Sign in to follow this  
Followers 0
Jotun

Cannot access Google or Bing pages.

5 posts in this topic

Hello,

I'm new here. Couple of days ago I noticed that when I would use Google or Bing to search stuff, I would be redirected to some fake site. Now (03/27/12) I cannot access google or bing's website, I can't even use the search bar from msn.com for example.

I can access websites by typing in the URL, but when it comes to search engines it acts like I have no connection at all. I did some scans with malwarebytes trial version and Norton (both are updated), I got rid of some bugs but still didn't work.

I have seen other posts with the same problem as mine but I didn't want to risk trying the same methods they used since we all have different systems. Hopefully this is an easy fix..

Here are my DDS file and the ATTACH file.

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Jotun at 19:56:11 on 2012-03-27

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4116 [GMT -7:00]

.

AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll

TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL

mRun: [CTHelper] CTHELPER.EXE

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\Jotun\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NEVERW~1.LNK - C:\NeverwinterNights\NWN\ereg\ATR1.EXE

StartupFolder: C:\Users\Jotun\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: line6.net

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: Interfaces\{6B01D995-279E-42DB-9BFD-841CCDA8ED82} : NameServer = 68.87.69.150,68.87.85.102

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll

TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

mRun-x64: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL

mRun-x64: [CTHelper] CTHELPER.EXE

mRun-x64: [CTxfiHlp] CTXFIHLP.EXE

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

Hosts: 87.229.126.54 www.google.com

Hosts: 87.229.126.55 www.bing.com

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-20 1157240]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120327.002\IDSviA64.sys [2012-3-27 488568]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-1-27 8704]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-23 652360]

R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccsvchst.exe [2012-2-7 130008]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-11 2348352]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-3 138360]

R3 L6TPortB;Service - Line 6 TonePort UX2;C:\Windows\system32\Drivers\L6TPortB64.sys --> C:\Windows\system32\Drivers\L6TPortB64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 COMMONFX;COMMONFX;C:\Windows\system32\drivers\COMMONFX.SYS --> C:\Windows\system32\drivers\COMMONFX.SYS [?]

S3 CTAUDFX;CTAUDFX;C:\Windows\system32\drivers\CTAUDFX.SYS --> C:\Windows\system32\drivers\CTAUDFX.SYS [?]

S3 CTERFXFX;CTERFXFX;C:\Windows\system32\drivers\CTERFXFX.SYS --> C:\Windows\system32\drivers\CTERFXFX.SYS [?]

S3 CTSBLFX;CTSBLFX;C:\Windows\system32\drivers\CTSBLFX.SYS --> C:\Windows\system32\drivers\CTSBLFX.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-03-28 00:28:39 -------- d-----w- C:\Users\Jotun\AppData\Local\{01F609E6-B345-42C2-B1C3-231DB45A8F26}

2012-03-28 00:28:21 -------- d-----w- C:\Users\Jotun\AppData\Local\{ADF031E5-1228-4676-9AF3-9EA144B6318E}

2012-03-26 21:51:19 -------- d-----w- C:\Users\Jotun\AppData\Local\{4094C14D-9BDF-4440-995C-0A64BAE18126}

2012-03-26 21:51:00 -------- d-----w- C:\Users\Jotun\AppData\Local\{D281A44E-2D36-4CA9-A868-BCD8F53186D5}

2012-03-25 20:44:38 -------- d-----w- C:\Program Files (x86)\GOG.com

2012-03-25 19:21:37 -------- d-----w- C:\Users\Jotun\AppData\Local\{34FD17A1-51DF-4353-8070-40D7DC516CEB}

2012-03-25 19:21:25 -------- d-----w- C:\Users\Jotun\AppData\Local\{C15C4D99-0817-4882-9C7C-51A373F6E29F}

2012-03-25 19:15:29 -------- d-----w- C:\Users\Jotun\AppData\Local\{AF9064B4-6ED3-47AC-B770-0E0052B4D5CE}

2012-03-25 19:15:14 -------- d-----w- C:\Users\Jotun\AppData\Local\{4A793CF1-5452-4BEA-A477-F3CC87F050E3}

