Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow computer and random redirects


  • This topic is locked This topic is locked
4 replies to this topic

#1 mullaonswag

mullaonswag

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 16 August 2014 - 03:34 AM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17239  BrowserJavaVersion: 10.67.2
Run by jol at 11:32:07 on 2014-08-16
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.358.1033.18.8157.6519 [GMT 3:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Online Armor Firewall *Enabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Online Armor\OAcat.exe
C:\Program Files (x86)\Online Armor\oasrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Online Armor\oaui.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Online Armor\OAhlp.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
mSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableSecureUIAPath = dword:1
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 77.223.60.102 77.223.61.2
TCP: Interfaces\{D6DC1512-DF3E-4E9F-A9F9-1C3D96EE6DE7} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{D6DC1512-DF3E-4E9F-A9F9-1C3D96EE6DE7} : DHCPNameServer = 77.223.60.102 77.223.61.2
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\System32\wpdshserviceobj.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4
x64-Run: [@OnlineArmor GUI] "C:\Program Files (x86)\Online Armor\oaui.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\windows\System32\rundll32.exe C:\windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\System32\wpdshserviceobj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2014-7-27 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2014-7-27 224896]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2014-7-27 1041168]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswsp.sys [2014-7-27 427360]
R1 OADevice;OADriver;C:\Windows\SysWOW64\drivers\OADriver.sys [2014-7-27 64720]
R1 oahlpXX;Online Armor helper driver;C:\Windows\SysWOW64\drivers\oahlp64.sys [2014-7-27 62008]
R1 OAmon;OAmon;C:\Windows\SysWOW64\drivers\OAmon.sys [2014-7-27 52360]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2014-7-11 915584]
R2 aswHwid;avast! HardwareID;C:\windows\System32\drivers\aswHwid.sys [2014-7-27 29208]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2014-7-27 79184]
R2 aswStm;aswStm;C:\windows\System32\drivers\aswStm.sys [2014-7-27 92008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-7-27 50344]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-8-16 1720608]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-8-16 18956064]
R2 OAcat;Online Armor Helper Service;C:\Program Files (x86)\Online Armor\oacat.exe [2014-7-27 584864]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-8-16 411936]
R2 SvcOnlineArmor;Online Armor;C:\Program Files (x86)\Online Armor\oasrv.exe [2014-7-27 4457688]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-7-19 5037888]
R3 asmthub3;ASMedia USB3 Hub Service;C:\windows\System32\drivers\asmthub3.sys [2013-12-16 138456]
R3 asmtxhci;ASMEDIA XHCI Service;C:\windows\System32\drivers\asmtxhci.sys [2013-12-16 422616]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-8-16 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\windows\System32\drivers\nvvad64v.sys [2014-8-16 40392]
R3 OAnet;OnlineArmor Service;C:\windows\System32\drivers\OAnet.sys [2014-7-27 35368]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2014-6-21 707688]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\windows\System32\drivers\ew_usbenumfilter.sys [2014-6-21 14336]
S3 huawei_cdcacm;huawei_cdcacm;C:\windows\System32\drivers\ew_jucdcacm.sys [2014-6-21 104960]
S3 huawei_enumerator;huawei_enumerator;C:\windows\System32\drivers\ew_jubusenum.sys [2014-6-21 90112]
S3 huawei_ext_ctrl;huawei_ext_ctrl;C:\windows\System32\drivers\ew_juextctrl.sys [2014-6-21 30720]
