fleury

Honorary Members

View Profile See their activity

Posts
32
Joined
June 3, 2012
Last visited
July 16, 2012

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by fleury

Chrome infected? Help =(

fleury replied to fleury's topic in Resolved Malware Removal Logs

Wow. That appears to have fixed it. It had the side effect of deleting my other Chrome profiles for some reason, but they were pretty easy to set up again. And when I did so, the uTorrent thing was not coming up like before! Thanks!' -- Marc.
- July 16, 2012
- 60 replies
Chrome infected? Help =(

fleury replied to fleury's topic in Resolved Malware Removal Logs

SystemLook 30.07.11 by jpshortstuff Log created at 15:50 on 15/07/2012 by Marc Administrator - Elevation successful ========== folderfind ========== Searching for "*CRE*" C:\Program Files\Common Files\microsoft shared\THEMES12\CONCRETE d------ [18:55 30/07/2008] C:\Program Files\Hewlett-Packard\HP Software UI\PC Registration d------ [11:21 21/12/2006] C:\Program Files\LEGO Company\LEGO Digital Designer\HTML\StarterModels\Creator d------ [04:09 24/01/2012] C:\Program Files\Microsoft SDKs\Windows\v7.0A\Bootstrapper\Packages\vcredist_x64 d------ [02:29 01/09/2010] C:\Program Files\Microsoft SDKs\Windows\v7.0A\Bootstrapper\Packages\vcredist_x86 d------ [02:30 01/09/2010] C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\ItemTemplatesCache\CSharp\WPF\1033\WPFSplashScreen.zip d------ [08:25 14/03/2012] C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\ItemTemplatesCache\VisualBasic\Windows Forms\1033\SplashScreen.zip d------ [08:26 14/03/2012] C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\ItemTemplatesCache\VisualBasic\WPF\1033\WPFSplashScreen.zip d------ [08:26 14/03/2012] C:\Program Files\Microsoft Visual Studio 10.0\VB\Snippets\1033\data\xml\XML - Create d------ [02:27 01/09/2010] C:\Program Files\Microsoft Visual Studio 10.0\VC\VCResourceTemplates d------ [02:27 01/09/2010] C:\Program Files\Notepad++\user.manual\Images\Screenshots d------ [00:54 13/03/2011] C:\System.sav\TSCREEN d------ [20:21 27/11/2006] C:\Users\Marc\AppData\Local\Bizarre Creations d------ [19:02 14/01/2010] C:\Users\Marc\AppData\Local\CRE d------ [02:42 28/05/2012] C:\Users\Marc\AppData\Local\Google\GBScreensaver d------ [23:16 19/09/2009] C:\Users\Marc\AppData\Local\Microsoft\Credentials d---s-- [10:12 03/01/2008] C:\Users\Marc\AppData\Roaming\Ipswitch\WS_FTP\HTML\Res_409_12.0.1\SSHCLIENTKEYCREATE d------ [23:22 10/08/2009] C:\Users\Marc\AppData\Roaming\Ipswitch\WS_FTP\HTML\Res_409_12.0.1\SSLCREATECERTWIZ d------ [23:22 10/08/2009] C:\Users\Marc\AppData\Roaming\Microsoft\Credentials d---s-- [10:12 03/01/2008] C:\Users\Marc\brickstore-cache\M\cre001 d------ [07:02 08/03/2012] C:\Users\Marc\brickstore-cache\M\cre002 d------ [20:56 29/05/2011] C:\Users\Marc\brickstore-cache\M\cre003 d------ [20:56 29/05/2011] C:\Users\Marc\brickstore-cache\M\cre004 d------ [20:56 29/05/2011] C:\Users\Marc\brickstore-cache\M\cre005 d------ [07:02 08/03/2012] C:\Users\Marc\brickstore-cache\M\cre006 d------ [07:02 08/03/2012] C:\Users\Marc\brickstore-cache\M\cre010 d------ [07:02 08/03/2012] C:\Users\Marc\brickstore-cache\M\cre011 d------ [07:02 08/03/2012] C:\Users\Marc\brickstore-cache\P\crssprt02pb72 d------ [04:40 27/12/2011] C:\Users\Marc\brickstore-cache\P\crssprt02pb77 d------ [04:40 27/12/2011] C:\Users\Marc\brickstore-cache\P\crssprt02pb38b d------ [04:40 27/12/2011] C:\Users\Marc\brickstore-cache\P\crssprt02pb64a d------ [04:40 27/12/2011] C:\Users\Marc\Calibre Library\J. K. Rowling\Harry Potter and the Chamber of Secrets (462) d------ [02:20 30/12/2010] C:\Users\Marc\Documents\LEGO Creations d------ [20:22 27/07/2009] C:\Users\Mcx1\AppData\Local\Microsoft\Credentials d---s-- [03:39 23/11/2011] C:\Users\Mcx1\AppData\Roaming\Microsoft\Credentials d---s-- [03:39 23/11/2011] C:\Windows\assembly\GAC_MSIL\IEExecRemote dr----- [11:18 02/11/2006] C:\Windows\ehome\CreateDisc d------ [12:37 02/11/2006] C:\Windows\ehome\CreateDisc\SonicResources d------ [12:37 02/11/2006] C:\Windows\System32\config\systemprofile\AppData\Local\Google\GBScreensaver d------ [20:54 24/01/2010] C:\Windows\winsxs\msil_ieexecremote_b03f5f7f11d50a3a_6.0.6000.16386_none_ef9a51cfc4df6184 d------ [11:18 02/11/2006] C:\Windows\winsxs\msil_ieexecremote_b03f5f7f11d50a3a_6.0.6000.16720_none_ef94d833c4e430f8 d------ [14:37 15/02/2009] C:\Windows\winsxs\msil_ieexecremote_b03f5f7f11d50a3a_6.0.6000.20883_none_d8cceed7de8675eb d------ [14:37 15/02/2009] C:\Windows\winsxs\msil_ieexecremote_b03f5f7f11d50a3a_6.0.6001.18000_none_ef6ed38bc5370a50 d------ [11:21 24/09/2008] C:\Windows\winsxs\msil_ieexecremote_b03f5f7f11d50a3a_6.0.6001.18111_none_ef6fbce9c5363d99 d------ [14:37 15/02/2009] C:\Windows\winsxs\msil_ieexecremote_b03f5f7f11d50a3a_6.0.6001.22230_none_d8a42d85dedbb6ac d------ [14:37 15/02/2009] C:\Windows\winsxs\msil_ieexecremote_b03f5f7f11d50a3a_6.0.6002.18005_none_ef4a58c7c5889e64 d------ [11:46 18/09/2009] C:\Windows\winsxs\x86_microsoft-windows-a..dcredentialprovider_31bf3856ad364e35_6.0.6000.16386_none_3fd3e2bdc5a2408e d------ [11:18 02/11/2006] C:\Windows\winsxs\x86_microsoft-windows-a..dcredentialprovider_31bf3856ad364e35_6.0.6001.18000_none_420aa4b9c28d5162 d------ [11:21 24/09/2008] C:\Windows\winsxs\x86_microsoft-windows-a..dcredentialprovider_31bf3856ad364e35_6.0.6002.18005_none_43f61dc5bfaf1cae d------ [11:46 18/09/2009] C:\Windows\winsxs\x86_microsoft-windows-credui.resources_31bf3856ad364e35_6.0.6000.16386_en-us_5fe4036ea556b4f7 d------ [12:41 02/11/2006] C:\Windows\winsxs\x86_microsoft-windows-credui_31bf3856ad364e35_6.0.6000.16386_none_d9008ac592026334 d------ [11:18 02/11/2006] C:\Windows\winsxs\x86_microsoft-windows-credui_31bf3856ad364e35_6.0.6001.18000_none_db374cc18eed7408 d------ [11:20 24/09/2008] C:\Windows\winsxs\x86_microsoft-windows-credui_31bf3856ad364e35_6.0.6002.18005_none_dd22c5cd8c0f3f54 d------ [11:46 18/09/2009] C:\Windows\winsxs\x86_microsoft-windows-credwiz.resources_31bf3856ad364e35_6.0.6000.16386_en-us_0dcdf312c69f3fe9 d------ [12:41 02/11/2006] C:\Windows\winsxs\x86_microsoft-windows-credwiz_31bf3856ad364e35_6.0.6000.16386_none_9da3eeaf6eea0db4 d------ [11:18 02/11/2006] C:\Windows\winsxs\x86_microsoft-windows-eventcreate.resources_31bf3856ad364e35_6.0.6000.16386_en-us_163f93beca50608f d------ [12:41 02/11/2006] C:\Windows\winsxs\x86_microsoft-windows-eventcreate_31bf3856ad364e35_6.0.6000.16386_none_d32c0ea842a8cb28 d------ [11:18 02/11/2006] C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6000.16386_none_6997bcdc5b8aeeb5 d------ [12:36 02/11/2006] C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6000.16510_none_69dd6e605b578d62 d------ [04:10 04/01/2008] C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6000.16552_none_69b42f445b762fd4 d------ [04:24 04/01/2008] C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6000.20625_none_6a613cb17478c7d0 d------ [04:10 04/01/2008] C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6000.20671_none_6a272bed74a4ee29 d------ [04:24 04/01/2008] C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6001.18000_none_6bce7ed85875ff89 d------ [11:23 24/09/2008] C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6002.18005_none_6db9f7e45597cad5 d------ [11:47 18/09/2009] C:\Windows\winsxs\x86_microsoft-windows-security-credssp_31bf3856ad364e35_6.0.6000.16386_none_c1816f73a4a4f3fd d------ [11:19 02/11/2006] C:\Windows\winsxs\x86_microsoft-windows-security-credssp_31bf3856ad364e35_6.0.6001.18000_none_c3b8316fa19004d1 d------ [01:03 20/09/2008] C:\Windows\winsxs\x86_microsoft-windows-sonic-createdisc_31bf3856ad364e35_6.0.6000.16386_none_3dbfc4bbf1adf534 d------ [12:35 02/11/2006] C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16386_none_e106c2e628087e97 d------ [11:19 02/11/2006] C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b d------ [14:34 15/02/2009] C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe d------ [14:34 15/02/2009] C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac d------ [14:33 15/02/2009] C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ca109e9c4204d3bf d------ [14:33 15/02/2009] -= EOF =-
- July 15, 2012
- 60 replies
Chrome infected? Help =(

