Jump to content

Frozyn

Members
 View Profile  See their activity

  • Posts

    12

  • Joined

  • Last visited

 Content Type 

Everything posted by Frozyn

  1. Frozyn
    I am still here. So far, I haven't been redirected at all, so I'm just gonna go ahead and assume I'm clean. Big thank-yous to the person who helped me rid this.
  2. Frozyn
    Alright, reinstalled it. The problem is, it doesn't redirect every time i click a link on google, only sometimes. Usually, if I keep the search open and then click a link it'll redirect. Even after waiting, it hasn't happened so far with the reinstalled chrome, although it could just not be active right now. How do I know at all if its actually gone?
  3. Frozyn
    Google Chrome.
  4. Frozyn
    It didn't detect anything, thus I can't save it to my desktop. However, I still happen to have redirects every now and then, so I know something is still definitely. What do we do from here, Maniac?
  5. Frozyn
    How long could the Kaspersky scan take? The eset one took about an hour, and its predicting 10 hours..I hope it god it doesn't take that long, lol. That'd just about do me in.
  6. Frozyn
    I have an sd card that i store things on, should i scan that too?
  7. Frozyn
    this was all that was in the log :-/ ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK
  8. Frozyn
    uTorrent was uninstalled, it was just the program that installs it. i figured it would have been deleted, but I went ahead and deleted it anyway. Anyroad, here is the log it produced: ComboFix 12-07-02.01 - Frozyn 07/02/2012 12:04:46.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5611.3806 [GMT -7:00] Running from: c:\users\Frozyn\Desktop\ComboFix.exe Command switches used :: c:\users\Frozyn\Desktop\CFScript.txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Ask . . ((((((((((((((((((((((((( Files Created from 2012-06-02 to 2012-07-02 ))))))))))))))))))))))))))))))) . . 2012-07-02 19:22 . 2012-07-02 19:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-01 05:25 . 2012-07-02 01:56 -------- d-----w- c:\users\Frozyn\AppData\Roaming\.techniclauncher 2012-06-30 00:16 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42C2CA89-C530-458D-9F33-5E57E253DD19}\mpengine.dll 2012-06-29 05:42 . 2012-06-29 05:42 -------- d-----w- c:\users\Frozyn\AppData\Roaming\Modiac 2012-06-29 05:42 . 2012-06-29 05:42 -------- d-----w- c:\users\Frozyn\AppData\Local\Modiac 2012-06-29 05:41 . 2012-06-29 05:41 -------- d-----w- c:\program files (x86)\Modiac 2012-06-22 04:23 . 2012-06-22 04:23 -------- d-----w- c:\program files (x86)\Delta 2012-06-21 01:41 . 2012-07-02 00:50 -------- d-----r- c:\users\Frozyn\Dropbox 2012-06-21 01:11 . 2012-07-02 06:50 -------- d-----w- c:\users\Frozyn\AppData\Roaming\Dropbox 2012-06-20 00:52 . 2012-06-29 05:22 -------- d-----w- c:\programdata\NCH Software 2012-06-20 00:51 . 2012-06-29 05:22 -------- d-----w- c:\program files (x86)\NCH Software 2012-06-20 00:51 . 2012-06-29 05:22 -------- d-----w- c:\users\Frozyn\AppData\Roaming\NCH Software 2012-06-17 20:11 . 2012-06-17 20:11 -------- d-----w- c:\users\Frozyn\AppData\Local\DDMSettings 2012-06-17 20:09 . 2012-06-17 20:09 -------- d-----w- c:\program files\DivX 2012-06-17 20:09 . 2012-06-17 20:09 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared 2012-06-17 20:09 . 2012-06-17 20:09 -------- d-----w- c:\program files (x86)\DivX 2012-06-17 20:08 . 2012-06-17 20:10 -------- d-----w- c:\programdata\DivX 2012-06-16 07:50 . 2012-06-16 07:50 -------- d-----w- c:\program files\Oracle 2012-06-16 07:49 . 2012-05-05 01:33 955800 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-06-16 07:22 . 2012-06-16 07:35 -------- d-----w- c:\users\Frozyn\.android 2012-06-16 07:22 . 2012-06-16 07:22 -------- d-----w- c:\program files (x86)\Android 2012-06-16 02:55 . 2012-06-16 02:55 -------- d-----w- c:\program files (x86)\GameMaker-Studio 1.0 2012-06-16 02:52 . 2012-06-16 07:50 -------- d-----w- c:\users\Frozyn\AppData\Local\GameMaker-Studio 2012-06-14 22:33 . 2012-07-02 00:50 -------- d-----w- c:\users\Frozyn\AppData\Local\LogMeIn Hamachi 2012-06-14 22:31 . 2012-06-14 22:31 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2012-06-14 06:42 . 2012-06-14 06:42 -------- d-----w- c:\program files (x86)\Lightworks 2012-06-14 06:35 . 2012-06-14 06:35 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e5991e951cd49f702\MeshBetaRemover.exe 2012-06-14 06:35 . 2012-06-14 06:35 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e55118081cd49f701\DSETUP.dll 2012-06-14 06:35 . 2012-06-14 06:35 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e55118081cd49f701\DXSETUP.exe 2012-06-14 06:35 . 2012-06-14 06:35 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e55118081cd49f701\dsetup32.dll 2012-06-14 06:27 . 