fleury
-
Posts
32 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by fleury
-
-
SystemLook 30.07.11 by jpshortstuff
Log created at 15:50 on 15/07/2012 by Marc
Administrator - Elevation successful
========== folderfind ==========
Searching for "*CRE*"
C:\Program Files\Common Files\microsoft shared\THEMES12\CONCRETE d------ [18:55 30/07/2008]
C:\Program Files\Hewlett-Packard\HP Software UI\PC Registration d------ [11:21 21/12/2006]
C:\Program Files\LEGO Company\LEGO Digital Designer\HTML\StarterModels\Creator d------ [04:09 24/01/2012]
C:\Program Files\Microsoft SDKs\Windows\v7.0A\Bootstrapper\Packages\vcredist_x64 d------ [02:29 01/09/2010]
C:\Program Files\Microsoft SDKs\Windows\v7.0A\Bootstrapper\Packages\vcredist_x86 d------ [02:30 01/09/2010]
C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\ItemTemplatesCache\CSharp\WPF\1033\WPFSplashScreen.zip d------ [08:25 14/03/2012]
C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\ItemTemplatesCache\VisualBasic\Windows Forms\1033\SplashScreen.zip d------ [08:26 14/03/2012]
C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\ItemTemplatesCache\VisualBasic\WPF\1033\WPFSplashScreen.zip d------ [08:26 14/03/2012]
C:\Program Files\Microsoft Visual Studio 10.0\VB\Snippets\1033\data\xml\XML - Create d------ [02:27 01/09/2010]
C:\Program Files\Microsoft Visual Studio 10.0\VC\VCResourceTemplates d------ [02:27 01/09/2010]
C:\Program Files\Notepad++\user.manual\Images\Screenshots d------ [00:54 13/03/2011]
C:\System.sav\TSCREEN d------ [20:21 27/11/2006]
C:\Users\Marc\AppData\Local\Bizarre Creations d------ [19:02 14/01/2010]
C:\Users\Marc\AppData\Local\CRE d------ [02:42 28/05/2012]
C:\Users\Marc\AppData\Local\Google\GBScreensaver d------ [23:16 19/09/2009]
C:\Users\Marc\AppData\Local\Microsoft\Credentials d---s-- [10:12 03/01/2008]
C:\Users\Marc\AppData\Roaming\Ipswitch\WS_FTP\HTML\Res_409_12.0.1\SSHCLIENTKEYCREATE d------ [23:22 10/08/2009]
C:\Users\Marc\AppData\Roaming\Ipswitch\WS_FTP\HTML\Res_409_12.0.1\SSLCREATECERTWIZ d------ [23:22 10/08/2009]
C:\Users\Marc\AppData\Roaming\Microsoft\Credentials d---s-- [10:12 03/01/2008]
C:\Users\Marc\brickstore-cache\M\cre001 d------ [07:02 08/03/2012]
C:\Users\Marc\brickstore-cache\M\cre002 d------ [20:56 29/05/2011]
C:\Users\Marc\brickstore-cache\M\cre003 d------ [20:56 29/05/2011]
C:\Users\Marc\brickstore-cache\M\cre004 d------ [20:56 29/05/2011]
C:\Users\Marc\brickstore-cache\M\cre005 d------ [07:02 08/03/2012]
C:\Users\Marc\brickstore-cache\M\cre006 d------ [07:02 08/03/2012]
C:\Users\Marc\brickstore-cache\M\cre010 d------ [07:02 08/03/2012]
C:\Users\Marc\brickstore-cache\M\cre011 d------ [07:02 08/03/2012]
C:\Users\Marc\brickstore-cache\P\crssprt02pb72 d------ [04:40 27/12/2011]
C:\Users\Marc\brickstore-cache\P\crssprt02pb77 d------ [04:40 27/12/2011]
C:\Users\Marc\brickstore-cache\P\crssprt02pb38b d------ [04:40 27/12/2011]
C:\Users\Marc\brickstore-cache\P\crssprt02pb64a d------ [04:40 27/12/2011]
C:\Users\Marc\Calibre Library\J. K. Rowling\Harry Potter and the Chamber of Secrets (462) d------ [02:20 30/12/2010]
C:\Users\Marc\Documents\LEGO Creations d------ [20:22 27/07/2009]
C:\Users\Mcx1\AppData\Local\Microsoft\Credentials d---s-- [03:39 23/11/2011]
C:\Users\Mcx1\AppData\Roaming\Microsoft\Credentials d---s-- [03:39 23/11/2011]
C:\Windows\assembly\GAC_MSIL\IEExecRemote dr----- [11:18 02/11/2006]
C:\Windows\ehome\CreateDisc d------ [12:37 02/11/2006]
C:\Windows\ehome\CreateDisc\SonicResources d------ [12:37 02/11/2006]
C:\Windows\System32\config\systemprofile\AppData\Local\Google\GBScreensaver d------ [20:54 24/01/2010]
C:\Windows\winsxs\msil_ieexecremote_b03f5f7f11d50a3a_6.0.6000.16386_none_ef9a51cfc4df6184 d------ [11:18 02/11/2006]
C:\Windows\winsxs\msil_ieexecremote_b03f5f7f11d50a3a_6.0.6000.16720_none_ef94d833c4e430f8 d------ [14:37 15/02/2009]
C:\Windows\winsxs\msil_ieexecremote_b03f5f7f11d50a3a_6.0.6000.20883_none_d8cceed7de8675eb d------ [14:37 15/02/2009]
C:\Windows\winsxs\msil_ieexecremote_b03f5f7f11d50a3a_6.0.6001.18000_none_ef6ed38bc5370a50 d------ [11:21 24/09/2008]
C:\Windows\winsxs\msil_ieexecremote_b03f5f7f11d50a3a_6.0.6001.18111_none_ef6fbce9c5363d99 d------ [14:37 15/02/2009]
C:\Windows\winsxs\msil_ieexecremote_b03f5f7f11d50a3a_6.0.6001.22230_none_d8a42d85dedbb6ac d------ [14:37 15/02/2009]
C:\Windows\winsxs\msil_ieexecremote_b03f5f7f11d50a3a_6.0.6002.18005_none_ef4a58c7c5889e64 d------ [11:46 18/09/2009]
C:\Windows\winsxs\x86_microsoft-windows-a..dcredentialprovider_31bf3856ad364e35_6.0.6000.16386_none_3fd3e2bdc5a2408e d------ [11:18 02/11/2006]
C:\Windows\winsxs\x86_microsoft-windows-a..dcredentialprovider_31bf3856ad364e35_6.0.6001.18000_none_420aa4b9c28d5162 d------ [11:21 24/09/2008]
C:\Windows\winsxs\x86_microsoft-windows-a..dcredentialprovider_31bf3856ad364e35_6.0.6002.18005_none_43f61dc5bfaf1cae d------ [11:46 18/09/2009]
C:\Windows\winsxs\x86_microsoft-windows-credui.resources_31bf3856ad364e35_6.0.6000.16386_en-us_5fe4036ea556b4f7 d------ [12:41 02/11/2006]
C:\Windows\winsxs\x86_microsoft-windows-credui_31bf3856ad364e35_6.0.6000.16386_none_d9008ac592026334 d------ [11:18 02/11/2006]
C:\Windows\winsxs\x86_microsoft-windows-credui_31bf3856ad364e35_6.0.6001.18000_none_db374cc18eed7408 d------ [11:20 24/09/2008]
C:\Windows\winsxs\x86_microsoft-windows-credui_31bf3856ad364e35_6.0.6002.18005_none_dd22c5cd8c0f3f54 d------ [11:46 18/09/2009]
C:\Windows\winsxs\x86_microsoft-windows-credwiz.resources_31bf3856ad364e35_6.0.6000.16386_en-us_0dcdf312c69f3fe9 d------ [12:41 02/11/2006]
C:\Windows\winsxs\x86_microsoft-windows-credwiz_31bf3856ad364e35_6.0.6000.16386_none_9da3eeaf6eea0db4 d------ [11:18 02/11/2006]
C:\Windows\winsxs\x86_microsoft-windows-eventcreate.resources_31bf3856ad364e35_6.0.6000.16386_en-us_163f93beca50608f d------ [12:41 02/11/2006]
C:\Windows\winsxs\x86_microsoft-windows-eventcreate_31bf3856ad364e35_6.0.6000.16386_none_d32c0ea842a8cb28 d------ [11:18 02/11/2006]
C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6000.16386_none_6997bcdc5b8aeeb5 d------ [12:36 02/11/2006]
C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6000.16510_none_69dd6e605b578d62 d------ [04:10 04/01/2008]
C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6000.16552_none_69b42f445b762fd4 d------ [04:24 04/01/2008]
C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6000.20625_none_6a613cb17478c7d0 d------ [04:10 04/01/2008]
C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6000.20671_none_6a272bed74a4ee29 d------ [04:24 04/01/2008]
C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6001.18000_none_6bce7ed85875ff89 d------ [11:23 24/09/2008]
C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6002.18005_none_6db9f7e45597cad5 d------ [11:47 18/09/2009]
C:\Windows\winsxs\x86_microsoft-windows-security-credssp_31bf3856ad364e35_6.0.6000.16386_none_c1816f73a4a4f3fd d------ [11:19 02/11/2006]
C:\Windows\winsxs\x86_microsoft-windows-security-credssp_31bf3856ad364e35_6.0.6001.18000_none_c3b8316fa19004d1 d------ [01:03 20/09/2008]
C:\Windows\winsxs\x86_microsoft-windows-sonic-createdisc_31bf3856ad364e35_6.0.6000.16386_none_3dbfc4bbf1adf534 d------ [12:35 02/11/2006]
C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16386_none_e106c2e628087e97 d------ [11:19 02/11/2006]
C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b d------ [14:34 15/02/2009]
C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe d------ [14:34 15/02/2009]
C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac d------ [14:33 15/02/2009]
C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ca109e9c4204d3bf d------ [14:33 15/02/2009]
-= EOF =-
-
On my existing profiles, there's nothing there.
