Jotun

Members
  • Content count

    3
  • Joined

  • Last visited

About Jotun

  • Rank
    New Member
  1. Hello, I'm new here. Couple of days ago I noticed that when I would use Google or Bing to search stuff, I would be redirected to some fake site. Now (03/27/12) I cannot access google or bing's website, I can't even use the search bar from msn.com for example. I can access websites by typing in the URL, but when it comes to search engines it acts like I have no connection at all. I did some scans with malwarebytes trial version and Norton (both are updated), I got rid of some bugs but still didn't work. I have seen other posts with the same problem as mine but I didn't want to risk trying the same methods they used since we all have different systems. Hopefully this is an easy fix.. Here are my DDS file and the ATTACH file. DDS: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Jotun at 19:56:11 on 2012-03-27 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4116 [GMT -7:00] . AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Steam\Steam.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL mRun: [CTHelper] CTHELPER.EXE mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\Users\Jotun\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NEVERW~1.LNK - C:\NeverwinterNights\NWN\ereg\ATR1.EXE StartupFolder: C:\Users\Jotun\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: line6.net Trusted Zone: soe.com Trusted Zone: sony.com DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: Interfaces\{6B01D995-279E-42DB-9BFD-841CCDA8ED82} : NameServer = 68.87.69.150,68.87.85.102 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll BHO-X64: Symantec NCO BHO - No File BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL BHO-X64: Symantec Intrusion Prevention - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File mRun-x64: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL mRun-x64: [CTHelper] CTHELPER.EXE mRun-x64: [CTxfiHlp] CTXFIHLP.EXE mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray Hosts: 87.229.126.54 www.google.com Hosts: 87.229.126.55 www.bing.com . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [?] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-20 1157240] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120327.002\IDSviA64.sys [2012-3-27 488568] R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [?] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-1-27 8704] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-23 652360] R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccsvchst.exe [2012-2-7 130008] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-11 2348352] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-3 138360] R3 L6TPortB;Service - Line 6 TonePort UX2;C:\Windows\system32\Drivers\L6TPortB64.sys --> C:\Windows\system32\Drivers\L6TPortB64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 COMMONFX;COMMONFX;C:\Windows\system32\drivers\COMMONFX.SYS --> C:\Windows\system32\drivers\COMMONFX.SYS [?] S3 CTAUDFX;CTAUDFX;C:\Windows\system32\drivers\CTAUDFX.SYS --> C:\Windows\system32\drivers\CTAUDFX.SYS [?] S3 CTERFXFX;CTERFXFX;C:\Windows\system32\drivers\CTERFXFX.SYS --> C:\Windows\system32\drivers\CTERFXFX.SYS [?] S3 CTSBLFX;CTSBLFX;C:\Windows\system32\drivers\CTSBLFX.SYS --> C:\Windows\system32\drivers\CTSBLFX.SYS [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-03-28 00:28:39 -------- d-----w- C:\Users\Jotun\AppData\Local\{01F609E6-B345-42C2-B1C3-231DB45A8F26} 2012-03-28 