2012-06-14 06:36 -------- d-----w- c:\users\Frozyn\AppData\Local\Windows Live 2012-06-14 05:58 . 2012-06-14 05:58 -------- d-----w- c:\program files (x86)\OpenLibraries 2012-06-14 05:57 . 2012-06-14 05:58 -------- d-----w- c:\program files (x86)\jahPlayer 2012-06-14 01:19 . 2012-06-14 01:19 -------- d-----w- c:\users\Frozyn\AppData\Local\ManyCam 2012-06-14 01:19 . 2012-06-14 01:19 -------- d-----w- c:\programdata\ManyCam 2012-06-14 01:19 . 2012-06-14 01:19 -------- d-----w- c:\users\Frozyn\AppData\Roaming\ManyCam 2012-06-14 01:18 . 2012-06-14 01:18 -------- d-----w- c:\users\Frozyn\AppData\Local\APN 2012-06-14 01:18 . 2012-06-14 01:19 -------- d-----w- c:\program files (x86)\ManyCam 2012-06-13 04:22 . 2012-06-13 04:22 40960 ----a-r- c:\users\Frozyn\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe 2012-06-13 04:22 . 2012-06-13 04:22 40960 ----a-r- c:\users\Frozyn\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe 2012-06-13 04:22 . 2012-06-13 04:28 -------- d-----w- c:\program files (x86)\Project64 1.6 2012-06-09 20:28 . 2012-07-02 19:03 -------- d-----w- c:\users\Frozyn\AppData\Roaming\vlc 2012-06-09 20:26 . 2012-06-09 20:26 -------- d-----w- c:\program files (x86)\VideoLAN 2012-06-06 05:50 . 2012-06-06 05:50 -------- d-----w- c:\program files (x86)\Common Files\Desura 2012-06-06 05:49 . 2012-06-06 05:49 -------- d-----w- c:\programdata\Desura 2012-06-06 05:49 . 2012-06-10 22:00 -------- d-----w- c:\program files (x86)\Desura . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-05 01:32 . 2011-04-29 00:39 839056 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-26 18:31 . 2010-06-24 18:33 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-04-04 22:56 . 2012-05-08 05:32 24904 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-07-02_00.29.50 ))))))))))))))))))))))))))))))))))))))))) . + 2010-11-21 03:09 . 2012-07-02 00:51 31560 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-07-02 00:51 38286 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2012-05-04 21:18 . 2012-07-02 19:23 6062 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2012-05-04 21:18 . 2012-07-02 00:27 6062 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2012-05-08 15:22 . 2012-07-02 00:51 5750 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1726088829-604326569-3227708254-1001_UserData.bin - 2012-07-02 00:28 . 2012-07-02 00:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-02 19:24 . 2012-07-02 19:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-07-02 00:28 . 2012-07-02 00:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-07-02 19:24 . 2012-07-02 19:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-05-08 00:54 . 2012-07-02 18:57 287750 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2011-08-09 15:11 . 2012-07-02 00:27 921616 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-08-09 15:11 . 2012-07-02 19:23 921616 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2009-07-14 05:01 . 2012-07-02 19:23 229568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-07-02 00:27 229568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2012-06-16 05:37 . 2012-07-02 00:27 5594076 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1726088829-604326569-3227708254-1001-8192.dat + 2012-06-16 05:37 . 2012-07-02 19:23 5594076 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1726088829-604326569-3227708254-1001-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Frozyn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Frozyn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Frozyn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SymphonyPreLoad"="c:\program files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.standard.launcher.win32.x86_3.0.1.20120110-2000\IBM Lotus Symphony -nogui -nosplash" [X] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-05-17 1242448] "googletalk"="c:\users\Frozyn\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-02 336384] "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264] "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336] "BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-01-25 75048] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-29 1987976] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] . c:\users\Frozyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Frozyn\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-13 27595032] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/08/09 08:01;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-01-25 241648] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856] R3 