Jump to content


Photo
- - - - -

Cannot access Google or Bing pages.

Google Bing

  • This topic is locked This topic is locked
4 replies to this topic

#1 Jotun

Jotun

    New Member

  • Members
  • Pip
  • 3 posts

Posted 27 March 2012 - 11:13 PM

Hello,

I'm new here. Couple of days ago I noticed that when I would use Google or Bing to search stuff, I would be redirected to some fake site. Now (03/27/12) I cannot access google or bing's website, I can't even use the search bar from msn.com for example.

I can access websites by typing in the URL, but when it comes to search engines it acts like I have no connection at all. I did some scans with malwarebytes trial version and Norton (both are updated), I got rid of some bugs but still didn't work.

I have seen other posts with the same problem as mine but I didn't want to risk trying the same methods they used since we all have different systems. Hopefully this is an easy fix..

Here are my DDS file and the ATTACH file.

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Jotun at 19:56:11 on 2012-03-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4116 [GMT -7:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Jotun\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NEVERW~1.LNK - C:\NeverwinterNights\NWN\ereg\ATR1.EXE
StartupFolder: C:\Users\Jotun\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: line6.net
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{6B01D995-279E-42DB-9BFD-841CCDA8ED82} : NameServer = 68.87.69.150,68.87.85.102
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
mRun-x64: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun-x64: [CTHelper] CTHELPER.EXE
mRun-x64: [CTxfiHlp] CTXFIHLP.EXE
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
Hosts: 87.229.126.54 www.google.com
Hosts: 87.229.126.55 www.bing.com
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-20 1157240]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120327.002\IDSviA64.sys [2012-3-27 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-1-27 8704]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-23 652360]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccsvchst.exe [2012-2-7 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-11 2348352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-3 138360]
R3 L6TPortB;Service - Line 6 TonePort UX2;C:\Windows\system32\Drivers\L6TPortB64.sys --> C:\Windows\system32\Drivers\L6TPortB64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 COMMONFX;COMMONFX;C:\Windows\system32\drivers\COMMONFX.SYS --> C:\Windows\system32\drivers\COMMONFX.SYS [?]
S3 CTAUDFX;CTAUDFX;C:\Windows\system32\drivers\CTAUDFX.SYS --> C:\Windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTERFXFX;CTERFXFX;C:\Windows\system32\drivers\CTERFXFX.SYS --> C:\Windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTSBLFX;CTSBLFX;C:\Windows\system32\drivers\CTSBLFX.SYS --> C:\Windows\system32\drivers\CTSBLFX.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-03-28 00:28:39 -------- d-----w- C:\Users\Jotun\AppData\Local\{01F609E6-B345-42C2-B1C3-231DB45A8F26}
2012-03-28 00:28:21 -------- d-----w- C:\Users\Jotun\AppData\Local\{ADF031E5-1228-4676-9AF3-9EA144B6318E}
2012-03-26 21:51:19 -------- d-----w- C:\Users\Jotun\AppData\Local\{4094C14D-9BDF-4440-995C-0A64BAE18126}
2012-03-26 21:51:00 -------- d-----w- C:\Users\Jotun\AppData\Local\{D281A44E-2D36-4CA9-A868-BCD8F53186D5}
2012-03-25 20:44:38 -------- d-----w- C:\Program Files (x86)\GOG.com
