fleury

Members
  • Content count

    32
  • Joined

  • Last visited

About fleury

  • Rank
    New Member
  1. Wow. That appears to have fixed it. It had the side effect of deleting my other Chrome profiles for some reason, but they were pretty easy to set up again. And when I did so, the uTorrent thing was not coming up like before! Thanks!' -- Marc.
  2. SystemLook 30.07.11 by jpshortstuff Log created at 15:50 on 15/07/2012 by Marc Administrator - Elevation successful ========== folderfind ========== Searching for "*CRE*" C:\Program Files\Common Files\microsoft shared\THEMES12\CONCRETE d------ [18:55 30/07/2008] C:\Program Files\Hewlett-Packard\HP Software UI\PC Registration d------ [11:21 21/12/2006] C:\Program Files\LEGO Company\LEGO Digital Designer\HTML\StarterModels\Creator d------ [04:09 24/01/2012] C:\Program Files\Microsoft SDKs\Windows\v7.0A\Bootstrapper\Packages\vcredist_x64 d------ [02:29 01/09/2010] C:\Program Files\Microsoft SDKs\Windows\v7.0A\Bootstrapper\Packages\vcredist_x86 d------ [02:30 01/09/2010] C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\ItemTemplatesCache\CSharp\WPF\1033\WPFSplashScreen.zip d------ [08:25 14/03/2012] C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\ItemTemplatesCache\VisualBasic\Windows Forms\1033\SplashScreen.zip d------ [08:26 14/03/2012] C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\ItemTemplatesCache\VisualBasic\WPF\1033\WPFSplashScreen.zip d------ [08:26 14/03/2012] C:\Program Files\Microsoft Visual Studio 10.0\VB\Snippets\1033\data\xml\XML - Create d------ [02:27 01/09/2010] C:\Program Files\Microsoft Visual Studio 10.0\VC\VCResourceTemplates d------ [02:27 01/09/2010] C:\Program Files\Notepad++\user.manual\Images\Screenshots d------ [00:54 13/03/2011] C:\System.sav\TSCREEN d------ [20:21 27/11/2006] C:\Users\Marc\AppData\Local\Bizarre Creations d------ [19:02 14/01/2010] C:\Users\Marc\AppData\Local\CRE d------ [02:42 28/05/2012] C:\Users\Marc\AppData\Local\Google\GBScreensaver d------ [23:16 19/09/2009] C:\Users\Marc\AppData\Local\Microsoft\Credentials d---s-- [10:12 03/01/2008] C:\Users\Marc\AppData\Roaming\Ipswitch\WS_FTP\HTML\Res_409_12.0.1\SSHCLIENTKEYCREATE d------ [23:22 10/08/2009] C:\Users\Marc\AppData\Roaming\Ipswitch\WS_FTP\HTML\Res_409_12.0.1\SSLCREATECERTWIZ d------ [23:22 10/08/2009] C:\Users\Marc\AppData\Roaming\Microsoft\Credentials d---s-- [10:12 03/01/2008] C:\Users\Marc\brickstore-cache\M\cre001 d------ [07:02 08/03/2012] C:\Users\Marc\brickstore-cache\M\cre002 d------ [20:56 29/05/2011] C:\Users\Marc\brickstore-cache\M\cre003 d------ [20:56 29/05/2011] C:\Users\Marc\brickstore-cache\M\cre004 d------ [20:56 29/05/2011] C:\Users\Marc\brickstore-cache\M\cre005 d------ [07:02 08/03/2012] C:\Users\Marc\brickstore-cache\M\cre006 d------ [07:02 08/03/2012] C:\Users\Marc\brickstore-cache\M\cre010 d------ [07:02 08/03/2012] C:\Users\Marc\brickstore-cache\M\cre011 d------ [07:02 08/03/2012] C:\Users\Marc\brickstore-cache\P\crssprt02pb72 d------ [04:40 27/12/2011] C:\Users\Marc\brickstore-cache\P\crssprt02pb77 d------ [04:40 27/12/2011] C:\Users\Marc\brickstore-cache\P\crssprt02pb38b d------ [04:40 27/12/2011] C:\Users\Marc\brickstore-cache\P\crssprt02pb64a d------ [04:40 27/12/2011] C:\Users\Marc\Calibre Library\J. K. Rowling\Harry Potter and the Chamber of Secrets (462) d------ [02:20 30/12/2010] C:\Users\Marc\Documents\LEGO Creations d------ [20:22 27/07/2009] C:\Users\Mcx1\AppData\Local\Microsoft\Credentials d---s-- [03:39 23/11/2011] C:\Users\Mcx1\AppData\Roaming\Microsoft\Credentials d---s-- [03:39 23/11/2011] C:\Windows\assembly\GAC_MSIL\IEExecRemote dr----- [11:18 02/11/2006] C:\Windows\ehome\CreateDisc d------ [12:37 02/11/2006] C:\Windows\ehome\CreateDisc\SonicResources d------ [12:37 02/11/2006] C:\Windows\System32\config\systemprofile\AppData\Local\Google\GBScreensaver d------ [20:54 24/01/2010] C:\Windows\winsxs\msil_ieexecremote_b03f5f7f11d50a3a_6.0.6000.16386_none_ef9a51cfc4df6184 d------ [11:18 02/11/2006] C:\Windows\winsxs\msil_ieexecremote_b03f5f7f11d50a3a_6.0.6000.16720_none_ef94d833c4e430f8 d------ [14:37 15/02/2009] C:\Windows\winsxs\msil_ieexecremote_b03f5f7f11d50a3a_6.0.6000.20883_none_d8cceed7de8675eb