fleury replied to fleury's topic in Resolved Malware Removal Logs

On my existing profiles, there's nothing there. "Boo... You have no extensions :-( Want to browse the gallery instead?" If I create a new user and then go to the Extensions options page, it shows the same thing (no extensions) for about ten or twenty seconds, and then the uTorrentControl2 extension appears (along with the button next to the tab URL). I have clicked on the garbage can icon to remove the extension every time. -- Marc.
- July 12, 2012
- 60 replies
Chrome infected? Help =(

fleury replied to fleury's topic in Resolved Malware Removal Logs

SystemLook 30.07.11 by jpshortstuff Log created at 20:58 on 11/07/2012 by Marc Administrator - Elevation successful ========== folderfind ========== Searching for "*torrent*" C:\Qoobox\Quarantine\C\Users\Marc\AppData\Local\uTorrent d------ [06:49 10/07/2012] C:\Qoobox\Quarantine\C\Users\Marc\Documents\Torrents d------ [06:49 10/07/2012] ========== regfind ========== Searching for "torrent" [HKEY_CURRENT_USER\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrentsearchdescription+xml] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent] "Extension"=".torrent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{FDDD8E30-CA42-42E8-AD0E-3CDC9E578135}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{88A4D3F4-8B33-47B4-BDCB-3A69590D10A0}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "TCP Query User{FDA56C29-B91C-4FA8-B472-4CEEDC48EC92}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "UDP Query User{E7ED8748-38A2-4649-8715-D36A53C19F5D}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{FDDD8E30-CA42-42E8-AD0E-3CDC9E578135}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{88A4D3F4-8B33-47B4-BDCB-3A69590D10A0}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "TCP Query User{FDA56C29-B91C-4FA8-B472-4CEEDC48EC92}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "UDP Query User{E7ED8748-38A2-4649-8715-D36A53C19F5D}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{FDDD8E30-CA42-42E8-AD0E-3CDC9E578135}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{88A4D3F4-8B33-47B4-BDCB-3A69590D10A0}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "TCP Query User{FDA56C29-B91C-4FA8-B472-4CEEDC48EC92}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "UDP Query User{E7ED8748-38A2-4649-8715-D36A53C19F5D}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|" [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrentsearchdescription+xml] [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\MIME\DataBase\Content Type\application/x-bittorrentsearchdescription+xml] -= EOF =-
- July 12, 2012
- 60 replies
Chrome infected? Help =(

fleury replied to fleury's topic in Resolved Malware Removal Logs

Still the same as last update -- my existing Chrome profile seems to work fine, but if I add a new profile, within a few seconds the extension button appears and a new tab is launched, at http://www.utorrent.com/utorrent-control-complete -- Marc.
- July 11, 2012
- 60 replies
Chrome infected? Help =(

fleury replied to fleury's topic in Resolved Malware Removal Logs

The step at the command prompt gave me "The requested operation requires elevation." However, I continued with the ComboFix process. Here's the log: ComboFix 12-07-08.03 - Marc 10/07/2012 2:29.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1013.190 [GMT -4:00] Running from: c:\users\Marc\Desktop\ComboFix.exe Command switches used :: c:\users\Marc\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Marc\AppData\Local\uTorrent c:\users\Marc\AppData\Roaming\inst.exe c:\users\Marc\AppData\Roaming\vso_ts_preview.xml c:\users\Marc\Documents\Torrents c:\users\Marc\Documents\Torrents\1001_Books_You_Must_Read_Before_You_Die.5787852.TPB.torrent c:\users\Marc\Documents\Torrents\2500__sci-fi_ebooks_in_epub_format.5698246.TPB.torrent c:\users\Marc\Documents\Torrents\623_BOOKS_FOR_THE_IPHONE___IPAD_EPUB.5826551.TPB.torrent c:\users\Marc\Documents\Torrents\All_Physics_Books_Categorized.4555365.TPB.torrent c:\users\Marc\Documents\Torrents\Bored_to_Death_Season_01.5258374.TPB.torrent c:\users\Marc\Documents\Torrents\categories.txt c:\users\Marc\Documents\Torrents\It__s_A_Wonderful_Life_Uncut_1946_DvDrip[Eng]-greenbud1969.4614456.TPB.torrent c:\users\Marc\Documents\Torrents\itemtypes.txt c:\users\Marc\Documents\Torrents\Joda_rompack_for_the_Nintendo_DS_[2601-2700].4413494.TPB.torrent c:\users\Marc\Documents\Torrents\Joda_rompack_for_the_Nintendo_DS_[3101-3200].4644384.TPB.torrent c:\users\Marc\Documents\Torrents\Lost.S01-05_complete_DVDRiP.5383685.TPB.torrent c:\users\Marc\Documents\Torrents\Nintendo_DS_ROMs_4801_-_4900.5615573.TPB.torrent c:\users\Marc\Documents\Torrents\Rome-Season_1___2.4638175.TPB.torrent c:\users\Marc\Documents\Torrents\Shrek_Forever_After_(2010)_DVD-R_(eng-spa-fra)_[manuvoulquin].5989463.TPB.torrent c:\users\Marc\Documents\Torrents\Snow_White_and_the_Seven_Dwarfs_luxe_Edition(2009)(ENG_NL)2Lions.5134560.TPB.torrent c:\users\Marc\Documents\Torrents\Sonic_X_Series_1.3631362.TPB.torrent c:\users\Marc\Documents\Torrents\Star_Trek-The_Original_Series_(Season_1)_Remastered_And_Enhanced.5515718.TPB.torrent c:\users\Marc\Documents\Torrents\The.Fairly.OddParents.5.Seasons.4584020.TPB.torrent c:\users\Marc\Documents\Torrents\The_Earthsea_Cycle-_Ursula_K._Le_Guin_(Epub__Mobi__Lit__Pdf).5943625.TPB.torrent c:\users\Marc\Documents\Torrents\The_Social_Network_2010_DVDSCR_XViD-WBZ_.5915536.TPB.torrent c:\users\Marc\Documents\Torrents\TV__Arthur_(Marc_Brown)_PBS_Kids_[season_01_-_10]_FULL_EPISODES.5181352.TPB.torrent c:\users\Marc\Documents\Torrents\Wolverine_and_the_X-Men_-_Season_1_-_Complete.4785976.TPB.torrent c:\windows\Downloaded Program Files\setup.dll c:\windows\Fonts\HandelGotDOT-Bol.otf c:\windows\system32\muzapp.exe . . ((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 ))))))))))))))))))))))))))))))) . . 2012-07-10 06:51 . 2012-07-10 11:40 -------- d-----w- c:\users\Marc\AppData\Local\temp 2012-07-10 06:51 . 2012-07-10 06:51 -------- d-----w- c:\users\Mcx1\AppData\Local\temp 2012-07-10 06:51 . 2012-07-10 06:51 -------- d-----w- c:\users\Guest\AppData\Local\temp 2012-07-10 06:51 . 2012-07-10 06:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-10 03:59 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{858BB809-42FE-4982-B089-A90033A0DDF6}\mpengine.dll 2012-07-09 04:01 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-04 03:56 . 2012-06-03 04:40 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{175742C7-8CFB-4ABB-9044-6E8CACFE704E}\gapaengine.dll 2012-06-21 23:57 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 23:57 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 23:57 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 23:57 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 23:55 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-21 23:55 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 23:55 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 23:53 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 23:53 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-15 05:07 . 2012-06-15 05:07 -------- d-----w- c:\programdata\Kaspersky Lab 2012-06-14 01:25 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll 2012-06-14 01:25 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-14 01:25 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-14 01:24 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-14 01:24 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys 2012-06-13 11:36 . 2012-06-13 11:36 -------- d-----w- c:\program files\ESET 2012-06-12 21:37 . 2012-06-12 21:37 -------- d-----w- c:\program files\Dropbox 2012-06-12 21:33 . 2012-07-10 01:32 -------- d-----w- c:\users\Marc\AppData\Roaming\Dropbox . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-03 04:40 . 2012-06-03 04:56 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-06-03 03:40 . 2012-06-03 03:40 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13F0BDB0-AB9F-463E-82F2-8C56660EB083}\offreg.dll 2012-05-29 07:38 . 2011-03-02 11:57 330240 ----a-w- c:\windows\MASetupCaller.dll 2012-05-15 05:43 . 2012-06-03 03:20 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13F0BDB0-AB9F-463E-82F2-8C56660EB083}\mpengine.dll 2012-05-05 14:07 . 2012-04-13 10:53 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-05 14:07 . 2011-06-07 04:56 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "googletalk"="c:\users\Marc\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-30 21432] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-05-30 3521464] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] . c:\users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-6 27502520] EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112] KooBits 4.lnk - c:\program files\KooBits 4.0\KooBits 4.0.exe [N/A] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 14:07] . 2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3952486750-2209785099-4280780671-1000Core.job - c:\users\Marc\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 22:46] . 2012-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3952486750-2209785099-4280780671-1000UA.job - c:\users\Marc\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 22:46] . . ------- Supplementary Scan ------- . uStart Page = https://www.google.ca/ mStart Page = hxxp://sympatico.ca IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 192.168.2.1 DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} - hxxps://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab DPF: {F79364C6-8DF2-4060-BF77-35239AC7BCB1} - hxxps://connect.startek.com/Hyperion/zeroadmin/component/Insight/setup.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-10 07:43 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(1060) c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\system32\WLANExt.exe c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\DRIVERS\xaudio.exe c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\wbem\unsecapp.exe . ************************************************************************** . Completion time: 2012-07-10 07:57:33 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-10 11:56 ComboFix2.txt 2012-06-19 03:25 . Pre-Run: 12,817,362,944 bytes free Post-Run: 11,938,877,440 bytes free . - - End Of File - - 110F8ED5F40414798E922171D1754254
- July 10, 2012
- 60 replies
Chrome infected? Help =(