S3 huawei_wwanecm;huawei_wwanecm;C:\windows\System32\drivers\ew_juwwanecm.sys [2014-6-21 240128]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-8-15 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2014-6-21 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2014-6-21 246376]
S3 SWDUMon;SWDUMon;C:\windows\System32\drivers\SWDUMon.sys [2014-6-21 16152]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-6-21 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2014-6-21 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2014-6-21 1255736]
.
=============== Created Last 30 ================
.
2014-08-16 07:01:54 1715224 ----a-w- C:\windows\System32\nvspbridge64.dll
2014-08-16 07:01:54 1291280 ----a-w- C:\windows\SysWow64\nvspbridge.dll
2014-08-16 07:01:54 1283136 ----a-w- C:\windows\System32\nvspcap64.dll
2014-08-16 07:01:54 1126480 ----a-w- C:\windows\SysWow64\nvspcap.dll
2014-08-16 07:01:54 -------- d-----w- C:\Users\jol\AppData\Local\NVIDIA Corporation
2014-08-16 07:01:54 -------- d-----w- C:\Users\jol\AppData\Local\NVIDIA
2014-08-16 07:01:08 609240 ----a-w- C:\windows\SysWow64\nvStreaming.exe
2014-08-16 07:00:39 935368 ----a-w- C:\windows\System32\nvvsvc.exe
2014-08-16 07:00:39 6783776 ----a-w- C:\windows\System32\nvcpl.dll
2014-08-16 07:00:39 62808 ----a-w- C:\windows\System32\nvshext.dll
2014-08-16 07:00:39 386520 ----a-w- C:\windows\System32\nvmctray.dll
2014-08-16 07:00:39 3826628 ----a-w- C:\windows\System32\nvcoproc.bin
2014-08-16 07:00:39 3522392 ----a-w- C:\windows\System32\nvsvc64.dll
2014-08-16 07:00:28 75040 ----a-w- C:\windows\System32\OpenCL.dll
2014-08-16 07:00:28 61912 ----a-w- C:\windows\SysWow64\OpenCL.dll
2014-08-16 07:00:18 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2014-08-16 07:00:14 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2014-08-16 06:58:34 -------- d-----w- C:\Program Files\NVIDIA Corporation
2014-08-16 06:58:08 -------- d-----w- C:\NVIDIA
2014-08-16 06:52:51 -------- d-----w- C:\ProgramData\Oracle
2014-08-16 06:52:16 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-16 06:43:47 190464 ----a-w- C:\windows\PAExec.exe
2014-08-16 06:33:05 -------- d-----w- C:\Program Files (x86)\Driver Fusion
2014-08-15 22:05:15 -------- d-sh--w- C:\$RECYCLE.BIN
2014-08-15 21:55:32 98816 ----a-w- C:\windows\sed.exe
2014-08-15 21:55:32 256000 ----a-w- C:\windows\PEV.exe
2014-08-15 21:55:32 208896 ----a-w- C:\windows\MBR.exe
2014-08-15 21:49:47 -------- d-----w- C:\AdwCleaner
2014-08-15 17:39:19 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-08-15 17:39:12 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-08-15 17:39:11 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-08-15 17:39:11 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-08-15 17:39:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-15 15:52:03 -------- d-----w- C:\FRST
2014-08-15 12:46:37 99480 ----a-w- C:\windows\SysWow64\infocardapi.dll
2014-08-15 12:46:37 619672 ----a-w- C:\windows\SysWow64\icardagt.exe
2014-08-15 12:46:37 171160 ----a-w- C:\windows\System32\infocardapi.dll
2014-08-15 12:46:37 1389208 ----a-w- C:\windows\System32\icardagt.exe
2014-08-15 12:46:35 8856 ----a-w- C:\windows\SysWow64\icardres.dll
2014-08-15 12:46:35 8856 ----a-w- C:\windows\System32\icardres.dll
2014-08-15 12:46:08 35480 ----a-w- C:\windows\SysWow64\TsWpfWrp.exe
2014-08-15 12:46:08 35480 ----a-w- C:\windows\System32\TsWpfWrp.exe
2014-08-15 12:43:51 7168 ----a-w- C:\windows\SysWow64\KBDYAK.DLL
2014-08-12 15:04:44 -------- d-----w- C:\Program Files\Speccy
2014-08-05 11:09:38 -------- d-----w- C:\ProgramData\IsolatedStorage
2014-08-05 10:50:00 28640 ----a-w- C:\windows\System32\DriveCleanup.exe
2014-08-04 11:18:12 -------- d-----w- C:\Users\jol\AppData\Roaming\TS3Client
2014-08-04 11:17:55 -------- d-----w- C:\Program Files (x86)\TeamSpeak 3 Client
2014-08-04 09:50:23 -------- d-----w- C:\Program Files\WOT
2014-08-04 09:50:23 -------- d-----w- C:\Program Files (x86)\WOT
2014-07-29 23:08:37 -------- d-----w- C:\Fraps
2014-07-29 22:55:37 -------- d-----w- C:\Users\jol\AppData\Roaming\BANDISOFT
