Jump to content

DrGoodvibes

Members
  • Posts

    17
  • Joined

  • Last visited

Everything posted by DrGoodvibes

  1. Marius, Thank you again for all your help and assistance in a safe transition to a more stable environment, which hopefully I'll look after better.
  2. I have not run this check on my Notebook at this time. I have only run this check on my WinXP and WIN7 systems on my desktop PC. I'll probably delete all the files on my desktop PC noted to have(harbour) Trojans/viruses, including those noted as Android smartphone(Handy) files. Windows XP Results of screen317's Security Check version 0.99.64 Windows XP Service Pack 3 x86 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Please wait while WMIC compiles updated MOF files.d i s p l a y N a m e ECHO is off. M i c r o s o f t ECHO is off. S e c u r i t y ECHO is off. E s e n t i a l s ECHO is off. Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Java 6 Update 35 Java 7 Update 21 Adobe Flash Player 11.7.700.202 Adobe Reader XI Mozilla Firefox (21.0) Mozilla Thunderbird (17.0.6) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 0% ````````````````````End of Log`````````````````````` Windows 7 Results of screen317's Security Check version 0.99.64 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Java 7 Update 21 Adobe Flash Player 11.7.700.202 Adobe Reader 10.1.6 Adobe Reader out of Date! Mozilla Firefox (21.0) Mozilla Thunderbird (17.0.6) Google Chrome 24.0.1312.2 ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
  3. Windows XP system physical disk boot on desktop # AdwCleaner v2.303 - Logfile created 06/10/2013 at 02:42:40 # Updated 08/06/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Thomas - SBP401 # Boot Mode : Normal # Running from : C:\Documents and Settings\Thomas\My Documents\Downloads\Security\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v21.0 (en-US) File : C:\Documents and Settings\John Frazer\Application Data\Mozilla\Firefox\Profiles\s84oj2qr.default\prefs.js [OK] File is clean. ************************* AdwCleaner[s1].txt - [730 octets] - [10/06/2013 02:42:40] ########## EOF - C:\AdwCleaner[s1].txt - [789 octets] ##########
  4. Sorry, didn't see desktop. The above is the notebook.^^^ The following is the desktop. # AdwCleaner v2.303 - Logfile created 06/10/2013 at 02:08:43 # Updated 08/06/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits) # User : Thomas - SBP401 # Boot Mode : Normal # Running from : F:\Users\Thomas\Downloads\Security\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : F:\Users\Thomas\AppData\Local\Zoom_Downloader ***** [Registry] ***** Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\PIP Key Deleted : HKLM\Software\PIP Key Deleted : HKLM\SOFTWARE\Software ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16576 [OK] Registry is clean. -\\ Mozilla Firefox v21.0 (en-US) File : F:\Users\John.SBP401\AppData\Roaming\Mozilla\Firefox\Profiles\dpx0954h.default\prefs.js [OK] File is clean. File : F:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\9q7wlocd.default\prefs.js F:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\9q7wlocd.default\user.js ... Deleted ! [OK] File is clean. File : F:\Users\Cathie\AppData\Roaming\Mozilla\Firefox\Profiles\eq4r0a4w.default\prefs.js [OK] File is clean. -\\ Google Chrome v24.0.1312.2 File : F:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. -\\ Opera v12.15.1748.0 File : F:\Users\Thomas\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[s1].txt - [1481 octets] - [10/06/2013 02:08:43] ########## EOF - F:\AdwCleaner[s1].txt - [1541 octets] ##########
  5. # AdwCleaner v2.303 - Logfile created 06/10/2013 at 01:05:02 # Updated 08/06/2013 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : thomas - MBP410 # Boot Mode : Normal # Running from : C:\Users\thomas\Downloads\Security\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\END Folder Deleted : C:\Program Files (x86)\Common Files\Wondershare Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\Users\Administrator.alien51\AppData\Local\Wondershare Folder Deleted : C:\Users\thomas\AppData\Local\Wondershare Folder Deleted : C:\Users\thomas\AppData\LocalLow\boost_interprocess Folder Deleted : C:\Users\thomas\AppData\Roaming\yourfiledownloader ***** [Registry] ***** Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\PIP Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\YourFileDownloader Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Deleted : HKLM\Software\PIP Key Deleted : HKLM\Software\YourFileDownloader Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16576 [OK] Registry is clean. -\\ Mozilla Firefox v21.0 (en-US) File : C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\bfjygug3.default\prefs.js [OK] File is clean. File : C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\p8evg2gy.default\prefs.js [OK] File is clean. File : C:\Users\Cathie\AppData\Roaming\Mozilla\Firefox\Profiles\627upxcy.default\prefs.js [OK] File is clean. File : C:\Users\Administrator.alien51\AppData\Roaming\Mozilla\Firefox\Profiles\jbkn0vca.default\prefs.js [OK] File is clean. -\\ Google Chrome v27.0.1453.94 File : C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. -\\ Opera v12.15.1748.0 File : C:\Users\thomas\AppData\Roaming\Opera\Opera\operaprefs.ini Deleted : application/x-winampx-1.0.0.1=6,,C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll,Winamp A[...] Deleted : application/x-winampx-1.0.0.1=,0 File : C:\Users\Cathie\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[s1].txt - [3009 octets] - [10/06/2013 01:05:02] ########## EOF - C:\AdwCleaner[s1].txt - [3069 octets] ##########
  6. Desktop Win7(Win7,winXP and WIn8) PC - No, I don't have avira antivir installed and active, just Avast at the moment. I did have MS security Essentials, but now adopting Avast. Believe the 'old' WINXP boot disk noted as D:\ is still running MS Security Essentials. I can download and install avira Antivir if request. WIn7 Notebook which noted 0Access - Was running MS security Essentials, when the virus deleted it. The following is the scan of the desktop PC using ESET online scan with no remove virus. This is not the notebook that had 0access virus noted. d:\ is a WinXP physical disk c:\ is a Win7 partition system disk Win8 partition doesn't have any viruses, which is probably good publicity for Win8 :-) F:\ and H:\ are just assorted data partitions. C:\Program Files\Tools\QuickMediaConverter\ApnIC.dll a variant of Win32/Bundled.Toolbar.Ask application C:\Program Files\Tools\QuickMediaConverter\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask application D:\Documents and Settings\John Frazer\Local Settings\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application D:\Documents and Settings\John Frazer\My Documents\Downloads\amazingmidi-setup.exe Win32/DownloadAdmin.G application D:\Documents and Settings\Thomas\My Documents\Downloads\SDcard32\com.z4mod.z4root-2.apk multiple threats F:\20120303\20120303-2\Backup\Dim4600Backup\Download\media\KMPlayer\kmp.exe