2012-03-25 19:21:37 -------- d-----w- C:\Users\Jotun\AppData\Local\{34FD17A1-51DF-4353-8070-40D7DC516CEB}
2012-03-25 19:21:25 -------- d-----w- C:\Users\Jotun\AppData\Local\{C15C4D99-0817-4882-9C7C-51A373F6E29F}
2012-03-25 19:15:29 -------- d-----w- C:\Users\Jotun\AppData\Local\{AF9064B4-6ED3-47AC-B770-0E0052B4D5CE}
2012-03-25 19:15:14 -------- d-----w- C:\Users\Jotun\AppData\Local\{4A793CF1-5452-4BEA-A477-F3CC87F050E3}
2012-03-25 04:14:26 -------- d-----w- C:\Program Files (x86)\GOGcom
2012-03-25 01:34:40 -------- d-----w- C:\Users\Jotun\AppData\Local\{46CBDCE6-146D-40C3-9D4B-D07608FE7B1D}
2012-03-25 01:34:24 -------- d-----w- C:\Users\Jotun\AppData\Local\{EEF18F1F-A96A-49CB-9054-05D9EEA6145B}
2012-03-24 16:38:54 -------- d-----w- C:\Users\Jotun\AppData\Local\{7FD89947-479B-4B3B-B090-FC800AB474BB}
2012-03-24 16:38:33 -------- d-----w- C:\Users\Jotun\AppData\Local\{68C3D0AD-E604-425E-AF21-E88B4346EA4D}
2012-03-24 05:26:58 -------- d-----w- C:\Users\Jotun\AppData\Roaming\Malwarebytes
2012-03-24 05:26:52 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-24 05:26:52 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-24 05:26:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-24 01:15:21 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-03-24 01:15:21 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-23 21:53:51 -------- d-----w- C:\Users\Jotun\AppData\Local\{B7AAF9F5-C78C-4520-B2D9-DC0FE2E6D8F4}
2012-03-23 21:53:22 -------- d-----w- C:\Users\Jotun\AppData\Local\{F7B0F365-C7E3-4E35-A0D2-860AB70B4A5C}
2012-03-23 03:10:32 -------- d-----w- C:\Users\Jotun\AppData\Local\{816017EB-6A90-4CDF-A2DA-4B886FC7E78F}
2012-03-23 03:10:13 -------- d-----w- C:\Users\Jotun\AppData\Local\{7839ECE1-F2C1-4508-AAF6-6F4121A7685B}
2012-03-22 03:22:41 -------- d-----w- C:\Users\Jotun\AppData\Local\{F4DB6692-A624-44B1-ACB8-3A7EB96CC86D}
2012-03-22 00:14:51 -------- d-----w- C:\Users\Jotun\AppData\Local\{99A1FF24-09DD-4CF0-B4B3-A6F2EC790E60}
2012-03-22 00:14:13 -------- d-----w- C:\Users\Jotun\AppData\Local\{B3854D08-AC45-49D8-B953-B7F7AD4CBD53}
2012-03-21 02:49:10 -------- d-----w- C:\Users\Jotun\AppData\Local\{CFFE1B7A-2D78-41F0-AB2D-7A0458069AA6}
2012-03-21 02:48:57 -------- d-----w- C:\Users\Jotun\AppData\Local\{45903A39-CB83-4BA1-A61D-B76EB408E6CA}
2012-03-21 02:23:09 -------- d-----w- C:\Users\Jotun\AppData\Local\{816904D6-0C07-48BE-9EEA-3A5577C309C2}
2012-03-21 02:22:46 -------- d-----w- C:\Users\Jotun\AppData\Local\{FDD5BF12-1550-4ED3-BE3D-47EA666E22E3}
2012-03-18 23:23:45 -------- d-----w- C:\Users\Jotun\AppData\Local\{FEF84A7B-231B-4399-B1AA-7E9A9D670EDF}
2012-03-18 23:23:31 -------- d-----w- C:\Users\Jotun\AppData\Local\{06946A56-1D00-4217-B45F-E9FAFC67ED2C}
2012-03-18 19:13:55 -------- d-----w- C:\Users\Jotun\AppData\Local\{01F0604C-0FEC-4F29-8200-B620C9F80889}
2012-03-18 19:13:37 -------- d-----w- C:\Users\Jotun\AppData\Local\{944D182F-B66D-44AB-97AD-94756A4220BC}
2012-03-17 07:59:06 -------- d-----w- C:\Users\Jotun\AppData\Local\{D68B1E9A-8499-4C18-BA66-7DAA4869EC00}
2012-03-17 07:58:55 -------- d-----w- C:\Users\Jotun\AppData\Local\{1BF0B6A6-A454-4DB3-AAD1-97D2D55661C5}
2012-03-16 21:46:02 -------- d-----w- C:\Users\Jotun\AppData\Local\{A19E83EC-FE53-4BAC-98EC-B86982D16C3A}
2012-03-16 21:45:40 -------- d-----w- C:\Users\Jotun\AppData\Local\{E71E81B1-E7DE-49FA-BBCE-8F53A3BB81B8}
2012-03-16 01:54:47 -------- d-----w- C:\Users\Jotun\AppData\Local\{2D9ACC54-CD00-4CC4-B3A6-71F56FA94264}
2012-03-16 01:54:30 -------- d-----w- C:\Users\Jotun\AppData\Local\{6C9F4805-F8DD-4716-9F58-0B69574671F3}
