Chrome infected? Help =(

Maniac · June 20, 2012

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

fleury · June 22, 2012

I ran the scan as described. The results window stated "No threats found."

I went to the log, but the file's Date Modified data shows June 13.

In any case, the log shows:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

Maniac · June 22, 2012

Good!

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

fleury · June 24, 2012

No threats detected.

Maniac · June 24, 2012

How are things now?

fleury · June 24, 2012

Unfortunately, nothing has changed with Chrome.

IE works for me fine. When I have it running and I have Task Manager open, IE appears to be using around 120Mb of memory, and 2% of CPU (other than brief bursts).

When I launch Chrome, it uses 250Mb of memory, and 50% of CPU. My home page half-loads, and when I try to launch any other page, it just sits there, loading. If I close Chrome, the window goes away, but Chrome is still listed in Task Manager, still using 50% of the CPU.

I appreciate the help you've provided (and I apologize for the long delays between each step), but I am starting to think that this isn't going to be solved.

Should I just back up what I need, and abandon everything? Do a complete reformat?

--

Marc.

Maniac · June 25, 2012

Let me try some tricks.

Please re-install Chrome:

http://support.google.com/chrome/bin/answer.py?hl=en&answer=95346

Reboot and let me know.

fleury · June 28, 2012

Hmm. Looks like we're almost there.

I uninstalled Chrome, rebooted, and re-installed.

When I launch Chrome it let's me browse normally. In Task Manager, it seems to behave well -- CPU usage only 1 or 2 % outside of brief spikes.

However -- somehow the utorrentControl2 Community Toolbar button is back, even though this was deleted WAY back at the start of this thread (and was likely the initial cause of all the problems).

--

Marc.

Maniac · June 28, 2012

Please generate a new fresh OTL log file.

fleury · July 2, 2012

OTL logfile created on: 01/07/2012 11:00:44 PM - Run 2

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Marc\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1013.31 Mb Total Physical Memory | 321.32 Mb Available Physical Memory | 31.71% Memory free

2.23 Gb Paging File | 1.09 Gb Available in Paging File | 48.71% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 105.33 Gb Total Space | 11.64 Gb Free Space | 11.05% Space Free | Partition Type: NTFS

Drive D: | 6.46 Gb Total Space | 0.75 Gb Free Space | 11.67% Space Free | Partition Type: NTFS

Computer Name: MARC_LAPTOP | User Name: Marc | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/01 22:57:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Marc\Desktop\OTL.exe

PRC - [2012/06/06 22:02:30 | 027,502,520 | ---- | M] (Dropbox, Inc.) -- C:\Users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2012/05/29 21:17:54 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

PRC - [2012/05/05 10:07:36 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe

PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2012/03/23 20:09:29 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\Marc\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe

PRC - [2012/01/23 14:42:34 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe

PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe

PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2007/09/15 03:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe

PRC - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Marc\AppData\Roaming\Google\Google Talk\googletalk.exe

PRC - [2006/11/24 19:34:20 | 000,118,877 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe

PRC - [2006/11/24 19:34:16 | 000,270,431 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

========== Modules (No Company Name) ==========

MOD - [2011/08/31 15:44:40 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll

MOD - [2011/08/31 15:44:38 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll

MOD - [2006/11/24 19:33:18 | 000,061,440 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)

SRV - [2012/05/05 10:07:42 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)

SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)

SRV - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2006/11/24 19:34:20 | 000,118,877 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)

SRV - [2006/11/24 19:34:16 | 000,270,431 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)

SRV - [2004/10/22 07:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)

DRV - [2012/07/01 02:02:02 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0C1234F5-407B-4E68-8242-105056BB9286}\MpKsl307a59e3.sys -- (MpKsl307a59e3)

DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2011/06/02 01:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)

DRV - [2011/06/02 01:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)

DRV - [2011/06/02 01:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)

DRV - [2010/12/21 01:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)

DRV - [2010/12/21 01:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

DRV - [2010/12/21 01:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV - [2010/02/25 01:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBTTN.sys -- (HBtnKey)

DRV - [2009/11/10 10:27:06 | 000,019,456 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlyUsb.sys -- (FlyUsb)