a variant of Win32/Bundled.Toolbar.Ask application F:\20120303\20120303-2\Backup\Dim4600Backup\Download\media\KMPlayer\kmp3 a variant of Win32/Bundled.Toolbar.Ask application F:\20120303\20120303-2\Backup\Dim4600Backup\Download\media\KMPlayer\The_KMPlayer_1435.exe a variant of Win32/Bundled.Toolbar.Ask.A application F:\20120303\20120303-2\Backup\Dim4600Backup\Download\tools\Hardware Monitor and Tools\cpu-z_1.55-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask application F:\20120303\20120303-2\Backup\Dim4600Backup\Download\tools\Hardware Monitor and Tools\hwmonitor_1.16-setup.exe multiple threats F:\20120303\20120303-2\Backup\Dim4600Backup\Download\tools\SystemTools\speedupmypc3plc.exe multiple threats F:\20120303\20120303-2\Backup\Dim4600Backup\Download\WinZip\BitZipperH2009.v3331530.TrialSetup-en-pl-techpro.exe a variant of Win32/InstallIQ application F:\20120303\20120303-2\Backup\Dim4600Backup\Downloads\media\KMPlayer\The_KMPlayer_1435.exe a variant of Win32/Bundled.Toolbar.Ask.A application F:\20120303\20120303-2\Backup\Dim4600Backup\Downloads\tools\Hardware Monitor and Tools\cpu-z_1.55-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask application F:\20120303\20120303-2\Backup\Dim4600Backup\Downloads\tools\Hardware Monitor and Tools\hwmonitor_1.16-setup.exe multiple threats F:\20120303\20120303-2\Backup\Dim4600Backup\Downloads\WinZip\BitZipperH2009.v3331530.TrialSetup-en-pl-techpro.exe a variant of Win32/InstallIQ application F:\20120303\20120303-2\Backup\Dim4600Backup\My Network\Install\boson_utilities.exe probably a variant of Win32/Agent.DHSWRZH trojan F:\20120303\20120303-2\Backup\Dim4600Backup\My Network\Programs\boson_utilities.exe probably a variant of Win32/Agent.DHSWRZH trojan F:\20120303\20120303-2\Backup\Dim4600Backup\Thomas Portege\Network.zip probably a variant of Win32/Agent.DHSWRZH trojan F:\20120303\20120303-2\Backup\Dim4600Backup\Thomas Portege\Thomas\Network\Install\boson_utilities.exe probably a variant of Win32/Agent.DHSWRZH trojan F:\20120303\20120303-2\Backup\Dim4600Backup\Thomas Portege\Thomas\Network\Programs\boson_utilities.exe probably a variant of Win32/Agent.DHSWRZH trojan F:\20120303\20120303-2\Backup\M11xBackup\Portege\Data\Thomas.LAPTOP.zip Win32/Adware.DriverRobot application F:\20120303\20120303-2\Backup\M11xBackup\Portege\Data\Thomas.LAPTOP\My Tools\wifi\WirelessKeyView.exe Win32/WirelessKeyView.A application F:\20120303\20120303-2\F-Drive\Users\Thomas\Downloads\Media\Winamp\winamp5623_full_emusic-7plus_all.exe Win32/OpenCandy application F:\20120303\20120303-2\RECYCLER\S-1-5-21-752747693-1424697455-2485271045-1005\Dx49\Network.zip probably a variant of Win32/Agent.DHSWRZH trojan F:\20120303\20120303-2\RECYCLER\S-1-5-21-752747693-1424697455-2485271045-1005\Dx49\Thomas\Network\Programs\boson_utilities.exe probably a variant of Win32/Agent.DHSWRZH trojan F:\F-Disk\My Documents\My Network\Install\boson_utilities.exe probably a variant of Win32/Agent.DHSWRZH trojan F:\F-Disk\My Documents\My Network\Programs\boson_utilities.exe probably a variant of Win32/Agent.DHSWRZH trojan F:\Users\Old Accounts\Thomas - Copy\AppData\Local\Temp\V+fj8Abj.exe.part Win32/OpenCandy application F:\Users\Old Accounts\Thomas - Copy\Downloads\Sony X10 Root\FlashTool_0.2.9.1-GBready_root_xRec\custom\root\givmeroot.tar Android/Exploit.Lotoor.AK trojan F:\Users\Thomas\My Mobile\SDCard32\Documents\Network.zip probably a variant of Win32/Agent.DHSWRZH trojan F:\Users\Thomas\My Mobile\SDCard32\Download\MyPhoneExplorer_Setup_1.8.2.exe multiple threats H:\Windows.old\Users\Thomas\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application
  7. Hi Marius, Some of the Android 'threats' found in a backup folder are those of a root enabling application for an Android TV box (Android box connected to TV via HDMI/Ethernet/WiFi) I beleive these show up because of the way they exploit an Android system weakness to grant root access. That said Android/Exploit.RageCage.A doesn't sound good. These are shown as: C:\Users\thomas\Downloads\Android\FV-1 SDCard Backup\..... ---------------------------------------------------------------- ESET scan results C:\Program Files\QuickMediaConverter\AskInstallChecker.exe a variant of Win32/Bundled.Toolbar.Ask application C:\Program Files\QuickMediaConverter\askToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask.A application C:\Program Files (x86)\FoxTabFLVPlayer\FLVPlayer.exe a variant of Win32/InstallCore.A application C:\ProgramData\Ask\APN-Stub\PTV\APNIC.dll a variant of Win32/Bundled.Toolbar.Ask application C:\ProgramData\Ask\APN-Stub\PTV\BIT7F9C.tmp a variant of Win32/Bundled.Toolbar.Ask application C:\Users\All Users\Ask\APN-Stub\PTV\APNIC.dll a variant of Win32/Bundled.Toolbar.Ask application C:\Users\All Users\Ask\APN-Stub\PTV\BIT7F9C.tmp a variant of Win32/Bundled.Toolbar.Ask application C:\Users\thomas\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\1a23e75-73c19bfd multiple threats C:\Users\thomas\Downloads\KMPlayer_EN_3.3.0.33.exe a variant of Win32/Bundled.Toolbar.Ask.C application C:\Users\thomas\Downloads\Android\FV-1 SDCard Backup\SDCard1\.bak\app-bak\com.z4mod.z4root.apk multiple threats C:\Users\thomas\Downloads\Android\FV-1 SDCard Backup\SDCard1\ApkExtractor\com.z4mod.z4root_1.3.0.apk multiple threats C:\Users\thomas\Downloads\Android\FV-1 SDCard Backup\SDCard1\AppManager\z4root.1.3.0.apk multiple threats C:\Users\thomas\Downloads\Android\FV-1 SDCard Backup\SDCard1\backups\bck1\com.z4mod.z4root-20120223-001127.tar.gz Android/Exploit.RageCage.A trojan C:\Users\thomas\Downloads\Android\FV-1 SDCard Backup\SDCard1\backups\bck1\com.z4mod.z4root-46965bd41dac0e4988515aa2f9f95b19.apk.gz multiple threats C:\Users\thomas\Downloads\Android\FV-1 SDCard Backup\SDCard1\LOST.DIR\1026997 multiple threats C:\Users\thomas\Downloads\Sony Ericsson Update\FlashTool_0.2.9.1-GBready_root_xRec\custom\root\givmeroot.tar Android/Exploit.Lotoor.AK trojan C:\Users\thomas\My Mobile\sdDisk Backup\Documents\Network.zip probably a variant of Win32/Agent.DHSWRZH trojan C:\Users\thomas\My Mobile\Sony Ericsson X10i\sdCard 16GB\Documents\Network.zip probably a variant of Win32/Agent.DHSWRZH trojan C:\Users\thomas\My Mobile\Sony Ericsson X10i\sdCard 16GB\Download\MyPhoneExplorer_Setup_1.8.2.exe multiple threats C:\Users\thomas\Portege\Data\Thomas.LAPTOP\Downloads\Toshiba\Driver\DriverRobot_Setup.exe Win32/Adware.DriverRobot application ----------------------------------------------------------------------------- Scanning on other desktop PC for possible problems and ESET notes: Win32/DownloadAdmin.G application. The PC is part of a multi OS boot system (Win7,Win8, Ubuntu etc) and on the WinXP boot disk the above was noted. Hardly ever log into the WinXP system so not sure how long that's been there. The Win7 boot disk has a couple of Win32/Bundled.Toolbar.Ask applications which don't get picked up with MBAM or Avast TeraByte disk so scan of that box/system(s) is still ongoing at this time.