00:28:21 -------- d-----w- C:\Users\Jotun\AppData\Local\{ADF031E5-1228-4676-9AF3-9EA144B6318E} 2012-03-26 21:51:19 -------- d-----w- C:\Users\Jotun\AppData\Local\{4094C14D-9BDF-4440-995C-0A64BAE18126} 2012-03-26 21:51:00 -------- d-----w- C:\Users\Jotun\AppData\Local\{D281A44E-2D36-4CA9-A868-BCD8F53186D5} 2012-03-25 20:44:38 -------- d-----w- C:\Program Files (x86)\GOG.com 2012-03-25 19:21:37 -------- d-----w- C:\Users\Jotun\AppData\Local\{34FD17A1-51DF-4353-8070-40D7DC516CEB} 2012-03-25 19:21:25 -------- d-----w- C:\Users\Jotun\AppData\Local\{C15C4D99-0817-4882-9C7C-51A373F6E29F} 2012-03-25 19:15:29 -------- d-----w- C:\Users\Jotun\AppData\Local\{AF9064B4-6ED3-47AC-B770-0E0052B4D5CE} 2012-03-25 19:15:14 -------- d-----w- C:\Users\Jotun\AppData\Local\{4A793CF1-5452-4BEA-A477-F3CC87F050E3} 2012-03-25 04:14:26 -------- d-----w- C:\Program Files (x86)\GOGcom 2012-03-25 01:34:40 -------- d-----w- C:\Users\Jotun\AppData\Local\{46CBDCE6-146D-40C3-9D4B-D07608FE7B1D} 2012-03-25 01:34:24 -------- d-----w- C:\Users\Jotun\AppData\Local\{EEF18F1F-A96A-49CB-9054-05D9EEA6145B} 2012-03-24 16:38:54 -------- d-----w- C:\Users\Jotun\AppData\Local\{7FD89947-479B-4B3B-B090-FC800AB474BB} 2012-03-24 16:38:33 -------- d-----w- C:\Users\Jotun\AppData\Local\{68C3D0AD-E604-425E-AF21-E88B4346EA4D} 2012-03-24 05:26:58 -------- d-----w- C:\Users\Jotun\AppData\Roaming\Malwarebytes 2012-03-24 05:26:52 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-24 05:26:52 -------- d-----w- C:\ProgramData\Malwarebytes 2012-03-24 05:26:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-03-24 01:15:21 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-03-24 01:15:21 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-03-23 21:53:51 -------- d-----w- C:\Users\Jotun\AppData\Local\{B7AAF9F5-C78C-4520-B2D9-DC0FE2E6D8F4} 2012-03-23 21:53:22 -------- d-----w- C:\Users\Jotun\AppData\Local\{F7B0F365-C7E3-4E35-A0D2-860AB70B4A5C} 2012-03-23 03:10:32 -------- d-----w- C:\Users\Jotun\AppData\Local\{816017EB-6A90-4CDF-A2DA-4B886FC7E78F} 2012-03-23 03:10:13 -------- d-----w- C:\Users\Jotun\AppData\Local\{7839ECE1-F2C1-4508-AAF6-6F4121A7685B} 2012-03-22 03:22:41 -------- d-----w- C:\Users\Jotun\AppData\Local\{F4DB6692-A624-44B1-ACB8-3A7EB96CC86D} 2012-03-22 00:14:51 -------- d-----w- C:\Users\Jotun\AppData\Local\{99A1FF24-09DD-4CF0-B4B3-A6F2EC790E60} 2012-03-22 00:14:13 -------- d-----w- C:\Users\Jotun\AppData\Local\{B3854D08-AC45-49D8-B953-B7F7AD4CBD53} 2012-03-21 02:49:10 -------- d-----w- C:\Users\Jotun\AppData\Local\{CFFE1B7A-2D78-41F0-AB2D-7A0458069AA6} 2012-03-21 02:48:57 -------- d-----w- C:\Users\Jotun\AppData\Local\{45903A39-CB83-4BA1-A61D-B76EB408E6CA} 2012-03-21 02:23:09 -------- d-----w- C:\Users\Jotun\AppData\Local\{816904D6-0C07-48BE-9EEA-3A5577C309C2} 2012-03-21 02:22:46 -------- d-----w- C:\Users\Jotun\AppData\Local\{FDD5BF12-1550-4ED3-BE3D-47EA666E22E3} 2012-03-18 23:23:45 -------- d-----w- C:\Users\Jotun\AppData\Local\{FEF84A7B-231B-4399-B1AA-7E9A9D670EDF} 2012-03-18 23:23:31 -------- d-----w- C:\Users\Jotun\AppData\Local\{06946A56-1D00-4217-B45F-E9FAFC67ED2C} 2012-03-18 19:13:55 -------- d-----w- C:\Users\Jotun\AppData\Local\{01F0604C-0FEC-4F29-8200-B620C9F80889} 2012-03-18 19:13:37 -------- d-----w- C:\Users\Jotun\AppData\Local\{944D182F-B66D-44AB-97AD-94756A4220BC} 2012-03-17 07:59:06 -------- d-----w- C:\Users\Jotun\AppData\Local\{D68B1E9A-8499-4C18-BA66-7DAA4869EC00} 2012-03-17 07:58:55 -------- d-----w- C:\Users\Jotun\AppData\Local\{1BF0B6A6-A454-4DB3-AAD1-97D2D55661C5} 2012-03-16 