fleury replied to fleury's topic in Resolved Malware Removal Logs

SystemLook 30.07.11 by jpshortstuff Log created at 00:24 on 09/07/2012 by Marc Administrator - Elevation successful ========== folderfind ========== Searching for "*torrent*" C:\Users\Marc\AppData\Local\uTorrent d------ [03:48 25/06/2011] C:\Users\Marc\Documents\Torrents d------ [02:47 07/01/2008] ========== regfind ========== Searching for "torrent" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC260C-971D-44E3-91FB-0DF611DC1CD4}] "AppPath"="C:\Program Files\uTorrent" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC260C-971D-44E3-91FB-0DF611DC1CD4}] "AppName"="uTorrent.exe" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utorrent.com] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\torrent] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList] "b"="uTorrent.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.[Movie-Torrentz]] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.torrent] [HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe] [HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe\shell\open\command] @=""C:\Program Files\uTorrent\uTorrent.exe" "%1"" [HKEY_CURRENT_USER\Software\Classes\btdna\DefaultIcon] @=""C:\Program Files\uTorrent\uTorrent.exe" ",0" [HKEY_CURRENT_USER\Software\Classes\btdna\shell\open\command] @=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA"" [HKEY_CURRENT_USER\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrent] [HKEY_CURRENT_USER\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrent] "Extension"=".torrent" [HKEY_CURRENT_USER\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrentsearchdescription+xml] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent] "Extension"=".torrent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml] [HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\AppPaths\client] "AppPath"="C:\Program Files\uTorrent\uTorrent.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{FDDD8E30-CA42-42E8-AD0E-3CDC9E578135}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{88A4D3F4-8B33-47B4-BDCB-3A69590D10A0}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "TCP Query User{FDA56C29-B91C-4FA8-B472-4CEEDC48EC92}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "UDP Query User{E7ED8748-38A2-4649-8715-D36A53C19F5D}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{FDDD8E30-CA42-42E8-AD0E-3CDC9E578135}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{88A4D3F4-8B33-47B4-BDCB-3A69590D10A0}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "TCP Query User{FDA56C29-B91C-4FA8-B472-4CEEDC48EC92}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "UDP Query User{E7ED8748-38A2-4649-8715-D36A53C19F5D}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{FDDD8E30-CA42-42E8-AD0E-3CDC9E578135}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{88A4D3F4-8B33-47B4-BDCB-3A69590D10A0}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "TCP Query User{FDA56C29-B91C-4FA8-B472-4CEEDC48EC92}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "UDP Query User{E7ED8748-38A2-4649-8715-D36A53C19F5D}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|" [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC260C-971D-44E3-91FB-0DF611DC1CD4}] "AppPath"="C:\Program Files\uTorrent" [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC260C-971D-44E3-91FB-0DF611DC1CD4}] "AppName"="uTorrent.exe" [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utorrent.com] [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\torrent] [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent] [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList] "b"="uTorrent.exe" [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.[Movie-Torrentz]] [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.torrent] [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\Applications\uTorrent.exe] [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\Applications\uTorrent.exe\shell\open\command] @=""C:\Program Files\uTorrent\uTorrent.exe" "%1"" [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\btdna\DefaultIcon] @=""C:\Program Files\uTorrent\uTorrent.exe" ",0" [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\btdna\shell\open\command] @=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA"" [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrent] [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrent] "Extension"=".torrent" [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrentsearchdescription+xml] [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\Applications\uTorrent.exe] [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\Applications\uTorrent.exe\shell\open\command] @=""C:\Program Files\uTorrent\uTorrent.exe" "%1"" [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\btdna\DefaultIcon] @=""C:\Program Files\uTorrent\uTorrent.exe" ",0" [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\btdna\shell\open\command] @=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA"" [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\MIME\DataBase\Content Type\application/x-bittorrent] [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\MIME\DataBase\Content Type\application/x-bittorrent] "Extension"=".torrent" [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\MIME\DataBase\Content Type\application/x-bittorrentsearchdescription+xml] -= EOF =-
- July 9, 2012
- 60 replies
Chrome infected? Help =(

fleury replied to fleury's topic in Resolved Malware Removal Logs

<p>Thanks again for your continued help. Here's the log:</p> <p> </p> <p> </p> <div>SystemLook 30.07.11 by jpshortstuff</div> <div>Log created at 00:24 on 09/07/2012 by Marc</div> <div>Administrator - Elevation successful</div> <div> </div> <div>========== folderfind ==========</div> <div> </div> <div>Searching for "*torrent*"</div> <div>C:\Users\Marc\AppData\Local\uTorrent<span class="Apple-tab-span" style="white-space:pre"> </span>d------<span class="Apple-tab-span" style="white-space:pre"> </span>[03:48 25/06/2011]</div> <div>C:\Users\Marc\Documents\Torrents<span class="Apple-tab-span" style="white-space:pre"> </span>d------<span class="Apple-tab-span" style="white-space:pre"> </span>[02:47 07/01/2008]</div> <div> </div> <div>========== regfind ==========</div> <div> </div> <div>Searching for "torrent"</div> <div>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC260C-971D-44E3-91FB-0DF611DC1CD4}]</div> <div>"AppPath"="C:\Program Files\uTorrent"</div> <div>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC260C-971D-44E3-91FB-0DF611DC1CD4}]</div> <div>"AppName"="uTorrent.exe"</div> <div>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utorrent.com]</div> <div>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\torrent]</div> <div>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]</div> <div>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList]</div> <div>"b"="uTorrent.exe"</div> <div>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.[Movie-Torrentz]]</div> <div>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.torrent]</div> <div>[HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe]</div> <div>[HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe\shell\open\command]</div> <div>@=""C:\Program Files\uTorrent\uTorrent.exe" "%1""</div> <div>[HKEY_CURRENT_USER\Software\Classes\btdna\DefaultIcon]</div> <div>@=""C:\Program Files\uTorrent\uTorrent.exe" ",0"</div> <div>[HKEY_CURRENT_USER\Software\Classes\btdna\shell\open\command]</div> <div>@=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA""</div> <div>[HKEY_CURRENT_USER\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrent]</div> <div>[HKEY_CURRENT_USER\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrent]</div> <div>"Extension"=".torrent"</div> <div>[HKEY_CURRENT_USER\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrentsearchdescription+xml]</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent]</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent]</div> <div>"Extension"=".torrent"</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\AppPaths\client]</div> <div>"AppPath"="C:\Program Files\uTorrent\uTorrent.exe"</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div> <div>"{FDDD8E30-CA42-42E8-AD0E-3CDC9E578135}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div> <div>"{88A4D3F4-8B33-47B4-BDCB-3A69590D10A0}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div> <div>"TCP Query User{FDA56C29-B91C-4FA8-B472-4CEEDC48EC92}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div> <div>"UDP Query User{E7ED8748-38A2-4649-8715-D36A53C19F5D}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div> <div>"{FDDD8E30-CA42-42E8-AD0E-3CDC9E578135}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div> <div>"{88A4D3F4-8B33-47B4-BDCB-3A69590D10A0}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div> <div>"TCP Query User{FDA56C29-B91C-4FA8-B472-4CEEDC48EC92}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div> <div>"UDP Query User{E7ED8748-38A2-4649-8715-D36A53C19F5D}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div> <div>"{FDDD8E30-CA42-42E8-AD0E-3CDC9E578135}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div> <div>"{88A4D3F4-8B33-47B4-BDCB-3A69590D10A0}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div> <div>"TCP Query User{FDA56C29-B91C-4FA8-B472-4CEEDC48EC92}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div> <div>"UDP Query User{E7ED8748-38A2-4649-8715-D36A53C19F5D}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC260C-971D-44E3-91FB-0DF611DC1CD4}]</div> <div>"AppPath"="C:\Program Files\uTorrent"</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC260C-971D-44E3-91FB-0DF611DC1CD4}]</div> <div>"AppName"="uTorrent.exe"</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utorrent.com]</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\torrent]</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList]</div> <div>"b"="uTorrent.exe"</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.[Movie-Torrentz]]</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.torrent]</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\Applications\uTorrent.exe]</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\Applications\uTorrent.exe\shell\open\command]</div> <div>@=""C:\Program Files\uTorrent\uTorrent.exe" "%1""</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\btdna\DefaultIcon]</div> <div>@=""C:\Program Files\uTorrent\uTorrent.exe" ",0"</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\btdna\shell\open\command]</div> <div>@=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA""</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrent]</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrent]</div> <div>"Extension"=".torrent"</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrentsearchdescription+xml]</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\Applications\uTorrent.exe]</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\Applications\uTorrent.exe\shell\open\command]</div> <div>@=""C:\Program Files\uTorrent\uTorrent.exe" "%1""</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\btdna\DefaultIcon]</div> <div>@=""C:\Program Files\uTorrent\uTorrent.exe" ",0"</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\btdna\shell\open\command]</div> <div>@=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA""</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\MIME\DataBase\Content Type\application/x-bittorrent]</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\MIME\DataBase\Content Type\application/x-bittorrent]</div> <div>"Extension"=".torrent"</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\MIME\DataBase\Content Type\application/x-bittorrentsearchdescription+xml]</div> <div> </div> <div>-= EOF =-</div>
- July 9, 2012
- 60 replies
Chrome infected? Help =(