DRV - [2009/04/29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)

DRV - [2008/03/03 05:10:44 | 000,182,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)

DRV - [2007/08/22 11:50:38 | 001,749,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)

DRV - [2007/07/10 07:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2007/05/15 08:43:50 | 000,013,765 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UCharger.sys -- (UCharger)

DRV - [2007/02/22 17:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)

DRV - [2006/11/16 05:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2006/11/16 00:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2006/11/15 22:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2006/11/09 05:02:30 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.ca

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0BE365B7-D50B-439F-8AE1-A0FF24C95C1E}: "URL" = http://search.sympatico.msn.ca/results.aspx?q={searchTerms}&FORM=HPCPDS

IE - HKLM\..\SearchScopes\{63BC2215-BFAC-4324-810F-5A302AB0B99E}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVNCS7

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/

IE - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\..\SearchScopes,DefaultScope = {0FB5313F-675E-4315-9AC7-BBA6C053F71E}

IE - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\..\SearchScopes\{0BE365B7-D50B-439F-8AE1-A0FF24C95C1E}: "URL" = http://search.sympatico.msn.ca/results.aspx?q={searchTerms}&FORM=HPCPDS

IE - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\..\SearchScopes\{0FB5313F-675E-4315-9AC7-BBA6C053F71E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLR_en

IE - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\..\SearchScopes\{63BC2215-BFAC-4324-810F-5A302AB0B99E}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVNCS7

IE - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Marc\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Marc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Marc\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Marc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

[2012/06/06 19:17:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Marc\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Marc\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Marc\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Marc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Marc\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: O3D Plugin (Enabled) = C:\Users\Marc\AppData\Roaming\Mozilla\plugins\npo3dautoplugin.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll

CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Free Realms Installer (Enabled) = C:\Users\Marc\AppData\LocalLow\Sony Online Entertainment\npsoe.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Marc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: YouTube = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: uTorrentControl2 = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\

CHR - Extension: Gmail = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/19 21:32:46 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)

O4 - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000..\Run: [googletalk] C:\Users\Marc\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)

O4 - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

O4 - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O4 - Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KooBits 4.lnk = File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)

O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)

O15 - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} https://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab (Windows Live SkyDrive Upload Tool)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {F79364C6-8DF2-4060-BF77-35239AC7BCB1} https://connect.startek.com/Hyperion/zeroadmin/component/Insight/setup.cab (SetupLauncher Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1901EDC2-2EA0-429D-9CB7-95F78CA928A0}: DhcpNameServer = 192.168.2.1 192.168.2.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop WallPaper: C:\Users\Marc\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Marc\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/12/21 08:04:50 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/01 22:57:21 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Marc\Desktop\OTL.exe

[2012/06/27 20:12:40 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012/06/19 22:01:42 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\temp

[2012/06/19 21:33:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/06/19 21:29:05 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/06/19 21:05:17 | 000,000,000 | ---D | C] -- C:\ComboFix

[2012/06/18 22:27:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/06/18 22:27:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/06/18 22:27:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/06/18 22:27:17 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/06/18 22:25:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/06/15 01:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab

[2012/06/13 07:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012/06/12 18:21:26 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\{1B5791F0-439D-4E33-B909-C2EAF4E9345D}

[2012/06/12 17:40:45 | 000,000,000 | R--D | C] -- C:\Users\Marc\Desktop\Dropbox

[2012/06/12 17:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox

[2012/06/12 17:36:10 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

[2012/06/12 17:33:01 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Dropbox

[2012/06/06 19:17:32 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/06/06 00:13:32 | 000,000,000 | ---D | C] -- C:\Temp

[2012/06/05 23:29:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\System32

[2012/06/03 10:40:53 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\SUPERAntiSpyware.com

[2012/06/03 10:40:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2012/06/03 10:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2012/06/03 10:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012/06/03 09:56:26 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Malwarebytes

[2012/06/03 09:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/06/03 09:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/06/03 09:55:45 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/06/03 09:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/06/03 00:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2009/04/25 19:29:02 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Marc\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/07/01 22:57:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Marc\Desktop\OTL.exe