ALSysIO;ALSysIO;c:\users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [x] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560] R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-06-06 131912] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160] R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-09-29 695400] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-26 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2011-03-04 78976] S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2011-03-04 38528] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-16 204288] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-02 365568] S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x] S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-18 265544] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-29 2343816] S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-28 92216] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-14 30520] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168] S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys [2011-03-18 87168] S3 amdiox64;AMD IO Driver;c:\windows\system32\drivers\amdiox64.sys [2010-02-18 46136] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-16 10206208] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-16 317952] S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys [2011-03-18 188544] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088] S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304] S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-03-07 1353280] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-03-25 337512] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232] . . --- Other Services/Drivers In Memory --- . *Deregistered* - CLKMDRV10_38F51D56 . Contents of the 'Scheduled Tasks' folder . 2012-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1726088829-604326569-3227708254-1001Core.job - c:\users\Frozyn\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-08 01:07] . 2012-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1726088829-604326569-3227708254-1001UA.job - c:\users\Frozyn\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-08 01:07] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Frozyn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Frozyn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Frozyn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Frozyn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = local . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-uTorrent - c:\users\Frozyn\Downloads\uTorrent.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\SysWOW64\ezSharedSvcHost.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe . ************************************************************************** . Completion time: 2012-07-02 12:43:24 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-02 19:43 ComboFix2.txt 2012-07-02 00:47 . Pre-Run: 311,671,873,536 bytes free Post-Run: 311,483,150,336 bytes free . - - End Of File - - 1D70FA0F0E7641579D1CBB8741881396
  9. Frozyn
    Oops, looks like i forgot to delete the utorrent installer I hope that doesn't force the thread to be locked or anything
  10. Frozyn
    So I went ahead and just used the add/remove programs. Ran combofix with no problems, heres combofix.txt ComboFix 12-07-01.03 - Frozyn 07/01/2012 17:11:18.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5611.3693 [GMT -7:00] Running from: c:\users\Frozyn\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\DYA_MQEBDOEUVCJQVQIGS c:\programdata\DYA_MQEBDOEUVCJQVQIGS\1.0.0\Data\app.dat c:\programdata\DYA_MQEBDOEUVCJQVQIGS\1.0.0\Data\updates.dat c:\users\Frozyn\AppData\Local\AuthenTec\ATI\dsulp.dll c:\users\Frozyn\AppData\Roaming\DYA_MQEBDOEUVCJQVQIGS c:\users\Frozyn\AppData\Roaming\DYA_MQEBDOEUVCJQVQIGS\1.0.0\Data\dya.dat c:\users\Frozyn\AppData\Roaming\Love c:\users\Frozyn\AppData\Roaming\Love\mari0\options.txt . . ((((((((((((((((((((((((( Files Created from 2012-06-02 to 2012-07-02 ))))))))))))))))))))))))))))))) . . 2012-07-02 00:25 . 2012-07-02 00:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-01 05:25 . 2012-07-01 19:04 -------- d-----w- c:\users\Frozyn\AppData\Roaming\.techniclauncher 2012-06-30 00:16 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42C2CA89-C530-458D-9F33-5E57E253DD19}\mpengine.dll 2012-06-29 05:42 . 2012-06-29 05:42 -------- d-----w- c:\users\Frozyn\AppData\Roaming\Modiac 2012-06-29 05:42 . 2012-06-29 05:42 -------- d-----w- c:\users\Frozyn\AppData\Local\Modiac 2012-06-29 05:41 . 2012-06-29 05:41 -------- d-----w- c:\program files (x86)\Modiac 2012-06-22 04:23 . 2012-06-22 04:23 -------- d-----w- c:\program files (x86)\Delta 2012-06-21 01:41 . 2012-07-01 07:35 -------- d-----r- c:\users\Frozyn\Dropbox 2012-06-21 01:11 . 