fleury replied to fleury's topic in Resolved Malware Removal Logs

There does appear to still be something lying dormant. It's not crippling my system like it was before, but it's still a bit disconcerting to know that this thing is somehow still hiding somewhere... Today I created a new User profile in Chrome. When it launched, all seemed normal. After about five seconds, the utorrent thing showed up as a button. A few seconds after that, another tab auto-launched, stating that I had completed installation of utorrent. I shut that tab down and went in to the extensions option on the new profile, and that same utorrentControl2 option was there again. I deleted it and tested again by creating a new profile, and the same thing happened. -- Marc.
- July 6, 2012
- 60 replies
Chrome infected? Help =(

fleury replied to fleury's topic in Resolved Malware Removal Logs

When I launched Chrome, the button for utorrentControl2 was gone, though strangely it just seemed to be invisible (when I hovered the mouse over where the button would otherwise be, there was still an alt-text that came up for it. I went in to the Chrome settings to see the extensions, and it was there (again) so I deleted it. I rebooted and it now seems to be gone completely. I'm using Chrome now to post this. It appears that everything is fixed. I'll monitor for a couple of days to see if the issues recur. Hopefully we're done! Once again, I appreciate your help. -- Marc.
- July 5, 2012
- 60 replies
Chrome infected? Help =(

fleury replied to fleury's topic in Resolved Malware Removal Logs

All processes killed ========== OTL ========== File C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0 not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Guest ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Marc ->Temp folder emptied: 572352 bytes ->Temporary Internet Files folder emptied: 184296972 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 10013114 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 6174 bytes User: Mcx1 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 175546 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 605759798 bytes Total Files Cleaned = 764.00 mb OTL by OldTimer - Version 3.2.53.1 log created on 07042012_084830 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...
- July 4, 2012
- 60 replies
Chrome infected? Help =(

fleury replied to fleury's topic in Resolved Malware Removal Logs

Like the last time I ran a fix, OTL crashed when it appeared to be nearing completion. I didn't run it a second time this time, though. Files\Folders moved on Reboot... C:\Users\Marc\AppData\Local\Temp\ehmsas.txt moved successfully. PendingFileRenameOperations files... File C:\Users\Marc\AppData\Local\Temp\ehmsas.txt not found! Registry entries deleted on Reboot...
- July 4, 2012
- 60 replies
Chrome infected? Help =(