[2012/07/01 21:20:14 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/01 21:20:14 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/01 19:07:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/07/01 18:15:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3952486750-2209785099-4280780671-1000UA.job

[2012/07/01 16:01:01 | 000,002,345 | ---- | M] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\BrickStore.lnk

[2012/06/30 20:15:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3952486750-2209785099-4280780671-1000Core.job

[2012/06/29 04:20:00 | 000,002,040 | ---- | M] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/06/29 04:19:59 | 000,002,078 | ---- | M] () -- C:\Users\Marc\Desktop\Google Chrome.lnk

[2012/06/26 23:17:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/06/26 23:17:07 | 1063,313,408 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/26 23:02:14 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012/06/26 21:46:13 | 000,000,680 | ---- | M] () -- C:\Users\Marc\AppData\Local\d3d9caps.dat

[2012/06/26 21:45:44 | 000,000,943 | ---- | M] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/06/25 23:17:14 | 000,003,378 | ---- | M] () -- C:\Users\Marc\Desktop\mattoncini.bsx

[2012/06/23 16:13:02 | 000,002,585 | ---- | M] () -- C:\Users\Marc\Desktop\Microsoft Office Excel 2007.lnk

[2012/06/23 11:05:45 | 000,002,609 | ---- | M] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk

[2012/06/19 21:32:46 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012/06/14 04:42:01 | 000,423,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/06/14 03:55:05 | 000,644,652 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/06/14 03:55:05 | 000,124,786 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/06/12 17:40:45 | 000,000,981 | ---- | M] () -- C:\Users\Marc\Desktop\Dropbox.lnk

[2012/06/12 17:38:11 | 000,000,991 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2012/06/03 09:56:05 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/03 00:15:09 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif

========== Files Created - No Company Name ==========

[2012/06/27 20:13:15 | 000,002,078 | ---- | C] () -- C:\Users\Marc\Desktop\Google Chrome.lnk

[2012/06/27 20:13:15 | 000,002,040 | ---- | C] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/06/25 23:17:14 | 000,003,378 | ---- | C] () -- C:\Users\Marc\Desktop\mattoncini.bsx

[2012/06/18 22:27:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/06/18 22:27:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/06/18 22:27:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/06/18 22:27:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/06/18 22:27:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/06/12 17:40:45 | 000,000,981 | ---- | C] () -- C:\Users\Marc\Desktop\Dropbox.lnk

[2012/06/12 17:38:11 | 000,000,991 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2012/06/03 09:56:05 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/03 00:15:09 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif

[2012/06/03 00:09:23 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2012/01/26 09:46:49 | 000,000,218 | ---- | C] () -- C:\Users\Marc\AppData\Local\recently-used.xbel

[2011/03/04 00:12:50 | 000,000,000 | ---- | C] () -- C:\Users\Marc\cbe.6dcf4c112e7f11688b

[2011/03/04 00:07:56 | 000,000,016 | ---- | C] () -- C:\Users\Marc\persistent_state

[2011/03/02 07:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2011/03/02 07:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll

[2011/03/02 07:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll

[2011/03/02 07:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll

[2011/03/02 07:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll

[2010/01/27 08:38:28 | 000,000,680 | ---- | C] () -- C:\Users\Marc\AppData\Local\d3d9caps.dat

[2009/06/23 17:29:05 | 000,003,685 | ---- | C] () -- C:\Users\Marc\zuda_templat.2009_06_23_17_29_05.0

[2009/04/26 11:40:31 | 000,014,729 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate

[2009/04/25 19:30:58 | 000,000,668 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\vso_ts_preview.xml

[2009/04/25 19:29:02 | 000,087,608 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\inst.exe

[2009/04/25 19:29:02 | 000,007,887 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\pcouffin.cat

[2009/04/25 19:29:02 | 000,001,144 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\pcouffin.inf

[2008/08/22 13:42:38 | 000,002,150 | ---- | C] () -- C:\Users\Marc\New document 1.2008_08_22_13_42_38.0

[2008/01/22 13:13:17 | 000,023,888 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\UserTile.png