"Boo... You have no extensions :-( Want to browse the gallery instead?"
If I create a new user and then go to the Extensions options page, it shows the same thing (no extensions) for about ten or twenty seconds, and then the uTorrentControl2 extension appears (along with the button next to the tab URL). I have clicked on the garbage can icon to remove the extension every time.
--
Marc.
-
SystemLook 30.07.11 by jpshortstuff
Log created at 20:58 on 11/07/2012 by Marc
Administrator - Elevation successful
========== folderfind ==========
Searching for "*torrent*"
C:\Qoobox\Quarantine\C\Users\Marc\AppData\Local\uTorrent d------ [06:49 10/07/2012]
C:\Qoobox\Quarantine\C\Users\Marc\Documents\Torrents d------ [06:49 10/07/2012]
========== regfind ==========
Searching for "torrent"
[HKEY_CURRENT_USER\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrentsearchdescription+xml]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent]
"Extension"=".torrent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FDDD8E30-CA42-42E8-AD0E-3CDC9E578135}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{88A4D3F4-8B33-47B4-BDCB-3A69590D10A0}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{FDA56C29-B91C-4FA8-B472-4CEEDC48EC92}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{E7ED8748-38A2-4649-8715-D36A53C19F5D}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FDDD8E30-CA42-42E8-AD0E-3CDC9E578135}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{88A4D3F4-8B33-47B4-BDCB-3A69590D10A0}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{FDA56C29-B91C-4FA8-B472-4CEEDC48EC92}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{E7ED8748-38A2-4649-8715-D36A53C19F5D}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FDDD8E30-CA42-42E8-AD0E-3CDC9E578135}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{88A4D3F4-8B33-47B4-BDCB-3A69590D10A0}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{FDA56C29-B91C-4FA8-B472-4CEEDC48EC92}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{E7ED8748-38A2-4649-8715-D36A53C19F5D}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"
[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrentsearchdescription+xml]
[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\MIME\DataBase\Content Type\application/x-bittorrentsearchdescription+xml]
-= EOF =-
-
Still the same as last update -- my existing Chrome profile seems to work fine, but if I add a new profile, within a few seconds the extension button appears and a new tab is launched, at http://www.utorrent.com/utorrent-control-complete
--
Marc.
-
The step at the command prompt gave me "The requested operation requires elevation."
However, I continued with the ComboFix process. Here's the log:
ComboFix 12-07-08.03 - Marc 10/07/2012 2:29.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1013.190 [GMT -4:00]
Running from: c:\users\Marc\Desktop\ComboFix.exe
Command switches used :: c:\users\Marc\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Marc\AppData\Local\uTorrent
c:\users\Marc\AppData\Roaming\inst.exe
c:\users\Marc\AppData\Roaming\vso_ts_preview.xml
c:\users\Marc\Documents\Torrents
c:\users\Marc\Documents\Torrents\1001_Books_You_Must_Read_Before_You_Die.5787852.TPB.torrent
c:\users\Marc\Documents\Torrents\2500__sci-fi_ebooks_in_epub_format.5698246.TPB.torrent
c:\users\Marc\Documents\Torrents\623_BOOKS_FOR_THE_IPHONE___IPAD_EPUB.5826551.TPB.torrent
c:\users\Marc\Documents\Torrents\All_Physics_Books_Categorized.4555365.TPB.torrent
c:\users\Marc\Documents\Torrents\Bored_to_Death_Season_01.5258374.TPB.torrent
c:\users\Marc\Documents\Torrents\categories.txt
c:\users\Marc\Documents\Torrents\It__s_A_Wonderful_Life_Uncut_1946_DvDrip[Eng]-greenbud1969.4614456.TPB.torrent
c:\users\Marc\Documents\Torrents\itemtypes.txt
c:\users\Marc\Documents\Torrents\Joda_rompack_for_the_Nintendo_DS_[2601-2700].4413494.TPB.torrent
c:\users\Marc\Documents\Torrents\Joda_rompack_for_the_Nintendo_DS_[3101-3200].4644384.TPB.torrent
c:\users\Marc\Documents\Torrents\Lost.S01-05_complete_DVDRiP.5383685.TPB.torrent
c:\users\Marc\Documents\Torrents\Nintendo_DS_ROMs_4801_-_4900.5615573.TPB.torrent
c:\users\Marc\Documents\Torrents\Rome-Season_1___2.4638175.TPB.torrent
c:\users\Marc\Documents\Torrents\Shrek_Forever_After_(2010)_DVD-R_(eng-spa-fra)_[manuvoulquin].5989463.TPB.torrent
c:\users\Marc\Documents\Torrents\Snow_White_and_the_Seven_Dwarfs_luxe_Edition(2009)(ENG_NL)2Lions.5134560.TPB.torrent
c:\users\Marc\Documents\Torrents\Sonic_X_Series_1.3631362.TPB.torrent
c:\users\Marc\Documents\Torrents\Star_Trek-The_Original_Series_(Season_1)_Remastered_And_Enhanced.5515718.TPB.torrent
c:\users\Marc\Documents\Torrents\The.Fairly.OddParents.5.Seasons.4584020.TPB.torrent
c:\users\Marc\Documents\Torrents\The_Earthsea_Cycle-_Ursula_K._Le_Guin_(Epub__Mobi__Lit__Pdf).5943625.TPB.torrent
c:\users\Marc\Documents\Torrents\The_Social_Network_2010_DVDSCR_XViD-WBZ_.5915536.TPB.torrent
c:\users\Marc\Documents\Torrents\TV__Arthur_(Marc_Brown)_PBS_Kids_[season_01_-_10]_FULL_EPISODES.5181352.TPB.torrent
c:\users\Marc\Documents\Torrents\Wolverine_and_the_X-Men_-_Season_1_-_Complete.4785976.TPB.torrent
c:\windows\Downloaded Program Files\setup.dll
c:\windows\Fonts\HandelGotDOT-Bol.otf
c:\windows\system32\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 )))))))))))))))))))))))))))))))
.
.