  8. Thank you very much for all your support and help. Notebook seems to functional OK. MS Updates work and installs. Guess I have a few passwords to change. :-( Any other considerations? -------------------------------------------------------- Farbar Service Scanner Version: 31-05-2013 01 Ran by thomas (administrator) on 07-06-2013 at 10:51:20 Running from "C:\Users\thomas\Desktop" Windows 7 Professional Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Attempt to access Yahoo IP returned error. Yahoo IP is offline Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****
  9. CF-Script completed. ------------------------------------------------------------------------------------- ComboFix 13-06-05.05 - thomas 07/06/2013 3:59.4.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.64.1033.18.3997.2654 [GMT 12:00] Running from: c:\users\thomas\Desktop\ComboFix.exe Command switches used :: c:\users\thomas\Desktop\CFScript-2.txt SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-05-06 to 2013-06-06 ))))))))))))))))))))))))))))))) . . 2013-06-06 16:07 . 2013-06-06 16:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-06-06 16:07 . 2013-06-06 16:07 -------- d-----w- c:\users\Cathie\AppData\Local\temp 2013-06-06 16:07 . 2013-06-06 16:07 -------- d-----w- c:\users\BenchMark\AppData\Local\temp 2013-06-06 16:07 . 2013-06-06 16:07 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-06-06 16:07 . 2013-06-06 16:07 -------- d-----w- c:\users\Administrator.alien51\AppData\Local\temp 2013-06-06 16:07 . 2013-06-06 16:07 -------- d-----w- c:\users\Admin\AppData\Local\temp 2013-06-06 16:00 . 2013-06-06 16:00 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{229FE882-719A-4BC9-8CC5-9BA3D98C54DF}\offreg.dll 2013-06-06 15:44 . 2013-06-06 15:44 -------- d-s---w- c:\windows\SysWow64\Microsoft 2013-06-02 15:10 . 2013-04-05 06:50 2647552 ----a-w- c:\windows\system32\iertutil.dll 2013-06-02 15:09 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll 2013-06-02 15:09 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll 2013-06-02 15:09 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll 2013-06-02 15:09 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe 2013-06-02 15:09 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll 2013-06-02 15:09 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll 2013-06-02 15:09 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll 2013-06-02 15:09 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll 2013-06-02 15:09 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-06-01 06:01 . 2002-07-23 00:17 225280 ----a-w- c:\windows\USBT610phmgunin.exe 2013-06-01 06:01 . 2013-06-01 06:01 -------- d-----w- c:\users\thomas\AppData\Roaming\MobileAction 2013-05-31 02:25 . 2009-06-03 18:36 180224 ----a-w- c:\windows\SysWow64\imsised.exe 2013-05-31 02:25 . 2005-12-14 00:15 49152 ----a-w- c:\windows\SysWow64\WDec3.ocx 2013-05-31 02:25 . 2013-05-31 02:25 -------- d-----w- c:\windows\SysWow64\aspi 2013-05-31 02:25 . 2005-06-12 17:02 166600 ----a-w- c:\windows\SysWow64\msmask32.ocx 2013-05-31 02:25 . 2005-06-12 17:02 198848 ----a-w- c:\windows\SysWow64\MCI32.OCX 2013-05-31 02:25 . 2013-05-31 02:25 -------- d-----w- c:\program files (x86)\intelliScore Ensemble WAV to MIDI Converter Demo 2013-05-31 02:11 . 2013-05-31 02:11 -------- d-----w- c:\program files (x86)\Audacity 2013-05-23 10:16 . 2013-04-11 23:41 237840 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2013-05-23 10:16 . 2013-04-11 23:40 120080 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2013-05-23 10:16 . 2013-05-23 10:16 -------- d-----w- c:\program files\Oracle 2013-05-18 15:20 . 2013-05-18 15:20 -------- d-----w- c:\program files (x86)\Winamp Detect 2013-05-15 03:31 . 2013-05-15 03:31 -------- d-----w- c:\programdata\Cisco Systems 2013-05-15 01:37 . 2013-05-26 00:39 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird 2013-05-10 23:21 . 2013-05-10 23:21 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-05-10 23:20 . 2013-05-10 23:20 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-05-08 04:41 . 2013-05-08 04:41 -------- d-sh--w- c:\users\thomas\AppData\Local\ms-drivers . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-05 08:11 . 2011-06-18 23:33 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2013-06-02 15:19 . 2010-03-30 09:27 75016696 ----a-w- c:\windows\system32\MRT.exe 2013-05-22 23:11 . 2011-11-25 02:46 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-22 23:11 . 2011-03-18 02:27 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-10 23:20 . 2012-10-22 11:18 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-05-10 23:20 . 2010-07-08 13:04 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-05-09 08:58 . 2012-02-27 23:27 287840 ----a-w- c:\windows\system32\aswBoot.exe 2013-05-08 07:49 . 2011-03-28 06:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-02 15:29 . 2010-03-30 05:27 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-13 05:49 . 2013-06-02 15:09 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-06-02 15:09 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-06-02 15:09 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-06-02 15:09 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-06-02 15:09 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-06-02 15:09 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-12 14:45 . 2013-04-24 05:05 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-04 02:50 . 2011-05-31 16:13 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-27 01:22 . 2013-03-27 01:22 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-03-27 01:22 . 2013-03-27 01:22 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-03-27 01:22 . 2013-03-27 01:22 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-03-27 01:22 . 2013-03-27 01:22 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-03-27 01:22 . 2013-03-27 01:22 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-03-27 01:22 . 2013-03-27 01:22 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-03-27 01:22 . 2013-03-27 01:22 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-03-27 01:22 . 2013-03-27 01:22 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-03-27 01:22 . 2013-03-27 01:22 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-03-27 01:22 . 2013-03-27 01:22 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-03-27 01:22 . 2013-03-27 01:22 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-03-27 01:22 . 2013-03-27 01:22 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-03-27 01:22 . 2013-03-27 01:22 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-03-27 01:22 . 2013-03-27 01:22 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-03-27 01:22 . 2013-03-27 01:22 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-03-27 01:22 . 2013-03-27 01:22 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-03-27 01:22 . 2013-03-27 01:22 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-03-27 01:22 . 2013-03-27 01:22 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-03-27 01:22 . 2013-03-27 01:22 216064 ----a-w- c:\windows\system32\msls31.dll 2013-03-27 01:22 . 2013-03-27 01:22 197120 ----a-w- c:\windows\system32\msrating.dll 2013-03-27 01:22 . 2013-03-27 01:22 441856 ----a-w- c:\windows\system32\html.iec 2013-03-27 01:22 . 2013-03-27 01:22 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-03-27 01:22 . 2013-03-27 01:22 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-03-27 01:22 . 2013-03-27 01:22 81408 ----a-w- c:\windows\system32\icardie.dll 2013-03-27 01:22 . 2013-03-27 01:22 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-03-27 01:22 . 2013-03-27 01:22 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-03-27 01:22 . 2013-03-27 01:22 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-03-27 01:22 . 2013-03-27 01:22 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-03-27 01:22 . 2013-03-27 01:22 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-27 01:22 . 2013-03-27 01:22 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-03-27 01:22 . 2013-03-27 01:22 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-03-27 01:22 . 2013-03-27 01:22 235008 ----a-w- c:\windows\system32\url.dll 2013-03-27 01:22 . 2013-03-27 01:22 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-03-27 01:22 . 2013-03-27 01:22 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-03-27 01:22 . 2013-03-27 01:22 144896 ----a-w- c:\windows\system32\wextract.exe 2013-03-27 01:22 . 2013-03-27 01:22 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-03-27 01:22 . 2013-03-27 01:22 102912 ----a-w- c:\windows\system32\inseng.dll 2013-03-27 01:22 . 2013-03-27 01:22 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-03-27 01:22 . 2013-03-27 01:22 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-03-27 01:22 . 2013-03-27 01:22 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-03-27 01:22 . 2013-03-27 01:22 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-03-27 01:22 . 2013-03-27 01:22 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-03-27 01:22 . 2013-03-27 01:22 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-03-27 01:22 . 2013-03-27 01:22 149504 ----a-w- c:\windows\system32\occache.dll 2013-03-27 01:22 . 2013-03-27 01:22 13824 ----a-w- c:\windows\system32\mshta.exe 2013-03-27 01:22 . 2013-03-27 01:22 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-03-27 01:22 . 2013-03-27 01:22 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-03-27 01:22 . 2013-03-27 01:22 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-03-27 01:22 . 2013-03-27 01:22 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-03-19 06:04 . 2013-04-11 11:14 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:46 . 2013-04-11 11:14 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:04 . 2013-04-11 11:14 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-11 11:14 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47 . 2013-04-11 11:14 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06 . 2013-04-11 11:14 112640 ----a-w- c:\windows\system32\smss.exe 2013-03-15 06:14 . 2013-03-15 06:14 131856 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-07-16 17:06 220632 ----a-w- c:\users\thomas\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-07-16 17:06 220632 ----a-w- c:\users\thomas\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-07-16 17:06 220632 ----a-w- c:\users\thomas\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 130736 ----a-w- c:\users\thomas\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 130736 ----a-w- c:\users\thomas\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 130736 ----a-w- c:\users\thomas\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 130736 ----a-w- c:\users\thomas\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] . c:\users\Cathie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [N/A] OpenOffice.org 3.4.