[2008/01/03 21:29:58 | 000,235,520 | ---- | C] () -- C:\Users\Marc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2010/03/16 07:14:01 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Amazon

[2011/08/07 16:30:57 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\calibre

[2009/06/22 20:04:42 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1

[2012/07/01 23:03:44 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Dropbox

[2010/06/29 08:12:38 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\gtk-2.0

[2008/08/22 13:41:11 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Inkscape

[2010/04/30 23:54:55 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\LEGO Company

[2011/03/12 20:59:25 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Notepad++

[2008/01/22 13:13:17 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\PeerNetworking

[2009/08/29 16:52:02 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Reg Tool

[2012/05/25 14:58:34 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Samsung

[2010/06/03 13:18:21 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Unity

[2011/11/15 01:13:58 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Vso

[2009/09/26 16:39:48 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Windows Live Writer

[2012/06/26 23:02:41 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:51CF25B1

< End of report >

Maniac · July 2, 2012

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
CHR - Extension: uTorrentControl2 = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\

:Commands
[emptytemp]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

fleury · July 4, 2012

Like the last time I ran a fix, OTL crashed when it appeared to be nearing completion. I didn't run it a second time this time, though.

Files\Folders moved on Reboot...

C:\Users\Marc\AppData\Local\Temp\ehmsas.txt moved successfully.

PendingFileRenameOperations files...

File C:\Users\Marc\AppData\Local\Temp\ehmsas.txt not found!

Registry entries deleted on Reboot...

Maniac · July 4, 2012

Please try again in Safe mode:

http://windows.microsoft.com/en-us/windows-vista/start-your-computer-in-safe-mode

fleury · July 4, 2012

All processes killed

========== OTL ==========

File C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0 not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Guest

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Marc

->Temp folder emptied: 572352 bytes

->Temporary Internet Files folder emptied: 184296972 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 10013114 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 6174 bytes

User: Mcx1

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 175546 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 605759798 bytes

Total Files Cleaned = 764.00 mb

OTL by OldTimer - Version 3.2.53.1 log created on 07042012_084830

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Maniac · July 4, 2012

How are things now?

fleury · July 5, 2012

When I launched Chrome, the button for utorrentControl2 was gone, though strangely it just seemed to be invisible (when I hovered the mouse over where the button would otherwise be, there was still an alt-text that came up for it.

I went in to the Chrome settings to see the extensions, and it was there (again) so I deleted it. I rebooted and it now seems to be gone completely.

I'm using Chrome now to post this. It appears that everything is fixed. I'll monitor for a couple of days to see if the issues recur. Hopefully we're done!

Once again, I appreciate your help.

--

Marc.

Maniac · July 5, 2012

Good work, Marc!

Keep me informed.

fleury · July 6, 2012

There does appear to still be something lying dormant. It's not crippling my system like it was before, but it's still a bit disconcerting to know that this thing is somehow still hiding somewhere...

Today I created a new User profile in Chrome. When it launched, all seemed normal. After about five seconds, the utorrent thing showed up as a button. A few seconds after that, another tab auto-launched, stating that I had completed installation of utorrent. I shut that tab down and went in to the extensions option on the new profile, and that same utorrentControl2 option was there again. I deleted it and tested again by creating a new profile, and the same thing happened.

--

Marc.