fleury replied to fleury's topic in Resolved Malware Removal Logs

OTL logfile created on: 01/07/2012 11:00:44 PM - Run 2 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Marc\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 1013.31 Mb Total Physical Memory | 321.32 Mb Available Physical Memory | 31.71% Memory free 2.23 Gb Paging File | 1.09 Gb Available in Paging File | 48.71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 105.33 Gb Total Space | 11.64 Gb Free Space | 11.05% Space Free | Partition Type: NTFS Drive D: | 6.46 Gb Total Space | 0.75 Gb Free Space | 11.67% Space Free | Partition Type: NTFS Computer Name: MARC_LAPTOP | User Name: Marc | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/01 22:57:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Marc\Desktop\OTL.exe PRC - [2012/06/06 22:02:30 | 027,502,520 | ---- | M] (Dropbox, Inc.) -- C:\Users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012/05/29 21:17:54 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe PRC - [2012/05/05 10:07:36 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2012/03/23 20:09:29 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\Marc\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe PRC - [2012/01/23 14:42:34 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2007/09/15 03:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe PRC - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Marc\AppData\Roaming\Google\Google Talk\googletalk.exe PRC - [2006/11/24 19:34:20 | 000,118,877 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe PRC - [2006/11/24 19:34:16 | 000,270,431 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ========== Modules (No Company Name) ========== MOD - [2011/08/31 15:44:40 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll MOD - [2011/08/31 15:44:38 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll MOD - [2006/11/24 19:33:18 | 000,061,440 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService) SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr) SRV - [2012/05/05 10:07:42 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler) SRV - [2006/11/24 19:34:20 | 000,118,877 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS) SRV - [2006/11/24 19:34:16 | 000,270,431 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS) SRV - [2004/10/22 07:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012/07/01 02:02:02 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0C1234F5-407B-4E68-8242-105056BB9286}\MpKsl307a59e3.sys -- (MpKsl307a59e3) DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011/06/02 01:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011/06/02 01:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV - [2011/06/02 01:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV - [2010/12/21 01:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2010/12/21 01:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2010/12/21 01:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2010/02/25 01:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBTTN.sys -- (HBtnKey) DRV - [2009/11/10 10:27:06 | 000,019,456 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlyUsb.sys -- (FlyUsb) DRV - [2009/04/29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2008/03/03 05:10:44 | 000,182,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2007/08/22 11:50:38 | 001,749,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2007/07/10 07:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007/05/15 08:43:50 | 000,013,765 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UCharger.sys -- (UCharger) DRV - [2007/02/22 17:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService) DRV - [2006/11/16 05:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2006/11/16 00:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006/11/15 22:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2006/11/09 05:02:30 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel® ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.ca IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0BE365B7-D50B-439F-8AE1-A0FF24C95C1E}: "URL" = http://search.sympatico.msn.ca/results.aspx?q={searchTerms}&FORM=HPCPDS IE - HKLM\..\SearchScopes\{63BC2215-BFAC-4324-810F-5A302AB0B99E}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVNCS7 IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/ IE - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\..\SearchScopes,DefaultScope = {0FB5313F-675E-4315-9AC7-BBA6C053F71E} IE - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\..\SearchScopes\{0BE365B7-D50B-439F-8AE1-A0FF24C95C1E}: "URL" = http://search.sympatico.msn.ca/results.aspx?q={searchTerms}&FORM=HPCPDS IE - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\..\SearchScopes\{0FB5313F-675E-4315-9AC7-BBA6C053F71E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLR_en IE - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\..\SearchScopes\{63BC2215-BFAC-4324-810F-5A302AB0B99E}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVNCS7 IE - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Marc\AppData\LocalLow\Sony Online Entertainment\npsoe.dll () FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Marc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Marc\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Marc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) [2012/06/06 19:17:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}, CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Marc\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Marc\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Marc\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Marc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Marc\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: O3D Plugin (Enabled) = C:\Users\Marc\AppData\Roaming\Mozilla\plugins\npo3dautoplugin.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Free Realms Installer (Enabled) = C:\Users\Marc\AppData\LocalLow\Sony Online Entertainment\npsoe.dll CHR - plugin: Google Update (Enabled) = C:\Users\Marc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: uTorrentControl2 = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\ CHR - Extension: Gmail = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/06/19 21:32:46 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000..\Run: [googletalk] C:\Users\Marc\AppData\Roaming\Google\Google Talk\googletalk.exe (Google) O4 - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe (Adobe Systems Incorporated) O4 - Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O4 - Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KooBits 4.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} https://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab (Windows Live SkyDrive Upload Tool) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {F79364C6-8DF2-4060-BF77-35239AC7BCB1} https://connect.startek.com/Hyperion/zeroadmin/component/Insight/setup.cab (SetupLauncher Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1901EDC2-2EA0-429D-9CB7-95F78CA928A0}: DhcpNameServer = 192.168.2.1 192.168.2.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Users\Marc\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Marc\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/12/21 08:04:50 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/07/01 22:57:21 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Marc\Desktop\OTL.exe [2012/06/27 20:12:40 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012/06/19 22:01:42 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\temp [2012/06/19 21:33:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/06/19 21:29:05 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/06/19 21:05:17 | 000,000,000 | ---D | C] -- C:\ComboFix [2012/06/18 22:27:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/06/18 22:27:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/06/18 22:27:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/06/18 22:27:17 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/06/18 22:25:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/06/15 01:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012/06/13 07:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/06/12 18:21:26 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\{1B5791F0-439D-4E33-B909-C2EAF4E9345D} [2012/06/12 17:40:45 | 000,000,000 | R--D | C] -- C:\Users\Marc\Desktop\Dropbox [2012/06/12 17:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox [2012/06/12 17:36:10 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2012/06/12 17:33:01 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Dropbox [2012/06/06 19:17:32 | 000,000,000 | ---D | C] -- C:\_OTL [2012/06/06 00:13:32 | 000,000,000 | ---D | C] -- C:\Temp [2012/06/05 23:29:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\System32 [2012/06/03 10:40:53 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\SUPERAntiSpyware.com [2012/06/03 10:40:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012/06/03 10:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012/06/03 10:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012/06/03 09:56:26 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Malwarebytes [2012/06/03 09:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/06/03 09:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/06/03 09:55:45 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/06/03 09:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/06/03 00:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2009/04/25 19:29:02 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Marc\AppData\Roaming\pcouffin.sys ========== Files - Modified Within 30 Days ========== [2012/07/01 22:57:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Marc\Desktop\OTL.exe [2012/07/01 21:20:14 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/01 21:20:14 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/01 19:07:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/07/01 18:15:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3952486750-2209785099-4280780671-1000UA.job [2012/07/01 16:01:01 | 000,002,345 | ---- | M] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\BrickStore.lnk [2012/06/30 20:15:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3952486750-2209785099-4280780671-1000Core.job [2012/06/29 04:20:00 | 000,002,040 | ---- | M] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/06/29 04:19:59 | 000,002,078 | ---- | M] () -- C:\Users\Marc\Desktop\Google Chrome.lnk [2012/06/26 23:17:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/06/26 23:17:07 | 1063,313,408 | -HS- | M] () -- C:\hiberfil.sys [2012/06/26 23:02:14 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012/06/26 21:46:13 | 000,000,680 | ---- | M] () -- C:\Users\Marc\AppData\Local\d3d9caps.dat [2012/06/26 21:45:44 | 000,000,943 | ---- | M] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/06/25 23:17:14 | 000,003,378 | ---- | M] () -- C:\Users\Marc\Desktop\mattoncini.bsx [2012/06/23 16:13:02 | 000,002,585 | ---- | M] () -- C:\Users\Marc\Desktop\Microsoft Office Excel 2007.lnk [2012/06/23 11:05:45 | 000,002,609 | ---- | M] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk [2012/06/19 21:32:46 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012/06/14 04:42:01 | 000,423,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/06/14 03:55:05 | 000,644,652 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/06/14 03:55:05 | 000,124,786 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/06/12 17:40:45 | 000,000,981 | ---- | M] () -- C:\Users\Marc\Desktop\Dropbox.lnk [2012/06/12 17:38:11 | 000,000,991 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012/06/03 09:56:05 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/06/03 00:15:09 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif ========== Files Created - No Company Name ========== [2012/06/27 20:13:15 | 000,002,078 | ---- | C] () -- C:\Users\Marc\Desktop\Google Chrome.lnk [2012/06/27 20:13:15 | 000,002,040 | ---- | C] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/06/25 23:17:14 | 000,003,378 | ---- | C] () -- C:\Users\Marc\Desktop\mattoncini.bsx [2012/06/18 22:27:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/06/18 22:27:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/06/18 22:27:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/06/18 22:27:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/06/18 22:27:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/06/12 17:40:45 | 000,000,981 | ---- | C] () -- C:\Users\Marc\Desktop\Dropbox.lnk [2012/06/12 17:38:11 | 000,000,991 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012/06/03 09:56:05 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/06/03 00:15:09 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif [2012/06/03 00:09:23 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012/01/26 09:46:49 | 000,000,218 | ---- | C] () -- C:\Users\Marc\AppData\Local\recently-used.xbel [2011/03/04 00:12:50 | 000,000,000 | ---- | C] () -- C:\Users\Marc\cbe.6dcf4c112e7f11688b [2011/03/04 00:07:56 | 000,000,016 | ---- | C] () -- C:\Users\Marc\persistent_state [2011/03/02 07:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011/03/02 07:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011/03/02 07:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011/03/02 07:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011/03/02 07:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2010/01/27 08:38:28 | 000,000,680 | ---- | C] () -- C:\Users\Marc\AppData\Local\d3d9caps.dat [2009/06/23 17:29:05 | 000,003,685 | ---- | C] () -- C:\Users\Marc\zuda_templat.2009_06_23_17_29_05.0 [2009/04/26 11:40:31 | 000,014,729 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2009/04/25 19:30:58 | 000,000,668 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\vso_ts_preview.xml [2009/04/25 19:29:02 | 000,087,608 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\inst.exe [2009/04/25 19:29:02 | 000,007,887 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\pcouffin.cat [2009/04/25 19:29:02 | 000,001,144 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\pcouffin.inf [2008/08/22 13:42:38 | 000,002,150 | ---- | C] () -- C:\Users\Marc\New document 1.2008_08_22_13_42_38.0 [2008/01/22 13:13:17 | 000,023,888 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\UserTile.png [2008/01/03 21:29:58 | 000,235,520 | ---- | C] () -- C:\Users\Marc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2010/03/16 07:14:01 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Amazon [2011/08/07 16:30:57 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\calibre [2009/06/22 20:04:42 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1 [2012/07/01 23:03:44 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Dropbox [2010/06/29 08:12:38 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\gtk-2.0 [2008/08/22 13:41:11 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Inkscape [2010/04/30 23:54:55 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\LEGO Company [2011/03/12 20:59:25 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Notepad++ [2008/01/22 13:13:17 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\PeerNetworking [2009/08/29 16:52:02 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Reg Tool [2012/05/25 14:58:34 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Samsung [2010/06/03 13:18:21 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Unity [2011/11/15 01:13:58 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Vso [2009/09/26 16:39:48 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Windows Live Writer [2012/06/26 23:02:41 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:51CF25B1 < End of report >
- July 2, 2012
- 60 replies
Chrome infected? Help =(

fleury replied to fleury's topic in Resolved Malware Removal Logs

Hmm. Looks like we're almost there. I uninstalled Chrome, rebooted, and re-installed. When I launch Chrome it let's me browse normally. In Task Manager, it seems to behave well -- CPU usage only 1 or 2 % outside of brief spikes. However -- somehow the utorrentControl2 Community Toolbar button is back, even though this was deleted WAY back at the start of this thread (and was likely the initial cause of all the problems). -- Marc.
- June 28, 2012
- 60 replies
Chrome infected? Help =(

fleury replied to fleury's topic in Resolved Malware Removal Logs

Unfortunately, nothing has changed with Chrome. IE works for me fine. When I have it running and I have Task Manager open, IE appears to be using around 120Mb of memory, and 2% of CPU (other than brief bursts). When I launch Chrome, it uses 250Mb of memory, and 50% of CPU. My home page half-loads, and when I try to launch any other page, it just sits there, loading. If I close Chrome, the window goes away, but Chrome is still listed in Task Manager, still using 50% of the CPU. I appreciate the help you've provided (and I apologize for the long delays between each step), but I am starting to think that this isn't going to be solved. Should I just back up what I need, and abandon everything? Do a complete reformat? -- Marc.
- June 24, 2012
- 60 replies
Chrome infected? Help =(

fleury replied to fleury's topic in Resolved Malware Removal Logs

No threats detected.
- June 24, 2012
- 60 replies
Chrome infected? Help =(

fleury replied to fleury's topic in Resolved Malware Removal Logs

I ran the scan as described. The results window stated "No threats found." I went to the log, but the file's Date Modified data shows June 13. In any case, the log shows: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK
- June 22, 2012
- 60 replies
Chrome infected? Help =(