21:46:02 -------- d-----w- C:\Users\Jotun\AppData\Local\{A19E83EC-FE53-4BAC-98EC-B86982D16C3A} 2012-03-16 21:45:40 -------- d-----w- C:\Users\Jotun\AppData\Local\{E71E81B1-E7DE-49FA-BBCE-8F53A3BB81B8} 2012-03-16 01:54:47 -------- d-----w- C:\Users\Jotun\AppData\Local\{2D9ACC54-CD00-4CC4-B3A6-71F56FA94264} 2012-03-16 01:54:30 -------- d-----w- C:\Users\Jotun\AppData\Local\{6C9F4805-F8DD-4716-9F58-0B69574671F3} 2012-03-14 21:57:37 -------- d-----w- C:\Users\Jotun\AppData\Local\{F01156BF-D898-463E-9EE6-4B6F20033DC0} 2012-03-14 21:57:20 -------- d-----w- C:\Users\Jotun\AppData\Local\{5578ED4F-5E9C-4BD9-927B-C896624B804E} 2012-03-14 04:43:13 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-03-14 04:43:12 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-03-14 04:43:12 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-03-14 02:24:21 3145728 ----a-w- C:\Windows\System32\win32k.sys 2012-03-14 02:24:20 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2012-03-14 02:24:20 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-03-14 02:22:14 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-03-14 02:22:13 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-03-14 02:22:13 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-03-14 02:22:13 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-03-14 02:22:12 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-03-14 02:22:12 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-03-14 02:22:12 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-03-14 02:16:53 -------- d-----w- C:\Users\Jotun\AppData\Local\{E91D7996-E368-4332-81F0-A67FF3A9CF32} 2012-03-14 02:16:31 -------- d-----w- C:\Users\Jotun\AppData\Local\{77C6BBAC-E21D-4F03-8477-87634C4FAADC} 2012-03-13 00:37:55 -------- d-----w- C:\Users\Jotun\AppData\Local\{015F93DA-8F0A-465E-8D59-B38A936441EB} 2012-03-13 00:37:39 -------- d-----w- C:\Users\Jotun\AppData\Local\{FEDC7C9D-2C9E-46E5-BBF9-9276D7326BF6} 2012-03-11 23:14:11 -------- d-----w- C:\Users\Jotun\AppData\Local\{66815051-2F29-4F3B-92A6-ECBFDF129762} 2012-03-11 23:13:56 -------- d-----w- C:\Users\Jotun\AppData\Local\{6B9346A1-1A54-4737-8941-E556B51B7371} 2012-03-11 19:04:34 2515790 ----a-w- C:\Windows\System32\nvcoproc.bin 2012-03-11 19:03:07 962368 ----a-w- C:\Windows\System32\nvumdshimx.dll 2012-03-11 19:03:07 31040 ----a-w- C:\Windows\System32\nvhdap64.dll 2012-03-11 19:03:07 188224 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys 2012-03-11 19:03:07 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll 2012-03-11 15:44:17 -------- d-----w- C:\Users\Jotun\AppData\Local\{CC51CB81-BE3D-4D25-B8B7-B650A4C208AF} 2012-03-11 15:44:02 -------- d-----w- C:\Users\Jotun\AppData\Local\{3998B76E-B38A-4671-B98F-3EBAB59E83C6} 2012-03-09 22:51:47 -------- d-----w- C:\Users\Jotun\AppData\Local\{2DB7C4FC-F362-428A-B6FE-23783F61CC7C} 2012-03-09 22:51:20 -------- d-----w- C:\Users\Jotun\AppData\Local\{6221E4F2-ACEA-4AA3-B95F-8440A0054BED} 2012-03-09 01:48:28 -------- d-----w- C:\Users\Jotun\AppData\Local\{A9B146B9-0158-4CE4-9A30-B3B67FC68A96} 2012-03-09 01:47:52 -------- d-----w- C:\Users\Jotun\AppData\Local\{10C3BF97-7CBC-46AC-A834-C56BD07E7B02} 2012-03-08 04:41:16 -------- d-----w- C:\Users\Jotun\AppData\Local\{49801DD7-5FE0-41F7-8C36-F9C261187D1B} 2012-03-08 04:41:05 -------- d-----w- C:\Users\Jotun\AppData\Local\{29C117A1-EB60-4A57-B3B5-75032D37FF68} 2012-03-08 04:21:21 -------- d-----w- C:\Users\Jotun\AppData\Local\{7B872C8E-EB2C-4A0B-BC0E-AB77291EF929} 2012-03-08 04:20:55 -------- d-----w- C:\Users\Jotun\AppData\Local\{400C9424-CB14-489B-8BC6-0B8BBDAE631D} 2012-03-08 02:10:15 -------- d-----w- C:\Users\Jotun\AppData\Local\{9EE90EBC-7E53-4167-8564-1AD7C52D966E} 2012-03-08 02:10:00 -------- d-----w- C:\Users\Jotun\AppData\Local\{49A4287A-8E3A-4473-AAB0-CAA1A4FECFDC} 2012-03-07 05:08:51 -------- d-----w- C:\Users\Jotun\AppData\Local\{E8FCF6B1-10CD-461B-9DFE-29F8BC017452} 2012-03-07 05:08:40 -------- d-----w- C:\Users\Jotun\AppData\Local\{711ABE03-D0F6-45F3-BB33-28A8E2226C19} 2012-03-07 05:06:18 -------- d-----w- C:\Users\Jotun\AppData\Local\{C8F627C5-068D-4F8A-A8A4-D89E1453C8C5} 2012-03-07 05:06:05 -------- d-----w- C:\Users\Jotun\AppData\Local\{2A10263F-595B-4665-9AD5-DE6BB70247FA} 2012-03-06 23:20:40 -------- d-----w- C:\Users\Jotun\AppData\Local\{DCF36970-1F23-4A8C-97E5-F635B863CBCC} 2012-03-06 23:18:59 -------- d-----w- C:\Users\Jotun\AppData\Local\{7989FD77-66B8-49B7-8507-4741C0DB9B34} 2012-03-06 04:19:50 -------- d-----w- C:\Users\Jotun\AppData\Local\{D0C1D78E-DA63-4730-83CA-494A1835DDBD} 2012-03-06 04:19:20 -------- d-----w- C:\Users\Jotun\AppData\Local\{7783C698-7793-4AEF-856A-31343446CDC6} 2012-03-05 03:16:23 -------- d-----w- C:\Users\Jotun\AppData\Local\{56A94516-AF5B-4BC6-8F97-003470A94F2E} 2012-03-05 03:16:07 -------- d-----w- C:\Users\Jotun\AppData\Local\{7E412381-135B-4424-970D-9090F661B244} 2012-03-02 23:41:22 -------- d-----w- C:\Users\Jotun\AppData\Local\{5BAC771D-8ADE-4582-A988-15F43942AD62} 2012-03-02 23:41:03 -------- d-----w- C:\Users\Jotun\AppData\Local\{5F29D80A-009A-4D71-806A-AA553536884F} 2012-03-02 04:56:37 -------- d-----w- C:\Users\Jotun\AppData\Roaming\RotMG.Production 2012-03-02 04:33:40 -------- d-----w- C:\Users\Jotun\AppData\Local\{C49ABBF5-6510-458F-8345-F544F6579012} 2012-03-02 04:33:29 -------- d-----w- C:\Users\Jotun\AppData\Local\{57E8EB94-33E3-43ED-9AE0-C21BCD20F2D2} 2012-03-01 22:52:31 -------- d-----w- C:\Users\Jotun\AppData\Local\{01F1A5D6-F44C-4534-97BA-217EF00AE182} 2012-03-01 22:52:08 -------- d-----w- C:\Users\Jotun\AppData\Local\{CE11FDB1-CD79-46C8-9513-4A15F13FD24E} 2012-03-01 01:59:15 -------- d-----w- C:\Users\Jotun\AppData\Local\{727B1C0B-0439-4230-82D7-1D7791081AB1} 2012-03-01 01:59:00 -------- d-----w- C:\Users\Jotun\AppData\Local\{01680D58-5D00-4651-A23F-0CBDAED962D7} 2012-02-29 20:26:56 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe 2012-02-29 02:00:00 -------- d-----w- C:\Users\Jotun\AppData\Local\{83420A92-8222-4A6E-870D-00027937074D} 2012-02-29 01:59:41 -------- d-----w- C:\Users\Jotun\AppData\Local\{E043130A-DA72-4DF7-9B31-1658B29B6225} 2012-02-28 04:59:26 -------- d-----w- C:\Users\Jotun\AppData\Local\{D53C69CE-E3BD-4ADA-8789-0BB0628121C5} 2012-02-28 04:59:09 -------- d-----w- C:\Users\Jotun\AppData\Local\{3C59452C-66E1-45F5-9313-42EBBE61F87E} 2012-02-27 23:43:02 -------- d-----w- C:\Users\Jotun\AppData\Local\{CDBC561F-55F5-4C5E-89AB-EB41BFA2E679} 2012-02-27 23:42:34 -------- d-----w- C:\Users\Jotun\AppData\Local\{5F201652-EA17-49B1-B84D-0BF93372C465} 2012-02-27 03:54:42 -------- d-----w- C:\Users\Jotun\AppData\Local\{3914501E-EF96-469D-A82C-12976C5873E1} 2012-02-27 03:54:23 -------- d-----w- C:\Users\Jotun\AppData\Local\{037762FF-E2F6-467A-83B4-42B36CD2F779} . ==================== Find3M ==================== . 