Maniac · July 6, 2012

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
```
:folderfind
*torrent*

:regfind
torrent
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

fleury · July 9, 2012

<p>Thanks again for your continued help. Here's the log:</p>

<div>SystemLook 30.07.11 by jpshortstuff</div>

<div>Log created at 00:24 on 09/07/2012 by Marc</div>

<div>Administrator - Elevation successful</div>

<div>========== folderfind ==========</div>

<div>Searching for "*torrent*"</div>

<div>C:\Users\Marc\AppData\Local\uTorrent<span class="Apple-tab-span" style="white-space:pre"> </span>d------<span class="Apple-tab-span" style="white-space:pre"> </span>[03:48 25/06/2011]</div>

<div>C:\Users\Marc\Documents\Torrents<span class="Apple-tab-span" style="white-space:pre"> </span>d------<span class="Apple-tab-span" style="white-space:pre"> </span>[02:47 07/01/2008]</div>

<div>========== regfind ==========</div>

<div>Searching for "torrent"</div>

<div>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC260C-971D-44E3-91FB-0DF611DC1CD4}]</div>

<div>"AppPath"="C:\Program Files\uTorrent"</div>

<div>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC260C-971D-44E3-91FB-0DF611DC1CD4}]</div>

<div>"AppName"="uTorrent.exe"</div>

<div>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utorrent.com]</div>

<div>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\torrent]</div>

<div>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]</div>

<div>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList]</div>

<div>"b"="uTorrent.exe"</div>

<div>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.[Movie-Torrentz]]</div>

<div>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.torrent]</div>

<div>[HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe]</div>

<div>[HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe\shell\open\command]</div>

<div>@=""C:\Program Files\uTorrent\uTorrent.exe" "%1""</div>

<div>[HKEY_CURRENT_USER\Software\Classes\btdna\DefaultIcon]</div>

<div>@=""C:\Program Files\uTorrent\uTorrent.exe" ",0"</div>

<div>[HKEY_CURRENT_USER\Software\Classes\btdna\shell\open\command]</div>

<div>@=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA""</div>

<div>[HKEY_CURRENT_USER\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrent]</div>

<div>"Extension"=".torrent"</div>

<div>[HKEY_CURRENT_USER\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrentsearchdescription+xml]</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent]</div>

<div>"Extension"=".torrent"</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\AppPaths\client]</div>

<div>"AppPath"="C:\Program Files\uTorrent\uTorrent.exe"</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div>

<div>"{FDDD8E30-CA42-42E8-AD0E-3CDC9E578135}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div>

<div>"{88A4D3F4-8B33-47B4-BDCB-3A69590D10A0}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div>

<div>"TCP Query User{FDA56C29-B91C-4FA8-B472-4CEEDC48EC92}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div>

<div>"UDP Query User{E7ED8748-38A2-4649-8715-D36A53C19F5D}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div>

<div>"{FDDD8E30-CA42-42E8-AD0E-3CDC9E578135}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div>

<div>"{88A4D3F4-8B33-47B4-BDCB-3A69590D10A0}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div>

<div>"TCP Query User{FDA56C29-B91C-4FA8-B472-4CEEDC48EC92}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div>

<div>"UDP Query User{E7ED8748-38A2-4649-8715-D36A53C19F5D}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div>

<div>"{FDDD8E30-CA42-42E8-AD0E-3CDC9E578135}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div>

<div>"{88A4D3F4-8B33-47B4-BDCB-3A69590D10A0}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div>

<div>"TCP Query User{FDA56C29-B91C-4FA8-B472-4CEEDC48EC92}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div>

<div>"UDP Query User{E7ED8748-38A2-4649-8715-D36A53C19F5D}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"</div>

<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC260C-971D-44E3-91FB-0DF611DC1CD4}]</div>

<div>"AppPath"="C:\Program Files\uTorrent"</div>

<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC260C-971D-44E3-91FB-0DF611DC1CD4}]</div>

<div>"AppName"="uTorrent.exe"</div>

<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utorrent.com]</div>

<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\torrent]</div>

<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]</div>

<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList]</div>

<div>"b"="uTorrent.exe"</div>

<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.[Movie-Torrentz]]</div>

<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.torrent]</div>

<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\Applications\uTorrent.exe]</div>

<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\Applications\uTorrent.exe\shell\open\command]</div>

<div>@=""C:\Program Files\uTorrent\uTorrent.exe" "%1""</div>