2012-03-25 04:14:26 -------- d-----w- C:\Program Files (x86)\GOGcom

2012-03-25 01:34:40 -------- d-----w- C:\Users\Jotun\AppData\Local\{46CBDCE6-146D-40C3-9D4B-D07608FE7B1D}

2012-03-25 01:34:24 -------- d-----w- C:\Users\Jotun\AppData\Local\{EEF18F1F-A96A-49CB-9054-05D9EEA6145B}

2012-03-24 16:38:54 -------- d-----w- C:\Users\Jotun\AppData\Local\{7FD89947-479B-4B3B-B090-FC800AB474BB}

2012-03-24 16:38:33 -------- d-----w- C:\Users\Jotun\AppData\Local\{68C3D0AD-E604-425E-AF21-E88B4346EA4D}

2012-03-24 05:26:58 -------- d-----w- C:\Users\Jotun\AppData\Roaming\Malwarebytes

2012-03-24 05:26:52 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-24 05:26:52 -------- d-----w- C:\ProgramData\Malwarebytes

2012-03-24 05:26:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-03-24 01:15:21 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-03-24 01:15:21 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-03-23 21:53:51 -------- d-----w- C:\Users\Jotun\AppData\Local\{B7AAF9F5-C78C-4520-B2D9-DC0FE2E6D8F4}

2012-03-23 21:53:22 -------- d-----w- C:\Users\Jotun\AppData\Local\{F7B0F365-C7E3-4E35-A0D2-860AB70B4A5C}

2012-03-23 03:10:32 -------- d-----w- C:\Users\Jotun\AppData\Local\{816017EB-6A90-4CDF-A2DA-4B886FC7E78F}

2012-03-23 03:10:13 -------- d-----w- C:\Users\Jotun\AppData\Local\{7839ECE1-F2C1-4508-AAF6-6F4121A7685B}

2012-03-22 03:22:41 -------- d-----w- C:\Users\Jotun\AppData\Local\{F4DB6692-A624-44B1-ACB8-3A7EB96CC86D}

2012-03-22 00:14:51 -------- d-----w- C:\Users\Jotun\AppData\Local\{99A1FF24-09DD-4CF0-B4B3-A6F2EC790E60}

2012-03-22 00:14:13 -------- d-----w- C:\Users\Jotun\AppData\Local\{B3854D08-AC45-49D8-B953-B7F7AD4CBD53}

2012-03-21 02:49:10 -------- d-----w- C:\Users\Jotun\AppData\Local\{CFFE1B7A-2D78-41F0-AB2D-7A0458069AA6}

2012-03-21 02:48:57 -------- d-----w- C:\Users\Jotun\AppData\Local\{45903A39-CB83-4BA1-A61D-B76EB408E6CA}

2012-03-21 02:23:09 -------- d-----w- C:\Users\Jotun\AppData\Local\{816904D6-0C07-48BE-9EEA-3A5577C309C2}

2012-03-21 02:22:46 -------- d-----w- C:\Users\Jotun\AppData\Local\{FDD5BF12-1550-4ED3-BE3D-47EA666E22E3}

2012-03-18 23:23:45 -------- d-----w- C:\Users\Jotun\AppData\Local\{FEF84A7B-231B-4399-B1AA-7E9A9D670EDF}

2012-03-18 23:23:31 -------- d-----w- C:\Users\Jotun\AppData\Local\{06946A56-1D00-4217-B45F-E9FAFC67ED2C}

2012-03-18 19:13:55 -------- d-----w- C:\Users\Jotun\AppData\Local\{01F0604C-0FEC-4F29-8200-B620C9F80889}

2012-03-18 19:13:37 -------- d-----w- C:\Users\Jotun\AppData\Local\{944D182F-B66D-44AB-97AD-94756A4220BC}

2012-03-17 07:59:06 -------- d-----w- C:\Users\Jotun\AppData\Local\{D68B1E9A-8499-4C18-BA66-7DAA4869EC00}

2012-03-17 07:58:55 -------- d-----w- C:\Users\Jotun\AppData\Local\{1BF0B6A6-A454-4DB3-AAD1-97D2D55661C5}

2012-03-16 21:46:02 -------- d-----w- C:\Users\Jotun\AppData\Local\{A19E83EC-FE53-4BAC-98EC-B86982D16C3A}

2012-03-16 21:45:40 -------- d-----w- C:\Users\Jotun\AppData\Local\{E71E81B1-E7DE-49FA-BBCE-8F53A3BB81B8}

2012-03-16 01:54:47 -------- d-----w- C:\Users\Jotun\AppData\Local\{2D9ACC54-CD00-4CC4-B3A6-71F56FA94264}

2012-03-16 01:54:30 -------- d-----w- C:\Users\Jotun\AppData\Local\{6C9F4805-F8DD-4716-9F58-0B69574671F3}

2012-03-14 21:57:37 -------- d-----w- C:\Users\Jotun\AppData\Local\{F01156BF-D898-463E-9EE6-4B6F20033DC0}

2012-03-14 21:57:20 -------- d-----w- C:\Users\Jotun\AppData\Local\{5578ED4F-5E9C-4BD9-927B-C896624B804E}

2012-03-14 04:43:13 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-14 04:43:12 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-14 04:43:12 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-03-14 02:24:21 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-03-14 02:24:20 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-14 02:24:20 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-14 02:22:14 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-03-14 02:22:13 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-03-14 02:22:13 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-03-14 02:22:13 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-03-14 02:22:12 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-03-14 02:22:12 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-03-14 02:22:12 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-03-14 02:16:53 -------- d-----w- C:\Users\Jotun\AppData\Local\{E91D7996-E368-4332-81F0-A67FF3A9CF32}

2012-03-14 02:16:31 -------- d-----w- C:\Users\Jotun\AppData\Local\{77C6BBAC-E21D-4F03-8477-87634C4FAADC}

2012-03-13 00:37:55 -------- d-----w- C:\Users\Jotun\AppData\Local\{015F93DA-8F0A-465E-8D59-B38A936441EB}

2012-03-13 00:37:39 -------- d-----w- C:\Users\Jotun\AppData\Local\{FEDC7C9D-2C9E-46E5-BBF9-9276D7326BF6}

2012-03-11 23:14:11 -------- d-----w- C:\Users\Jotun\AppData\Local\{66815051-2F29-4F3B-92A6-ECBFDF129762}

2012-03-11 23:13:56 -------- d-----w- C:\Users\Jotun\AppData\Local\{6B9346A1-1A54-4737-8941-E556B51B7371}

2012-03-11 19:04:34 2515790 ----a-w- C:\Windows\System32\nvcoproc.bin

2012-03-11 19:03:07 962368 ----a-w- C:\Windows\System32\nvumdshimx.dll

2012-03-11 19:03:07 31040 ----a-w- C:\Windows\System32\nvhdap64.dll

2012-03-11 19:03:07 188224 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys

2012-03-11 19:03:07 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll

2012-03-11 15:44:17 -------- d-----w- C:\Users\Jotun\AppData\Local\{CC51CB81-BE3D-4D25-B8B7-B650A4C208AF}

2012-03-11 15:44:02 -------- d-----w- C:\Users\Jotun\AppData\Local\{3998B76E-B38A-4671-B98F-3EBAB59E83C6}

2012-03-09 22:51:47 -------- d-----w- C:\Users\Jotun\AppData\Local\{2DB7C4FC-F362-428A-B6FE-23783F61CC7C}

2012-03-09 22:51:20 -------- d-----w- C:\Users\Jotun\AppData\Local\{6221E4F2-ACEA-4AA3-B95F-8440A0054BED}

2012-03-09 01:48:28 -------- d-----w- C:\Users\Jotun\AppData\Local\{A9B146B9-0158-4CE4-9A30-B3B67FC68A96}

2012-03-09 01:47:52 -------- d-----w- C:\Users\Jotun\AppData\Local\{10C3BF97-7CBC-46AC-A834-C56BD07E7B02}

2012-03-08 04:41:16 -------- d-----w- C:\Users\Jotun\AppData\Local\{49801DD7-5FE0-41F7-8C36-F9C261187D1B}

2012-03-08 04:41:05 -------- d-----w- C:\Users\Jotun\AppData\Local\{29C117A1-EB60-4A57-B3B5-75032D37FF68}

2012-03-08 04:21:21 -------- d-----w- C:\Users\Jotun\AppData\Local\{7B872C8E-EB2C-4A0B-BC0E-AB77291EF929}

2012-03-08 04:20:55 -------- d-----w- C:\Users\Jotun\AppData\Local\{400C9424-CB14-489B-8BC6-0B8BBDAE631D}

2012-03-08 02:10:15 -------- d-----w- C:\Users\Jotun\AppData\Local\{9EE90EBC-7E53-4167-8564-1AD7C52D966E}

2012-03-08 02:10:00 -------- d-----w- C:\Users\Jotun\AppData\Local\{49A4287A-8E3A-4473-AAB0-CAA1A4FECFDC}

2012-03-07 05:08:51 -------- d-----w- C:\Users\Jotun\AppData\Local\{E8FCF6B1-10CD-461B-9DFE-29F8BC017452}

2012-03-07 05:08:40 -------- d-----w- C:\Users\Jotun\AppData\Local\{711ABE03-D0F6-45F3-BB33-28A8E2226C19}

2012-03-07 05:06:18 -------- d-----w- C:\Users\Jotun\AppData\Local\{C8F627C5-068D-4F8A-A8A4-D89E1453C8C5}

2012-03-07 05:06:05 -------- d-----w- C:\Users\Jotun\AppData\Local\{2A10263F-595B-4665-9AD5-DE6BB70247FA}

2012-03-06 23:20:40 -------- d-----w- C:\Users\Jotun\AppData\Local\{DCF36970-1F23-4A8C-97E5-F635B863CBCC}

2012-03-06 23:18:59 -------- d-----w- C:\Users\Jotun\AppData\Local\{7989FD77-66B8-49B7-8507-4741C0DB9B34}

2012-03-06 04:19:50 -------- d-----w- C:\Users\Jotun\AppData\Local\{D0C1D78E-DA63-4730-83CA-494A1835DDBD}

2012-03-06 04:19:20 -------- d-----w- C:\Users\Jotun\AppData\Local\{7783C698-7793-4AEF-856A-31343446CDC6}

2012-03-05 03:16:23 -------- d-----w- C:\Users\Jotun\AppData\Local\{56A94516-AF5B-4BC6-8F97-003470A94F2E}

2012-03-05 03:16:07 -------- d-----w- C:\Users\Jotun\AppData\Local\{7E412381-135B-4424-970D-9090F661B244}

2012-03-02 23:41:22 -------- d-----w- C:\Users\Jotun\AppData\Local\{5BAC771D-8ADE-4582-A988-15F43942AD62}

2012-03-02 23:41:03 -------- d-----w- C:\Users\Jotun\AppData\Local\{5F29D80A-009A-4D71-806A-AA553536884F}

2012-03-02 04:56:37 -------- d-----w- C:\Users\Jotun\AppData\Roaming\RotMG.Production

2012-03-02 04:33:40 -------- d-----w- C:\Users\Jotun\AppData\Local\{C49ABBF5-6510-458F-8345-F544F6579012}

2012-03-02 04:33:29 -------- d-----w- C:\Users\Jotun\AppData\Local\{57E8EB94-33E3-43ED-9AE0-C21BCD20F2D2}

2012-03-01 22:52:31 -------- d-----w- C:\Users\Jotun\AppData\Local\{01F1A5D6-F44C-4534-97BA-217EF00AE182}

2012-03-01 22:52:08 -------- d-----w- C:\Users\Jotun\AppData\Local\{CE11FDB1-CD79-46C8-9513-4A15F13FD24E}

2012-03-01 01:59:15 -------- d-----w- C:\Users\Jotun\AppData\Local\{727B1C0B-0439-4230-82D7-1D7791081AB1}

2012-03-01 01:59:00 -------- d-----w- C:\Users\Jotun\AppData\Local\{01680D58-5D00-4651-A23F-0CBDAED962D7}

2012-02-29 20:26:56 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2012-02-29 02:00:00 -------- d-----w- C:\Users\Jotun\AppData\Local\{83420A92-8222-4A6E-870D-00027937074D}

2012-02-29 01:59:41 -------- d-----w- C:\Users\Jotun\AppData\Local\{E043130A-DA72-4DF7-9B31-1658B29B6225}

2012-02-28 04:59:26 -------- d-----w- C:\Users\Jotun\AppData\Local\{D53C69CE-E3BD-4ADA-8789-0BB0628121C5}

2012-02-28 04:59:09 -------- d-----w- C:\Users\Jotun\AppData\Local\{3C59452C-66E1-45F5-9313-42EBBE61F87E}

2012-02-27 23:43:02 -------- d-----w- C:\Users\Jotun\AppData\Local\{CDBC561F-55F5-4C5E-89AB-EB41BFA2E679}

2012-02-27 23:42:34 -------- d-----w- C:\Users\Jotun\AppData\Local\{5F201652-EA17-49B1-B84D-0BF93372C465}

2012-02-27 03:54:42 -------- d-----w- C:\Users\Jotun\AppData\Local\{3914501E-EF96-469D-A82C-12976C5873E1}

2012-02-27 03:54:23 -------- d-----w- C:\Users\Jotun\AppData\Local\{037762FF-E2F6-467A-83B4-42B36CD2F779}

.

==================== Find3M ====================

.

2012-02-29 21:00:22 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-02-29 21:00:09 6074176 ----a-w- C:\Windows\System32\nvcpl.dll

2012-02-29 20:59:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-02-29 20:59:47 63296 ----a-w- C:\Windows\System32\nvshext.dll

2012-02-29 20:59:47 118080 ----a-w- C:\Windows\System32\nvmctray.dll

2012-02-27 04:06:47 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-03 09:31:06 42392 ----a-w- C:\Windows\SysWow64\xfcodec.dll

2012-02-03 09:31:06 28056 ----a-w- C:\Windows\System32\xfcodec64.dll

2012-01-09 02:12:46 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-01-09 02:12:46 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-01-09 01:56:53 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl

2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

.

============= FINISH: 19:56:52.48 ===============

---------------------------------------------------------------------------------------------------------------------------------

Here is the ATTACH file.

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 12/26/2010 11:08:12 AM

System Uptime: 3/27/2012 5:34:48 PM (2 hours ago)

.

Motherboard: EVGA | | 122-CK-NF68

Processor: Intel® Core2 Duo CPU E6850 @ 3.00GHz | Socket 775 | 3000/83mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 298 GiB total, 150.245 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP258: 3/25/2012 8:30:17 PM - Scheduled Checkpoint

RP259: 3/27/2012 7:04:40 PM - Norton Security Suite Registry

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Reader X (10.1.2)

Audacity 1.3.12 (Unicode)

Baldur's Gate

Baldur's Gate II - Shadows of Amn

Bastion

Counter-Strike

Counter-Strike: Source

D3DX10

Day of Defeat

Doom 3

FEAR

GameSpy Arcade

Garry's Mod

GIMP 2.6.11

Half-Life

Half-Life 2

Hi-Rez Studios Authenticate and Update Service

HydraIRC

Java Auto Updater

Java 6 Update 29

Junk Mail filter update

LAME v3.98.2 for Audacity

Left 4 Dead 2

Line 6 Uninstaller

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft .NET Framework 1.1

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft XNA Framework Redistributable 3.1

Mount & Blade Demo

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML4 Parser

MTX

MTXExtractor

Norton Security Suite

Notepad++

NVIDIA 3D Vision Controller Driver

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

OpenAL

OpenOffice.org 3.2

Pando Media Booster

Path of Exile

Portforward Static IP Address 1.0.45

PunkBuster Services

Quake

Quake III Arena

Quake III Arena Point Release 1.32

Quake Live Internet Explorer Plugin

Realm of the Mad God

Rhythm Rascal

RollerCoaster Tycoon Deluxe

Rune

Rune - Halls of Valhalla

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Source Multiplayer Dedicated Server

Source SDK Base 2007

SpeechRedist

Steam

ThreeWave CTF Models/Sounds Plus Maps (QuakeC source included,

Torchlight

Treasure Adventure Game

Tribes Ascend Closed Beta

ubi.com

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

VST Bridge 1.1

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Xfire (remove only)

Yahoo! Detect

.

==== Event Viewer Messages From Past Week ========

.

3/27/2012 6:54:13 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

3/25/2012 6:59:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

3/25/2012 2:56:02 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

3/24/2012 5:04:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

3/22/2012 8:09:26 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

3/20/2012 7:33:47 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

3/20/2012 7:28:49 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.