2012-02-29 21:00:22 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll 2012-02-29 21:00:09 6074176 ----a-w- C:\Windows\System32\nvcpl.dll 2012-02-29 20:59:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe 2012-02-29 20:59:47 63296 ----a-w- C:\Windows\System32\nvshext.dll 2012-02-29 20:59:47 118080 ----a-w- C:\Windows\System32\nvmctray.dll 2012-02-27 04:06:47 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-03 09:31:06 42392 ----a-w- C:\Windows\SysWow64\xfcodec.dll 2012-02-03 09:31:06 28056 ----a-w- C:\Windows\System32\xfcodec64.dll 2012-01-09 02:12:46 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-01-09 02:12:46 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-01-09 01:56:53 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll 2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll 2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl 2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl . ============= FINISH: 19:56:52.48 =============== --------------------------------------------------------------------------------------------------------------------------------- Here is the ATTACH file. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/26/2010 11:08:12 AM System Uptime: 3/27/2012 5:34:48 PM (2 hours ago) . Motherboard: EVGA | | 122-CK-NF68 Processor: IntelĀ® Core2 Duo CPU E6850 @ 3.00GHz | Socket 775 | 3000/83mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 298 GiB total, 150.245 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP258: 3/25/2012 8:30:17 PM - Scheduled Checkpoint RP259: 3/27/2012 7:04:40 PM - Norton Security Suite Registry . ==== Installed Programs ====================== . Adobe AIR Adobe Reader X (10.1.2) Audacity 1.3.12 (Unicode) Baldur's Gate Baldur's Gate II - Shadows of Amn Bastion Counter-Strike Counter-Strike: Source D3DX10 Day of Defeat Doom 3 FEAR GameSpy Arcade Garry's Mod GIMP 2.6.11 Half-Life Half-Life 2 Hi-Rez Studios Authenticate and Update Service HydraIRC Java Auto Updater Java 6 Update 29 Junk Mail filter update LAME v3.98.2 for Audacity Left 4 Dead 2 Line 6 Uninstaller Malwarebytes Anti-Malware version 1.60.1.1000 Microsoft .NET Framework 1.1 Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft XNA Framework Redistributable 3.1 Mount & Blade Demo MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MSXML4 Parser MTX MTXExtractor Norton Security Suite Notepad++ NVIDIA 3D Vision Controller Driver NVIDIA PhysX NVIDIA Stereoscopic 3D Driver OpenAL OpenOffice.org 3.2 Pando Media Booster Path of Exile Portforward Static IP Address 1.0.45 PunkBuster Services Quake Quake III Arena Quake III Arena Point Release 1.32 Quake Live Internet Explorer Plugin Realm of the Mad God Rhythm Rascal RollerCoaster Tycoon Deluxe Rune Rune - Halls of Valhalla Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Source Multiplayer Dedicated Server Source SDK Base 2007 SpeechRedist Steam ThreeWave CTF Models/Sounds Plus Maps (QuakeC source included, Torchlight Treasure Adventure Game Tribes Ascend Closed Beta ubi.com Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) VST Bridge 1.1 Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Xfire (remove only) Yahoo! Detect . ==== Event Viewer Messages From Past Week ======== . 3/27/2012 6:54:13 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system. 3/25/2012 6:59:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 3/25/2012 2:56:02 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 3/24/2012 5:04:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. 3/22/2012 8:09:26 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 3/20/2012 7:33:47 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 3/20/2012 7:28:49 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. . ==== End Of File ===========================