<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\btdna\DefaultIcon]</div>

<div>@=""C:\Program Files\uTorrent\uTorrent.exe" ",0"</div>

<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\btdna\shell\open\command]</div>

<div>@=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA""</div>

<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrent]</div>

<div>"Extension"=".torrent"</div>

<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrentsearchdescription+xml]</div>

<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\Applications\uTorrent.exe]</div>

<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\Applications\uTorrent.exe\shell\open\command]</div>

<div>@=""C:\Program Files\uTorrent\uTorrent.exe" "%1""</div>

<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\btdna\DefaultIcon]</div>

<div>@=""C:\Program Files\uTorrent\uTorrent.exe" ",0"</div>

<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\btdna\shell\open\command]</div>

<div>@=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA""</div>

<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\MIME\DataBase\Content Type\application/x-bittorrent]</div>

<div>"Extension"=".torrent"</div>

<div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\MIME\DataBase\Content Type\application/x-bittorrentsearchdescription+xml]</div>

Maniac · July 9, 2012

Please click on Toggle editing mode, before you post it because there are some tags that will be added.

fleury · July 9, 2012

SystemLook 30.07.11 by jpshortstuff

Log created at 00:24 on 09/07/2012 by Marc

Administrator - Elevation successful

========== folderfind ==========

Searching for "*torrent*"

C:\Users\Marc\AppData\Local\uTorrent d------ [03:48 25/06/2011]

C:\Users\Marc\Documents\Torrents d------ [02:47 07/01/2008]

========== regfind ==========

Searching for "torrent"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC260C-971D-44E3-91FB-0DF611DC1CD4}]

"AppPath"="C:\Program Files\uTorrent"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC260C-971D-44E3-91FB-0DF611DC1CD4}]

"AppName"="uTorrent.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utorrent.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\torrent]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList]

"b"="uTorrent.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.[Movie-Torrentz]]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.torrent]

[HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe]

[HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe\shell\open\command]

@=""C:\Program Files\uTorrent\uTorrent.exe" "%1""

[HKEY_CURRENT_USER\Software\Classes\btdna\DefaultIcon]

@=""C:\Program Files\uTorrent\uTorrent.exe" ",0"

[HKEY_CURRENT_USER\Software\Classes\btdna\shell\open\command]

@=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA""

[HKEY_CURRENT_USER\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrent]

"Extension"=".torrent"

[HKEY_CURRENT_USER\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrentsearchdescription+xml]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent]

"Extension"=".torrent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]

[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\AppPaths\client]

"AppPath"="C:\Program Files\uTorrent\uTorrent.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{FDDD8E30-CA42-42E8-AD0E-3CDC9E578135}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{88A4D3F4-8B33-47B4-BDCB-3A69590D10A0}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"TCP Query User{FDA56C29-B91C-4FA8-B472-4CEEDC48EC92}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"UDP Query User{E7ED8748-38A2-4649-8715-D36A53C19F5D}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{FDDD8E30-CA42-42E8-AD0E-3CDC9E578135}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{88A4D3F4-8B33-47B4-BDCB-3A69590D10A0}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"TCP Query User{FDA56C29-B91C-4FA8-B472-4CEEDC48EC92}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"UDP Query User{E7ED8748-38A2-4649-8715-D36A53C19F5D}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{FDDD8E30-CA42-42E8-AD0E-3CDC9E578135}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{88A4D3F4-8B33-47B4-BDCB-3A69590D10A0}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"TCP Query User{FDA56C29-B91C-4FA8-B472-4CEEDC48EC92}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"UDP Query User{E7ED8748-38A2-4649-8715-D36A53C19F5D}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"

[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC260C-971D-44E3-91FB-0DF611DC1CD4}]

"AppPath"="C:\Program Files\uTorrent"

[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC260C-971D-44E3-91FB-0DF611DC1CD4}]

"AppName"="uTorrent.exe"

[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utorrent.com]

[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\torrent]

[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]

[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList]

"b"="uTorrent.exe"