2012-07-10 06:51 . 2012-07-10 11:40 -------- d-----w- c:\users\Marc\AppData\Local\temp
2012-07-10 06:51 . 2012-07-10 06:51 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-07-10 06:51 . 2012-07-10 06:51 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-10 06:51 . 2012-07-10 06:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-10 03:59 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{858BB809-42FE-4982-B089-A90033A0DDF6}\mpengine.dll
2012-07-09 04:01 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-04 03:56 . 2012-06-03 04:40 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{175742C7-8CFB-4ABB-9044-6E8CACFE704E}\gapaengine.dll
2012-06-21 23:57 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 23:57 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 23:57 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 23:57 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 23:55 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 23:55 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 23:55 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 23:53 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 23:53 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-15 05:07 . 2012-06-15 05:07 -------- d-----w- c:\programdata\Kaspersky Lab
2012-06-14 01:25 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 01:25 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 01:25 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 01:24 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 01:24 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 11:36 . 2012-06-13 11:36 -------- d-----w- c:\program files\ESET
2012-06-12 21:37 . 2012-06-12 21:37 -------- d-----w- c:\program files\Dropbox
2012-06-12 21:33 . 2012-07-10 01:32 -------- d-----w- c:\users\Marc\AppData\Roaming\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-03 04:40 . 2012-06-03 04:56 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-03 03:40 . 2012-06-03 03:40 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13F0BDB0-AB9F-463E-82F2-8C56660EB083}\offreg.dll
2012-05-29 07:38 . 2011-03-02 11:57 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-05-15 05:43 . 2012-06-03 03:20 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13F0BDB0-AB9F-463E-82F2-8C56660EB083}\mpengine.dll
2012-05-05 14:07 . 2012-04-13 10:53 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 14:07 . 2011-06-07 04:56 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"googletalk"="c:\users\Marc\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-30 21432]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-05-30 3521464]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-6 27502520]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112]
KooBits 4.lnk - c:\program files\KooBits 4.0\KooBits 4.0.exe [N/A]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 14:07]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3952486750-2209785099-4280780671-1000Core.job
- c:\users\Marc\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 22:46]
.
2012-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3952486750-2209785099-4280780671-1000UA.job
- c:\users\Marc\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 22:46]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.ca/
mStart Page = hxxp://sympatico.ca
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} - hxxps://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab
DPF: {F79364C6-8DF2-4060-BF77-35239AC7BCB1} - hxxps://connect.startek.com/Hyperion/zeroadmin/component/Insight/setup.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-10 07:43
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1060)
c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\WLANExt.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2012-07-10 07:57:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-10 11:56
ComboFix2.txt 2012-06-19 03:25
.
Pre-Run: 12,817,362,944 bytes free
Post-Run: 11,938,877,440 bytes free
.
- - End Of File - - 110F8ED5F40414798E922171D1754254
-
SystemLook 30.07.11 by jpshortstuff
Log created at 00:24 on 09/07/2012 by Marc
Administrator - Elevation successful
========== folderfind ==========
Searching for "*torrent*"
C:\Users\Marc\AppData\Local\uTorrent d------ [03:48 25/06/2011]
C:\Users\Marc\Documents\Torrents d------ [02:47 07/01/2008]
========== regfind ==========
Searching for "torrent"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC260C-971D-44E3-91FB-0DF611DC1CD4}]
"AppPath"="C:\Program Files\uTorrent"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC260C-971D-44E3-91FB-0DF611DC1CD4}]
"AppName"="uTorrent.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utorrent.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\torrent]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList]
"b"="uTorrent.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.[Movie-Torrentz]]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.torrent]
[HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe]
[HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe\shell\open\command]
@=""C:\Program Files\uTorrent\uTorrent.exe" "%1""
[HKEY_CURRENT_USER\Software\Classes\btdna\DefaultIcon]
@=""C:\Program Files\uTorrent\uTorrent.exe" ",0"
[HKEY_CURRENT_USER\Software\Classes\btdna\shell\open\command]
@=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA""
[HKEY_CURRENT_USER\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrent]
[HKEY_CURRENT_USER\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrent]
"Extension"=".torrent"
[HKEY_CURRENT_USER\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrentsearchdescription+xml]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent]
"Extension"=".torrent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]
[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\AppPaths\client]
"AppPath"="C:\Program Files\uTorrent\uTorrent.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FDDD8E30-CA42-42E8-AD0E-3CDC9E578135}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{88A4D3F4-8B33-47B4-BDCB-3A69590D10A0}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{FDA56C29-B91C-4FA8-B472-4CEEDC48EC92}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{E7ED8748-38A2-4649-8715-D36A53C19F5D}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FDDD8E30-CA42-42E8-AD0E-3CDC9E578135}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{88A4D3F4-8B33-47B4-BDCB-3A69590D10A0}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{FDA56C29-B91C-4FA8-B472-4CEEDC48EC92}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{E7ED8748-38A2-4649-8715-D36A53C19F5D}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FDDD8E30-CA42-42E8-AD0E-3CDC9E578135}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{88A4D3F4-8B33-47B4-BDCB-3A69590D10A0}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{FDA56C29-B91C-4FA8-B472-4CEEDC48EC92}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{E7ED8748-38A2-4649-8715-D36A53C19F5D}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"
[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC260C-971D-44E3-91FB-0DF611DC1CD4}]
"AppPath"="C:\Program Files\uTorrent"
[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC260C-971D-44E3-91FB-0DF611DC1CD4}]
"AppName"="uTorrent.exe"
[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utorrent.com]
[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\torrent]
[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]
[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList]
"b"="uTorrent.exe"
[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.[Movie-Torrentz]]
[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.torrent]
[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\Applications\uTorrent.exe]
[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\Applications\uTorrent.exe\shell\open\command]
@=""C:\Program Files\uTorrent\uTorrent.exe" "%1""
[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\btdna\DefaultIcon]
@=""C:\Program Files\uTorrent\uTorrent.exe" ",0"
[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\btdna\shell\open\command]
@=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA""
[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrent]
[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrent]
"Extension"=".torrent"
[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrentsearchdescription+xml]
[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\Applications\uTorrent.exe]
[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\Applications\uTorrent.exe\shell\open\command]
@=""C:\Program Files\uTorrent\uTorrent.exe" "%1""
[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\btdna\DefaultIcon]
@=""C:\Program Files\uTorrent\uTorrent.exe" ",0"
[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\btdna\shell\open\command]
@=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA""
[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\MIME\DataBase\Content Type\application/x-bittorrent]
[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\MIME\DataBase\Content Type\application/x-bittorrent]
"Extension"=".torrent"
[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\MIME\DataBase\Content Type\application/x-bittorrentsearchdescription+xml]
-= EOF =-
-
<p>Thanks again for your continued help. Here's the log:</p>
<p> </p>
<p> </p>
<div>SystemLook 30.07.11 by jpshortstuff</div>
<div>Log created at 00:24 on 09/07/2012 by Marc</div>
<div>Administrator - Elevation successful</div>
<div> </div>
<div>========== folderfind ==========</div>
<div> </div>
<div>Searching for "*torrent*"</div>
<div>C:\Users\Marc\AppData\Local\uTorrent<span class="Apple-tab-span" style="white-space:pre"> </span>d------<span class="Apple-tab-span" style="white-space:pre"> </span>[03:48 25/06/2011]</div>
<div>C:\Users\Marc\Documents\Torrents<span class="Apple-tab-span" style="white-space:pre"> </span>d------<span class="Apple-tab-span" style="white-space:pre"> </span>[02:47 07/01/2008]</div>
<div> </div>
<div>========== regfind ==========</div>
<div> </div>
<div>Searching for "torrent"</div>
<div>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC260C-971D-44E3-91FB-0DF611DC1CD4}]</div>
<div>"AppPath"="C:\Program Files\uTorrent"</div>
<div>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC260C-971D-44E3-91FB-0DF611DC1CD4}]</div>
<div>"AppName"="uTorrent.exe"</div>
<div>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utorrent.com]</div>
<div>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\torrent]</div>
<div>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]</div>
<div>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList]</div>
<div>"b"="uTorrent.exe"</div>
<div>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.[Movie-Torrentz]]</div>
<div>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.torrent]</div>
<div>[HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe]</div>
<div>[HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe\shell\open\command]</div>
<div>@=""C:\Program Files\uTorrent\uTorrent.exe" "%1""</div>
<div>[HKEY_CURRENT_USER\Software\Classes\btdna\DefaultIcon]</div>
<div>@=""C:\Program Files\uTorrent\uTorrent.exe" ",0"</div>
<div>[HKEY_CURRENT_USER\Software\Classes\btdna\shell\open\command]</div>
<div>@=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA""</div>
<div>[HKEY_CURRENT_USER\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrent]</div>
<div>[HKEY_CURRENT_USER\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrent]</div>
<div>"Extension"=".torrent"</div>