2014-07-29 14:30:32 -------- d--h--w- C:\windows\AxInstSV
2014-07-29 13:28:00 -------- d-----w- C:\ProgramData\Malwarebytes
2014-07-28 14:32:44 -------- d-----w- C:\Users\jol\AppData\Local\Locktime
2014-07-28 08:16:00 253952 ------w- C:\windows\Setup1.exe
2014-07-28 08:15:59 73216 ----a-w- C:\windows\ST6UNST.EXE
2014-07-27 16:11:58 -------- d-----w- C:\windows\$regcmp$
2014-07-27 00:48:08 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-07-27 00:42:12 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2014-07-26 23:17:33 -------- d-----w- C:\Users\jol\AppData\Roaming\OnlineArmor
2014-07-26 23:17:33 -------- d-----w- C:\ProgramData\OnlineArmor
2014-07-26 23:16:45 64720 ----a-w- C:\windows\SysWow64\drivers\OADriver.sys
2014-07-26 23:16:45 62008 ----a-w- C:\windows\SysWow64\drivers\oahlp64.sys
2014-07-26 23:16:45 52360 ----a-w- C:\windows\SysWow64\drivers\OAmon.sys
2014-07-26 23:16:45 35368 ----a-w- C:\windows\System32\drivers\OAnet.sys
2014-07-26 23:16:43 -------- d-----w- C:\Program Files (x86)\Online Armor
2014-07-26 23:15:28 -------- d-----w- C:\Users\jol\AppData\Roaming\AVAST Software
2014-07-26 23:15:12 92008 ----a-w- C:\windows\System32\drivers\aswStm.sys
2014-07-26 23:15:11 224896 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2014-07-26 23:15:11 1041168 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2014-07-26 23:15:10 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2014-07-26 23:15:09 79184 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2014-07-26 23:15:09 29208 ----a-w- C:\windows\System32\drivers\aswHwid.sys
2014-07-26 23:15:08 93568 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2014-07-26 23:15:05 43152 ----a-w- C:\windows\avastSS.scr
2014-07-26 23:13:31 -------- d-----w- C:\Program Files\AVAST Software
2014-07-26 23:01:45 -------- d-----w- C:\Users\jol\AppData\Local\CrashDumps
2014-07-26 02:26:27 -------- d-----w- C:\Users\jol\AppData\Local\Diagnostics
2014-07-25 09:10:55 -------- d-----w- C:\Users\jol\AppData\Local\Rockstar Games
2014-07-24 22:23:49 -------- d-----w- C:\ProgramData\Package Cache
2014-07-24 22:23:32 -------- d-----w- C:\Program Files (x86)\Seagate
2014-07-24 19:38:24 -------- d-----w- C:\Users\jol\AppData\Roaming\SUPERAntiSpyware.com
2014-07-24 17:58:35 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-23 21:07:04 -------- d-----w- C:\ProgramData\GlarySoft
2014-07-23 21:03:05 28960 ----a-w- C:\windows\System32\RegBootDefrag.exe
2014-07-23 20:59:21 -------- d-----w- C:\Users\jol\AppData\Roaming\DiskDefrag
2014-07-23 20:59:20 -------- d-----w- C:\Users\jol\AppData\Roaming\GlarySoft
2014-07-23 20:48:55 -------- d-----w- C:\windows\System32\catroot2
2014-07-23 17:12:15 -------- d-----w- C:\Users\jol\AppData\Roaming\Comodo
2014-07-23 17:05:33 34080 ----a-w- C:\windows\System32\SmartDefragBootTime.exe
2014-07-23 17:05:24 128288 ----a-w- C:\windows\System32\IObitSmartDefragExtension.dll
2014-07-23 17:05:10 -------- d-----w- C:\Program Files (x86)\IObit
2014-07-23 17:04:57 -------- d-----w- C:\Users\jol\AppData\Roaming\IObit
2014-07-23 16:59:23 -------- d-----w- C:\Users\jol\AppData\Local\VirtualStore
2014-07-23 10:34:50 -------- d-----w- C:\windows\ERUNT
2014-07-22 22:35:36 -------- d-----w- C:\Users\jol\AppData\Local\Little_Apps
2014-07-22 19:20:25 129872 ----a-w- C:\windows\SysWow64\MSSTDFMT.DLL
2014-07-22 19:20:25 1070352 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
2014-07-22 15:09:24 -------- d-----w- C:\Users\jol\AppData\Local\Skype
2014-07-22 12:14:08 -------- d-----w- C:\Users\jol\AppData\Local\Programs
2014-07-20 15:25:51 -------- d-----w- C:\Users\jol\AppData\Roaming\TeamViewer
2014-07-20 10:39:36 -------- d-sh--w- C:\Users\jol\AppData\Local\EmieUserList
2014-07-20 10:39:36 -------- d-sh--w- C:\Users\jol\AppData\Local\EmieSiteList
2014-07-19 18:31:54 -------- d-----w- C:\Program Files (x86)\TeamViewer
.
==================== Find3M  ====================
.
2014-08-15 21:47:12 36456 ----a-w- C:\windows\System32\drivers\TrueSight.sys