d------ [14:37 15/02/2009] C:\Windows\winsxs\msil_ieexecremote_b03f5f7f11d50a3a_6.0.6001.18000_none_ef6ed38bc5370a50 d------ [11:21 24/09/2008] C:\Windows\winsxs\msil_ieexecremote_b03f5f7f11d50a3a_6.0.6001.18111_none_ef6fbce9c5363d99 d------ [14:37 15/02/2009] C:\Windows\winsxs\msil_ieexecremote_b03f5f7f11d50a3a_6.0.6001.22230_none_d8a42d85dedbb6ac d------ [14:37 15/02/2009] C:\Windows\winsxs\msil_ieexecremote_b03f5f7f11d50a3a_6.0.6002.18005_none_ef4a58c7c5889e64 d------ [11:46 18/09/2009] C:\Windows\winsxs\x86_microsoft-windows-a..dcredentialprovider_31bf3856ad364e35_6.0.6000.16386_none_3fd3e2bdc5a2408e d------ [11:18 02/11/2006] C:\Windows\winsxs\x86_microsoft-windows-a..dcredentialprovider_31bf3856ad364e35_6.0.6001.18000_none_420aa4b9c28d5162 d------ [11:21 24/09/2008] C:\Windows\winsxs\x86_microsoft-windows-a..dcredentialprovider_31bf3856ad364e35_6.0.6002.18005_none_43f61dc5bfaf1cae d------ [11:46 18/09/2009] C:\Windows\winsxs\x86_microsoft-windows-credui.resources_31bf3856ad364e35_6.0.6000.16386_en-us_5fe4036ea556b4f7 d------ [12:41 02/11/2006] C:\Windows\winsxs\x86_microsoft-windows-credui_31bf3856ad364e35_6.0.6000.16386_none_d9008ac592026334 d------ [11:18 02/11/2006] C:\Windows\winsxs\x86_microsoft-windows-credui_31bf3856ad364e35_6.0.6001.18000_none_db374cc18eed7408 d------ [11:20 24/09/2008] C:\Windows\winsxs\x86_microsoft-windows-credui_31bf3856ad364e35_6.0.6002.18005_none_dd22c5cd8c0f3f54 d------ [11:46 18/09/2009] C:\Windows\winsxs\x86_microsoft-windows-credwiz.resources_31bf3856ad364e35_6.0.6000.16386_en-us_0dcdf312c69f3fe9 d------ [12:41 02/11/2006] C:\Windows\winsxs\x86_microsoft-windows-credwiz_31bf3856ad364e35_6.0.6000.16386_none_9da3eeaf6eea0db4 d------ [11:18 02/11/2006] C:\Windows\winsxs\x86_microsoft-windows-eventcreate.resources_31bf3856ad364e35_6.0.6000.16386_en-us_163f93beca50608f d------ [12:41 02/11/2006] C:\Windows\winsxs\x86_microsoft-windows-eventcreate_31bf3856ad364e35_6.0.6000.16386_none_d32c0ea842a8cb28 d------ [11:18 02/11/2006] C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6000.16386_none_6997bcdc5b8aeeb5 d------ [12:36 02/11/2006] C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6000.16510_none_69dd6e605b578d62 d------ [04:10 04/01/2008] C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6000.16552_none_69b42f445b762fd4 d------ [04:24 04/01/2008] C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6000.20625_none_6a613cb17478c7d0 d------ [04:10 04/01/2008] C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6000.20671_none_6a272bed74a4ee29 d------ [04:24 04/01/2008] C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6001.18000_none_6bce7ed85875ff89 d------ [11:23 24/09/2008] C:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.0.6002.18005_none_6db9f7e45597cad5 d------ [11:47 18/09/2009] C:\Windows\winsxs\x86_microsoft-windows-security-credssp_31bf3856ad364e35_6.0.6000.16386_none_c1816f73a4a4f3fd d------ [11:19 02/11/2006] C:\Windows\winsxs\x86_microsoft-windows-security-credssp_31bf3856ad364e35_6.0.6001.18000_none_c3b8316fa19004d1 d------ [01:03 20/09/2008] C:\Windows\winsxs\x86_microsoft-windows-sonic-createdisc_31bf3856ad364e35_6.0.6000.16386_none_3dbfc4bbf1adf534 d------ [12:35 02/11/2006] C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16386_none_e106c2e628087e97 d------ [11:19 02/11/2006] C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b d------ [14:34 15/02/2009] C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe d------ [14:34 15/02/2009] C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac d------ [14:33 15/02/2009] C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ca109e9c4204d3bf d------ [14:33 15/02/2009] -= EOF =-
  3. On my existing profiles, there's nothing there. "Boo... You have no extensions :-( Want to browse the gallery instead?" If I create a new user and then go to the Extensions options page, it shows the same thing (no extensions) for about ten or twenty seconds, and then the uTorrentControl2 extension appears (along with the button next to the tab URL). I have clicked on the garbage can icon to remove the extension every time. -- Marc.