2012-03-14 21:57:37 -------- d-----w- C:\Users\Jotun\AppData\Local\{F01156BF-D898-463E-9EE6-4B6F20033DC0}
2012-03-14 21:57:20 -------- d-----w- C:\Users\Jotun\AppData\Local\{5578ED4F-5E9C-4BD9-927B-C896624B804E}
2012-03-14 04:43:13 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 04:43:12 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 04:43:12 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 02:24:21 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 02:24:20 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 02:24:20 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 02:22:14 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 02:22:13 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 02:22:13 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 02:22:13 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 02:22:12 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 02:22:12 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 02:22:12 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 02:16:53 -------- d-----w- C:\Users\Jotun\AppData\Local\{E91D7996-E368-4332-81F0-A67FF3A9CF32}
2012-03-14 02:16:31 -------- d-----w- C:\Users\Jotun\AppData\Local\{77C6BBAC-E21D-4F03-8477-87634C4FAADC}
2012-03-13 00:37:55 -------- d-----w- C:\Users\Jotun\AppData\Local\{015F93DA-8F0A-465E-8D59-B38A936441EB}
2012-03-13 00:37:39 -------- d-----w- C:\Users\Jotun\AppData\Local\{FEDC7C9D-2C9E-46E5-BBF9-9276D7326BF6}
2012-03-11 23:14:11 -------- d-----w- C:\Users\Jotun\AppData\Local\{66815051-2F29-4F3B-92A6-ECBFDF129762}
2012-03-11 23:13:56 -------- d-----w- C:\Users\Jotun\AppData\Local\{6B9346A1-1A54-4737-8941-E556B51B7371}
2012-03-11 19:04:34 2515790 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-03-11 19:03:07 962368 ----a-w- C:\Windows\System32\nvumdshimx.dll
2012-03-11 19:03:07 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-03-11 19:03:07 188224 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-03-11 19:03:07 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2012-03-11 15:44:17 -------- d-----w- C:\Users\Jotun\AppData\Local\{CC51CB81-BE3D-4D25-B8B7-B650A4C208AF}
2012-03-11 15:44:02 -------- d-----w- C:\Users\Jotun\AppData\Local\{3998B76E-B38A-4671-B98F-3EBAB59E83C6}
2012-03-09 22:51:47 -------- d-----w- C:\Users\Jotun\AppData\Local\{2DB7C4FC-F362-428A-B6FE-23783F61CC7C}
2012-03-09 22:51:20 -------- d-----w- C:\Users\Jotun\AppData\Local\{6221E4F2-ACEA-4AA3-B95F-8440A0054BED}
2012-03-09 01:48:28 -------- d-----w- C:\Users\Jotun\AppData\Local\{A9B146B9-0158-4CE4-9A30-B3B67FC68A96}
2012-03-09 01:47:52 -------- d-----w- C:\Users\Jotun\AppData\Local\{10C3BF97-7CBC-46AC-A834-C56BD07E7B02}
2012-03-08 04:41:16 -------- d-----w- C:\Users\Jotun\AppData\Local\{49801DD7-5FE0-41F7-8C36-F9C261187D1B}
2012-03-08 04:41:05 -------- d-----w- C:\Users\Jotun\AppData\Local\{29C117A1-EB60-4A57-B3B5-75032D37FF68}
2012-03-08 04:21:21 -------- d-----w- C:\Users\Jotun\AppData\Local\{7B872C8E-EB2C-4A0B-BC0E-AB77291EF929}
2012-03-08 04:20:55 -------- d-----w- C:\Users\Jotun\AppData\Local\{400C9424-CB14-489B-8BC6-0B8BBDAE631D}
2012-03-08 02:10:15 -------- d-----w- C:\Users\Jotun\AppData\Local\{9EE90EBC-7E53-4167-8564-1AD7C52D966E}
2012-03-08 02:10:00 -------- d-----w- C:\Users\Jotun\AppData\Local\{49A4287A-8E3A-4473-AAB0-CAA1A4FECFDC}
2012-03-07 05:08:51 -------- d-----w- C:\Users\Jotun\AppData\Local\{E8FCF6B1-10CD-461B-9DFE-29F8BC017452}
2012-03-07 05:08:40 -------- d-----w- C:\Users\Jotun\AppData\Local\{711ABE03-D0F6-45F3-BB33-28A8E2226C19}