fleury replied to fleury's topic in Resolved Malware Removal Logs

ComboFix 12-06-16.02 - Marc 19/06/2012 21:10:44.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1013.224 [GMT -4:00] Running from: c:\users\Marc\Desktop\ComboFix.exe Command switches used :: c:\users\Marc\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Conduit c:\program files\Conduit\Community Alerts\Alert.dll c:\users\Marc\AppData\Local\Conduit . . ((((((((((((((((((((((((( Files Created from 2012-05-20 to 2012-06-20 ))))))))))))))))))))))))))))))) . . 2012-06-20 01:29 . 2012-06-20 01:29 -------- d-----w- c:\users\Mcx1\AppData\Local\temp 2012-06-20 01:29 . 2012-06-20 01:29 -------- d-----w- c:\users\Guest\AppData\Local\temp 2012-06-20 01:29 . 2012-06-20 01:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-19 03:47 . 2012-05-15 05:43 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55E3F586-B1C8-4AA6-8A85-860BB27F87C3}\mpengine.dll 2012-06-19 03:26 . 2012-06-20 01:34 -------- d-----w- c:\users\Marc\AppData\Local\temp 2012-06-17 09:03 . 2012-05-15 05:43 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-15 05:07 . 2012-06-15 05:07 -------- d-----w- c:\programdata\Kaspersky Lab 2012-06-14 01:25 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll 2012-06-14 01:25 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-14 01:25 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-14 01:24 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 17:44 . 2012-06-03 04:40 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A20357BD-2317-4262-8CEE-FC8203AA6002}\gapaengine.dll 2012-06-13 11:36 . 2012-06-13 11:36 -------- d-----w- c:\program files\ESET 2012-06-12 21:37 . 2012-06-12 21:37 -------- d-----w- c:\program files\Dropbox 2012-06-12 21:33 . 2012-06-19 03:55 -------- d-----w- c:\users\Marc\AppData\Roaming\Dropbox 2012-06-06 23:17 . 2012-06-06 23:17 -------- d-----w- C:\_OTL 2012-06-06 04:13 . 2012-06-06 04:13 -------- d-----w- C:\Temp 2012-06-06 03:29 . 2012-06-06 03:29 -------- d-----w- c:\windows\system32\System32 2012-06-03 14:40 . 2012-06-03 14:40 -------- d-----w- c:\users\Marc\AppData\Roaming\SUPERAntiSpyware.com 2012-06-03 14:39 . 2012-06-03 14:40 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-06-03 14:39 . 2012-06-03 14:39 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-06-03 13:56 . 2012-06-03 13:56 -------- d-----w- c:\users\Marc\AppData\Roaming\Malwarebytes 2012-06-03 13:55 . 2012-06-03 13:55 -------- d-----w- c:\programdata\Malwarebytes 2012-06-03 13:55 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-03 13:55 . 2012-06-03 13:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-06-03 04:56 . 2012-06-03 04:40 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-06-03 04:07 . 2012-06-03 04:09 -------- d-----w- c:\program files\Microsoft Security Client 2012-06-03 04:06 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys 2012-06-01 03:41 . 2012-06-01 03:41 -------- d-----w- c:\users\Marc\AppData\Local\Apps 2012-06-01 03:41 . 2012-06-01 03:44 -------- d-----w- c:\users\Marc\AppData\Local\Deployment 2012-05-28 02:42 . 2012-05-28 02:43 -------- d-----w- c:\users\Marc\AppData\Local\CRE 2012-05-25 19:02 . 2012-06-06 03:46 -------- d-----w- c:\users\Marc\AppData\Local\Samsung 2012-05-25 18:58 . 2012-05-25 18:58 -------- d-----w- c:\users\Marc\AppData\Roaming\Samsung 2012-05-25 18:27 . 2011-06-02 05:47 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys 2012-05-25 18:27 . 2011-06-02 05:47 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys 2012-05-25 18:27 . 2011-06-02 05:47 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys 2012-05-25 18:27 . 2011-06-02 05:47 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys 2012-05-25 18:27 . 2011-06-02 05:47 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys 2012-05-25 18:27 . 2011-06-02 05:47 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys 2012-05-25 18:27 . 2011-06-02 05:47 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys 2012-05-25 18:18 . 2010-12-21 05:55 132424 ----a-w- c:\windows\system32\drivers\sscdmdm.sys 2012-05-25 18:18 . 2010-12-21 05:55 12488 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys 2012-05-25 18:18 . 2010-12-21 05:55 12488 ----a-w- c:\windows\system32\drivers\sscdwh.sys 2012-05-25 18:18 . 2010-12-21 05:55 14920 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys 2012-05-25 18:18 . 2010-12-21 05:55 12616 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys 2012-05-25 18:18 . 2010-12-21 05:55 12616 ----a-w- c:\windows\system32\drivers\sscdcm.sys 2012-05-25 18:18 . 2010-12-21 05:55 104648 ----a-w- c:\windows\system32\drivers\sscdbus.sys 2012-05-25 18:11 . 2011-03-02 11:58 4659712 ----a-w- c:\windows\system32\Redemption.dll 2012-05-25 18:07 . 2012-05-25 18:07 -------- d-----w- c:\program files\MarkAny 2012-05-25 18:07 . 2011-03-02 11:57 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys 2012-05-25 18:07 . 2011-03-02 11:57 821824 ----a-w- c:\windows\system32\dgderapi.dll 2012-05-25 18:04 . 2012-05-25 18:17 -------- d-----w- c:\program files\Samsung 2012-05-25 18:04 . 2012-05-25 18:15 -------- d-----w- c:\programdata\Samsung 2012-05-25 17:59 . 2012-05-25 17:59 -------- d-----w- c:\users\Marc\AppData\Local\Downloaded Installations . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-03 03:40 . 2012-06-03 03:40 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13F0BDB0-AB9F-463E-82F2-8C56660EB083}\offreg.dll 2012-05-29 07:38 . 2011-03-02 11:57 330240 ----a-w- c:\windows\MASetupCaller.dll 2012-05-17 22:35 . 2012-06-14 07:10 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 19:51 . 2012-06-14 01:24 2045440 ----a-w- c:\windows\system32\win32k.sys 2012-05-15 05:43 . 2012-06-03 03:20 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13F0BDB0-AB9F-463E-82F2-8C56660EB083}\mpengine.dll 2012-05-05 14:07 . 2012-04-13 10:53 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-05 14:07 . 2011-06-07 04:56 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-03 08:16 . 2012-05-12 03:24 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-03 08:16 . 2012-05-12 03:24 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-30 12:39 . 2012-05-12 03:24 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-03-29 13:39 . 2012-05-12 03:24 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "googletalk"="c:\users\Marc\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-30 21432] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-05-30 3521464] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] . c:\users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-6 27502520] EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112] KooBits 4.lnk - c:\program files\KooBits 4.0\KooBits 4.0.exe [N/A] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 14:07] . 2012-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3952486750-2209785099-4280780671-1000Core.job - c:\users\Marc\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 22:46] . 2012-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3952486750-2209785099-4280780671-1000UA.job - c:\users\Marc\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 22:46] . . ------- Supplementary Scan ------- . uStart Page = https://www.google.ca/ mStart Page = hxxp://sympatico.ca IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 192.168.2.1 DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} - hxxps://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab DPF: {F79364C6-8DF2-4060-BF77-35239AC7BCB1} - hxxps://connect.startek.com/Hyperion/zeroadmin/component/Insight/setup.cab . . ************************************************************************** scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(760) c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll c:\program files\SUPERAntiSpyware\SASCTXMN.DLL c:\program files\Ipswitch\WS_FTP 12\wsftpsi.dll c:\program files\Ipswitch\WS_FTP 12\wsftplib.dll c:\program files\Ipswitch\WS_FTP 12\LIBEAY32.dll c:\program files\Ipswitch\WS_FTP 12\wsftpext.dll c:\program files\Ipswitch\WS_FTP 12\SSLEAY32.dll c:\program files\Ipswitch\WS_FTP 12\ipspgp.dll c:\program files\Ipswitch\WS_FTP 12\sslsvc.dll c:\program files\Ipswitch\WS_FTP 12\wsfirscr.dll c:\program files\Ipswitch\WS_FTP 12\wshosts.dll c:\program files\WinRAR\rarext.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\system32\WLANExt.exe c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\DRIVERS\xaudio.exe c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Microsoft Security Client\MpCmdRun.exe c:\program files\Microsoft Security Client\MpCmdRun.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Completion time: 2012-06-19 22:01:01 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-20 01:52 ComboFix2.txt 2012-06-19 03:25 . Pre-Run: 11,080,810,496 bytes free Post-Run: 10,955,976,704 bytes free . - - End Of File - - 8B70AF4F36BB7847C4ACD2762A2C3E37
- June 20, 2012
- 60 replies
Chrome infected? Help =(