  4. SystemLook 30.07.11 by jpshortstuff Log created at 20:58 on 11/07/2012 by Marc Administrator - Elevation successful ========== folderfind ========== Searching for "*torrent*" C:\Qoobox\Quarantine\C\Users\Marc\AppData\Local\uTorrent d------ [06:49 10/07/2012] C:\Qoobox\Quarantine\C\Users\Marc\Documents\Torrents d------ [06:49 10/07/2012] ========== regfind ========== Searching for "torrent" [HKEY_CURRENT_USER\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrentsearchdescription+xml] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent] "Extension"=".torrent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{FDDD8E30-CA42-42E8-AD0E-3CDC9E578135}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{88A4D3F4-8B33-47B4-BDCB-3A69590D10A0}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "TCP Query User{FDA56C29-B91C-4FA8-B472-4CEEDC48EC92}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "UDP Query User{E7ED8748-38A2-4649-8715-D36A53C19F5D}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{FDDD8E30-CA42-42E8-AD0E-3CDC9E578135}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{88A4D3F4-8B33-47B4-BDCB-3A69590D10A0}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "TCP Query User{FDA56C29-B91C-4FA8-B472-4CEEDC48EC92}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "UDP Query User{E7ED8748-38A2-4649-8715-D36A53C19F5D}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{FDDD8E30-CA42-42E8-AD0E-3CDC9E578135}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{88A4D3F4-8B33-47B4-BDCB-3A69590D10A0}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "TCP Query User{FDA56C29-B91C-4FA8-B472-4CEEDC48EC92}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "UDP Query User{E7ED8748-38A2-4649-8715-D36A53C19F5D}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|" [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrentsearchdescription+xml] [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\MIME\DataBase\Content Type\application/x-bittorrentsearchdescription+xml] -= EOF =-
  5. Still the same as last update -- my existing Chrome profile seems to work fine, but if I add a new profile, within a few seconds the extension button appears and a new tab is launched, at http://www.utorrent.com/utorrent-control-complete -- Marc.
  6. The step at the command prompt gave me "The requested operation requires elevation." However, I continued with the ComboFix process. Here's the log: ComboFix 12-07-08.03 - Marc 10/07/2012 2:29.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1013.190 [GMT -4:00] Running from: c:\users\Marc\Desktop\ComboFix.exe Command switches used :: c:\users\Marc\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Marc\AppData\Local\uTorrent c:\users\Marc\AppData\Roaming\inst.exe c:\users\Marc\AppData\Roaming\vso_ts_preview.xml c:\users\Marc\Documents\Torrents c:\users\Marc\Documents\Torrents\1001_Books_You_Must_Read_Before_You_Die.5787852.TPB.torrent c:\users\Marc\Documents\Torrents\2500__sci-fi_ebooks_in_epub_format.5698246.TPB.torrent c:\users\Marc\Documents\Torrents\623_BOOKS_FOR_THE_IPHONE___IPAD_EPUB.5826551.TPB.torrent c:\users\Marc\Documents\Torrents\All_Physics_Books_Categorized.4555365.TPB.torrent c:\users\Marc\Documents\Torrents\Bored_to_Death_Season_01.5258374.TPB.torrent c:\users\Marc\Documents\Torrents\categories.txt c:\users\Marc\Documents\Torrents\It__s_A_Wonderful_Life_Uncut_1946_DvDrip[Eng]-greenbud1969.4614456.TPB.torrent c:\users\Marc\Documents\Torrents\itemtypes.txt c:\users\Marc\Documents\Torrents\Joda_rompack_for_the_Nintendo_DS_[2601-2700].4413494.TPB.torrent c:\users\Marc\Documents\Torrents\Joda_rompack_for_the_Nintendo_DS_[3101-3200].4644384.TPB.torrent c:\users\Marc\Documents\Torrents\Lost.S01-05_complete_DVDRiP.5383685.TPB.torrent c:\users\Marc\Documents\Torrents\Nintendo_DS_ROMs_4801_-_4900.5615573.TPB.torrent c:\users\Marc\Documents\Torrents\Rome-Season_1___2.4638175.TPB.torrent c:\users\Marc\Documents\Torrents\Shrek_Forever_After_(2010)_DVD-R_(eng-spa-fra)_[manuvoulquin].5989463.TPB.torrent c:\users\Marc\Documents\Torrents\Snow_White_and_the_Seven_Dwarfs_luxe_Edition(2009)(ENG_NL)2Lions.5134560.TPB.torrent c:\users\Marc\Documents\Torrents\Sonic_X_Series_1.3631362.TPB.torrent c:\users\Marc\Documents\Torrents\Star_Trek-The_Original_Series_(Season_1)_Remastered_And_Enhanced.5515718.TPB.torrent c:\users\Marc\Documents\Torrents\The.Fairly.OddParents.5.Seasons.4584020.TPB.torrent c:\users\Marc\Documents\Torrents\The_Earthsea_Cycle-_Ursula_K._Le_Guin_(Epub__Mobi__Lit__Pdf).5943625.TPB.torrent c:\users\Marc\Documents\Torrents\The_Social_Network_2010_DVDSCR_XViD-WBZ_.5915536.TPB.torrent c:\users\Marc\Documents\Torrents\TV__Arthur_(Marc_Brown)_PBS_Kids_[season_01_-_10]_FULL_EPISODES.5181352.TPB.torrent c:\users\Marc\Documents\Torrents\Wolverine_and_the_X-Men_-_Season_1_-_Complete.4785976.TPB.torrent c:\windows\Downloaded Program Files\setup.dll c:\windows\Fonts\HandelGotDOT-Bol.otf c:\windows\system32\muzapp.exe . . ((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 ))))))))))))))))))))))))))))))) . . 2012-07-10 06:51 . 2012-07-10 11:40 -------- d-----w- c:\users\Marc\AppData\Local\temp 2012-07-10 06:51 . 2012-07-10 06:51 -------- d-----w- c:\users\Mcx1\AppData\Local\temp 2012-07-10 06:51 . 2012-07-10 06:51 -------- d-----w- c:\users\Guest\AppData\Local\temp 2012-07-10 06:51 . 2012-07-10 06:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-10 03:59 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{858BB809-42FE-4982-B089-A90033A0DDF6}\mpengine.dll 2012-07-09 04:01 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-04 03:56 . 2012-06-03 04:40 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{175742C7-8CFB-4ABB-9044-6E8CACFE704E}\gapaengine.dll 2012-06-21 23:57 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 23:57 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 23:57 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 23:57 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 23:55 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-21 23:55 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 23:55 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 23:53 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 23:53 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-15 05:07 . 