2012-03-07 05:06:18 -------- d-----w- C:\Users\Jotun\AppData\Local\{C8F627C5-068D-4F8A-A8A4-D89E1453C8C5}
2012-03-07 05:06:05 -------- d-----w- C:\Users\Jotun\AppData\Local\{2A10263F-595B-4665-9AD5-DE6BB70247FA}
2012-03-06 23:20:40 -------- d-----w- C:\Users\Jotun\AppData\Local\{DCF36970-1F23-4A8C-97E5-F635B863CBCC}
2012-03-06 23:18:59 -------- d-----w- C:\Users\Jotun\AppData\Local\{7989FD77-66B8-49B7-8507-4741C0DB9B34}
2012-03-06 04:19:50 -------- d-----w- C:\Users\Jotun\AppData\Local\{D0C1D78E-DA63-4730-83CA-494A1835DDBD}
2012-03-06 04:19:20 -------- d-----w- C:\Users\Jotun\AppData\Local\{7783C698-7793-4AEF-856A-31343446CDC6}
2012-03-05 03:16:23 -------- d-----w- C:\Users\Jotun\AppData\Local\{56A94516-AF5B-4BC6-8F97-003470A94F2E}
2012-03-05 03:16:07 -------- d-----w- C:\Users\Jotun\AppData\Local\{7E412381-135B-4424-970D-9090F661B244}
2012-03-02 23:41:22 -------- d-----w- C:\Users\Jotun\AppData\Local\{5BAC771D-8ADE-4582-A988-15F43942AD62}
2012-03-02 23:41:03 -------- d-----w- C:\Users\Jotun\AppData\Local\{5F29D80A-009A-4D71-806A-AA553536884F}
2012-03-02 04:56:37 -------- d-----w- C:\Users\Jotun\AppData\Roaming\RotMG.Production
2012-03-02 04:33:40 -------- d-----w- C:\Users\Jotun\AppData\Local\{C49ABBF5-6510-458F-8345-F544F6579012}
2012-03-02 04:33:29 -------- d-----w- C:\Users\Jotun\AppData\Local\{57E8EB94-33E3-43ED-9AE0-C21BCD20F2D2}
2012-03-01 22:52:31 -------- d-----w- C:\Users\Jotun\AppData\Local\{01F1A5D6-F44C-4534-97BA-217EF00AE182}
2012-03-01 22:52:08 -------- d-----w- C:\Users\Jotun\AppData\Local\{CE11FDB1-CD79-46C8-9513-4A15F13FD24E}
2012-03-01 01:59:15 -------- d-----w- C:\Users\Jotun\AppData\Local\{727B1C0B-0439-4230-82D7-1D7791081AB1}
2012-03-01 01:59:00 -------- d-----w- C:\Users\Jotun\AppData\Local\{01680D58-5D00-4651-A23F-0CBDAED962D7}
2012-02-29 20:26:56 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-02-29 02:00:00 -------- d-----w- C:\Users\Jotun\AppData\Local\{83420A92-8222-4A6E-870D-00027937074D}
2012-02-29 01:59:41 -------- d-----w- C:\Users\Jotun\AppData\Local\{E043130A-DA72-4DF7-9B31-1658B29B6225}
2012-02-28 04:59:26 -------- d-----w- C:\Users\Jotun\AppData\Local\{D53C69CE-E3BD-4ADA-8789-0BB0628121C5}
2012-02-28 04:59:09 -------- d-----w- C:\Users\Jotun\AppData\Local\{3C59452C-66E1-45F5-9313-42EBBE61F87E}
2012-02-27 23:43:02 -------- d-----w- C:\Users\Jotun\AppData\Local\{CDBC561F-55F5-4C5E-89AB-EB41BFA2E679}
2012-02-27 23:42:34 -------- d-----w- C:\Users\Jotun\AppData\Local\{5F201652-EA17-49B1-B84D-0BF93372C465}
2012-02-27 03:54:42 -------- d-----w- C:\Users\Jotun\AppData\Local\{3914501E-EF96-469D-A82C-12976C5873E1}
2012-02-27 03:54:23 -------- d-----w- C:\Users\Jotun\AppData\Local\{037762FF-E2F6-467A-83B4-42B36CD2F779}
.
==================== Find3M ====================
.
2012-02-29 21:00:22 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-02-29 21:00:09 6074176 ----a-w- C:\Windows\System32\nvcpl.dll
2012-02-29 20:59:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-02-29 20:59:47 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-02-29 20:59:47 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-02-27 04:06:47 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-03 09:31:06 42392 ----a-w- C:\Windows\SysWow64\xfcodec.dll
2012-02-03 09:31:06 28056 ----a-w- C:\Windows\System32\xfcodec64.dll
2012-01-09 02:12:46 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-01-09 02:12:46 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-01-09 01:56:53 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
.
============= FINISH: 19:56:52.48 ===============