2012-07-01 19:45 -------- d-----w- c:\users\Frozyn\AppData\Roaming\Dropbox 2012-06-20 00:52 . 2012-06-29 05:22 -------- d-----w- c:\programdata\NCH Software 2012-06-20 00:51 . 2012-06-29 05:22 -------- d-----w- c:\program files (x86)\NCH Software 2012-06-20 00:51 . 2012-06-29 05:22 -------- d-----w- c:\users\Frozyn\AppData\Roaming\NCH Software 2012-06-17 20:11 . 2012-06-17 20:11 -------- d-----w- c:\users\Frozyn\AppData\Local\DDMSettings 2012-06-17 20:09 . 2012-06-17 20:09 -------- d-----w- c:\program files\DivX 2012-06-17 20:09 . 2012-06-17 20:09 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared 2012-06-17 20:09 . 2012-06-17 20:09 -------- d-----w- c:\program files (x86)\DivX 2012-06-17 20:08 . 2012-06-17 20:10 -------- d-----w- c:\programdata\DivX 2012-06-16 07:50 . 2012-06-16 07:50 -------- d-----w- c:\program files\Oracle 2012-06-16 07:49 . 2012-05-05 01:33 955800 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-06-16 07:22 . 2012-06-16 07:35 -------- d-----w- c:\users\Frozyn\.android 2012-06-16 07:22 . 2012-06-16 07:22 -------- d-----w- c:\program files (x86)\Android 2012-06-16 02:55 . 2012-06-16 02:55 -------- d-----w- c:\program files (x86)\GameMaker-Studio 1.0 2012-06-16 02:52 . 2012-06-16 07:50 -------- d-----w- c:\users\Frozyn\AppData\Local\GameMaker-Studio 2012-06-14 22:33 . 2012-07-01 07:26 -------- d-----w- c:\users\Frozyn\AppData\Local\LogMeIn Hamachi 2012-06-14 22:31 . 2012-06-14 22:31 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2012-06-14 06:42 . 2012-06-14 06:42 -------- d-----w- c:\program files (x86)\Lightworks 2012-06-14 06:35 . 2012-06-14 06:35 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e5991e951cd49f702\MeshBetaRemover.exe 2012-06-14 06:35 . 2012-06-14 06:35 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e55118081cd49f701\DSETUP.dll 2012-06-14 06:35 . 2012-06-14 06:35 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e55118081cd49f701\DXSETUP.exe 2012-06-14 06:35 . 2012-06-14 06:35 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e55118081cd49f701\dsetup32.dll 2012-06-14 06:27 . 2012-06-14 06:36 -------- d-----w- c:\users\Frozyn\AppData\Local\Windows Live 2012-06-14 05:58 . 2012-06-14 05:58 -------- d-----w- c:\program files (x86)\OpenLibraries 2012-06-14 05:57 . 2012-06-14 05:58 -------- d-----w- c:\program files (x86)\jahPlayer 2012-06-14 01:19 . 2012-06-14 01:19 -------- d-----w- c:\users\Frozyn\AppData\Local\ManyCam 2012-06-14 01:19 . 2012-06-14 01:19 -------- d-----w- c:\programdata\ManyCam 2012-06-14 01:19 . 2012-06-14 01:19 -------- d-----w- c:\users\Frozyn\AppData\Roaming\ManyCam 2012-06-14 01:18 . 2012-06-14 01:18 -------- d-----w- c:\users\Frozyn\AppData\Local\APN 2012-06-14 01:18 . 2012-06-14 01:19 -------- d-----w- c:\program files (x86)\ManyCam 2012-06-14 01:18 . 2012-06-14 01:18 -------- d-----w- c:\programdata\Ask 2012-06-13 04:22 . 2012-06-13 04:22 40960 ----a-r- c:\users\Frozyn\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe 2012-06-13 04:22 . 2012-06-13 04:22 40960 ----a-r- c:\users\Frozyn\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe 2012-06-13 04:22 . 2012-06-13 04:28 -------- d-----w- c:\program files (x86)\Project64 1.6 2012-06-09 20:28 . 2012-07-01 23:15 -------- d-----w- c:\users\Frozyn\AppData\Roaming\vlc 2012-06-09 20:26 . 2012-06-09 20:26 -------- d-----w- c:\program files (x86)\VideoLAN 2012-06-06 05:50 . 2012-06-06 05:50 -------- d-----w- c:\program files (x86)\Common Files\Desura 2012-06-06 05:49 . 2012-06-06 05:49 -------- d-----w- c:\programdata\Desura 2012-06-06 05:49 . 2012-06-10 22:00 -------- d-----w- c:\program files (x86)\Desura . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-05 01:32 . 2011-04-29 00:39 839056 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-26 18:31 . 2010-06-24 18:33 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-04-04 22:56 . 2012-05-08 05:32 24904 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Frozyn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Frozyn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Frozyn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SymphonyPreLoad"="c:\program files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.standard.launcher.win32.x86_3.0.1.20120110-2000\IBM Lotus Symphony -nogui -nosplash" [X] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912] "uTorrent"="c:\users\Frozyn\Downloads\uTorrent.exe" [2012-05-08 879984] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-05-17 1242448] "googletalk"="c:\users\Frozyn\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-02 336384] "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264] "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336] "BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-01-25 