2012-06-15 05:07 -------- d-----w- c:\programdata\Kaspersky Lab 2012-06-14 01:25 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll 2012-06-14 01:25 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-14 01:25 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-14 01:24 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-14 01:24 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys 2012-06-13 11:36 . 2012-06-13 11:36 -------- d-----w- c:\program files\ESET 2012-06-12 21:37 . 2012-06-12 21:37 -------- d-----w- c:\program files\Dropbox 2012-06-12 21:33 . 2012-07-10 01:32 -------- d-----w- c:\users\Marc\AppData\Roaming\Dropbox . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-03 04:40 . 2012-06-03 04:56 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-06-03 03:40 . 2012-06-03 03:40 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13F0BDB0-AB9F-463E-82F2-8C56660EB083}\offreg.dll 2012-05-29 07:38 . 2011-03-02 11:57 330240 ----a-w- c:\windows\MASetupCaller.dll 2012-05-15 05:43 . 2012-06-03 03:20 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13F0BDB0-AB9F-463E-82F2-8C56660EB083}\mpengine.dll 2012-05-05 14:07 . 2012-04-13 10:53 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-05 14:07 . 2011-06-07 04:56 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "googletalk"="c:\users\Marc\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-30 21432] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-05-30 3521464] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] . c:\users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-6 27502520] EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112] KooBits 4.lnk - c:\program files\KooBits 4.0\KooBits 4.0.exe [N/A] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 14:07] . 2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3952486750-2209785099-4280780671-1000Core.job - c:\users\Marc\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 22:46] . 2012-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3952486750-2209785099-4280780671-1000UA.job - c:\users\Marc\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 22:46] . . ------- Supplementary Scan ------- . uStart Page = https://www.google.ca/ mStart Page = hxxp://sympatico.ca IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 192.168.2.1 DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} - hxxps://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab DPF: {F79364C6-8DF2-4060-BF77-35239AC7BCB1} - hxxps://connect.startek.com/Hyperion/zeroadmin/component/Insight/setup.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-10 07:43 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(1060) c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\system32\WLANExt.exe c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\DRIVERS\xaudio.exe c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\wbem\unsecapp.exe . ************************************************************************** . Completion time: 2012-07-10 07:57:33 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-10 11:56 ComboFix2.txt 2012-06-19 03:25 . Pre-Run: 12,817,362,944 bytes free Post-Run: 11,938,877,440 bytes free . - - End Of File - - 110F8ED5F40414798E922171D1754254
  7. SystemLook 30.07.11 by jpshortstuff Log created at 00:24 on 09/07/2012 by Marc Administrator - Elevation successful ========== folderfind ========== Searching for "*torrent*" C:\Users\Marc\AppData\Local\uTorrent d------ [03:48 25/06/2011] C:\Users\Marc\Documents\Torrents d------ [02:47 07/01/2008] ========== regfind ========== Searching for "torrent" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC260C-971D-44E3-91FB-0DF611DC1CD4}] "AppPath"="C:\Program Files\uTorrent" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC260C-971D-44E3-91FB-0DF611DC1CD4}] "AppName"="uTorrent.exe" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utorrent.com] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\torrent] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList] "b"="uTorrent.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.[Movie-Torrentz]] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.torrent] [HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe] [HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe\shell\open\command] @=""C:\Program Files\uTorrent\uTorrent.exe" "%1"" [HKEY_CURRENT_USER\Software\Classes\btdna\DefaultIcon] @=""C:\Program Files\uTorrent\uTorrent.exe" ",0" [HKEY_CURRENT_USER\Software\Classes\btdna\shell\open\command] @=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA"" [HKEY_CURRENT_USER\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrent] [HKEY_CURRENT_USER\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrent] "Extension"=".torrent" [HKEY_CURRENT_USER\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrentsearchdescription+xml] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent] "Extension"=".torrent" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml] [HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\AppPaths\client] "AppPath"="C:\Program Files\uTorrent\uTorrent.