fleury replied to fleury's topic in Resolved Malware Removal Logs

ComboFix 12-06-16.02 - Marc 18/06/2012 22:32:26.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1013.193 [GMT -4:00] Running from: c:\users\Marc\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Marc\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll c:\users\Marc\ia_remove.sh6793.tmp . . ((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 ))))))))))))))))))))))))))))))) . . 2012-06-19 02:52 . 2012-06-19 02:59 -------- d-----w- c:\users\Marc\AppData\Local\temp 2012-06-19 02:52 . 2012-06-19 02:52 -------- d-----w- c:\users\Mcx1\AppData\Local\temp 2012-06-19 02:52 . 2012-06-19 02:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-19 02:52 . 2012-06-19 02:52 -------- d-----w- c:\users\Guest\AppData\Local\temp 2012-06-18 09:22 . 2012-05-15 05:43 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FED5B0DC-3FE0-494C-83B7-E31ADB0E275D}\mpengine.dll 2012-06-17 09:03 . 2012-05-15 05:43 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-15 05:07 . 2012-06-15 05:07 -------- d-----w- c:\programdata\Kaspersky Lab 2012-06-14 07:10 . 2012-05-17 23:21 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2012-06-14 07:10 . 2012-05-17 22:31 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll 2012-06-14 07:10 . 2012-05-17 22:31 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll 2012-06-14 07:10 . 2012-05-17 22:29 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-14 07:10 . 2012-05-17 23:21 748664 ----a-w- c:\program files\Internet Explorer\iexplore.exe 2012-06-14 07:10 . 2012-05-17 22:38 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2012-06-14 07:10 . 2012-05-17 22:37 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll 2012-06-14 07:10 . 2012-05-17 22:35 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-14 01:25 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll 2012-06-14 01:25 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-14 01:25 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-14 01:24 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 17:44 . 2012-06-03 04:40 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A20357BD-2317-4262-8CEE-FC8203AA6002}\gapaengine.dll 2012-06-13 11:36 . 2012-06-13 11:36 -------- d-----w- c:\program files\ESET 2012-06-12 21:37 . 2012-06-12 21:37 -------- d-----w- c:\program files\Dropbox 2012-06-12 21:33 . 2012-06-19 00:13 -------- d-----w- c:\users\Marc\AppData\Roaming\Dropbox 2012-06-06 23:17 . 2012-06-06 23:17 -------- d-----w- C:\_OTL 2012-06-06 04:13 . 2012-06-06 04:13 -------- d-----w- C:\Temp 2012-06-03 14:40 . 2012-06-03 14:40 -------- d-----w- c:\users\Marc\AppData\Roaming\SUPERAntiSpyware.com 2012-06-03 14:39 . 2012-06-03 14:40 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-06-03 14:39 . 2012-06-03 14:39 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-06-03 13:56 . 2012-06-03 13:56 -------- d-----w- c:\users\Marc\AppData\Roaming\Malwarebytes 2012-06-03 13:55 . 2012-06-03 13:55 -------- d-----w- c:\programdata\Malwarebytes 2012-06-03 13:55 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-03 13:55 . 2012-06-03 13:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-06-03 04:56 . 2012-06-03 04:40 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-06-03 04:07 . 2012-06-03 04:09 -------- d-----w- c:\program files\Microsoft Security Client 2012-06-03 04:06 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys 2012-06-01 03:41 . 2012-06-01 03:41 -------- d-----w- c:\users\Marc\AppData\Local\Apps 2012-06-01 03:41 . 2012-06-01 03:44 -------- d-----w- c:\users\Marc\AppData\Local\Deployment 2012-05-28 02:57 . 2012-05-28 02:57 -------- d-----w- c:\program files\Conduit 2012-05-28 02:42 . 2012-05-28 02:43 -------- d-----w- c:\users\Marc\AppData\Local\CRE 2012-05-28 02:40 . 2012-06-01 02:39 -------- d-----w- c:\users\Marc\AppData\Local\Conduit 2012-05-25 19:02 . 2012-06-06 03:46 -------- d-----w- c:\users\Marc\AppData\Local\Samsung 2012-05-25 18:58 . 2012-05-25 18:58 -------- d-----w- c:\users\Marc\AppData\Roaming\Samsung 2012-05-25 18:27 . 2011-06-02 05:47 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys 2012-05-25 18:27 . 2011-06-02 05:47 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys 2012-05-25 18:27 . 2011-06-02 05:47 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys 2012-05-25 18:27 . 2011-06-02 05:47 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys 2012-05-25 18:27 . 2011-06-02 05:47 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys 2012-05-25 18:27 . 2011-06-02 05:47 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys 2012-05-25 18:27 . 2011-06-02 05:47 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys 2012-05-25 18:18 . 2010-12-21 05:55 132424 ----a-w- c:\windows\system32\drivers\sscdmdm.sys 2012-05-25 18:18 . 2010-12-21 05:55 12488 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys 2012-05-25 18:18 . 2010-12-21 05:55 12488 ----a-w- c:\windows\system32\drivers\sscdwh.sys 2012-05-25 18:18 . 2010-12-21 05:55 14920 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys 2012-05-25 18:18 . 2010-12-21 05:55 12616 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys 2012-05-25 18:18 . 2010-12-21 05:55 12616 ----a-w- c:\windows\system32\drivers\sscdcm.sys 2012-05-25 18:18 . 2010-12-21 05:55 104648 ----a-w- c:\windows\system32\drivers\sscdbus.sys 2012-05-25 18:07 . 2012-05-25 18:07 -------- d-----w- c:\program files\MarkAny 2012-05-25 18:07 . 2011-03-02 11:57 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys 2012-05-25 18:07 . 2011-03-02 11:57 821824 ----a-w- c:\windows\system32\dgderapi.dll 2012-05-25 18:04 . 2012-05-25 18:17 -------- d-----w- c:\program files\Samsung 2012-05-25 18:04 . 2012-05-25 18:15 -------- d-----w- c:\programdata\Samsung 2012-05-25 17:59 . 2012-05-25 17:59 -------- d-----w- c:\users\Marc\AppData\Local\Downloaded Installations . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-03 03:40 . 2012-06-03 03:40 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13F0BDB0-AB9F-463E-82F2-8C56660EB083}\offreg.dll 2012-05-29 07:38 . 2011-03-02 11:57 330240 ----a-w- c:\windows\MASetupCaller.dll 2012-05-17 22:45 . 2012-06-14 07:10 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-05-17 22:35 . 2012-06-14 07:10 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-05-17 22:24 . 2012-06-14 07:10 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-05-15 19:51 . 2012-06-14 01:24 2045440 ----a-w- c:\windows\system32\win32k.sys 2012-05-15 05:43 . 2012-06-03 03:20 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13F0BDB0-AB9F-463E-82F2-8C56660EB083}\mpengine.dll 2012-05-05 14:07 . 2012-04-13 10:53 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-05 14:07 . 2011-06-07 04:56 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-03 08:16 . 2012-05-12 03:24 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-03 08:16 . 2012-05-12 03:24 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-30 12:39 . 2012-05-12 03:24 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-03-29 13:39 . 2012-05-12 03:24 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr 2012-03-21 07:05 . 2012-03-21 07:05 161792 ----a-w- c:\windows\system32\msls31.dll 2012-03-21 07:05 . 2012-03-21 07:05 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-03-21 07:05 . 2012-03-21 07:05 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-03-21 07:05 . 2012-03-21 07:05 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-03-21 07:05 . 2012-03-21 07:05 86528 ----a-w- c:\windows\system32\iesysprep.dll 2012-03-21 07:05 . 2012-03-21 07:05 63488 ----a-w- c:\windows\system32\tdc.ocx 2012-03-21 07:05 . 2012-03-21 07:05 367104 ----a-w- c:\windows\system32\html.iec 2012-03-21 07:04 . 2012-03-21 07:04 74752 ----a-w- c:\windows\system32\iesetup.dll 2012-03-21 07:04 . 2012-03-21 07:04 23552 ----a-w- c:\windows\system32\licmgr10.dll 2012-03-21 07:04 . 2012-03-21 07:04 152064 ----a-w- c:\windows\system32\wextract.exe 2012-03-21 07:04 . 2012-03-21 07:04 150528 ----a-w- c:\windows\system32\iexpress.exe 2012-03-21 07:04 . 2012-03-21 07:04 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-03-21 07:04 . 2012-03-21 07:04 11776 ----a-w- c:\windows\system32\mshta.exe 2012-03-21 07:04 . 2012-03-21 07:04 101888 ----a-w- c:\windows\system32\admparse.dll 2012-03-21 07:04 . 2012-03-21 07:04 35840 ----a-w- c:\windows\system32\imgutil.dll 2012-03-21 07:04 . 2012-03-21 07:04 110592 ----a-w- c:\windows\system32\IEAdvpack.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "googletalk"="c:\users\Marc\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-30 21432] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-05-30 3521464] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] . c:\users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-6 27502520] EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112] KooBits 4.lnk - c:\program files\KooBits 4.0\KooBits 4.0.exe [N/A] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 14:07] . 2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3952486750-2209785099-4280780671-1000Core.job - c:\users\Marc\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 22:46] . 2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3952486750-2209785099-4280780671-1000UA.job - c:\users\Marc\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 22:46] . . ------- Supplementary Scan ------- . uStart Page = https://www.google.ca/ mStart Page = hxxp://sympatico.ca IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 192.168.2.1 DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} - hxxps://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab DPF: {F79364C6-8DF2-4060-BF77-35239AC7BCB1} - hxxps://connect.startek.com/Hyperion/zeroadmin/component/Insight/setup.cab . - - - - ORPHANS REMOVED - - - - . HKCU-Run-KiesHelper - c:\program files\Samsung\Kies\KiesHelper.exe HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe SafeBoot-WudfPf SafeBoot-WudfRd AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe . . . ************************************************************************** scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(3756) c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\system32\WLANExt.exe c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\DRIVERS\xaudio.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Completion time: 2012-06-18 23:25:32 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-19 03:17 . Pre-Run: 10,335,768,576 bytes free Post-Run: 11,020,685,312 bytes free . - - End Of File - - FF9368C46A102A140B051454A4521D36
- June 19, 2012
- 60 replies
Chrome infected? Help =(

fleury replied to fleury's topic in Resolved Malware Removal Logs

Any tips on how to disable Microsoft Security Essentials for this? I cannot find a way to do so. -- Marc.
- June 18, 2012
- 60 replies
Chrome infected? Help =(

fleury replied to fleury's topic in Resolved Malware Removal Logs

It ran for over 8 hours ... and no detected threats. Normally, that would be good news, but Chrome is still completely unusable. =( -- Marc.
- June 15, 2012
- 60 replies
Chrome infected? Help =(

fleury replied to fleury's topic in Resolved Malware Removal Logs

That log is pretty minimal, so I'm not sure if something went wrong. (It did appear to run properly. It was an hour or so in, at 24%, when I went to bed last night. The computer had rebooted when I got up this morning. log: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK
- June 14, 2012
- 60 replies
Chrome infected? Help =(