<div>[HKEY_CURRENT_USER\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrentsearchdescription+xml]</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent]</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent]</div>
<div>"Extension"=".torrent"</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\AppPaths\client]</div>
<div>"AppPath"="C:\Program Files\uTorrent\uTorrent.exe"</div>
<div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div>
<div>"{FDDD8E30-CA42-42E8-AD0E-3CDC9E578135}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"</div>
<div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div>
<div>"{88A4D3F4-8B33-47B4-BDCB-3A69590D10A0}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"</div>
<div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div>
<div>"TCP Query User{FDA56C29-B91C-4FA8-B472-4CEEDC48EC92}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"</div>
<div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div>
<div>"UDP Query User{E7ED8748-38A2-4649-8715-D36A53C19F5D}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"</div>
<div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div>
<div>"{FDDD8E30-CA42-42E8-AD0E-3CDC9E578135}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"</div>
<div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div>
<div>"{88A4D3F4-8B33-47B4-BDCB-3A69590D10A0}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"</div>
<div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div>
<div>"TCP Query User{FDA56C29-B91C-4FA8-B472-4CEEDC48EC92}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"</div>
<div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div>
<div>"UDP Query User{E7ED8748-38A2-4649-8715-D36A53C19F5D}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"</div>
<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div>
<div>"{FDDD8E30-CA42-42E8-AD0E-3CDC9E578135}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"</div>
<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div>
<div>"{88A4D3F4-8B33-47B4-BDCB-3A69590D10A0}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"</div>
<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div>
<div>"TCP Query User{FDA56C29-B91C-4FA8-B472-4CEEDC48EC92}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"</div>
<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div>
<div>"UDP Query User{E7ED8748-38A2-4649-8715-D36A53C19F5D}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"</div>
<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC260C-971D-44E3-91FB-0DF611DC1CD4}]</div>
<div>"AppPath"="C:\Program Files\uTorrent"</div>
<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC260C-971D-44E3-91FB-0DF611DC1CD4}]</div>
<div>"AppName"="uTorrent.exe"</div>
<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utorrent.com]</div>
<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\torrent]</div>
<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]</div>
<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList]</div>
<div>"b"="uTorrent.exe"</div>
<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.[Movie-Torrentz]]</div>
<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.torrent]</div>
<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\Applications\uTorrent.exe]</div>
<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\Applications\uTorrent.exe\shell\open\command]</div>
<div>@=""C:\Program Files\uTorrent\uTorrent.exe" "%1""</div>
<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\btdna\DefaultIcon]</div>
<div>@=""C:\Program Files\uTorrent\uTorrent.exe" ",0"</div>
<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\btdna\shell\open\command]</div>
<div>@=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA""</div>
<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrent]</div>
<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrent]</div>
<div>"Extension"=".torrent"</div>
<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrentsearchdescription+xml]</div>
<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\Applications\uTorrent.exe]</div>
<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\Applications\uTorrent.exe\shell\open\command]</div>
<div>@=""C:\Program Files\uTorrent\uTorrent.exe" "%1""</div>
<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\btdna\DefaultIcon]</div>
<div>@=""C:\Program Files\uTorrent\uTorrent.exe" ",0"</div>
<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\btdna\shell\open\command]</div>
<div>@=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA""</div>
<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\MIME\DataBase\Content Type\application/x-bittorrent]</div>
<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\MIME\DataBase\Content Type\application/x-bittorrent]</div>
<div>"Extension"=".torrent"</div>
<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\MIME\DataBase\Content Type\application/x-bittorrentsearchdescription+xml]</div>
<div> </div>
<div>-= EOF =-</div>
-
There does appear to still be something lying dormant. It's not crippling my system like it was before, but it's still a bit disconcerting to know that this thing is somehow still hiding somewhere...
Today I created a new User profile in Chrome. When it launched, all seemed normal. After about five seconds, the utorrent thing showed up as a button. A few seconds after that, another tab auto-launched, stating that I had completed installation of utorrent. I shut that tab down and went in to the extensions option on the new profile, and that same utorrentControl2 option was there again. I deleted it and tested again by creating a new profile, and the same thing happened.
--
Marc.
-
When I launched Chrome, the button for utorrentControl2 was gone, though strangely it just seemed to be invisible (when I hovered the mouse over where the button would otherwise be, there was still an alt-text that came up for it.
I went in to the Chrome settings to see the extensions, and it was there (again) so I deleted it. I rebooted and it now seems to be gone completely.
I'm using Chrome now to post this. It appears that everything is fixed. I'll monitor for a couple of days to see if the issues recur. Hopefully we're done!
Once again, I appreciate your help.
--
Marc.
-
All processes killed
========== OTL ==========
File C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0 not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Marc
->Temp folder emptied: 572352 bytes
->Temporary Internet Files folder emptied: 184296972 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 10013114 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 6174 bytes
User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 175546 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 605759798 bytes
Total Files Cleaned = 764.00 mb
OTL by OldTimer - Version 3.2.53.1 log created on 07042012_084830
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-
Like the last time I ran a fix, OTL crashed when it appeared to be nearing completion. I didn't run it a second time this time, though.
Files\Folders moved on Reboot...
C:\Users\Marc\AppData\Local\Temp\ehmsas.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\Marc\AppData\Local\Temp\ehmsas.txt not found!
Registry entries deleted on Reboot...
-
OTL logfile created on: 01/07/2012 11:00:44 PM - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Marc\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
1013.31 Mb Total Physical Memory | 321.32 Mb Available Physical Memory | 31.71% Memory free
2.23 Gb Paging File | 1.09 Gb Available in Paging File | 48.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.33 Gb Total Space | 11.64 Gb Free Space | 11.05% Space Free | Partition Type: NTFS
Drive D: | 6.46 Gb Total Space | 0.75 Gb Free Space | 11.67% Space Free | Partition Type: NTFS
Computer Name: MARC_LAPTOP | User Name: Marc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/07/01 22:57:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Marc\Desktop\OTL.exe
PRC - [2012/06/06 22:02:30 | 027,502,520 | ---- | M] (Dropbox, Inc.) -- C:\Users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/05/29 21:17:54 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/05/05 10:07:36 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/03/23 20:09:29 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\Marc\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012/01/23 14:42:34 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/15 03:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Marc\AppData\Roaming\Google\Google Talk\googletalk.exe
PRC - [2006/11/24 19:34:20 | 000,118,877 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
PRC - [2006/11/24 19:34:16 | 000,270,431 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
========== Modules (No Company Name) ==========
MOD - [2011/08/31 15:44:40 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2011/08/31 15:44:38 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2006/11/24 19:33:18 | 000,061,440 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2012/05/05 10:07:42 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/11/24 19:34:20 | 000,118,877 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/11/24 19:34:16 | 000,270,431 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2004/10/22 07:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/07/01 02:02:02 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0C1234F5-407B-4E68-8242-105056BB9286}\MpKsl307a59e3.sys -- (MpKsl307a59e3)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/02 01:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/06/02 01:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/06/02 01:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/12/21 01:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/12/21 01:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/12/21 01:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/02/25 01:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBTTN.sys -- (HBtnKey)
DRV - [2009/11/10 10:27:06 | 000,019,456 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2009/04/29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/03/03 05:10:44 | 000,182,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/08/22 11:50:38 | 001,749,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/07/10 07:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/05/15 08:43:50 | 000,013,765 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UCharger.sys -- (UCharger)
DRV - [2007/02/22 17:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/11/16 05:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/16 00:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 22:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/09 05:02:30 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.ca
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0BE365B7-D50B-439F-8AE1-A0FF24C95C1E}: "URL" = http://search.sympatico.msn.ca/results.aspx?q={searchTerms}&FORM=HPCPDS
IE - HKLM\..\SearchScopes\{63BC2215-BFAC-4324-810F-5A302AB0B99E}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVNCS7
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
IE - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\..\SearchScopes,DefaultScope = {0FB5313F-675E-4315-9AC7-BBA6C053F71E}
IE - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\..\SearchScopes\{0BE365B7-D50B-439F-8AE1-A0FF24C95C1E}: "URL" = http://search.sympatico.msn.ca/results.aspx?q={searchTerms}&FORM=HPCPDS