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [N/A] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584] Monitor Apache Servers.lnk - c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2010-3-4 41051] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . R0 AFS;AFS; [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [x] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys;c:\windows\SYSNATIVE\DRIVERS\connctfy.sys [x] R3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys;c:\windows\SYSNATIVE\DRIVERS\connctfy.sys [x] R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x] R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x] R3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys;c:\windows\SYSNATIVE\DRIVERS\GenBus.sys [x] R3 EST_Server;Network USB Device;c:\windows\system32\DRIVERS\GenHC.sys;c:\windows\SYSNATIVE\DRIVERS\GenHC.sys [x] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x] R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys;c:\windows\SYSNATIVE\DRIVERS\facap.sys [x] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x] R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x] R3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\DRIVERS\MosIrUsb.sys;c:\windows\SYSNATIVE\DRIVERS\MosIrUsb.sys [x] R3 NANMp50;NANMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NANMp50.sys;c:\windows\SYSNATIVE\Drivers\NANMp50.sys [x] R3 NANSp50;NANSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NANSp50.sys;c:\windows\SYSNATIVE\Drivers\NANSp50.sys [x] R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x] R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x] R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192cu.sys [x] R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys;c:\windows\SYSNATIVE\DRIVERS\s0016bus.sys [x] R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s0016mdfl.sys [x] R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s0016mdm.sys [x] R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s0016mgmt.sys [x] R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s0016nd5.sys [x] R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys;c:\windows\SYSNATIVE\DRIVERS\s0016obex.sys [x] R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys;c:\windows\SYSNATIVE\DRIVERS\s0016unic.sys [x] R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x] R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys;c:\windows\SYSNATIVE\DRIVERS\tap0801.sys [x] R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USB_Ethernet_Adaptor;USB to Ethernet Adapter;c:\windows\system32\DRIVERS\USB_Ethernet_Adaptor.sys;c:\windows\SYSNATIVE\DRIVERS\USB_Ethernet_Adaptor.sys [x] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x] R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x] R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x] R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys;c:\windows\SYSNATIVE\DRIVERS\vpcuxd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x] R4 CronService;Cron Service for Prey;c:\program files\Prey\platform\windows\cronsvc.exe;c:\program files\Prey\platform\windows\cronsvc.exe [x] R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x] R4 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [x] R4 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x] S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS;c:\windows\SYSNATIVE\DRIVERS\EMSC.SYS [x] S0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys;c:\windows\SYSNATIVE\DRIVERS\johci.sys [x] S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys;c:\windows\SYSNATIVE\DRIVERS\stdflt.sys [x] S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO64\HWiNFO64A.SYS;c:\program files\HWiNFO64\HWiNFO64A.SYS [x] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x] S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/05/20 17:39];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl;c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [x] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x] S2 MySQL5;MySQL5;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\program files\MySQL\MySQL Server 5.5\my.ini MySQL5;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\program files\MySQL\MySQL Server 5.5\my.ini MySQL5 [x] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x] S2 NPWService;NPWService;c:\program files (x86)\Generic\Network Printer Wizard\NPWService.exe;c:\program files (x86)\Generic\Network Printer Wizard\NPWService.exe [x] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys;c:\windows\SYSNATIVE\DRIVERS\Acceler.sys [x] S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys;c:\windows\SYSNATIVE\DRIVERS\seehcri.sys [x] S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-12-05 00:27 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2013-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-06 04:31] . 2013-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-06 04:31] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-07-16 17:06 244688 ----a-w- c:\users\thomas\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-07-16 17:06 244688 ----a-w- c:\users\thomas\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-07-16 17:06 244688 ----a-w- c:\users\thomas\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 164016 ----a-w- c:\users\thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 164016 ----a-w- c:\users\thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 164016 ----a-w- c:\users\thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 164016 ----a-w- c:\users\thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HardLinkMenu] @="{0A479751-02BC-11d3-A855-0004AC2568AA}" [HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568AA}] 2011-06-24 06:03 456704 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHardLink] @="{0A479751-02BC-11d3-A855-0004AC2568DD}" [HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568DD}] 2011-06-24 06:03 456704 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlaySymbolicLink] @="{0A479751-02BC-11d3-A855-0004AC2568EE}" [HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568EE}] 2011-06-24 06:03 456704 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-06 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-06 387608] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-06 365592] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: &ieSpell Options - c:\program files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM IE: Check &Spelling - c:\program files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM IE: Lookup on Merriam Webster - file://c:\program files (x86)\ieSpell\Merriam Webster.HTM IE: Lookup on Wikipedia - file://c:\program files (x86)\ieSpell\wikipedia.HTM IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 172.16.32.254 FF - ProfilePath - c:\users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\p8evg2gy.default\ FF - prefs.js: browser.startup.homepage - about:blank . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL5] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL5" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000001 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-06-07 04:11:19 ComboFix-quarantined-files.txt 2013-06-06 16:11 ComboFix2.txt 2013-06-06 14:08 ComboFix3.txt 2013-06-06 12:42 ComboFix4.txt 2013-06-06 11:13 . Pre-Run: 140,585,709,568 bytes free Post-Run: 140,460,068,864 bytes free . - - End Of File - - B473586DD50241DBE09BCA2F17293B7C
  10. Given the reg entries in the last CFscript.txt you posted are non /user/directory related is the /user/directory not so relatvant at this time? To many years of MAC and IP address masks, re: explaining way out of what just happened. :-)
  11. Oh! I see what's happening. /john/ should be /thomas/ As seen in the first post. Can I run the last two processes again starting with ComboFix as you originally sent. I'll redirect the CFscript.txt url to the post with /thomas/ and we should be looking at a better result. Or have I just shot myself in the foot. I'm really exhuasted as been up for two days and not think straight anymore. 3.00am sorry, but I want to get this done.
  12. Yes, you are correct. It appeared to be a controlled reboot, maybe to get exclusive access to something. I just wasn't expecting it, as I don't trust my notebook as far as I can kick it. ComboFix asked me to download an updated version. I said NO! And in safe mode, Avast! seems to have a resident process active with no 'noob' way to shut it down. If one starts Avast up on the pretence of shutting it down, it has it's on 'Safe Mode' UI and it's mail, file etc proccesses are already stopped. Plus Microsoft Essentuals seem to have a 'process' running now too. I uninstall Microsoft Security Essentials and just 'disabled' Avast when re-running the ComboFix tool So, I did have a few attempts before I got a clean run of ComboFix. ---------------------------------------------------------------------------------------- ComboFix 13-06-05.05 - john 07/06/2013 1:52.3.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.64.1033.18.3997.2645 [GMT 12:00] Running from: c:\users\john\Desktop\ComboFix.exe Command switches used :: c:\users\john\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\data . . . . Failed to delete c:\data\ibdata1 . . . . Failed to delete . . ((((((((((((((((((((((((( Files Created from 2013-05-06 to 2013-06-06 ))))))))))))))))))))))))))))))) . . 2013-06-06 14:01 . 2013-06-06 14:01 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-06-06 14:01 . 2013-06-06 14:01 -------- d-----w- c:\users\Cathie\AppData\Local\temp 2013-06-06 14:01 . 2013-06-06 14:01 -------- d-----w- c:\users\BenchMark\AppData\Local\temp 2013-06-06 14:01 . 2013-06-06 14:01 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-06-06 14:01 . 2013-06-06 14:01 -------- d-----w- c:\users\Administrator.alien51\AppData\Local\temp 2013-06-06 14:01 . 2013-06-06 14:01 -------- d-----w- c:\users\Admin\AppData\Local\temp 2013-06-06 04:31 . 2013-05-09 08:59 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-06-06 04:31 . 2013-05-09 08:59 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-06-06 04:31 . 2013-05-09 08:59 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-06-06 04:31 . 2013-05-09 08:59 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-06-06 04:31 . 2013-05-09 08:59 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-06-06 04:31 . 2013-05-09 08:59 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-06-06 04:31 . 2013-05-09 08:59 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-06-06 04:31 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr 2013-06-02 15:10 . 