fleury replied to fleury's topic in Resolved Malware Removal Logs

After starting the scan, I get an "unexpected error" message. -- Marc.
- June 13, 2012
- 60 replies
Chrome infected? Help =(

fleury replied to fleury's topic in Resolved Malware Removal Logs

First time I ran the fix, it crashed after it appeared to be finished. May have been an error on my part, because when I pasted in the required text, the line breaks didn't come through. Anyway, I ran again and it appeared to go through without problems. All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EBEF9D14-75FA-4D3A-A4F8-C4F50414BB45}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBEF9D14-75FA-4D3A-A4F8-C4F50414BB45}\ not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DA6977C3-D42C-4398-A009-620D94BFBE7B}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA6977C3-D42C-4398-A009-620D94BFBE7B}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EBEF9D14-75FA-4D3A-A4F8-C4F50414BB45}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBEF9D14-75FA-4D3A-A4F8-C4F50414BB45}\ not found. Folder C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found. Unable to fix default_search_provider items. Unable to fix default_search_provider items. Unable to fix default_search_provider items. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Guest ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 43005397 bytes ->Java cache emptied: 25556713 bytes ->Flash cache emptied: 39252 bytes User: Marc ->Temp folder emptied: 1612364846 bytes ->Temporary Internet Files folder emptied: 772741505 bytes ->Java cache emptied: 107296408 bytes ->Google Chrome cache emptied: 247948680 bytes ->Apple Safari cache emptied: 14011392 bytes ->Flash cache emptied: 714707 bytes User: Mcx1 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 154229 bytes ->Flash cache emptied: 56502 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 129811 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 255306508 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 2673597296 bytes Total Files Cleaned = 5,486.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.46.0 log created on 06122012_122818 Files\Folders moved on Reboot... C:\Users\Marc\AppData\Local\Temp\ehmsas.txt moved successfully. C:\Windows\temp\TMP000000052B1A2E322E68DB09 moved successfully. Registry entries deleted on Reboot...
- June 12, 2012
- 60 replies
Chrome infected? Help =(

fleury replied to fleury's topic in Resolved Malware Removal Logs

(had to split the file between three posts. 3/3) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}" = HP Wireless Assistant "{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86) "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools "{07EA0F88-8E8F-11D9-8BDE-F66BAD1E3F3A}" = BrickStore "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data "{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool "{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU "{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2 "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK "{21E62565-8639-457C-B64C-A3FF0A8B4D80}" = HP Active Support Library "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety "{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6 "{325045C9-F040-3D98-892D-53D5E840266C}" = Google Talk Plugin "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33BDCB7F-7686-41EE-B745-89CFFAEF3147}" = Python 2.6 pygame-1.8.1 "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools "{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend "{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.0 "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{5CA81D12-9EC2-4082-972B-43ECA63F41F2}" = HP Pavilion Webcam Driver for Vista v061.001.00005 "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools "{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX "{7BFD42CA-460A-11E1-AE58-984BE15F174E}" = Evernote v. 4.5.3 "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9cc89170-000b-457d-91f1-53691f85b223}" = Python 2.6.1 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A12A3DED-CCDA-4F29-A1BA-00F0C6521CD5}" = HP Total Care Advisor "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio "{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1 "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4 "{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP 12 "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 "{B9F9C536-ECF3-399F-A57B-84378144B91E}" = O3D Plugin "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86) "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D2AFD577-8CF5-37F4-A4CF-32BEE91CB9C8}" = O3D Extras "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU "{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set "{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0E400F5-422B-4540-A14F-B0739D71FEE7}" = Microsoft Reader Text-to-Speech for English "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1 "{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}" = HP Help and Support "{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{ED4905E3-2B32-4DD8-BC14-7CAFD30E9ECD}" = HP User Guide 0048 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety "{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core "{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86) "{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = ASL_HS_Installer32 "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "CDisplay_is1" = CDisplay 1.8 "CNXT_HDAUDIO" = Conexant HD Audio "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "Digital Editions" = Adobe Digital Editions "ENTERPRISE" = Microsoft Office Enterprise 2007 "HDMI" = Intel® Graphics Media Accelerator Driver "HPOOVClient-6811507 Uninstaller" = HP Connections (remove only) "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0 "Microsoft Security Client" = Microsoft Security Essentials "Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU "Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU "Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools "New LEGO Digital Designer" = LEGO Digital Designer "Notepad++" = Notepad++ "PDF Info_is1" = PDF Info 1.0 "Picasa 3" = Picasa 3 "PROSet" = Intel® Network Connections Drivers "Simple FTP Client_is1" = Simple FTP Client 1.0 "SynTPDeinstKey" = Synaptics Pointing Device Driver "UnityWebPlayer" = Unity Web Player (All users) "Visual Basic 6.0 Working Model Edition" = Microsoft Visual Basic 6.0 Working Model Edition "VLC media player" = VideoLAN VLC media player 0.8.6d "WebPost" = Microsoft Web Publishing Wizard 1.53 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only) "Free Realms Installer" = Free Realms Installer "Google Chrome" = Google Chrome "UnityWebPlayer" = Unity Web Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 31/05/2012 10:49:30 PM | Computer Name = Marc_Laptop | Source = MsiInstaller | ID = 1013 Description = Error - 01/06/2012 1:51:08 PM | Computer Name = Marc_Laptop | Source = Perflib | ID = 1010 Description = Error - 01/06/2012 1:51:21 PM | Computer Name = Marc_Laptop | Source = Perflib | ID = 1008 Description = Error - 02/06/2012 6:49:47 PM | Computer Name = Marc_Laptop | Source = Perflib | ID = 1010 Description = Error - 02/06/2012 6:49:50 PM | Computer Name = Marc_Laptop | Source = Perflib | ID = 1008 Description = Error - 02/06/2012 9:58:39 PM | Computer Name = Marc_Laptop | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 17d4 Start Time: 01cd4111eafc0460 Termination Time: 220 Error - 03/06/2012 11:55:01 AM | Computer Name = Marc_Laptop | Source = Application Hang | ID = 1002 Description = The program chrome.exe version 19.0.1084.52 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 3d8 Start Time: 01cd419ec1a5067d Termination Time: 279 Error - 03/06/2012 9:38:03 PM | Computer Name = Marc_Laptop | Source = Perflib | ID = 1010 Description = Error - 03/06/2012 9:38:04 PM | Computer Name = Marc_Laptop | Source = Perflib | ID = 1008 Description = Error - 04/06/2012 9:38:27 PM | Computer Name = Marc_Laptop | Source = Perflib | ID = 1010 Description = [ Media Center Events ] Error - 20/02/2008 4:54:17 PM | Computer Name = Marc_Laptop | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 16/04/2008 11:04:03 PM | Computer Name = Marc_Laptop | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. Error - 26/02/2009 8:32:46 PM | Computer Name = Marc_Laptop | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 09/06/2009 8:09:42 AM | Computer Name = Marc_Laptop | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 14/08/2009 1:33:02 AM | Computer Name = Marc_Laptop | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 26/09/2009 1:32:55 AM | Computer Name = Marc_Laptop | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 07/10/2009 4:49:15 PM | Computer Name = Marc_Laptop | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule. Error - 06/05/2011 7:15:59 PM | Computer Name = Marc_Laptop | Source = Mcx2Dvcs | ID = 401 Description = Error - 06/05/2011 7:16:33 PM | Computer Name = Marc_Laptop | Source = Mcx2Dvcs | ID = 401 Description = Error - 22/11/2011 11:39:47 PM | Computer Name = Marc_Laptop | Source = Mcx2Dvcs | ID = 405 Description = [ System Events ] Error - 03/06/2012 12:54:11 AM | Computer Name = Marc_Laptop | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%854 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install. Error - 03/06/2012 12:54:11 AM | Computer Name = Marc_Laptop | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%854 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=0.0.0.0&avdelta=0.0.0.0&asdelta=0.0.0.0∏=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install. Error - 03/06/2012 12:56:41 AM | Computer Name = Marc_Laptop | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: %%815 Update Stage: %%854 Source Path: Signature Type: Update Type: User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install. Error - 03/06/2012 9:38:05 AM | Computer Name = Marc_Laptop | Source = DCOM | ID = 10010 Description = Error - 03/06/2012 9:42:02 AM | Computer Name = Marc_Laptop | Source = Service Control Manager | ID = 7000 Description = Error - 03/06/2012 9:48:56 AM | Computer Name = Marc_Laptop | Source = Service Control Manager | ID = 7022 Description = Error - 03/06/2012 11:22:06 AM | Computer Name = Marc_Laptop | Source = DCOM | ID = 10010 Description = Error - 03/06/2012 11:28:20 AM | Computer Name = Marc_Laptop | Source = Service Control Manager | ID = 7000 Description = Error - 03/06/2012 11:36:04 AM | Computer Name = Marc_Laptop | Source = Service Control Manager | ID = 7022 Description = Error - 04/06/2012 2:44:40 PM | Computer Name = Marc_Laptop | Source = WMPNetworkSvc | ID = 866333 Description = < End of report >
- June 6, 2012
- 60 replies

Events

Profiles

Forums

Everything posted by fleury

Important Information