IE - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\..\SearchScopes\{0FB5313F-675E-4315-9AC7-BBA6C053F71E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLR_en
IE - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\..\SearchScopes\{63BC2215-BFAC-4324-810F-5A302AB0B99E}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVNCS7
IE - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Marc\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Marc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Marc\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Marc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
[2012/06/06 19:17:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Marc\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Marc\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Marc\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Marc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Marc\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: O3D Plugin (Enabled) = C:\Users\Marc\AppData\Roaming\Mozilla\plugins\npo3dautoplugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Free Realms Installer (Enabled) = C:\Users\Marc\AppData\LocalLow\Sony Online Entertainment\npsoe.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Marc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: uTorrentControl2 = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\
CHR - Extension: Gmail = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/06/19 21:32:46 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000..\Run: [googletalk] C:\Users\Marc\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KooBits 4.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} https://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab (Windows Live SkyDrive Upload Tool)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {F79364C6-8DF2-4060-BF77-35239AC7BCB1} https://connect.startek.com/Hyperion/zeroadmin/component/Insight/setup.cab (SetupLauncher Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1901EDC2-2EA0-429D-9CB7-95F78CA928A0}: DhcpNameServer = 192.168.2.1 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Marc\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Marc\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/21 08:04:50 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/07/01 22:57:21 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Marc\Desktop\OTL.exe
[2012/06/27 20:12:40 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/06/19 22:01:42 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\temp
[2012/06/19 21:33:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/19 21:29:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/19 21:05:17 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/18 22:27:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/18 22:27:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/18 22:27:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/18 22:27:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/18 22:25:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/15 01:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/06/13 07:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/06/12 18:21:26 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\{1B5791F0-439D-4E33-B909-C2EAF4E9345D}
[2012/06/12 17:40:45 | 000,000,000 | R--D | C] -- C:\Users\Marc\Desktop\Dropbox
[2012/06/12 17:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012/06/12 17:36:10 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/06/12 17:33:01 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Dropbox
[2012/06/06 19:17:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/06 00:13:32 | 000,000,000 | ---D | C] -- C:\Temp
[2012/06/05 23:29:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\System32
[2012/06/03 10:40:53 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\SUPERAntiSpyware.com
[2012/06/03 10:40:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/06/03 10:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/06/03 10:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/03 09:56:26 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Malwarebytes
[2012/06/03 09:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/03 09:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/03 09:55:45 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/03 09:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/03 00:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2009/04/25 19:29:02 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Marc\AppData\Roaming\pcouffin.sys
========== Files - Modified Within 30 Days ==========
[2012/07/01 22:57:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Marc\Desktop\OTL.exe
[2012/07/01 21:20:14 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/01 21:20:14 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/01 19:07:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/01 18:15:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3952486750-2209785099-4280780671-1000UA.job
[2012/07/01 16:01:01 | 000,002,345 | ---- | M] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\BrickStore.lnk
[2012/06/30 20:15:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3952486750-2209785099-4280780671-1000Core.job
[2012/06/29 04:20:00 | 000,002,040 | ---- | M] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/29 04:19:59 | 000,002,078 | ---- | M] () -- C:\Users\Marc\Desktop\Google Chrome.lnk
[2012/06/26 23:17:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/26 23:17:07 | 1063,313,408 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/26 23:02:14 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/06/26 21:46:13 | 000,000,680 | ---- | M] () -- C:\Users\Marc\AppData\Local\d3d9caps.dat
[2012/06/26 21:45:44 | 000,000,943 | ---- | M] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/25 23:17:14 | 000,003,378 | ---- | M] () -- C:\Users\Marc\Desktop\mattoncini.bsx
[2012/06/23 16:13:02 | 000,002,585 | ---- | M] () -- C:\Users\Marc\Desktop\Microsoft Office Excel 2007.lnk
[2012/06/23 11:05:45 | 000,002,609 | ---- | M] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2012/06/19 21:32:46 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/14 04:42:01 | 000,423,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/14 03:55:05 | 000,644,652 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/14 03:55:05 | 000,124,786 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/12 17:40:45 | 000,000,981 | ---- | M] () -- C:\Users\Marc\Desktop\Dropbox.lnk
[2012/06/12 17:38:11 | 000,000,991 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/03 09:56:05 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/03 00:15:09 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
========== Files Created - No Company Name ==========
[2012/06/27 20:13:15 | 000,002,078 | ---- | C] () -- C:\Users\Marc\Desktop\Google Chrome.lnk
[2012/06/27 20:13:15 | 000,002,040 | ---- | C] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/25 23:17:14 | 000,003,378 | ---- | C] () -- C:\Users\Marc\Desktop\mattoncini.bsx
[2012/06/18 22:27:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/18 22:27:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/18 22:27:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/18 22:27:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/18 22:27:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/12 17:40:45 | 000,000,981 | ---- | C] () -- C:\Users\Marc\Desktop\Dropbox.lnk
[2012/06/12 17:38:11 | 000,000,991 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/03 09:56:05 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/03 00:15:09 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/06/03 00:09:23 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/01/26 09:46:49 | 000,000,218 | ---- | C] () -- C:\Users\Marc\AppData\Local\recently-used.xbel
[2011/03/04 00:12:50 | 000,000,000 | ---- | C] () -- C:\Users\Marc\cbe.6dcf4c112e7f11688b
[2011/03/04 00:07:56 | 000,000,016 | ---- | C] () -- C:\Users\Marc\persistent_state
[2011/03/02 07:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/03/02 07:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/03/02 07:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/03/02 07:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/03/02 07:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010/01/27 08:38:28 | 000,000,680 | ---- | C] () -- C:\Users\Marc\AppData\Local\d3d9caps.dat
[2009/06/23 17:29:05 | 000,003,685 | ---- | C] () -- C:\Users\Marc\zuda_templat.2009_06_23_17_29_05.0
[2009/04/26 11:40:31 | 000,014,729 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2009/04/25 19:30:58 | 000,000,668 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\vso_ts_preview.xml
[2009/04/25 19:29:02 | 000,087,608 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\inst.exe
[2009/04/25 19:29:02 | 000,007,887 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\pcouffin.cat
[2009/04/25 19:29:02 | 000,001,144 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\pcouffin.inf
[2008/08/22 13:42:38 | 000,002,150 | ---- | C] () -- C:\Users\Marc\New document 1.2008_08_22_13_42_38.0
[2008/01/22 13:13:17 | 000,023,888 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\UserTile.png
[2008/01/03 21:29:58 | 000,235,520 | ---- | C] () -- C:\Users\Marc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== LOP Check ==========
[2010/03/16 07:14:01 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Amazon
[2011/08/07 16:30:57 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\calibre
[2009/06/22 20:04:42 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1
[2012/07/01 23:03:44 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Dropbox
[2010/06/29 08:12:38 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\gtk-2.0
[2008/08/22 13:41:11 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Inkscape
[2010/04/30 23:54:55 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\LEGO Company
[2011/03/12 20:59:25 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Notepad++
[2008/01/22 13:13:17 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\PeerNetworking
[2009/08/29 16:52:02 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Reg Tool
[2012/05/25 14:58:34 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Samsung
[2010/06/03 13:18:21 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Unity
[2011/11/15 01:13:58 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Vso
[2009/09/26 16:39:48 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Windows Live Writer
[2012/06/26 23:02:41 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:51CF25B1
< End of report >
-
Hmm. Looks like we're almost there.
I uninstalled Chrome, rebooted, and re-installed.
When I launch Chrome it let's me browse normally. In Task Manager, it seems to behave well -- CPU usage only 1 or 2 % outside of brief spikes.
However -- somehow the utorrentControl2 Community Toolbar button is back, even though this was deleted WAY back at the start of this thread (and was likely the initial cause of all the problems).
--
Marc.
-
Unfortunately, nothing has changed with Chrome.
IE works for me fine. When I have it running and I have Task Manager open, IE appears to be using around 120Mb of memory, and 2% of CPU (other than brief bursts).
When I launch Chrome, it uses 250Mb of memory, and 50% of CPU. My home page half-loads, and when I try to launch any other page, it just sits there, loading. If I close Chrome, the window goes away, but Chrome is still listed in Task Manager, still using 50% of the CPU.