2013-04-05 06:50 2647552 ----a-w- c:\windows\system32\iertutil.dll 2013-06-02 15:09 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll 2013-06-02 15:09 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll 2013-06-02 15:09 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll 2013-06-02 15:09 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe 2013-06-02 15:09 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll 2013-06-02 15:09 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll 2013-06-02 15:09 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll 2013-06-02 15:09 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll 2013-06-02 15:09 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-06-01 06:01 . 2002-07-23 00:17 225280 ----a-w- c:\windows\USBT610phmgunin.exe 2013-06-01 06:01 . 2013-06-01 06:01 -------- d-----w- c:\users\john\AppData\Roaming\MobileAction 2013-05-31 02:25 . 2009-06-03 18:36 180224 ----a-w- c:\windows\SysWow64\imsised.exe 2013-05-31 02:25 . 2005-12-14 00:15 49152 ----a-w- c:\windows\SysWow64\WDec3.ocx 2013-05-31 02:25 . 2013-05-31 02:25 -------- d-----w- c:\windows\SysWow64\aspi 2013-05-31 02:25 . 2005-06-12 17:02 166600 ----a-w- c:\windows\SysWow64\msmask32.ocx 2013-05-31 02:25 . 2005-06-12 17:02 198848 ----a-w- c:\windows\SysWow64\MCI32.OCX 2013-05-31 02:25 . 2013-05-31 02:25 -------- d-----w- c:\program files (x86)\intelliScore Ensemble WAV to MIDI Converter Demo 2013-05-31 02:11 . 2013-05-31 02:11 -------- d-----w- c:\program files (x86)\Audacity 2013-05-23 10:16 . 2013-04-11 23:41 237840 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2013-05-23 10:16 . 2013-04-11 23:40 120080 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2013-05-23 10:16 . 2013-05-23 10:16 -------- d-----w- c:\program files\Oracle 2013-05-18 15:20 . 2013-05-18 15:20 -------- d-----w- c:\program files (x86)\Winamp Detect 2013-05-15 03:31 . 2013-05-15 03:31 -------- d-----w- c:\programdata\Cisco Systems 2013-05-15 01:37 . 2013-05-26 00:39 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird 2013-05-10 23:21 . 2013-05-10 23:21 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-05-10 23:20 . 2013-05-10 23:20 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-05-08 04:41 . 2013-05-08 04:41 -------- d-sh--w- c:\users\john\AppData\Local\ms-drivers . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-05 08:11 . 2011-06-18 23:33 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2013-06-02 15:19 . 2010-03-30 09:27 75016696 ----a-w- c:\windows\system32\MRT.exe 2013-05-22 23:11 . 2011-11-25 02:46 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-22 23:11 . 2011-03-18 02:27 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-10 23:20 . 2012-10-22 11:18 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-05-10 23:20 . 2010-07-08 13:04 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-05-09 08:58 . 2012-02-27 23:27 287840 ----a-w- c:\windows\system32\aswBoot.exe 2013-05-08 07:49 . 2011-03-28 06:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-02 15:29 . 2010-03-30 05:27 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-13 05:49 . 2013-06-02 15:09 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-06-02 15:09 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-06-02 15:09 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-06-02 15:09 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-06-02 15:09 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-06-02 15:09 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-12 14:45 . 2013-04-24 05:05 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-04 02:50 . 2011-05-31 16:13 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-27 01:22 . 2013-03-27 01:22 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-03-27 01:22 . 2013-03-27 01:22 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-03-27 01:22 . 2013-03-27 01:22 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-03-27 01:22 . 2013-03-27 01:22 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-03-27 01:22 . 2013-03-27 01:22 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-03-27 01:22 . 2013-03-27 01:22 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-03-27 01:22 . 2013-03-27 01:22 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-03-27 01:22 . 2013-03-27 01:22 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-03-27 01:22 . 2013-03-27 01:22 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-03-27 01:22 . 2013-03-27 01:22 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-03-27 01:22 . 2013-03-27 01:22 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-03-27 01:22 . 2013-03-27 01:22 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-03-27 01:22 . 2013-03-27 01:22 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-03-27 01:22 . 2013-03-27 01:22 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-03-27 01:22 . 2013-03-27 01:22 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-03-27 01:22 . 2013-03-27 01:22 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-03-27 01:22 . 2013-03-27 01:22 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-03-27 01:22 . 2013-03-27 01:22 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-03-27 01:22 . 2013-03-27 01:22 216064 ----a-w- c:\windows\system32\msls31.dll 2013-03-27 01:22 . 2013-03-27 01:22 197120 ----a-w- c:\windows\system32\msrating.dll 2013-03-27 01:22 . 2013-03-27 01:22 441856 ----a-w- c:\windows\system32\html.iec 2013-03-27 01:22 . 2013-03-27 01:22 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-03-27 01:22 . 2013-03-27 01:22 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-03-27 01:22 . 2013-03-27 01:22 81408 ----a-w- c:\windows\system32\icardie.dll 2013-03-27 01:22 . 2013-03-27 01:22 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-03-27 01:22 . 2013-03-27 01:22 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-03-27 01:22 . 2013-03-27 01:22 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-03-27 01:22 . 2013-03-27 01:22 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-03-27 01:22 . 2013-03-27 01:22 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-27 01:22 . 2013-03-27 01:22 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-03-27 01:22 . 2013-03-27 01:22 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-03-27 01:22 . 2013-03-27 01:22 235008 ----a-w- c:\windows\system32\url.dll 2013-03-27 01:22 . 2013-03-27 01:22 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-03-27 01:22 . 2013-03-27 01:22 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-03-27 01:22 . 2013-03-27 01:22 144896 ----a-w- c:\windows\system32\wextract.exe 2013-03-27 01:22 . 2013-03-27 01:22 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-03-27 01:22 . 2013-03-27 01:22 102912 ----a-w- c:\windows\system32\inseng.dll 2013-03-27 01:22 . 2013-03-27 01:22 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-03-27 01:22 . 2013-03-27 01:22 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-03-27 01:22 . 2013-03-27 01:22 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-03-27 01:22 . 2013-03-27 01:22 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-03-27 01:22 . 2013-03-27 01:22 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-03-27 01:22 . 2013-03-27 01:22 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-03-27 01:22 . 2013-03-27 01:22 149504 ----a-w- c:\windows\system32\occache.dll 2013-03-27 01:22 . 2013-03-27 01:22 13824 ----a-w- c:\windows\system32\mshta.exe 2013-03-27 01:22 . 2013-03-27 01:22 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-03-27 01:22 . 2013-03-27 01:22 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-03-27 01:22 . 2013-03-27 01:22 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-03-27 01:22 . 2013-03-27 01:22 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-03-19 06:04 . 2013-04-11 11:14 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:46 . 2013-04-11 11:14 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:04 . 2013-04-11 11:14 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-11 11:14 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47 . 2013-04-11 11:14 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06 . 2013-04-11 11:14 112640 ----a-w- c:\windows\system32\smss.exe 2013-03-15 06:14 . 2013-03-15 06:14 131856 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-07-16 17:06 220632 ----a-w- c:\users\john\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-07-16 17:06 220632 ----a-w- c:\users\john\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-07-16 17:06 220632 ----a-w- c:\users\john\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 130736 ----a-w- c:\users\john\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 130736 ----a-w- c:\users\john\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 130736 ----a-w- c:\users\john\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 130736 ----a-w- c:\users\john\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968] . c:\users\Cathie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [N/A] OpenOffice.org 3.4.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [N/A] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584] Monitor Apache Servers.lnk - c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2010-3-4 41051] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . R0 AFS;AFS; [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [x] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys;c:\windows\SYSNATIVE\DRIVERS\connctfy.sys [x] R3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys;c:\windows\SYSNATIVE\DRIVERS\connctfy.sys [x] R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x] R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x] R3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys;c:\windows\SYSNATIVE\DRIVERS\GenBus.sys [x] R3 EST_Server;Network USB Device;c:\windows\system32\DRIVERS\GenHC.sys;c:\windows\SYSNATIVE\DRIVERS\GenHC.sys [x] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x] R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys;c:\windows\SYSNATIVE\DRIVERS\facap.sys [x] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x] R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x] R3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\DRIVERS\MosIrUsb.sys;c:\windows\SYSNATIVE\DRIVERS\MosIrUsb.sys [x] R3 NANMp50;NANMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NANMp50.sys;c:\windows\SYSNATIVE\Drivers\NANMp50.sys [x] R3 NANSp50;NANSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NANSp50.sys;c:\windows\SYSNATIVE\Drivers\NANSp50.sys [x] R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x] R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x] R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192cu.sys [x] R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys;c:\windows\SYSNATIVE\DRIVERS\s0016bus.sys [x] R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s0016mdfl.sys [x] R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s0016mdm.sys [x] R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s0016mgmt.sys [x] R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s0016nd5.sys [x] R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys;c:\windows\SYSNATIVE\DRIVERS\s0016obex.sys [x] R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys;c:\windows\SYSNATIVE\DRIVERS\s0016unic.sys [x] R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x] R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys;c:\windows\SYSNATIVE\DRIVERS\tap0801.sys [x] R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USB_Ethernet_Adaptor;USB to Ethernet Adapter;c:\windows\system32\DRIVERS\USB_Ethernet_Adaptor.sys;c:\windows\SYSNATIVE\DRIVERS\USB_Ethernet_Adaptor.sys [x] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x] R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x] R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x] R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys;c:\windows\SYSNATIVE\DRIVERS\vpcuxd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x] R4 CronService;Cron Service for Prey;c:\program files\Prey\platform\windows\cronsvc.exe;c:\program files\Prey\platform\windows\cronsvc.exe [x] R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x] R4 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [x] R4 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x] S0 aswRvrt;aswRvrt; [x] S0 aswVmm;aswVmm; [x] S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS;c:\windows\SYSNATIVE\DRIVERS\EMSC.SYS [x] S0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys;c:\windows\SYSNATIVE\DRIVERS\johci.sys [x] S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys;c:\windows\SYSNATIVE\DRIVERS\stdflt.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO64\HWiNFO64A.SYS;c:\program files\HWiNFO64\HWiNFO64A.SYS [x] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x] S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/05/20 17:39];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl;c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x] S2 MySQL5;MySQL5;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\program files\MySQL\MySQL Server 5.5\my.ini MySQL5;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\program files\MySQL\MySQL Server 5.5\my.ini MySQL5 [x] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x] S2 NPWService;NPWService;c:\program files (x86)\Generic\Network Printer Wizard\NPWService.exe;c:\program files (x86)\Generic\Network Printer Wizard\NPWService.exe [x] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys;c:\windows\SYSNATIVE\DRIVERS\Acceler.sys [x] S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys;c:\windows\SYSNATIVE\DRIVERS\seehcri.sys [x] S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-12-05 00:27 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2013-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-06 04:31] . 2013-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-06 04:31] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-07-16 17:06 244688 ----a-w- c:\users\john\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-07-16 17:06 244688 ----a-w- c:\users\john\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-07-16 17:06 244688 ----a-w- c:\users\john\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 164016 ----a-w- c:\users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 164016 ----a-w- c:\users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 164016 ----a-w- c:\users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 164016 ----a-w- c:\users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HardLinkMenu] @="{0A479751-02BC-11d3-A855-0004AC2568AA}" [HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568AA}] 2011-06-24 06:03 456704 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHardLink] @="{0A479751-02BC-11d3-A855-0004AC2568DD}" [HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568DD}] 2011-06-24 06:03 456704 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlaySymbolicLink] @="{0A479751-02BC-11d3-A855-0004AC2568EE}" [HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568EE}] 2011-06-24 06:03 456704 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-06 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-06 387608] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-06 365592] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: &ieSpell Options - c:\program files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM IE: Check &Spelling - c:\program files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM IE: Lookup on Merriam Webster - file://c:\program files (x86)\ieSpell\Merriam Webster.HTM IE: Lookup on Wikipedia - file://c:\program files (x86)\ieSpell\wikipedia.HTM IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 172.16.32.254 FF - ProfilePath - c:\users\john\AppData\Roaming\Mozilla\Firefox\Profiles\p8evg2gy.default\ FF - prefs.js: browser.startup.homepage - about:blank . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL5] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL5" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dd,c3,1d,c3,84,e6,36,44,8b,5d,0d,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dd,c3,1d,c3,84,e6,36,44,8b,5d,0d,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000001 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe . ************************************************************************** . Completion time: 2013-06-07 02:08:55 - machine was rebooted ComboFix-quarantined-files.txt 2013-06-06 14:08 ComboFix2.txt 2013-06-06 12:42 ComboFix3.txt 2013-06-06 11:13 . Pre-Run: 141,314,932,736 bytes free Post-Run: 141,183,348,736 bytes free . - - End Of File - - BE6C56CBB818F92ECB802E4B0D9C1448
  13. It did complete. It run through the numbered phases, rebooted and then completed the writing on the log file once I logged in again. Started again in safe mode anyway.
  14. Yes, this is a Linksys E4200 wireless router with DNS and DHCP servers enabled.
  15. ComboFix 13-06-05.05 - john 06/06/2013 22:58:54.1.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.64.1033.18.3997.2068 [GMT 12:00] Running from: c:\users\john\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe c:\users\john\oo33.exe c:\users\john\Tmp969C.tmp c:\users\john\TmpEEC5.tmp . . ((((((((((((((((((((((((( Files Created from 2013-05-06 to 2013-06-06 ))))))))))))))))))))))))))))))) . . 2013-06-06 11:09 . 2013-06-06 11:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-06-06 11:09 . 2013-06-06 11:09 -------- d-----w- c:\users\Cathie\AppData\Local\temp 2013-06-06 04:31 . 2013-05-09 08:59 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-06-06 04:31 . 2013-05-09 08:59 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-06-06 04:31 . 2013-05-09 08:59 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-06-06 04:31 . 2013-05-09 08:59 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-06-06 04:31 . 2013-05-09 08:59 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-06-06 04:31 . 2013-05-09 08:59 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-06-06 04:31 . 2013-05-09 08:59 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-06-06 04:31 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr 2013-06-03 12:18 . 2013-06-03 12:18 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1A463B6F-A7C5-4D2E-9D06-17E952AF717E}\offreg.dll 2013-06-02 15:12 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1A463B6F-A7C5-4D2E-9D06-17E952AF717E}\mpengine.dll 2013-06-02 15:10 . 2013-04-05 06:50 2647552 ----a-w- c:\windows\system32\iertutil.dll 2013-06-02 15:09 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll 2013-06-02 15:09 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll 2013-06-02 15:09 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll 2013-06-02 15:09 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe 2013-06-02 15:09 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll 2013-06-02 15:09 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll 2013-06-02 15:09 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll 2013-06-02 15:09 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll 2013-06-02 15:09 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-06-02 11:32 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-06-01 06:01 . 2002-07-23 00:17 225280 ----a-w- c:\windows\USBT610phmgunin.exe 2013-06-01 06:01 . 2013-06-01 06:01 -------- d-----w- c:\users\john\AppData\Roaming\MobileAction 2013-05-31 02:25 . 2009-06-03 18:36 180224 ----a-w- c:\windows\SysWow64\imsised.exe 2013-05-31 02:25 . 2005-12-14 00:15 49152 ----a-w- c:\windows\SysWow64\WDec3.ocx 2013-05-31 02:25 . 2013-05-31 02:25 -------- d-----w- c:\windows\SysWow64\aspi 2013-05-31 02:25 . 2005-06-12 17:02 166600 ----a-w- c:\windows\SysWow64\msmask32.ocx 2013-05-31 02:25 . 2005-06-12 17:02 198848 ----a-w- c:\windows\SysWow64\MCI32.OCX 2013-05-31 02:25 . 2013-05-31 02:25 -------- d-----w- c:\program files (x86)\intelliScore Ensemble WAV to MIDI Converter Demo 2013-05-31 02:11 . 2013-05-31 02:11 -------- d-----w- c:\program files (x86)\Audacity 2013-05-23 10:16 . 2013-04-11 23:41 237840 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2013-05-23 10:16 . 2013-04-11 23:40 120080 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2013-05-23 10:16 . 2013-05-23 10:16 -------- d-----w- c:\program files\Oracle 2013-05-21 22:09 . 2013-05-21 22:08 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{873A69B2-451F-4EBD-9462-4EFD717EEFD5}\gapaengine.dll 2013-05-18 15:20 . 2013-05-18 15:20 -------- d-----w- c:\program files (x86)\Winamp Detect 2013-05-15 03:31 . 2013-05-15 03:31 -------- d-----w- c:\programdata\Cisco Systems 2013-05-15 01:37 . 2013-05-26 00:39 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird 2013-05-10 23:21 . 2013-05-10 23:21 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-05-10 23:20 . 2013-05-10 23:20 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-05-08 04:41 . 2013-05-08 04:41 -------- d-sh--w- c:\users\john\AppData\Local\ms-drivers 2013-05-07 13:27 . 2013-05-07 13:27 -------- d-----w- c:\program files (x86)\mSecure . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-05 08:11 . 2011-06-18 23:33 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2013-06-02 15:19 . 2010-03-30 09:27 75016696 ----a-w- c:\windows\system32\MRT.exe 2013-05-22 23:11 . 2011-11-25 02:46 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-22 23:11 . 2011-03-18 02:27 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-10 23:20 . 2012-10-22 11:18 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-05-10 23:20 . 2010-07-08 13:04 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-05-09 08:58 . 