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{FDDD8E30-CA42-42E8-AD0E-3CDC9E578135}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{88A4D3F4-8B33-47B4-BDCB-3A69590D10A0}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "TCP Query User{FDA56C29-B91C-4FA8-B472-4CEEDC48EC92}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "UDP Query User{E7ED8748-38A2-4649-8715-D36A53C19F5D}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{FDDD8E30-CA42-42E8-AD0E-3CDC9E578135}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{88A4D3F4-8B33-47B4-BDCB-3A69590D10A0}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "TCP Query User{FDA56C29-B91C-4FA8-B472-4CEEDC48EC92}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "UDP Query User{E7ED8748-38A2-4649-8715-D36A53C19F5D}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{FDDD8E30-CA42-42E8-AD0E-3CDC9E578135}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{88A4D3F4-8B33-47B4-BDCB-3A69590D10A0}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "TCP Query User{FDA56C29-B91C-4FA8-B472-4CEEDC48EC92}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "UDP Query User{E7ED8748-38A2-4649-8715-D36A53C19F5D}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|" [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC260C-971D-44E3-91FB-0DF611DC1CD4}] "AppPath"="C:\Program Files\uTorrent" [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC260C-971D-44E3-91FB-0DF611DC1CD4}] "AppName"="uTorrent.exe" [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utorrent.com] [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\torrent] [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent] [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList] "b"="uTorrent.exe" [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.[Movie-Torrentz]] [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.torrent] [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\Applications\uTorrent.exe] [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\Applications\uTorrent.exe\shell\open\command] @=""C:\Program Files\uTorrent\uTorrent.exe" "%1"" [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\btdna\DefaultIcon] @=""C:\Program Files\uTorrent\uTorrent.exe" ",0" [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\btdna\shell\open\command] @=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA"" [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrent] [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrent] "Extension"=".torrent" [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrentsearchdescription+xml] [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\Applications\uTorrent.exe] [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\Applications\uTorrent.exe\shell\open\command] @=""C:\Program Files\uTorrent\uTorrent.exe" "%1"" [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\btdna\DefaultIcon] @=""C:\Program Files\uTorrent\uTorrent.exe" ",0" [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\btdna\shell\open\command] @=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA"" [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\MIME\DataBase\Content Type\application/x-bittorrent] [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\MIME\DataBase\Content Type\application/x-bittorrent] "Extension"=".torrent" [HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\MIME\DataBase\Content Type\application/x-bittorrentsearchdescription+xml] -= EOF =-
  8. <p>Thanks again for your continued help. Here's the log:</p> <p> </p> <p> </p> <div>SystemLook 30.07.11 by jpshortstuff</div> <div>Log created at 00:24 on 09/07/2012 by Marc</div> <div>Administrator - Elevation successful</div> <div> </div> <div>========== folderfind ==========</div> <div> </div> <div>Searching for "*torrent*"</div> <div>C:\Users\Marc\AppData\Local\uTorrent<span class="Apple-tab-span" style="white-space:pre"> </span>d------<span class="Apple-tab-span" style="white-space:pre"> </span>[03:48 25/06/2011]</div> <div>C:\Users\Marc\Documents\Torrents<span class="Apple-tab-span" style="white-space:pre"> </span>d------<span class="Apple-tab-span" style="white-space:pre"> </span>[02:47 07/01/2008]</div> <div> </div> <div>========== regfind ==========</div> <div> </div> <div>Searching for "torrent"</div> <div>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC260C-971D-44E3-91FB-0DF611DC1CD4}]</div> <div>"AppPath"="C:\Program Files\uTorrent"</div> <div>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC260C-971D-44E3-91FB-0DF611DC1CD4}]</div> <div>"AppName"="uTorrent.exe"</div> <div>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utorrent.com]</div> <div>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\torrent]</div> <div>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]</div> <div>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList]</div> <div>"b"="uTorrent.exe"</div> <div>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.[Movie-Torrentz]]</div> <div>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.torrent]</div> <div>[HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe]</div> <div>[HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe\shell\open\command]</div> <div>@=""C:\Program Files\uTorrent\uTorrent.exe" "%1""</div> <div>[HKEY_CURRENT_USER\Software\Classes\btdna\DefaultIcon]</div> <div>@=""C:\Program Files\uTorrent\uTorrent.exe" ",0"</div> <div>[HKEY_CURRENT_USER\Software\Classes\btdna\shell\open\command]</div> <div>@=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA""</div> <div>[HKEY_CURRENT_USER\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrent]</div> <div>[HKEY_CURRENT_USER\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrent]</div> <div>"Extension"=".torrent"</div> <div>[HKEY_CURRENT_USER\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrentsearchdescription+xml]</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent]</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent]</div> <div>"Extension"=".torrent"</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml]</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\AppPaths\client]</div> <div>"AppPath"="C:\Program Files\uTorrent\uTorrent.exe"</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div> <div>"{FDDD8E30-CA42-42E8-AD0E-3CDC9E578135}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div> <div>"{88A4D3F4-8B33-47B4-BDCB-3A69590D10A0}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div> <div>"TCP Query User{FDA56C29-B91C-4FA8-B472-4CEEDC48EC92}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div> <div>"UDP