I appreciate the help you've provided (and I apologize for the long delays between each step), but I am starting to think that this isn't going to be solved.
Should I just back up what I need, and abandon everything? Do a complete reformat?
--
Marc.
-
No threats detected.
-
I ran the scan as described. The results window stated "No threats found."
I went to the log, but the file's Date Modified data shows June 13.
In any case, the log shows:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
-
ComboFix 12-06-16.02 - Marc 19/06/2012 21:10:44.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1013.224 [GMT -4:00]
Running from: c:\users\Marc\Desktop\ComboFix.exe
Command switches used :: c:\users\Marc\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Conduit
c:\program files\Conduit\Community Alerts\Alert.dll
c:\users\Marc\AppData\Local\Conduit
.
.
((((((((((((((((((((((((( Files Created from 2012-05-20 to 2012-06-20 )))))))))))))))))))))))))))))))
.
.
2012-06-20 01:29 . 2012-06-20 01:29 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-06-20 01:29 . 2012-06-20 01:29 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-06-20 01:29 . 2012-06-20 01:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-19 03:47 . 2012-05-15 05:43 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55E3F586-B1C8-4AA6-8A85-860BB27F87C3}\mpengine.dll
2012-06-19 03:26 . 2012-06-20 01:34 -------- d-----w- c:\users\Marc\AppData\Local\temp
2012-06-17 09:03 . 2012-05-15 05:43 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-15 05:07 . 2012-06-15 05:07 -------- d-----w- c:\programdata\Kaspersky Lab
2012-06-14 01:25 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 01:25 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 01:25 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 01:24 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 17:44 . 2012-06-03 04:40 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A20357BD-2317-4262-8CEE-FC8203AA6002}\gapaengine.dll
2012-06-13 11:36 . 2012-06-13 11:36 -------- d-----w- c:\program files\ESET
2012-06-12 21:37 . 2012-06-12 21:37 -------- d-----w- c:\program files\Dropbox
2012-06-12 21:33 . 2012-06-19 03:55 -------- d-----w- c:\users\Marc\AppData\Roaming\Dropbox
2012-06-06 23:17 . 2012-06-06 23:17 -------- d-----w- C:\_OTL
2012-06-06 04:13 . 2012-06-06 04:13 -------- d-----w- C:\Temp
2012-06-06 03:29 . 2012-06-06 03:29 -------- d-----w- c:\windows\system32\System32
2012-06-03 14:40 . 2012-06-03 14:40 -------- d-----w- c:\users\Marc\AppData\Roaming\SUPERAntiSpyware.com
2012-06-03 14:39 . 2012-06-03 14:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-03 14:39 . 2012-06-03 14:39 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-03 13:56 . 2012-06-03 13:56 -------- d-----w- c:\users\Marc\AppData\Roaming\Malwarebytes
2012-06-03 13:55 . 2012-06-03 13:55 -------- d-----w- c:\programdata\Malwarebytes
2012-06-03 13:55 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-03 13:55 . 2012-06-03 13:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-03 04:56 . 2012-06-03 04:40 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-03 04:07 . 2012-06-03 04:09 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-03 04:06 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-06-01 03:41 . 2012-06-01 03:41 -------- d-----w- c:\users\Marc\AppData\Local\Apps
2012-06-01 03:41 . 2012-06-01 03:44 -------- d-----w- c:\users\Marc\AppData\Local\Deployment
2012-05-28 02:42 . 2012-05-28 02:43 -------- d-----w- c:\users\Marc\AppData\Local\CRE
2012-05-25 19:02 . 2012-06-06 03:46 -------- d-----w- c:\users\Marc\AppData\Local\Samsung
2012-05-25 18:58 . 2012-05-25 18:58 -------- d-----w- c:\users\Marc\AppData\Roaming\Samsung
2012-05-25 18:27 . 2011-06-02 05:47 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2012-05-25 18:27 . 2011-06-02 05:47 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2012-05-25 18:27 . 2011-06-02 05:47 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2012-05-25 18:27 . 2011-06-02 05:47 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2012-05-25 18:27 . 2011-06-02 05:47 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2012-05-25 18:27 . 2011-06-02 05:47 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2012-05-25 18:27 . 2011-06-02 05:47 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2012-05-25 18:18 . 2010-12-21 05:55 132424 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2012-05-25 18:18 . 2010-12-21 05:55 12488 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2012-05-25 18:18 . 2010-12-21 05:55 12488 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2012-05-25 18:18 . 2010-12-21 05:55 14920 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2012-05-25 18:18 . 2010-12-21 05:55 12616 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2012-05-25 18:18 . 2010-12-21 05:55 12616 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2012-05-25 18:18 . 2010-12-21 05:55 104648 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2012-05-25 18:11 . 2011-03-02 11:58 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-05-25 18:07 . 2012-05-25 18:07 -------- d-----w- c:\program files\MarkAny
2012-05-25 18:07 . 2011-03-02 11:57 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2012-05-25 18:07 . 2011-03-02 11:57 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-05-25 18:04 . 2012-05-25 18:17 -------- d-----w- c:\program files\Samsung
2012-05-25 18:04 . 2012-05-25 18:15 -------- d-----w- c:\programdata\Samsung
2012-05-25 17:59 . 2012-05-25 17:59 -------- d-----w- c:\users\Marc\AppData\Local\Downloaded Installations
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-03 03:40 . 2012-06-03 03:40 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13F0BDB0-AB9F-463E-82F2-8C56660EB083}\offreg.dll
2012-05-29 07:38 . 2011-03-02 11:57 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-05-17 22:35 . 2012-06-14 07:10 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 19:51 . 2012-06-14 01:24 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-05-15 05:43 . 2012-06-03 03:20 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13F0BDB0-AB9F-463E-82F2-8C56660EB083}\mpengine.dll
2012-05-05 14:07 . 2012-04-13 10:53 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 14:07 . 2011-06-07 04:56 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-03 08:16 . 2012-05-12 03:24 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-12 03:24 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:39 . 2012-05-12 03:24 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-29 13:39 . 2012-05-12 03:24 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"googletalk"="c:\users\Marc\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-30 21432]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-05-30 3521464]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-6 27502520]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112]
KooBits 4.lnk - c:\program files\KooBits 4.0\KooBits 4.0.exe [N/A]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 14:07]
.
2012-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3952486750-2209785099-4280780671-1000Core.job
- c:\users\Marc\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 22:46]
.
2012-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3952486750-2209785099-4280780671-1000UA.job
- c:\users\Marc\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 22:46]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.ca/
mStart Page = hxxp://sympatico.ca
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} - hxxps://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab
DPF: {F79364C6-8DF2-4060-BF77-35239AC7BCB1} - hxxps://connect.startek.com/Hyperion/zeroadmin/component/Insight/setup.cab
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(760)
c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\SUPERAntiSpyware\SASCTXMN.DLL
c:\program files\Ipswitch\WS_FTP 12\wsftpsi.dll
c:\program files\Ipswitch\WS_FTP 12\wsftplib.dll
c:\program files\Ipswitch\WS_FTP 12\LIBEAY32.dll
c:\program files\Ipswitch\WS_FTP 12\wsftpext.dll
c:\program files\Ipswitch\WS_FTP 12\SSLEAY32.dll
c:\program files\Ipswitch\WS_FTP 12\ipspgp.dll
c:\program files\Ipswitch\WS_FTP 12\sslsvc.dll
c:\program files\Ipswitch\WS_FTP 12\wsfirscr.dll
c:\program files\Ipswitch\WS_FTP 12\wshosts.dll
c:\program files\WinRAR\rarext.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\WLANExt.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Microsoft Security Client\MpCmdRun.exe
c:\program files\Microsoft Security Client\MpCmdRun.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-06-19 22:01:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-20 01:52
ComboFix2.txt 2012-06-19 03:25
.
Pre-Run: 11,080,810,496 bytes free
Post-Run: 10,955,976,704 bytes free
.
- - End Of File - - 8B70AF4F36BB7847C4ACD2762A2C3E37
-
ComboFix 12-06-16.02 - Marc 18/06/2012 22:32:26.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1013.193 [GMT -4:00]
Running from: c:\users\Marc\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Marc\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\users\Marc\ia_remove.sh6793.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))
.