2012-02-27 23:27 287840 ----a-w- c:\windows\system32\aswBoot.exe 2013-05-08 07:49 . 2011-03-28 06:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-02 15:29 . 2010-03-30 05:27 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-24 04:12 . 2012-09-27 04:20 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-04-13 05:49 . 2013-06-02 15:09 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-06-02 15:09 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-06-02 15:09 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-06-02 15:09 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-06-02 15:09 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-06-02 15:09 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-12 14:45 . 2013-04-24 05:05 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-04 02:50 . 2011-05-31 16:13 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-27 01:22 . 2013-03-27 01:22 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-03-27 01:22 . 2013-03-27 01:22 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-03-27 01:22 . 2013-03-27 01:22 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-03-27 01:22 . 2013-03-27 01:22 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-03-27 01:22 . 2013-03-27 01:22 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-03-27 01:22 . 2013-03-27 01:22 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-03-27 01:22 . 2013-03-27 01:22 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-03-27 01:22 . 2013-03-27 01:22 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-03-27 01:22 . 2013-03-27 01:22 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-03-27 01:22 . 2013-03-27 01:22 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-03-27 01:22 . 2013-03-27 01:22 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-03-27 01:22 . 2013-03-27 01:22 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-03-27 01:22 . 2013-03-27 01:22 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-03-27 01:22 . 2013-03-27 01:22 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-03-27 01:22 . 2013-03-27 01:22 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-03-27 01:22 . 2013-03-27 01:22 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-03-27 01:22 . 2013-03-27 01:22 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-03-27 01:22 . 2013-03-27 01:22 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-03-27 01:22 . 2013-03-27 01:22 216064 ----a-w- c:\windows\system32\msls31.dll 2013-03-27 01:22 . 2013-03-27 01:22 197120 ----a-w- c:\windows\system32\msrating.dll 2013-03-27 01:22 . 2013-03-27 01:22 441856 ----a-w- c:\windows\system32\html.iec 2013-03-27 01:22 . 2013-03-27 01:22 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-03-27 01:22 . 2013-03-27 01:22 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-03-27 01:22 . 2013-03-27 01:22 81408 ----a-w- c:\windows\system32\icardie.dll 2013-03-27 01:22 . 2013-03-27 01:22 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-03-27 01:22 . 2013-03-27 01:22 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-03-27 01:22 . 2013-03-27 01:22 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-03-27 01:22 . 2013-03-27 01:22 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-03-27 01:22 . 2013-03-27 01:22 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-27 01:22 . 2013-03-27 01:22 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-03-27 01:22 . 2013-03-27 01:22 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-03-27 01:22 . 2013-03-27 01:22 235008 ----a-w- c:\windows\system32\url.dll 2013-03-27 01:22 . 2013-03-27 01:22 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-03-27 01:22 . 2013-03-27 01:22 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-03-27 01:22 . 2013-03-27 01:22 144896 ----a-w- c:\windows\system32\wextract.exe 2013-03-27 01:22 . 2013-03-27 01:22 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-03-27 01:22 . 2013-03-27 01:22 102912 ----a-w- c:\windows\system32\inseng.dll 2013-03-27 01:22 . 2013-03-27 01:22 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-03-27 01:22 . 2013-03-27 01:22 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-03-27 01:22 . 2013-03-27 01:22 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-03-27 01:22 . 2013-03-27 01:22 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-03-27 01:22 . 2013-03-27 01:22 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-03-27 01:22 . 2013-03-27 01:22 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-03-27 01:22 . 2013-03-27 01:22 149504 ----a-w- c:\windows\system32\occache.dll 2013-03-27 01:22 . 2013-03-27 01:22 13824 ----a-w- c:\windows\system32\mshta.exe 2013-03-27 01:22 . 2013-03-27 01:22 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-03-27 01:22 . 2013-03-27 01:22 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-03-27 01:22 . 2013-03-27 01:22 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-03-27 01:22 . 2013-03-27 01:22 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-03-19 06:04 . 2013-04-11 11:14 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:46 . 2013-04-11 11:14 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:04 . 2013-04-11 11:14 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-11 11:14 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47 . 2013-04-11 11:14 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06 . 2013-04-11 11:14 112640 ----a-w- c:\windows\system32\smss.exe 2013-03-15 06:14 . 2013-03-15 06:14 131856 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-07-16 17:06 220632 ----a-w- c:\users\john\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-07-16 17:06 220632 ----a-w- c:\users\john\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-07-16 17:06 220632 ----a-w- c:\users\john\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 130736 ----a-w- c:\users\john\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 130736 ----a-w- c:\users\john\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 130736 ----a-w- c:\users\john\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 130736 ----a-w- c:\users\john\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968] . c:\users\Cathie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [N/A] OpenOffice.org 3.4.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [N/A] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584] Monitor Apache Servers.lnk - c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2010-3-4 41051] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R0 AFS;AFS; [x] R1 bweeknts;bweeknts;c:\windows\system32\drivers\bweeknts.sys;c:\windows\SYSNATIVE\drivers\bweeknts.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [x] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys;c:\windows\SYSNATIVE\DRIVERS\connctfy.sys [x] R3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys;c:\windows\SYSNATIVE\DRIVERS\connctfy.sys [x] R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x] R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x] R3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys;c:\windows\SYSNATIVE\DRIVERS\GenBus.sys [x] R3 EST_Server;Network USB Device;c:\windows\system32\DRIVERS\GenHC.sys;c:\windows\SYSNATIVE\DRIVERS\GenHC.sys [x] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x] R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys;c:\windows\SYSNATIVE\DRIVERS\facap.sys [x] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x] R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x] R3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\DRIVERS\MosIrUsb.sys;c:\windows\SYSNATIVE\DRIVERS\MosIrUsb.sys [x] R3 NANMp50;NANMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NANMp50.sys;c:\windows\SYSNATIVE\Drivers\NANMp50.sys [x] R3 NANSp50;NANSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NANSp50.sys;c:\windows\SYSNATIVE\Drivers\NANSp50.sys [x] R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x] R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x] R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192cu.sys [x] R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys;c:\windows\SYSNATIVE\DRIVERS\s0016bus.sys [x] R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s0016mdfl.sys [x] R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s0016mdm.sys [x] R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s0016mgmt.sys [x] R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s0016nd5.sys [x] R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys;c:\windows\SYSNATIVE\DRIVERS\s0016obex.sys [x] R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys;c:\windows\SYSNATIVE\DRIVERS\s0016unic.sys [x] R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x] R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys;c:\windows\SYSNATIVE\DRIVERS\tap0801.sys [x] R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USB_Ethernet_Adaptor;USB to Ethernet Adapter;c:\windows\system32\DRIVERS\USB_Ethernet_Adaptor.sys;c:\windows\SYSNATIVE\DRIVERS\USB_Ethernet_Adaptor.sys [x] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x] R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x] R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x] R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys;c:\windows\SYSNATIVE\DRIVERS\vpcuxd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x] R4 CronService;Cron Service for Prey;c:\program files\Prey\platform\windows\cronsvc.exe;c:\program files\Prey\platform\windows\cronsvc.exe [x] R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x] R4 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [x] R4 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x] S0 aswRvrt;aswRvrt; [x] S0 aswVmm;aswVmm; [x] S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS;c:\windows\SYSNATIVE\DRIVERS\EMSC.SYS [x] S0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys;c:\windows\SYSNATIVE\DRIVERS\johci.sys [x] S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys;c:\windows\SYSNATIVE\DRIVERS\stdflt.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO64\HWiNFO64A.SYS;c:\program files\HWiNFO64\HWiNFO64A.SYS [x] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x] S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/05/20 17:39];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl;c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x] S2 MySQL5;MySQL5;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\program files\MySQL\MySQL Server 5.5\my.ini MySQL5;c:\program files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=c:\program files\MySQL\MySQL Server 5.5\my.ini MySQL5 [x] S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x] S2 NPWService;NPWService;c:\program files (x86)\Generic\Network Printer Wizard\NPWService.exe;c:\program files (x86)\Generic\Network Printer Wizard\NPWService.exe [x] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys;c:\windows\SYSNATIVE\DRIVERS\Acceler.sys [x] S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys;c:\windows\SYSNATIVE\DRIVERS\seehcri.sys [x] S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-12-05 00:27 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2013-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-06 04:31] . 