[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.[Movie-Torrentz]]

[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.torrent]

[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\Applications\uTorrent.exe]

[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\Applications\uTorrent.exe\shell\open\command]

@=""C:\Program Files\uTorrent\uTorrent.exe" "%1""

[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\btdna\DefaultIcon]

@=""C:\Program Files\uTorrent\uTorrent.exe" ",0"

[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\btdna\shell\open\command]

@=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA""

[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrent]

"Extension"=".torrent"

[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrentsearchdescription+xml]

[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\Applications\uTorrent.exe]

[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\Applications\uTorrent.exe\shell\open\command]

@=""C:\Program Files\uTorrent\uTorrent.exe" "%1""

[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\btdna\DefaultIcon]

@=""C:\Program Files\uTorrent\uTorrent.exe" ",0"

[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\btdna\shell\open\command]

@=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA""

[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\MIME\DataBase\Content Type\application/x-bittorrent]

"Extension"=".torrent"

[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\MIME\DataBase\Content Type\application/x-bittorrentsearchdescription+xml]

-= EOF =-

Maniac · July 9, 2012

Delete your ComboFix copy, download a new fresh one. Next in the Start Menu Search box, type cmd and press Enter button.

In command prompt type the following:

netsh advfirewall reset

Next, again press Enter button.

Next step:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

Folder::
C:\Users\Marc\AppData\Local\uTorrent
C:\Users\Marc\Documents\Torrents

Registry::
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC260C-971D-44E3-91FB-0DF611DC1CD4}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utorrent.com]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\torrent]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.[Movie-Torrentz]]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.torrent]
[-HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe]
[-HKEY_CURRENT_USER\Software\Classes\btdna]
[-HKEY_CURRENT_USER\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrent]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Conduit]

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

fleury · July 10, 2012

The step at the command prompt gave me "The requested operation requires elevation."

However, I continued with the ComboFix process. Here's the log:

ComboFix 12-07-08.03 - Marc 10/07/2012 2:29.3.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1013.190 [GMT -4:00]

Running from: c:\users\Marc\Desktop\ComboFix.exe

Command switches used :: c:\users\Marc\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Marc\AppData\Local\uTorrent

c:\users\Marc\AppData\Roaming\inst.exe

c:\users\Marc\AppData\Roaming\vso_ts_preview.xml

c:\users\Marc\Documents\Torrents

c:\users\Marc\Documents\Torrents\1001_Books_You_Must_Read_Before_You_Die.5787852.TPB.torrent

c:\users\Marc\Documents\Torrents\2500__sci-fi_ebooks_in_epub_format.5698246.TPB.torrent

c:\users\Marc\Documents\Torrents\623_BOOKS_FOR_THE_IPHONE___IPAD_EPUB.5826551.TPB.torrent

c:\users\Marc\Documents\Torrents\All_Physics_Books_Categorized.4555365.TPB.torrent

c:\users\Marc\Documents\Torrents\Bored_to_Death_Season_01.5258374.TPB.torrent

c:\users\Marc\Documents\Torrents\categories.txt

c:\users\Marc\Documents\Torrents\It__s_A_Wonderful_Life_Uncut_1946_DvDrip[Eng]-greenbud1969.4614456.TPB.torrent

c:\users\Marc\Documents\Torrents\itemtypes.txt

c:\users\Marc\Documents\Torrents\Joda_rompack_for_the_Nintendo_DS_[2601-2700].4413494.TPB.torrent

c:\users\Marc\Documents\Torrents\Joda_rompack_for_the_Nintendo_DS_[3101-3200].4644384.TPB.torrent

c:\users\Marc\Documents\Torrents\Lost.S01-05_complete_DVDRiP.5383685.TPB.torrent

c:\users\Marc\Documents\Torrents\Nintendo_DS_ROMs_4801_-_4900.5615573.TPB.torrent

c:\users\Marc\Documents\Torrents\Rome-Season_1___2.4638175.TPB.torrent

c:\users\Marc\Documents\Torrents\Shrek_Forever_After_(2010)_DVD-R_(eng-spa-fra)_[manuvoulquin].5989463.TPB.torrent

c:\users\Marc\Documents\Torrents\Snow_White_and_the_Seven_Dwarfs_luxe_Edition(2009)(ENG_NL)2Lions.5134560.TPB.torrent

c:\users\Marc\Documents\Torrents\Sonic_X_Series_1.3631362.TPB.torrent

c:\users\Marc\Documents\Torrents\Star_Trek-The_Original_Series_(Season_1)_Remastered_And_Enhanced.5515718.TPB.torrent

c:\users\Marc\Documents\Torrents\The.Fairly.OddParents.5.Seasons.4584020.TPB.torrent

c:\users\Marc\Documents\Torrents\The_Earthsea_Cycle-_Ursula_K._Le_Guin_(Epub__Mobi__Lit__Pdf).5943625.TPB.torrent

c:\users\Marc\Documents\Torrents\The_Social_Network_2010_DVDSCR_XViD-WBZ_.5915536.TPB.torrent