75048] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-29 1987976] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] . c:\users\Frozyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Frozyn\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-13 27595032] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/08/09 08:01;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-01-25 241648] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856] R3 ALSysIO;ALSysIO;c:\users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [x] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560] R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-06-06 131912] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160] R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-09-29 695400] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-26 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2011-03-04 78976] S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2011-03-04 38528] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-16 204288] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-02 365568] S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x] S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-18 265544] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-29 2343816] S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-28 92216] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-14 30520] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168] S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys [2011-03-18 87168] S3 amdiox64;AMD IO Driver;c:\windows\system32\drivers\amdiox64.sys [2010-02-18 46136] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-16 10206208] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-16 317952] S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys [2011-03-18 188544] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088] S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304] S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-03-07 1353280] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-03-25 337512] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL *Deregistered* - CLKMDRV10_38F51D56 . Contents of the 'Scheduled Tasks' folder . 2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1726088829-604326569-3227708254-1001Core.job - c:\users\Frozyn\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-08 01:07] . 2012-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1726088829-604326569-3227708254-1001UA.job - c:\users\Frozyn\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-08 01:07] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Frozyn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Frozyn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Frozyn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Frozyn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = local . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-ATI - c:\users\Frozyn\AppData\Local\AuthenTec\ATI\dsulp.dll HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\SysWOW64\ezSharedSvcHost.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe . ************************************************************************** . Completion time: 2012-07-01 17:46:55 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-02 00:46 . Pre-Run: 310,945,234,944 bytes free Post-Run: 311,888,474,112 bytes free . - - End Of File - - C321EDAFC72A7221BCBB8ED49CD1B73B
  11. Frozyn
    Should I manually uninstall them or just use add/remove programs?
  12. Frozyn
    Alright, firstly I want to thank anyone in advance for helping me. I'm not sure how, but I noticed that my google links were more often then not being redirected, so I scanned using malware bytes and it found exploit.drop.9, so I deleted it using malwarebytes, restarted my computer, ran a new scan to be safe, it detected nothing, I went on my merry way around the internet, and links were no longer redirecting. Links are redirecting again, approximately 24 hours after I removed it, and I ran another scan with malwarebytes and it found nothing, so I come here for help. I don't have the original logs for the infected exploit.drop.9, but here is my most recent Malwarebyes scan: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.01.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Frozyn :: MICRO-FROZYN [administrator] 7/1/2012 12:59:24 PM mbam-log-2012-07-01 (12-59-24).