Query User{E7ED8748-38A2-4649-8715-D36A53C19F5D}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div> <div>"{FDDD8E30-CA42-42E8-AD0E-3CDC9E578135}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div> <div>"{88A4D3F4-8B33-47B4-BDCB-3A69590D10A0}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div> <div>"TCP Query User{FDA56C29-B91C-4FA8-B472-4CEEDC48EC92}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div> <div>"UDP Query User{E7ED8748-38A2-4649-8715-D36A53C19F5D}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div> <div>"{FDDD8E30-CA42-42E8-AD0E-3CDC9E578135}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div> <div>"{88A4D3F4-8B33-47B4-BDCB-3A69590D10A0}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\uTorrent\uTorrent.exe|Name=µTorrent|Edge=FALSE|"</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div> <div>"TCP Query User{FDA56C29-B91C-4FA8-B472-4CEEDC48EC92}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]</div> <div>"UDP Query User{E7ED8748-38A2-4649-8715-D36A53C19F5D}C:\program files\utorrent\utorrent.exe"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Edge=FALSE|"</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC260C-971D-44E3-91FB-0DF611DC1CD4}]</div> <div>"AppPath"="C:\Program Files\uTorrent"</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC260C-971D-44E3-91FB-0DF611DC1CD4}]</div> <div>"AppName"="uTorrent.exe"</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\utorrent.com]</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\torrent]</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList]</div> <div>"b"="uTorrent.exe"</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.[Movie-Torrentz]]</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.torrent]</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\Applications\uTorrent.exe]</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\Applications\uTorrent.exe\shell\open\command]</div> <div>@=""C:\Program Files\uTorrent\uTorrent.exe" "%1""</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\btdna\DefaultIcon]</div> <div>@=""C:\Program Files\uTorrent\uTorrent.exe" ",0"</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\btdna\shell\open\command]</div> <div>@=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA""</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrent]</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrent]</div> <div>"Extension"=".torrent"</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Classes\MIME\DataBase\Content Type\application/x-bittorrentsearchdescription+xml]</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\Applications\uTorrent.exe]</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\Applications\uTorrent.exe\shell\open\command]</div> <div>@=""C:\Program Files\uTorrent\uTorrent.exe" "%1""</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\btdna\DefaultIcon]</div> <div>@=""C:\Program Files\uTorrent\uTorrent.exe" ",0"</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\btdna\shell\open\command]</div> <div>@=""C:\Program Files\uTorrent\uTorrent.exe" "/DNA""</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\MIME\DataBase\Content Type\application/x-bittorrent]</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\MIME\DataBase\Content Type\application/x-bittorrent]</div> <div>"Extension"=".torrent"</div> <div>[HKEY_USERS\S-1-5-21-3952486750-2209785099-4280780671-1000_Classes\MIME\DataBase\Content Type\application/x-bittorrentsearchdescription+xml]</div> <div> </div> <div>-= EOF =-</div>
  9. There does appear to still be something lying dormant. It's not crippling my system like it was before, but it's still a bit disconcerting to know that this thing is somehow still hiding somewhere... Today I created a new User profile in Chrome. When it launched, all seemed normal. After about five seconds, the utorrent thing showed up as a button. A few seconds after that, another tab auto-launched, stating that I had completed installation of utorrent. I shut that tab down and went in to the extensions option on the new profile, and that same utorrentControl2 option was there again. I deleted it and tested again by creating a new profile, and the same thing happened. -- Marc.
  10. When I launched Chrome, the button for utorrentControl2 was gone, though strangely it just seemed to be invisible (when I hovered the mouse over where the button would otherwise be, there was still an alt-text that came up for it. I went in to the Chrome settings to see the extensions, and it was there (again) so I deleted it. I rebooted and it now seems to be gone completely. I'm using Chrome now to post this. It appears that everything is fixed. I'll monitor for a couple of days to see if the issues recur. Hopefully we're done! Once again, I appreciate your help. -- Marc.
  11. All processes killed ========== OTL ========== File C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0 not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Guest ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Marc ->Temp folder emptied: 572352 bytes ->Temporary Internet Files folder emptied: 184296972 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 10013114 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 6174 bytes User: Mcx1 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 175546 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 605759798 bytes Total Files Cleaned = 764.00 mb OTL by OldTimer - Version 3.2.53.1 log created on 07042012_084830 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...
  12. Like the last time I ran a fix, OTL crashed when it appeared to be nearing completion. I didn't run it a second time this time, though. Files\Folders moved on Reboot... C:\Users\Marc\AppData\Local\Temp\ehmsas.txt moved successfully. PendingFileRenameOperations files... File C:\Users\Marc\AppData\Local\Temp\ehmsas.txt not found! Registry entries deleted on Reboot...