c:\users\Marc\Documents\Torrents\TV__Arthur_(Marc_Brown)_PBS_Kids_[season_01_-_10]_FULL_EPISODES.5181352.TPB.torrent

c:\users\Marc\Documents\Torrents\Wolverine_and_the_X-Men_-_Season_1_-_Complete.4785976.TPB.torrent

c:\windows\Downloaded Program Files\setup.dll

c:\windows\Fonts\HandelGotDOT-Bol.otf

c:\windows\system32\muzapp.exe

.

((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 )))))))))))))))))))))))))))))))

.

2012-07-10 06:51 . 2012-07-10 11:40 -------- d-----w- c:\users\Marc\AppData\Local\temp

2012-07-10 06:51 . 2012-07-10 06:51 -------- d-----w- c:\users\Mcx1\AppData\Local\temp

2012-07-10 06:51 . 2012-07-10 06:51 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-07-10 06:51 . 2012-07-10 06:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-10 03:59 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{858BB809-42FE-4982-B089-A90033A0DDF6}\mpengine.dll

2012-07-09 04:01 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-04 03:56 . 2012-06-03 04:40 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{175742C7-8CFB-4ABB-9044-6E8CACFE704E}\gapaengine.dll

2012-06-21 23:57 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 23:57 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 23:57 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 23:57 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 23:55 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-21 23:55 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 23:55 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 23:53 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 23:53 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-15 05:07 . 2012-06-15 05:07 -------- d-----w- c:\programdata\Kaspersky Lab

2012-06-14 01:25 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll

2012-06-14 01:25 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-14 01:25 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-14 01:24 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-14 01:24 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys

2012-06-13 11:36 . 2012-06-13 11:36 -------- d-----w- c:\program files\ESET

2012-06-12 21:37 . 2012-06-12 21:37 -------- d-----w- c:\program files\Dropbox

2012-06-12 21:33 . 2012-07-10 01:32 -------- d-----w- c:\users\Marc\AppData\Roaming\Dropbox

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-03 04:40 . 2012-06-03 04:56 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-06-03 03:40 . 2012-06-03 03:40 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13F0BDB0-AB9F-463E-82F2-8C56660EB083}\offreg.dll

2012-05-29 07:38 . 2011-03-02 11:57 330240 ----a-w- c:\windows\MASetupCaller.dll

2012-05-15 05:43 . 2012-06-03 03:20 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13F0BDB0-AB9F-463E-82F2-8C56660EB083}\mpengine.dll

2012-05-05 14:07 . 2012-04-13 10:53 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-05 14:07 . 2011-06-07 04:56 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"googletalk"="c:\users\Marc\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-30 21432]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]

"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-05-30 3521464]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

.

c:\users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-6 27502520]

EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112]

KooBits 4.lnk - c:\program files\KooBits 4.0\KooBits 4.0.exe [N/A]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 14:07]

.

2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3952486750-2209785099-4280780671-1000Core.job

- c:\users\Marc\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 22:46]

.

2012-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3952486750-2209785099-4280780671-1000UA.job

- c:\users\Marc\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 22:46]

.

------- Supplementary Scan -------

.

uStart Page = https://www.google.ca/

mStart Page = hxxp://sympatico.ca

IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1 192.168.2.1

DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} - hxxps://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab

DPF: {F79364C6-8DF2-4060-BF77-35239AC7BCB1} - hxxps://connect.startek.com/Hyperion/zeroadmin/component/Insight/setup.cab

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-10 07:43

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(1060)

c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\windows\system32\WLANExt.exe

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\wbem\unsecapp.exe

.

**************************************************************************

.

Completion time: 2012-07-10 07:57:33 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-10 11:56

ComboFix2.txt 2012-06-19 03:25

.

Pre-Run: 12,817,362,944 bytes free

Post-Run: 11,938,877,440 bytes free

.

- - End Of File - - 110F8ED5F40414798E922171D1754254

Maniac · July 10, 2012

Any progress now?

Chrome infected? Help =(

Recommended Posts

Link to post

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information