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 216722 Time elapsed: 1 minute(s), 45 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Here is the DDS.txt: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Frozyn at 12:49:17 on 2012-07-01 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5611.2729 [GMT -7:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k WbioSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Windows\SysWOW64\ezSharedSvcHost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Users\Frozyn\Downloads\uTorrent.exe C:\Program Files (x86)\Steam\Steam.exe C:\Users\Frozyn\AppData\Roaming\Google\Google Talk\googletalk.exe C:\Windows\System32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Users\Frozyn\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\CyberLink\Shared files\brs.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files (x86)\Ask.com\Updater\Updater.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files (x86)\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\symphony.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.1.20120110-2000\program\soffice.bin C:\Windows\system32\taskeng.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\system32\taskmgr.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\notepad.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Windows\notepad.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\WUDFHost.exe C:\Users\Frozyn\Documents\xmplay36\xmplay36\xmplay.exe C:\Windows\notepad.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe C:\Program Files (x86)\VideoLAN\VLC\vlc.exe C:\Windows\notepad.exe C:\Users\Frozyn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Frozyn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Frozyn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Frozyn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Frozyn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Frozyn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Frozyn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Users\Frozyn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Frozyn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Frozyn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Frozyn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Frozyn\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll uRun: [Google Update] "C:\Users\Frozyn\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [uTorrent] "C:\Users\Frozyn\Downloads\uTorrent.exe" /MINIMIZED uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [googletalk] C:\Users\Frozyn\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart uRun: [ATI] rundll32.exe "C:\Users\Frozyn\AppData\Local\AuthenTec\ATI\dsulp.dll",CreateInstance uRun: [SymphonyPreLoad] "C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.standard.launcher.win32.x86_3.0.1.20120110-2000\IBM Lotus Symphony" -nogui -nosplash mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [<NO NAME>] mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW StartupFolder: C:\Users\Frozyn\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Frozyn\AppData\Roaming\Dropbox\bin\Dropbox.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab TCP: Interfaces\{5B07C6EF-0F52-41A6-8BEA-D36680853EC5} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{5B07C6EF-0F52-41A6-8BEA-D36680853EC5}\27F626F64737D22757C656 : DhcpNameServer = 10.0.0.1 TCP: Interfaces\{5B07C6EF-0F52-41A6-8BEA-D36680853EC5}\34F4C4C414243505143454D27657563747 : DhcpNameServer = 192.168.1.254 192.168.33.1 TCP: Interfaces\{5B07C6EF-0F52-41A6-8BEA-D36680853EC5}\34F6D666F627470294E6E6022333 : DhcpNameServer = 66.213.224.2 64.65.128.6 TCP: Interfaces\{5B07C6EF-0F52-41A6-8BEA-D36680853EC5}\7427F66756F584967686 : DhcpNameServer = 10.104.58.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO-X64: Increase performance and video formats for your HTML5 <video> - No File BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll BHO-X64: TSBHO Class - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO-X64: Ask Toolbar BHO - No File BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll BHO-X64: Yontoo Layers - No File TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [(Default)] mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW IE-X64: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\system32\drivers\amd_sata.sys --> C:\Windows\system32\drivers\amd_sata.sys [?] R0 amd_xata;amd_xata;C:\Windows\system32\drivers\amd_xata.sys --> C:\Windows\system32\drivers\amd_xata.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-8-9 89600] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-4-1 365568] R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-4-28 514232] R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-17 265544] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816] R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-16 682040] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-2-28 92216] R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-8-9 2375168] R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\system32\drivers\amdhub30.sys --> C:\Windows\system32\drivers\amdhub30.sys [?] R3 amdiox64;AMD IO Driver;C:\Windows\system32\drivers\amdiox64.sys --> C:\Windows\system32\drivers\amdiox64.sys [?] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\system32\drivers\amdxhc.sys --> C:\Windows\system32\drivers\amdxhc.sys [?] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?] R3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160] R3 ManyCam;ManyCam Virtual Webcam;C:\Windows\system32\DRIVERS\mcvidrv_x64.sys --> C:\Windows\system32\DRIVERS\mcvidrv_x64.sys [?] R3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\system32\drivers\mcaudrv_x64.sys --> C:\Windows\system32\drivers\mcaudrv_x64.sys [?] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?] S2 CLKMSVC10_38F51D56;CyberLink Product - 2011/08/09 08:01:31;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-1-25 241648] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560] S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2012-6-5 131912] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-07-01 05:25:54 -------- d-----w- C:\Users\Frozyn\AppData\Roaming\.techniclauncher 2012-06-30 00:18:55 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{42C2CA89-C530-458D-9F33-5E57E253DD19}\offreg.dll 2012-06-30 00:16:49 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{42C2CA89-C530-458D-9F33-5E57E253DD19}\mpengine.dll 2012-06-29 05:42:00 -------- d-----w- C:\Users\Frozyn\AppData\Roaming\Modiac 2012-06-29 05:42:00 -------- d-----w- C:\Users\Frozyn\AppData\Local\Modiac 2012-06-29 05:41:50 -------- d-----w- C:\Program Files (x86)\Modiac 2012-06-22 04:23:57 -------- d-----w- C:\Program Files (x86)\Delta 2012-06-21 01:41:55 -------- d-----r- C:\Users\Frozyn\Dropbox 2012-06-21 01:11:36 -------- d-----w- C:\Users\Frozyn\AppData\Roaming\Dropbox 2012-06-20 00:51:58 -------- d-----w- C:\Program Files (x86)\NCH Software 2012-06-20 00:51:53 -------- d-----w- C:\Users\Frozyn\AppData\Roaming\NCH Software 2012-06-17 20:11:20 -------- d-----w- C:\Users\Frozyn\AppData\Local\DDMSettings 2012-06-17 20:09:45 -------- d-----w- C:\Program Files\DivX 2012-06-17 20:09:27 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared 2012-06-17 20:09:09 -------- d-----w- C:\Program Files (x86)\DivX 2012-06-17 20:08:27 -------- d-----w- C:\ProgramData\DivX 2012-06-16 07:50:24 -------- d-----w- C:\Program Files\Oracle 2012-06-16 07:49:19 955800 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-06-16 07:22:57 -------- d-----w- C:\Users\Frozyn\.android 2012-06-16 07:22:47 -------- d-----w- C:\Program Files (x86)\Android 2012-06-16 02:55:10 -------- d-----w- C:\Program Files (x86)\GameMaker-Studio 1.0 2012-06-16 02:52:26 -------- d-----w- C:\Users\Frozyn\AppData\Local\GameMaker-Studio 2012-06-16 02:50:35 -------- d-----w- C:\Users\Frozyn\AppData\Roaming\DYA_MQEBDOEUVCJQVQIGS 2012-06-16 02:50:35 -------- d-----w- C:\ProgramData\DYA_MQEBDOEUVCJQVQIGS 2012-06-14 22:33:05 -------- d-----w- C:\Users\Frozyn\AppData\Local\LogMeIn Hamachi 2012-06-14 22:31:13 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi 2012-06-14 06:42:01 -------- d-----w- C:\Program Files (x86)\Lightworks 2012-06-14 06:35:32 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e5991e951cd49f702\MeshBetaRemover.exe 2012-06-14 06:35:31 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e55118081cd49f701\DSETUP.dll 2012-06-14 06:35:31 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e55118081cd49f701\DXSETUP.exe 2012-06-14 06:35:31 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e55118081cd49f701\dsetup32.dll 2012-06-14 06:27:46 -------- d-----w- C:\Users\Frozyn\AppData\Local\Windows Live 2012-06-14 06:27:31 -------- d-----w- C:\Users\Frozyn\AppData\Local\{69A25EC4-BE03-42C5-8F5E-6C11520C44D9} 2012-06-14 05:58:04 -------- d-----w- C:\Program Files (x86)\OpenLibraries 2012-06-14 05:57:56 -------- d-----w- C:\Program Files (x86)\jahPlayer 2012-06-14 01:19:07 -------- d-----w- C:\Users\Frozyn\AppData\Local\ManyCam 2012-06-14 01:19:07 -------- d-----w- C:\ProgramData\ManyCam 2012-06-14 01:19:06 -------- d-----w- C:\Users\Frozyn\AppData\Roaming\ManyCam 2012-06-14 01:18:58 -------- d-----w- C:\Program Files (x86)\Ask.com 2012-06-14 01:18:52 -------- d-----w- C:\Users\Frozyn\AppData\Local\APN 2012-06-14 01:18:46 -------- d-----w- C:\Program Files (x86)\ManyCam 2012-06-14 01:18:22 -------- d-----w- C:\ProgramData\Ask 2012-06-13 04:22:17 40960 ----a-r- C:\Users\Frozyn\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe 2012-06-13 04:22:17 40960 ----a-r- C:\Users\Frozyn\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe 2012-06-13 04:22:16 -------- d-----w- C:\Program Files (x86)\Project64 1.6 2012-06-09 20:26:51 -------- d-----w- C:\Program Files (x86)\VideoLAN 2012-06-06 05:50:11 -------- d-----w- C:\Program Files (x86)\Common Files\Desura 2012-06-06 05:49:25 -------- d-----w- C:\ProgramData\Desura 2012-06-06 05:49:23 -------- d-----w- C:\Program Files (x86)\Desura . ==================== Find3M ==================== . 