2014-08-15 12:55:55 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-15 12:55:55 699568 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-08-11 20:31:46 31520 ----a-w- C:\windows\System32\nvhdap64.dll
2014-08-11 20:31:46 197408 ----a-w- C:\windows\System32\drivers\nvhda64v.sys
2014-08-11 20:31:46 1515296 ----a-w- C:\windows\System32\nvhdagenco6420103.dll
2014-08-07 02:06:41 529920 ----a-w- C:\windows\System32\aepdu.dll
2014-08-07 02:01:34 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-07-25 14:02:12 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\windows\SysWow64\wininet.dll
2014-07-16 03:25:04 404480 ----a-w- C:\windows\System32\gdi32.dll
2014-07-16 03:23:41 2048 ----a-w- C:\windows\System32\tzres.dll
2014-07-16 02:46:24 311808 ----a-w- C:\windows\SysWow64\gdi32.dll
2014-07-16 02:46:02 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-07-16 02:12:11 3163648 ----a-w- C:\windows\System32\win32k.sys
2014-07-14 02:02:45 1216000 ----a-w- C:\windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2014-07-11 08:43:48 16896 ----a-w- C:\windows\AsTaskSched.dll
2014-07-11 08:29:39 985536 ----a-w- C:\windows\PE_Rom.dll
2014-07-11 08:29:26 1051072 ----a-w- C:\windows\PE_File.dll
2014-07-09 02:03:23 7168 ----a-w- C:\windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\windows\System32\KBDBASH.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\windows\SysWow64\KBDBASH.DLL
2014-06-22 09:01:53 16152 ----a-w- C:\windows\System32\drivers\SWDUMon.sys
2014-06-22 08:08:41 178800 ----a-w- C:\windows\SysWow64\CmdLineExt_x64.dll
2014-06-21 13:38:38 9728 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-06-21 12:42:08 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2014-06-21 12:42:08 1700352 ----a-w- C:\windows\SysWow64\gdiplus.dll
2014-06-21 12:42:08 1060864 ----a-w- C:\windows\SysWow64\mfc71.dll
2014-06-18 02:18:30 692736 ----a-w- C:\windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\windows\SysWow64\osk.exe
2014-06-16 02:10:19 985536 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2014-06-06 10:10:34 624128 ----a-w- C:\windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-06-03 10:02:37 112064 ----a-w- C:\windows\System32\consent.exe
2014-06-03 10:02:21 504320 ----a-w- C:\windows\System32\msihnd.dll
2014-06-03 10:02:21 3241984 ----a-w- C:\windows\System32\msi.dll
2014-06-03 10:02:12 1941504 ----a-w- C:\windows\System32\authui.dll
2014-06-03 09:29:50 337408 ----a-w- C:\windows\SysWow64\msihnd.dll
2014-06-03 09:29:50 2363392 ----a-w- C:\windows\SysWow64\msi.dll
2014-06-03 09:29:40 1805824 ----a-w- C:\windows\SysWow64\authui.dll
2014-05-30 08:08:52 210944 ----a-w- C:\windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\windows\System32\drivers\afd.sys
.
============= FINISH: 11:32:35,72 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:53 AM

Posted 16 August 2014 - 11:09 AM

Please run the following:

Please download the appropriate version of Farbar Recovery Scan Tool (FRST.exe) from here:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ (for 32bit systems)
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ (for 64bit systems)
save it to your desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
NEXT
  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
    • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
    • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 mullaonswag

mullaonswag
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 17 August 2014 - 05:12 AM

logs

Attached Files



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:53 AM

Posted 17 August 2014 - 10:28 AM

there aren't any obvious signs of malware in the log, are you on any site in particular when you are redirected or not?

Please run the following:

Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • If items are found, please select the Clean button
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:53 AM

Posted 24 August 2014 - 10:25 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users