  13. OTL logfile created on: 01/07/2012 11:00:44 PM - Run 2 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Marc\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 1013.31 Mb Total Physical Memory | 321.32 Mb Available Physical Memory | 31.71% Memory free 2.23 Gb Paging File | 1.09 Gb Available in Paging File | 48.71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 105.33 Gb Total Space | 11.64 Gb Free Space | 11.05% Space Free | Partition Type: NTFS Drive D: | 6.46 Gb Total Space | 0.75 Gb Free Space | 11.67% Space Free | Partition Type: NTFS Computer Name: MARC_LAPTOP | User Name: Marc | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/01 22:57:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Marc\Desktop\OTL.exe PRC - [2012/06/06 22:02:30 | 027,502,520 | ---- | M] (Dropbox, Inc.) -- C:\Users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012/05/29 21:17:54 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe PRC - [2012/05/05 10:07:36 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2012/03/23 20:09:29 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\Marc\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe PRC - [2012/01/23 14:42:34 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2007/09/15 03:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe PRC - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Marc\AppData\Roaming\Google\Google Talk\googletalk.exe PRC - [2006/11/24 19:34:20 | 000,118,877 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe PRC - [2006/11/24 19:34:16 | 000,270,431 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ========== Modules (No Company Name) ========== MOD - [2011/08/31 15:44:40 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll MOD - [2011/08/31 15:44:38 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll MOD - [2006/11/24 19:33:18 | 000,061,440 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService) SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr) SRV - [2012/05/05 10:07:42 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler) SRV - [2006/11/24 19:34:20 | 000,118,877 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS) SRV - [2006/11/24 19:34:16 | 000,270,431 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS) SRV - [2004/10/22 07:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012/07/01 02:02:02 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0C1234F5-407B-4E68-8242-105056BB9286}\MpKsl307a59e3.sys -- (MpKsl307a59e3) DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011/06/02 01:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011/06/02 01:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV - [2011/06/02 01:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV - [2010/12/21 01:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2010/12/21 01:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2010/12/21 01:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2010/02/25 01:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBTTN.sys -- (HBtnKey) DRV - [2009/11/10 10:27:06 | 000,019,456 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlyUsb.sys -- (FlyUsb) DRV - [2009/04/29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2008/03/03 05:10:44 | 000,182,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2007/08/22 11:50:38 | 001,749,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2007/07/10 07:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007/05/15 08:43:50 | 000,013,765 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UCharger.sys -- (UCharger) DRV - [2007/02/22 17:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService) DRV - [2006/11/16 05:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2006/11/16 00:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006/11/15 22:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2006/11/09 05:02:30 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel® ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.ca IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0BE365B7-D50B-439F-8AE1-A0FF24C95C1E}: "URL" = http://search.sympatico.msn.ca/results.aspx?q={searchTerms}&FORM=HPCPDS IE - HKLM\..\SearchScopes\{63BC2215-BFAC-4324-810F-5A302AB0B99E}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVNCS7 IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/ IE - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\..\SearchScopes,DefaultScope = {0FB5313F-675E-4315-9AC7-BBA6C053F71E} IE - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\..\SearchScopes\{0BE365B7-D50B-439F-8AE1-A0FF24C95C1E}: "URL" = http://search.sympatico.msn.ca/results.aspx?q={searchTerms}&FORM=HPCPDS IE - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\..\SearchScopes\{0FB5313F-675E-4315-9AC7-BBA6C053F71E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLR_en IE - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\..\SearchScopes\{63BC2215-BFAC-4324-810F-5A302AB0B99E}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVNCS7 IE - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Marc\AppData\LocalLow\Sony Online Entertainment\npsoe.dll () FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Marc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Marc\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Marc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) [2012/06/06 19:17:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}, CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Marc\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Marc\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Marc\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Marc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Marc\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: O3D Plugin (Enabled) = C:\Users\Marc\AppData\Roaming\Mozilla\plugins\npo3dautoplugin.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Free Realms Installer (Enabled) = C:\Users\Marc\AppData\LocalLow\Sony Online Entertainment\npsoe.dll CHR - plugin: Google Update (Enabled) = C:\Users\Marc\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: uTorrentControl2 = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.7.1_0\ CHR - Extension: Gmail = C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/06/19 21:32:46 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000..\Run: [googletalk] C:\Users\Marc\AppData\Roaming\Google\Google Talk\googletalk.exe (Google) O4 - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe (Adobe Systems Incorporated) O4 - Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O4 - Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KooBits 4.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-21-3952486750-2209785099-4280780671-1000\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} https://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab (Windows Live SkyDrive Upload Tool) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {F79364C6-8DF2-4060-BF77-35239AC7BCB1} https://connect.startek.com/Hyperion/zeroadmin/component/Insight/setup.cab (SetupLauncher Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1901EDC2-2EA0-429D-9CB7-95F78CA928A0}: DhcpNameServer = 192.168.2.1 192.168.2.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Users\Marc\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Marc\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/12/21 08:04:50 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/07/01 22:57:21 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Marc\Desktop\OTL.exe [2012/06/27 20:12:40 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012/06/19 22:01:42 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\temp [2012/06/19 21:33:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/06/19 21:29:05 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/06/19 21:05:17 | 000,000,000 | ---D | C] -- C:\ComboFix [2012/06/18 22:27:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/06/18 22:27:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/06/18 22:27:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/06/18 22:27:17 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/06/18 22:25:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/06/15 01:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012/06/13 07:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/06/12 18:21:26 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\{1B5791F0-439D-4E33-B909-C2EAF4E9345D} [2012/06/12 17:40:45 | 000,000,000 | R--D | C] -- C:\Users\Marc\Desktop\Dropbox [2012/06/12 17:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox [2012/06/12 17:36:10 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2012/06/12 17:33:01 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Dropbox [2012/06/06 19:17:32 | 000,000,000 | ---D | C] -- C:\_OTL [2012/06/06 00:13:32 | 000,000,000 | ---D | C] -- C:\Temp [2012/06/05 23:29:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\System32 [2012/06/03 10:40:53 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\SUPERAntiSpyware.com [2012/06/03 10:40:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012/06/03 10:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012/06/03 10:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012/06/03 09:56:26 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Malwarebytes [2012/06/03 09:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/06/03 09:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/06/03 09:55:45 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/06/03 09:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/06/03 00:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2009/04/25 19:29:02 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Marc\AppData\Roaming\pcouffin.sys ========== Files - Modified Within 30 Days ========== [2012/07/01 22:57:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Marc\Desktop\OTL.exe [2012/07/01 21:20:14 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/01 21:20:14 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/01 19:07:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/07/01 18:15:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3952486750-2209785099-4280780671-1000UA.job [2012/07/01 16:01:01 | 000,002,345 | ---- | M] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\BrickStore.lnk [2012/06/30 20:15:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3952486750-2209785099-4280780671-1000Core.job [2012/06/29 04:20:00 | 000,002,040 | ---- | M] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/06/29 04:19:59 | 000,002,078 | ---- | M] () -- C:\Users\Marc\Desktop\Google Chrome.lnk [2012/06/26 23:17:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/06/26 23:17:07 | 1063,313,408 | -HS- | M] () -- C:\hiberfil.sys [2012/06/26 23:02:14 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012/06/26 21:46:13 | 000,000,680 | ---- | M] () -- C:\Users\Marc\AppData\Local\d3d9caps.dat [2012/06/26 21:45:44 | 000,000,943 | ---- | M] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/06/25 23:17:14 | 000,003,378 | ---- | M] () -- C:\Users\Marc\Desktop\mattoncini.bsx [2012/06/23 16:13:02 | 000,002,585 | ---- | M] () -- C:\Users\Marc\Desktop\Microsoft Office Excel 2007.lnk [2012/06/23 11:05:45 | 000,002,609 | ---- | M] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk [2012/06/19 21:32:46 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012/06/14 04:42:01 | 000,423,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/06/14 03:55:05 | 000,644,652 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/06/14 03:55:05 | 000,124,786 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/06/12 17:40:45 | 000,000,981 | ---- | M] () -- C:\Users\Marc\Desktop\Dropbox.lnk [2012/06/12 17:38:11 | 000,000,991 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012/06/03 09:56:05 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/06/03 00:15:09 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif ========== Files Created - No Company Name ========== [2012/06/27 20:13:15 | 000,002,078 | ---- | C] () -- C:\Users\Marc\Desktop\Google Chrome.lnk [2012/06/27 20:13:15 | 000,002,040 | ---- | C] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/06/25 23:17:14 | 000,003,378 | ---- | C] () -- C:\Users\Marc\Desktop\mattoncini.bsx [2012/06/18 22:27:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/06/18 22:27:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/06/18 22:27:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/06/18 22:27:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/06/18 22:27:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/06/12 17:40:45 | 000,000,981 | ---- | C] () -- C:\Users\Marc\Desktop\Dropbox.lnk [2012/06/12 17:38:11 | 000,000,991 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012/06/03 09:56:05 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/06/03 00:15:09 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif [2012/06/03 00:09:23 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012/01/26 09:46:49 | 000,000,218 | ---- | C] () -- C:\Users\Marc\AppData\Local\recently-used.xbel [2011/03/04 00:12:50 | 000,000,000 | ---- | C] () -- C:\Users\Marc\cbe.6dcf4c112e7f11688b [2011/03/04 00:07:56 | 000,000,016 | ---- | C] () -- C:\Users\Marc\persistent_state [2011/03/02 07:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011/03/02 07:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011/03/02 07:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011/03/02 07:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011/03/02 07:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2010/01/27 08:38:28 | 000,000,680 | ---- | C] () -- C:\Users\Marc\AppData\Local\d3d9caps.dat [2009/06/23 17:29:05 | 000,003,685 | ---- | C] () -- C:\Users\Marc\zuda_templat.2009_06_23_17_29_05.0 [2009/04/26 11:40:31 | 000,014,729 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2009/04/25 19:30:58 | 000,000,668 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\vso_ts_preview.xml [2009/04/25 19:29:02 | 000,087,608 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\inst.exe [2009/04/25 19:29:02 | 000,007,887 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\pcouffin.cat [2009/04/25 19:29:02 | 000,001,144 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\pcouffin.inf [2008/08/22 13:42:38 | 000,002,150 | ---- | C] () -- C:\Users\Marc\New document 1.2008_08_22_13_42_38.0 [2008/01/22 13:13:17 | 000,023,888 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\UserTile.png [2008/01/03 21:29:58 | 000,235,520 | ---- | C] () -- C:\Users\Marc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2010/03/16 07:14:01 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Amazon [2011/08/07 16:30:57 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\calibre [2009/06/22 20:04:42 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1 [2012/07/01 23:03:44 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Dropbox [2010/06/29 08:12:38 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\gtk-2.0 [2008/08/22 13:41:11 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Inkscape [2010/04/30 23:54:55 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\LEGO Company [2011/03/12 20:59:25 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Notepad++ [2008/01/22 13:13:17 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\PeerNetworking [2009/08/29 16:52:02 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Reg Tool [2012/05/25 14:58:34 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Samsung [2010/06/03 13:18:21 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Unity [2011/11/15 01:13:58 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Vso [2009/09/26 16:39:48 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Windows Live Writer [2012/06/26 23:02:41 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:51CF25B1 < End of report >
  14. Hmm. Looks like we're almost there. I uninstalled Chrome, rebooted, and re-installed. When I launch Chrome it let's me browse normally. In Task Manager, it seems to behave well -- CPU usage only 1 or 2 % outside of brief spikes. However -- somehow the utorrentControl2 Community Toolbar button is back, even though this was deleted WAY back at the start of this thread (and was likely the initial cause of all the problems). -- Marc.
  15. Unfortunately, nothing has changed with Chrome. IE works for me fine. When I have it running and I have Task Manager open, IE appears to be using around 120Mb of memory, and 2% of CPU (other than brief bursts). When I launch Chrome, it uses 250Mb of memory, and 50% of CPU. My home page half-loads, and when I try to launch any other page, it just sits there, loading. If I close Chrome, the window goes away, but Chrome is still listed in Task Manager, still using 50% of the CPU. I appreciate the help you've provided (and I apologize for the long delays between each step), but I am starting to think that this isn't going to be solved. Should I just back up what I need, and abandon everything? Do a complete reformat? -- Marc.