2012-05-05 01:32:56 839056 ----a-w- C:\Windows\System32\deployJava1.dll 2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2010-11-21 03:24:03 1169224 --sh--w- C:\Windows\Temp\OpenGL.exe . ============= FINISH: 12:49:52.83 =============== and here is the attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 5/7/2012 4:01:19 PM System Uptime: 7/1/2012 8:51:01 AM (4 hours ago) . Motherboard: Hewlett-Packard | | 3591 Processor: AMD A6-3400M APU with Radeon(tm) HD Graphics | Socket FS1 | 1400/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 451 GiB total, 287.98 GiB free. D: is FIXED (NTFS) - 15 GiB total, 1.615 GiB free. E: is FIXED (FAT) - 0 GiB total, 0.079 GiB free. F: is CDROM () G: is CDROM (CDFS) H: is Removable K: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP21: 6/26/2012 2:57:36 PM - Windows Update RP22: 6/29/2012 5:16:17 PM - Windows Update . ==== Installed Programs ====================== . µTorrent ActiveCheck component for HP Active Support Library Adobe Flash Player 10 ActiveX Adobe Reader X MUI Adobe Shockwave Player 11.5 Agatha Christie - Peril at End House AMD System Monitor AMD VISION Engine Control Center Android SDK Tools Ask Toolbar Ask Toolbar Updater Audacity 2.0 Bejeweled 2 Deluxe Bejeweled 3 Bing Bar Blackhawk Striker 2 Blasterball 3 Blio Bounce Symphony Build-a-lot 2 Cake Mania Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Chuzzle Deluxe CyberLink PowerDVD 10 CyberLink YouCam D3DX10 Desura Desura: The Stanley Parable Diner Dash 2 Restaurant Rescue DivX Setup Dora's World Adventure Dropbox Energy Star Digital Logo ESU for Microsoft Windows 7 Evernote v. 4.2.2 Farm Frenzy FATE - The Traitor Soul GameMaker 8.1 Google Chrome Google Talk (remove only) Half-Life 2 Half-Life 2: Episode One Half-Life 2: Episode Two HP Connection Manager HP Customer Experience Enhancements HP Documentation HP DVB-T TV Tuner 8.0.64.43 HP Games HP MovieStore HP On Screen Display HP Power Manager HP Quick Launch HP Setup HP Setup Manager HP SimplePass 2011 HP Software Framework HP Support Assistant HPAsset component for HP Active Support Library IBM Lotus Symphony IDT Audio jahPlayer Java Auto Updater Java(TM) 6 Update 24 Junk Mail filter update Left 4 Dead 2 LogMeIn Hamachi Magic Desktop Magical Jelly Bean KeyFinder Mah Jong Medley Malwarebytes Anti-Malware version 1.61.0.1400 ManyCam 3.0.79 (remove only) Mesh Runtime Microsoft Office 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime Microsoft XNA Framework Redistributable 4.0 Modiac MP3 to AVI Audio Converter MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) msxml4 Mystery P.I. - Stolen in San Francisco Namco All-Stars PAC-MAN OpenLibraries Paltalk Messenger Penguins! Plants vs. Zombies - Game of the Year PlayReady PC Runtime x86 Poker Superstars III Polar Bowler Polar Golfer Portal 2 Prism Video File Converter Project64 1.6 Ralink RT5390 802.11b/g/n WiFi Adapter Rayman Origins Realtek Ethernet Controller Driver Realtek PCIE Card Reader Recovery Manager RoxioNow Player Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Skype™ 5.9 Slingo Supreme Source SDK Base 2007 Steam SWFRIP 0.4 Switch Sound File Converter Team Fortress 2 Terraria Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update Installer for WildTangent Games App VC80CRTRedist - 8.0.50727.6195 VideoPad Video Editor Virtual Villagers 4 - The Tree of Life VLC media player 2.0.1 Wheel of Fortune 2 WildTangent Games App (HP Games) Winamp Winamp Detector Plug-in Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 4.11 (32-bit) Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 6/29/2012 10:09:57 PM, Error: Service Control Manager [7034] - The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly. It has done this 1 time(s). 6/29/2012 1:24:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpqwmiex service. 6/27/2012 3:01:07 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 6/27/2012 12:11:40 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR33. 6/27/2012 12:05:29 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service. . ==== End Of File =========================== As mentioned earlier, thanks in advance for any help. I just recently got my laptop back from HP repair after a nasty run in with a version of Zero Access that made my laptop kick the bucket.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.