes: 0
    (No malicious items detected)
    Modules: 0
    (No malicious items detected)
    Registry Keys: 0
    (No malicious items detected)
    Registry Values: 0
    (No malicious items detected)
    Registry Data: 0
    (No malicious items detected)
    Folders: 4
    PUP.Optional.MultiPlug.A, C:\Users\Support.com\AppData\Local\Google\Chrome\User Data\Default\Extensions\olhcajgllkpacioibcjiniefblpmpech\160, , [d918e6ad84061c1a19253731f31238c8],
    PUP.Optional.MultiPlug.A, C:\Users\Support.com\AppData\Local\Google\Chrome\User Data\Default\Extensions\olhcajgllkpacioibcjiniefblpmpech, , [d918e6ad84061c1a19253731f31238c8],
    PUP.Optional.MultiPlug.A, C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Extensions\olhcajgllkpacioibcjiniefblpmpech\160, , [14ddfc972c5e38fef24cb4b46d98f50b],
    PUP.Optional.MultiPlug.A, C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Extensions\olhcajgllkpacioibcjiniefblpmpech, , [14ddfc972c5e38fef24cb4b46d98f50b],
    Files: 10
    PUP.Optional.MultiPlug.A, C:\Users\Support.com\AppData\Local\Google\Chrome\User Data\Default\Extensions\olhcajgllkpacioibcjiniefblpmpech\160\lsdb.js, , [d918e6ad84061c1a19253731f31238c8],
    PUP.Optional.MultiPlug.A, C:\Users\Support.com\AppData\Local\Google\Chrome\User Data\Default\Extensions\olhcajgllkpacioibcjiniefblpmpech\160\background.html, , [d918e6ad84061c1a19253731f31238c8],
    PUP.Optional.MultiPlug.A, C:\Users\Support.com\AppData\Local\Google\Chrome\User Data\Default\Extensions\olhcajgllkpacioibcjiniefblpmpech\160\content.js, , [d918e6ad84061c1a19253731f31238c8],
    PUP.Optional.MultiPlug.A, C:\Users\Support.com\AppData\Local\Google\Chrome\User Data\Default\Extensions\olhcajgllkpacioibcjiniefblpmpech\160\jHb.js, , [d918e6ad84061c1a19253731f31238c8],
    PUP.Optional.MultiPlug.A, C:\Users\Support.com\AppData\Local\Google\Chrome\User Data\Default\Extensions\olhcajgllkpacioibcjiniefblpmpech\160\manifest.json, , [d918e6ad84061c1a19253731f31238c8],
    PUP.Optional.MultiPlug.A, C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Extensions\olhcajgllkpacioibcjiniefblpmpech\160\lsdb.js, , [14ddfc972c5e38fef24cb4b46d98f50b],
    PUP.Optional.MultiPlug.A, C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Extensions\olhcajgllkpacioibcjiniefblpmpech\160\background.html, , [14ddfc972c5e38fef24cb4b46d98f50b],
    PUP.Optional.MultiPlug.A, C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Extensions\olhcajgllkpacioibcjiniefblpmpech\160\content.js, , [14ddfc972c5e38fef24cb4b46d98f50b],
    PUP.Optional.MultiPlug.A, C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Extensions\olhcajgllkpacioibcjiniefblpmpech\160\jHb.js, , [14ddfc972c5e38fef24cb4b46d98f50b],
    PUP.Optional.MultiPlug.A, C:\Users\Wes\AppData\Local\Google\Chrome\User Data\Default\Extensions\olhcajgllkpacioibcjiniefblpmpech\160\manifest.json, , [14ddfc972c5e38fef24cb4b46d98f50b],
    Physical Sectors: 0
    (No malicious items detected)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1148301

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice