Jump to content

Something keeps Redirecting, something....evil


Recommended Posts

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-07.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 8/23/2012 5:58:39 PM

System Uptime: 11/6/2012 12:49:03 AM (64 hours ago)

.

Motherboard: Intel Corporation | | DH55HC

Processor: Intel® Core i5 CPU 760 @ 2.80GHz | XU1 | 2235/533mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 343.038 GiB free.

D: is CDROM (UDF)

E: is FIXED (NTFS) - 932 GiB total, 717.212 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP36: 10/25/2012 5:26:19 PM - Windows Update

RP37: 10/28/2012 7:45:57 PM - Windows Update

RP38: 11/2/2012 3:54:11 PM - Windows Update

RP39: 11/3/2012 6:03:23 PM - Installed Java 7 Update 9

RP40: 11/3/2012 6:27:50 PM - Removed Java 7 Update 9

RP41: 11/3/2012 6:28:10 PM - Removed Java 7 Update 9

RP42: 11/3/2012 6:31:34 PM - Installed Java 7 Update 9

RP43: 11/3/2012 6:33:28 PM - Removed Java 7 Update 9

RP44: 11/3/2012 6:45:06 PM - Installed Java 7 Update 6 (64-bit)

RP45: 11/6/2012 3:46:16 PM - Windows Update

.

==== Installed Programs ======================

.

µTorrent

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Media Foundation Decoders

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ARMA 2

ARMA 2: Operation Arrowhead

Bonjour

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

Command and Conquer 3: Tiberium Wars

Garry's Mod

Google Chrome

Guild Wars 2

Intel® Network Connections 17.0.200.2

iTunes

Java 7 Update 6 (64-bit)

League of Legends

LogMeIn Hamachi

Malwarebytes Anti-Malware version 1.65.1.1000

McAfee Security Scan Plus

Microsoft .NET Framework 4 Client Profile

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 15.0.1 (x86 en-US)

Mozilla Maintenance Service

Mumble 1.2.3

Origin

Pando Media Booster

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Skype Click to Call

Skype™ 5.10

Spotify

Steam

System Requirements Lab for Intel

Team Fortress 2

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

WinRAR 4.20 (64-bit)

.

==== Event Viewer Messages From Past Week ========

.

11/7/2012 9:45:10 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

11/5/2012 5:15:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

.

==== End Of File ===========================

Link to post
Share on other sites

DDS (Ver_2012-11-07.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16450

Run by Little Biatch at 16:30:58 on 2012-11-08

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4029.1707 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Windows\system32\IProsetMonitor.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\Little Biatch\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

C:\Windows\system32\taskhost.exe

C:\Users\Little Biatch\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Little Biatch\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Little Biatch\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.101\deploy\LoLLauncher.exe

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.220\deploy\LolClient.exe

C:\Users\Little Biatch\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files (x86)\iTunes\iTunes.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Users\Little Biatch\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Little Biatch\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Little Biatch\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://blekkosearch.mystart.com/blekko_soc/?source=f06b8e24&toolbarid=blekkotb_sa5&u=831E46F369C25FD87FFDCC5093050AB1&tbp=homepage&v=1_2

mWinlogon: Userinit = userinit.exe

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

uRun: [Google Update] "C:\Users\Little Biatch\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [spotify Web Helper] "C:\Users\Little Biatch\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 192.168.1.1 216.211.190.3 216.211.191.9

TCP: Interfaces\{3C553EB1-711C-4396-ABE3-DC3358057CAD} : DHCPNameServer = 192.168.1.1 216.211.190.3 216.211.191.9

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

Hosts: 69.171.228.74 https://www.facebook.com

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Little Biatch\AppData\Roaming\Mozilla\Firefox\Profiles\mpg7jcq3.default\

FF - prefs.js: browser.search.selectedEngine - blekko

FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source=f06b8e24&tbp=rbox&toolbarid=blekkotb_sa5&u=831E46F369C25FD87FFDCC5093050AB1&q=

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Users\Little Biatch\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-3 238080]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-8-29 2369960]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-8-23 189608]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-29 399432]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2012-8-23 509104]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]

R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-29 676936]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-8-31 25928]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-2 227232]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-8-24 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-24 1255736]

.

=============== Created Last 30 ================

.

2012-11-08 00:08:54 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{346347F1-D44D-4DD0-918A-8396AEFE6D1E}\mpengine.dll

2012-11-06 22:46:40 9291768 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-11-06 05:19:24 -------- d-----w- C:\Users\Little Biatch\All_That_Remains-A_War_You_Cannot_Win-2012-KzT

2012-11-04 00:45:34 916456 ----a-w- C:\Windows\System32\deployJava1.dll

2012-11-04 00:45:34 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll

2012-11-04 00:45:29 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2012-11-01 23:28:09 -------- d-----w- C:\Users\Little Biatch\AppData\Roaming\logs

2012-11-01 23:26:41 -------- d-----w- C:\ProgramData\blekko toolbars

2012-11-01 03:20:10 -------- d-----w- C:\Users\Little Biatch\AppData\Roaming\LOVE

2012-10-20 18:42:36 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F3347DDB-FF18-4581-83A7-E1DDF16548C8}\gapaengine.dll

2012-10-14 19:45:04 -------- d-----w- C:\Users\Little Biatch\AppData\Local\LogMeIn Hamachi

2012-10-14 19:44:45 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi

2012-10-13 23:59:28 -------- d-----w- C:\Users\Little Biatch\AppData\Roaming\Origin

2012-10-13 23:59:28 -------- d-----w- C:\Program Files (x86)\Origin Games

2012-10-13 23:59:24 -------- d-----w- C:\Users\Little Biatch\AppData\Local\Origin

2012-10-13 23:57:23 -------- d-----w- C:\ProgramData\Origin

2012-10-13 23:57:22 -------- d-----w- C:\ProgramData\Electronic Arts

2012-10-13 23:57:04 -------- d-----w- C:\Program Files (x86)\Origin

2012-10-10 23:14:58 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-10-10 23:14:52 220160 ----a-w- C:\Windows\System32\wintrust.dll

2012-10-10 23:14:52 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-10-10 23:14:48 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-10-10 23:14:48 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-10-10 23:14:45 715776 ----a-w- C:\Windows\System32\kerberos.dll

2012-10-10 23:14:45 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll

2012-10-10 23:14:39 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-10-10 23:14:39 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2012-10-10 23:14:39 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-10-10 23:14:39 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-10-10 23:14:39 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-10-10 23:14:39 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

.

==================== Find3M ====================

.

2012-11-04 00:31:42 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-11-04 00:31:42 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-10-08 23:56:00 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-10-08 23:55:59 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-30 01:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-21 02:38:16 175616 ----a-w- C:\Windows\System32\msclmd.dll

2012-09-21 02:38:16 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2012-08-31 04:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2012-08-31 04:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-08-24 00:55:39 0 ----a-w- C:\Windows\ativpsrm.bin

2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe

2012-08-21 19:01:20 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2012-08-21 19:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll

2012-08-21 19:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 16:31:40.51 ===============

Link to post
Share on other sites

  • Staff

Hello and welcome to Malwarebytes, Comminuo :)

  • I will be helping with your computer problems.
  • From this point on, it is very important that you refrain from doing anything else to your computer other than what I have requested of you.
  • I do not mind if you browse the web, do basic tasks, or even test to see if the problem(s) you are experiencing are still occurring with the computer while we are working together, but do not run any tools/fixes unless I or another helper from this thread has asked you to do so.
  • Remember that you came here for help, so allow us to help you :)
  • If something does not run, make a detailed note of what problems you encountered along the way (exact error messages are preferred), but continue onto the next steps until you reach the end of my post.
  • Always do the steps they are listed in (left to right, top to bottom).
  • I prefer that you complete all the steps while you are in Normal Mode. However, I understand that sometimes this is not possible. If you are unsuccessful in getting a tool/fix to run from Normal Mode, but Safe Mode works, then use Safe Mode.
  • If you have a question about something, do not hesitate to ask.

Let's begin:

programsandfeatureswin7.gif From Programs and Features (via Control Panel), please uninstall the below:

  • Java 7 Update 6 (64-bit) <-- Outdated

__

  • Please download and install CCleaner Slim
  • Open CCleaner and click the Options button
  • Now choose Advanced
  • Uncheck everything here except for Skip User Account Control warning
  • Now click the Cleaner button and press the Run Cleaner button at the bottom right of the program.
  • If this is your first time running this program, a prompt may appear asking for confirmation to delete temporary files. Go ahead and proceed.

__

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please attach JRT.txt to your next message

__

Now run DDS once more and post the newest DDS.txt for me to review.

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.