---------------------------------------------------------------------------------------------------------------------------------

Here is the ATTACH file.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/26/2010 11:08:12 AM
System Uptime: 3/27/2012 5:34:48 PM (2 hours ago)
.
Motherboard: EVGA | | 122-CK-NF68
Processor: Intel® Core™2 Duo CPU E6850 @ 3.00GHz | Socket 775 | 3000/83mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 150.245 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP258: 3/25/2012 8:30:17 PM - Scheduled Checkpoint
RP259: 3/27/2012 7:04:40 PM - Norton Security Suite Registry
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Reader X (10.1.2)
Audacity 1.3.12 (Unicode)
Baldur's Gate
Baldur's Gate™ II - Shadows of Amn™
Bastion
Counter-Strike
Counter-Strike: Source
D3DX10
Day of Defeat
Doom 3
FEAR
GameSpy Arcade
Garry's Mod
GIMP 2.6.11
Half-Life
Half-Life 2
Hi-Rez Studios Authenticate and Update Service
HydraIRC
Java Auto Updater
Java™ 6 Update 29
Junk Mail filter update
LAME v3.98.2 for Audacity
Left 4 Dead 2
Line 6 Uninstaller
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 1.1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft XNA Framework Redistributable 3.1
Mount & Blade Demo
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML4 Parser
MTX
MTXExtractor
Norton Security Suite
Notepad++
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
OpenOffice.org 3.2
Pando Media Booster
Path of Exile
Portforward Static IP Address 1.0.45
PunkBuster Services
Quake
Quake III Arena
Quake III Arena Point Release 1.32
Quake Live Internet Explorer Plugin
Realm of the Mad God
Rhythm Rascal
RollerCoaster Tycoon Deluxe
Rune
Rune - Halls of Valhalla
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Source Multiplayer Dedicated Server
Source SDK Base 2007
SpeechRedist
Steam
ThreeWave CTF Models/Sounds Plus Maps (QuakeC source included,
Torchlight
Treasure Adventure Game
Tribes Ascend Closed Beta
ubi.com
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VST Bridge 1.1
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Xfire (remove only)
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
3/27/2012 6:54:13 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
3/25/2012 6:59:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
3/25/2012 2:56:02 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
3/24/2012 5:04:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
3/22/2012 8:09:26 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
3/20/2012 7:33:47 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
3/20/2012 7:28:49 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
.
==== End Of File ===========================

#2 Jotun

Jotun

    New Member

  • Members
  • Pip
  • 3 posts

Posted 28 March 2012 - 10:05 AM

Bump.

#3 Jotun

Jotun

    New Member

  • Members
  • Pip
  • 3 posts

Posted 28 March 2012 - 05:41 PM

Bump part two.

#4 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 30 March 2012 - 09:32 AM

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.
For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
Click Scan to scan the system (don't run any other options)
Post back the report.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 03 April 2012 - 12:29 PM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users