.
2012-06-19 02:52 . 2012-06-19 02:59 -------- d-----w- c:\users\Marc\AppData\Local\temp
2012-06-19 02:52 . 2012-06-19 02:52 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-06-19 02:52 . 2012-06-19 02:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-19 02:52 . 2012-06-19 02:52 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-06-18 09:22 . 2012-05-15 05:43 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FED5B0DC-3FE0-494C-83B7-E31ADB0E275D}\mpengine.dll
2012-06-17 09:03 . 2012-05-15 05:43 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-15 05:07 . 2012-06-15 05:07 -------- d-----w- c:\programdata\Kaspersky Lab
2012-06-14 07:10 . 2012-05-17 23:21 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-06-14 07:10 . 2012-05-17 22:31 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-06-14 07:10 . 2012-05-17 22:31 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-06-14 07:10 . 2012-05-17 22:29 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-14 07:10 . 2012-05-17 23:21 748664 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2012-06-14 07:10 . 2012-05-17 22:38 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-06-14 07:10 . 2012-05-17 22:37 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-06-14 07:10 . 2012-05-17 22:35 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-14 01:25 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 01:25 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 01:25 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 01:24 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 17:44 . 2012-06-03 04:40 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A20357BD-2317-4262-8CEE-FC8203AA6002}\gapaengine.dll
2012-06-13 11:36 . 2012-06-13 11:36 -------- d-----w- c:\program files\ESET
2012-06-12 21:37 . 2012-06-12 21:37 -------- d-----w- c:\program files\Dropbox
2012-06-12 21:33 . 2012-06-19 00:13 -------- d-----w- c:\users\Marc\AppData\Roaming\Dropbox
2012-06-06 23:17 . 2012-06-06 23:17 -------- d-----w- C:\_OTL
2012-06-06 04:13 . 2012-06-06 04:13 -------- d-----w- C:\Temp
2012-06-03 14:40 . 2012-06-03 14:40 -------- d-----w- c:\users\Marc\AppData\Roaming\SUPERAntiSpyware.com
2012-06-03 14:39 . 2012-06-03 14:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-03 14:39 . 2012-06-03 14:39 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-03 13:56 . 2012-06-03 13:56 -------- d-----w- c:\users\Marc\AppData\Roaming\Malwarebytes
2012-06-03 13:55 . 2012-06-03 13:55 -------- d-----w- c:\programdata\Malwarebytes
2012-06-03 13:55 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-03 13:55 . 2012-06-03 13:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-03 04:56 . 2012-06-03 04:40 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-03 04:07 . 2012-06-03 04:09 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-03 04:06 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-06-01 03:41 . 2012-06-01 03:41 -------- d-----w- c:\users\Marc\AppData\Local\Apps
2012-06-01 03:41 . 2012-06-01 03:44 -------- d-----w- c:\users\Marc\AppData\Local\Deployment
2012-05-28 02:57 . 2012-05-28 02:57 -------- d-----w- c:\program files\Conduit
2012-05-28 02:42 . 2012-05-28 02:43 -------- d-----w- c:\users\Marc\AppData\Local\CRE
2012-05-28 02:40 . 2012-06-01 02:39 -------- d-----w- c:\users\Marc\AppData\Local\Conduit
2012-05-25 19:02 . 2012-06-06 03:46 -------- d-----w- c:\users\Marc\AppData\Local\Samsung
2012-05-25 18:58 . 2012-05-25 18:58 -------- d-----w- c:\users\Marc\AppData\Roaming\Samsung
2012-05-25 18:27 . 2011-06-02 05:47 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2012-05-25 18:27 . 2011-06-02 05:47 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2012-05-25 18:27 . 2011-06-02 05:47 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2012-05-25 18:27 . 2011-06-02 05:47 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2012-05-25 18:27 . 2011-06-02 05:47 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2012-05-25 18:27 . 2011-06-02 05:47 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2012-05-25 18:27 . 2011-06-02 05:47 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2012-05-25 18:18 . 2010-12-21 05:55 132424 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2012-05-25 18:18 . 2010-12-21 05:55 12488 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2012-05-25 18:18 . 2010-12-21 05:55 12488 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2012-05-25 18:18 . 2010-12-21 05:55 14920 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2012-05-25 18:18 . 2010-12-21 05:55 12616 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2012-05-25 18:18 . 2010-12-21 05:55 12616 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2012-05-25 18:18 . 2010-12-21 05:55 104648 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2012-05-25 18:07 . 2012-05-25 18:07 -------- d-----w- c:\program files\MarkAny
2012-05-25 18:07 . 2011-03-02 11:57 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2012-05-25 18:07 . 2011-03-02 11:57 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-05-25 18:04 . 2012-05-25 18:17 -------- d-----w- c:\program files\Samsung
2012-05-25 18:04 . 2012-05-25 18:15 -------- d-----w- c:\programdata\Samsung
2012-05-25 17:59 . 2012-05-25 17:59 -------- d-----w- c:\users\Marc\AppData\Local\Downloaded Installations
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-03 03:40 . 2012-06-03 03:40 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13F0BDB0-AB9F-463E-82F2-8C56660EB083}\offreg.dll
2012-05-29 07:38 . 2011-03-02 11:57 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-05-17 22:45 . 2012-06-14 07:10 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35 . 2012-06-14 07:10 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:24 . 2012-06-14 07:10 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-15 19:51 . 2012-06-14 01:24 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-05-15 05:43 . 2012-06-03 03:20 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13F0BDB0-AB9F-463E-82F2-8C56660EB083}\mpengine.dll
2012-05-05 14:07 . 2012-04-13 10:53 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 14:07 . 2011-06-07 04:56 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-03 08:16 . 2012-05-12 03:24 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-12 03:24 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:39 . 2012-05-12 03:24 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-29 13:39 . 2012-05-12 03:24 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-21 07:05 . 2012-03-21 07:05 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-21 07:05 . 2012-03-21 07:05 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-21 07:05 . 2012-03-21 07:05 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-21 07:05 . 2012-03-21 07:05 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-21 07:05 . 2012-03-21 07:05 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-21 07:05 . 2012-03-21 07:05 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-21 07:05 . 2012-03-21 07:05 367104 ----a-w- c:\windows\system32\html.iec
2012-03-21 07:04 . 2012-03-21 07:04 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-21 07:04 . 2012-03-21 07:04 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-21 07:04 . 2012-03-21 07:04 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-21 07:04 . 2012-03-21 07:04 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-21 07:04 . 2012-03-21 07:04 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-21 07:04 . 2012-03-21 07:04 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-21 07:04 . 2012-03-21 07:04 101888 ----a-w- c:\windows\system32\admparse.dll
2012-03-21 07:04 . 2012-03-21 07:04 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-21 07:04 . 2012-03-21 07:04 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"googletalk"="c:\users\Marc\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-30 21432]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-05-30 3521464]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-6 27502520]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112]
KooBits 4.lnk - c:\program files\KooBits 4.0\KooBits 4.0.exe [N/A]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 14:07]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3952486750-2209785099-4280780671-1000Core.job
- c:\users\Marc\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 22:46]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3952486750-2209785099-4280780671-1000UA.job
- c:\users\Marc\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 22:46]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.ca/
mStart Page = hxxp://sympatico.ca
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} - hxxps://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab
DPF: {F79364C6-8DF2-4060-BF77-35239AC7BCB1} - hxxps://connect.startek.com/Hyperion/zeroadmin/component/Insight/setup.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-KiesHelper - c:\program files\Samsung\Kies\KiesHelper.exe
HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3756)
c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\WLANExt.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-06-18 23:25:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-19 03:17
.
Pre-Run: 10,335,768,576 bytes free
Post-Run: 11,020,685,312 bytes free
.
- - End Of File - - FF9368C46A102A140B051454A4521D36
-
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Any tips on how to disable Microsoft Security Essentials for this? I cannot find a way to do so.
--
Marc.
-
It ran for over 8 hours ... and no detected threats.
Normally, that would be good news, but Chrome is still completely unusable. =(
--
Marc.
-
That log is pretty minimal, so I'm not sure if something went wrong. (It did appear to run properly. It was an hour or so in, at 24%, when I went to bed last night. The computer had rebooted when I got up this morning.
log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
-
After starting the scan, I get an "unexpected error" message.
--
Marc.
-
First time I ran the fix, it crashed after it appeared to be finished. May have been an error on my part, because when I pasted in the required text, the line breaks didn't come through.
Anyway, I ran again and it appeared to go through without problems.
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EBEF9D14-75FA-4D3A-A4F8-C4F50414BB45}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBEF9D14-75FA-4D3A-A4F8-C4F50414BB45}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DA6977C3-D42C-4398-A009-620D94BFBE7B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA6977C3-D42C-4398-A009-620D94BFBE7B}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EBEF9D14-75FA-4D3A-A4F8-C4F50414BB45}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBEF9D14-75FA-4D3A-A4F8-C4F50414BB45}\ not found.
Folder C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 43005397 bytes
->Java cache emptied: 25556713 bytes
->Flash cache emptied: 39252 bytes
User: Marc
->Temp folder emptied: 1612364846 bytes
->Temporary Internet Files folder emptied: 772741505 bytes
->Java cache emptied: 107296408 bytes
->Google Chrome cache emptied: 247948680 bytes
->Apple Safari cache emptied: 14011392 bytes
->Flash cache emptied: 714707 bytes
User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 154229 bytes
->Flash cache emptied: 56502 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 129811 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 255306508 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2673597296 bytes
Total Files Cleaned = 5,486.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.46.0 log created on 06122012_122818
Files\Folders moved on Reboot...
C:\Users\Marc\AppData\Local\Temp\ehmsas.txt moved successfully.
C:\Windows\temp\TMP000000052B1A2E322E68DB09 moved successfully.
Registry entries deleted on Reboot...
-
(had to split the file between three posts. 3/3)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}" = HP Wireless Assistant
"{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07EA0F88-8E8F-11D9-8BDE-F66BAD1E3F3A}" = BrickStore
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{21E62565-8639-457C-B64C-A3FF0A8B4D80}" = HP Active Support Library
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6
"{325045C9-F040-3D98-892D-53D5E840266C}" = Google Talk Plugin
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33BDCB7F-7686-41EE-B745-89CFFAEF3147}" = Python 2.6 pygame-1.8.1
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.0
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5CA81D12-9EC2-4082-972B-43ECA63F41F2}" = HP Pavilion Webcam Driver for Vista v061.001.00005
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7BFD42CA-460A-11E1-AE58-984BE15F174E}" = Evernote v. 4.5.3
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9cc89170-000b-457d-91f1-53691f85b223}" = Python 2.6.1
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A12A3DED-CCDA-4F29-A1BA-00F0C6521CD5}" = HP Total Care Advisor
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP 12
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B9F9C536-ECF3-399F-A57B-84378144B91E}" = O3D Plugin
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2AFD577-8CF5-37F4-A4CF-32BEE91CB9C8}" = O3D Extras
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0E400F5-422B-4540-A14F-B0739D71FEE7}" = Microsoft Reader Text-to-Speech for English
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}" = HP Help and Support
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED4905E3-2B32-4DD8-BC14-7CAFD30E9ECD}" = HP User Guide 0048
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = ASL_HS_Installer32
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CDisplay_is1" = CDisplay 1.8
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Digital Editions" = Adobe Digital Editions
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel® Graphics Media Accelerator Driver
"HPOOVClient-6811507 Uninstaller" = HP Connections (remove only)
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"New LEGO Digital Designer" = LEGO Digital Designer
"Notepad++" = Notepad++
"PDF Info_is1" = PDF Info 1.0
"Picasa 3" = Picasa 3
"PROSet" = Intel® Network Connections Drivers
"Simple FTP Client_is1" = Simple FTP Client 1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UnityWebPlayer" = Unity Web Player (All users)
"Visual Basic 6.0 Working Model Edition" = Microsoft Visual Basic 6.0 Working Model Edition
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WebPost" = Microsoft Web Publishing Wizard 1.53
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Free Realms Installer" = Free Realms Installer
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 31/05/2012 10:49:30 PM | Computer Name = Marc_Laptop | Source = MsiInstaller | ID = 1013
Description =
Error - 01/06/2012 1:51:08 PM | Computer Name = Marc_Laptop | Source = Perflib | ID = 1010
Description =
Error - 01/06/2012 1:51:21 PM | Computer Name = Marc_Laptop | Source = Perflib | ID = 1008
Description =
Error - 02/06/2012 6:49:47 PM | Computer Name = Marc_Laptop | Source = Perflib | ID = 1010
Description =
Error - 02/06/2012 6:49:50 PM | Computer Name = Marc_Laptop | Source = Perflib | ID = 1008
Description =
Error - 02/06/2012 9:58:39 PM | Computer Name = Marc_Laptop | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 17d4 Start Time: 01cd4111eafc0460 Termination Time: 220
Error - 03/06/2012 11:55:01 AM | Computer Name = Marc_Laptop | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 19.0.1084.52 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 3d8 Start Time: 01cd419ec1a5067d Termination Time: 279
Error - 03/06/2012 9:38:03 PM | Computer Name = Marc_Laptop | Source = Perflib | ID = 1010
Description =
Error - 03/06/2012 9:38:04 PM | Computer Name = Marc_Laptop | Source = Perflib | ID = 1008
Description =
Error - 04/06/2012 9:38:27 PM | Computer Name = Marc_Laptop | Source = Perflib | ID = 1010
Description =
[ Media Center Events ]
Error - 20/02/2008 4:54:17 PM | Computer Name = Marc_Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 16/04/2008 11:04:03 PM | Computer Name = Marc_Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 26/02/2009 8:32:46 PM | Computer Name = Marc_Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 09/06/2009 8:09:42 AM | Computer Name = Marc_Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 14/08/2009 1:33:02 AM | Computer Name = Marc_Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 26/09/2009 1:32:55 AM | Computer Name = Marc_Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 07/10/2009 4:49:15 PM | Computer Name = Marc_Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 06/05/2011 7:15:59 PM | Computer Name = Marc_Laptop | Source = Mcx2Dvcs | ID = 401
Description =
Error - 06/05/2011 7:16:33 PM | Computer Name = Marc_Laptop | Source = Mcx2Dvcs | ID = 401
Description =
Error - 22/11/2011 11:39:47 PM | Computer Name = Marc_Laptop | Source = Mcx2Dvcs | ID = 405
Description =
[ System Events ]
Error - 03/06/2012 12:54:11 AM | Computer Name = Marc_Laptop | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%854
Source
Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80070652 Error description: Another
installation is already in progress. Complete that installation before proceeding
with this install.
Error - 03/06/2012 12:54:11 AM | Computer Name = Marc_Laptop | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%854
Source
Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80070652 Error description: Another
installation is already in progress. Complete that installation before proceeding
with this install.
Error - 03/06/2012 12:56:41 AM | Computer Name = Marc_Laptop | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: Update Source: %%815 Update Stage: %%854 Source
Path: Signature Type: Update Type: User: NT AUTHORITY\NETWORK SERVICE Current Engine
Version: Previous Engine Version: Error code: 0x80070652 Error description: Another
installation is already in progress. Complete that installation before proceeding
with this install.
Error - 03/06/2012 9:38:05 AM | Computer Name = Marc_Laptop | Source = DCOM | ID = 10010
Description =
Error - 03/06/2012 9:42:02 AM | Computer Name = Marc_Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 03/06/2012 9:48:56 AM | Computer Name = Marc_Laptop | Source = Service Control Manager | ID = 7022
Description =
Error - 03/06/2012 11:22:06 AM | Computer Name = Marc_Laptop | Source = DCOM | ID = 10010
Description =
Error - 03/06/2012 11:28:20 AM | Computer Name = Marc_Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 03/06/2012 11:36:04 AM | Computer Name = Marc_Laptop | Source = Service Control Manager | ID = 7022
Description =
Error - 04/06/2012 2:44:40 PM | Computer Name = Marc_Laptop | Source = WMPNetworkSvc | ID = 866333
Description =
< End of report >
Chrome infected? Help =(
in Resolved Malware Removal Logs
Posted
Wow. That appears to have fixed it. It had the side effect of deleting my other Chrome profiles for some reason, but they were pretty easy to set up again. And when I did so, the uTorrent thing was not coming up like before! Thanks!'
--
Marc.