2013-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-06 04:31] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-07-16 17:06 244688 ----a-w- c:\users\john\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-07-16 17:06 244688 ----a-w- c:\users\john\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-07-16 17:06 244688 ----a-w- c:\users\john\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 164016 ----a-w- c:\users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 164016 ----a-w- c:\users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 164016 ----a-w- c:\users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 164016 ----a-w- c:\users\john\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HardLinkMenu] @="{0A479751-02BC-11d3-A855-0004AC2568AA}" [HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568AA}] 2011-06-24 06:03 456704 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHardLink] @="{0A479751-02BC-11d3-A855-0004AC2568DD}" [HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568DD}] 2011-06-24 06:03 456704 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlaySymbolicLink] @="{0A479751-02BC-11d3-A855-0004AC2568EE}" [HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568EE}] 2011-06-24 06:03 456704 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-06 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-06 387608] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-06 365592] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: &ieSpell Options - c:\program files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM IE: Check &Spelling - c:\program files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM IE: Lookup on Merriam Webster - file://c:\program files (x86)\ieSpell\Merriam Webster.HTM IE: Lookup on Wikipedia - file://c:\program files (x86)\ieSpell\wikipedia.HTM IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 172.16.32.254 FF - ProfilePath - c:\users\john\AppData\Roaming\Mozilla\Firefox\Profiles\p8evg2gy.default\ FF - prefs.js: browser.startup.homepage - about:blank . . ------- File Associations ------- . .txt=Notepad++_file . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) SafeBoot-mcmscsvc SafeBoot-MCODS SafeBoot-SolutoService HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL5] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL5" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dd,c3,1d,c3,84,e6,36,44,8b,5d,0d,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,dd,c3,1d,c3,84,e6,36,44,8b,5d,0d,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000001 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-06-06 23:13:24 ComboFix-quarantined-files.txt 2013-06-06 11:13 . Pre-Run: 140,694,364,160 bytes free Post-Run: 140,747,923,456 bytes free . - - End Of File - - 69460904EE72C0F9C955B96F9554C8ED
  16. Using MBMA I was informed I had Rootkit.0Access on my notebook. I noted there might be a problem when MicroSoft essentials was no longer active/installed and then started my investigation I then installed Avast thinking that I should have an AV installed, half way thought it's install it started installing GoogleDrive and I thought... hay woo I don't what this installed and basically shut the system down with a poweroff. I then rebooted in safe mode and thinking something may be odd did a quick MBMA scan and now I know why my notebook is probably acting 'funny'. I did the MBMA scan in safe mode and was able to delete the $recycle file noted as infected with Rootkit.0Access. It delete oK and after a reboot and another full scan with MBMA did not identifiy any further infected files. i.e. no infected files found. Then I read up and saw this may be more serious than I first thought. I have also include the RougeKiller v8.5.4 report as well, this can be found at the bottom of this post. And now I'm here humbly asking for help. The IP address in the local host file are mine. I put them there ages ago. Hosts: 172.16.32.1 e4200.local16 Hosts: 172.16.32.10 test.local16 Hosts: 172.16.32.10 m.test.local16 Hosts: 172.16.32.10 dev.local16 DSS.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2 Run by thomas at 21:22:42 on 2013-06-06 Microsoft Windows 7 Professional 6.1.7601.1.1252.64.1033.18.3997.1999 [GMT 12:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\WLANExt.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe C:\Program Files (x86)\Generic\Network Printer Wizard\NPWService.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\PrintIsolationHost.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet \\172.16.32.10\My Downloads\security\MalwareBytes\RogueKiller.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe C:\Windows\system32\taskhost.exe C:\Windows\SysWOW64\notepad.exe C:\Windows\SysWOW64\ctfmon.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uDefault_Page_URL = hxxp://www.alienware.com/ mWinlogon: Userinit = userinit.exe, BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 mPolicies-Windows\System: UseOEMBackground = dword:0 IE: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM IE: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM IE: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM IE: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.16.0.cab TCP: NameServer = 172.16.32.254 TCP: Interfaces\{1D6950FB-9D9A-496D-84D0-05DEE917E970} : DHCPNameServer = 172.16.32.254 TCP: Interfaces\{24621A52-EA13-4DAB-8A93-DE3A11A4BE6A} : DHCPNameServer = 172.16.32.254 TCP: Interfaces\{2AC73DDC-43A7-487E-8E4B-6168ED4B0154} : DHCPNameServer = 192.168.42.129 TCP: Interfaces\{50E2FFB1-2CFF-4864-BC8D-A6A869E53E30} : DHCPNameServer = 172.16.32.254 TCP: Interfaces\{50E2FFB1-2CFF-4864-BC8D-A6A869E53E30}\0596C6C60224F687 : DHCPNameServer = 192.168.43.1 TCP: Interfaces\{50E2FFB1-2CFF-4864-BC8D-A6A869E53E30}\24F62672370234F657E6472797022457E6B65627 : DHCPNameServer = 172.16.32.254 TCP: Interfaces\{50E2FFB1-2CFF-4864-BC8D-A6A869E53E30}\3516475727E6 : DHCPNameServer = 122.56.237.1 210.55.111.1 TCP: Interfaces\{50E2FFB1-2CFF-4864-BC8D-A6A869E53E30}\35D454253584 : DHCPNameServer = 172.17.64.254 202.27.158.40 202.27.156.72 TCP: Interfaces\{50E2FFB1-2CFF-4864-BC8D-A6A869E53E30}\3716475727E6 : DHCPNameServer = 202.27.158.40 202.27.156.72 122.56.237.1 210.55.111.1 TCP: Interfaces\{50E2FFB1-2CFF-4864-BC8D-A6A869E53E30}\C696E6B6379737D2E6 : DHCPNameServer = 202.27.158.40 202.27.156.72 122.56.237.1 210.55.111.1 TCP: Interfaces\{573B885B-5A6B-4F3B-BC27-385246E0F8D9} : DHCPNameServer = 172.17.64.254 122.56.237.1 210.55.111.1 TCP: Interfaces\{5DB81213-4708-4504-A213-FCF10DE63D20} : DHCPNameServer = 192.168.42.129 TCP: Interfaces\{CC762EE8-C456-4126-9D79-12F4D5E01B4A} : DHCPNameServer = 172.16.32.254 TCP: Interfaces\{FA4BC374-64E1-4AE3-B6D8-AAF66C3F8352} : DHCPNameServer = 192.168.42.129 AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll SSODL: WebCheck - <orphaned> mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab x64-DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab x64-Notify: igfxcui - igfxdev.dll x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll x64-SSODL: WebCheck - <orphaned> Hosts: 172.16.32.1 e4200.local16 Hosts: 172.16.32.10 test.local16 Hosts: 172.16.32.10 m.test.local16 Hosts: 172.16.32.10 dev.local16 . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\p8evg2gy.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-6-6 65336] R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-6-6 189936] R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-27 16752] R0 johci;JMicron 1394 Filter Driver;C:\Windows\System32\drivers\johci.sys [2010-2-26 20392] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320] R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdflt.sys [2010-8-14 19504] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-6-6 1025808] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-6-6 378432] R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Program Files\HWiNFO64\HWiNFO64A.SYS [2012-5-12 30592] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/05/20 17:39:53];C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2010-1-12 146928] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-6-6 33400] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-6-6 80816] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-6-6 46808] R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2010-12-29 21992] R2 MySQL5;MySQL5;"C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.5\my.ini" MySQL5 --> C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld [?] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 130008] R2 NPWService;NPWService;C:\Program Files (x86)\Generic\Network Printer Wizard\NPWService.exe [2009-1-15 788480] R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Acceler.sys [2010-8-14 25648] R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2010-7-29 20984] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-2-26 67072] R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\System32\drivers\seehcri.sys [2011-2-15 34032] R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2012-5-26 35112] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 Apache2.2;Apache2.2;C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2010-3-4 24645] S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-7-29 35104] S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-8-24 16776] S3 EST_Server;Network USB Device;C:\Windows\System32\drivers\GenHC.sys [2009-1-16 197632] S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-8-24 9096] S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-25 238848] S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2012-7-5 14448] S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720] S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2010-2-26 144496] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-2 15128] S3 MosIrUsb;MosIrUsb.sys;C:\Windows\System32\drivers\MosIrUsb.sys [2007-10-11 27648] S3 NisSrv;NisSrv;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360] S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2011-8-17 171008] S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2012-8-21 19032] S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2012-8-21 9584] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-24 19456] S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192cu.sys [2011-2-11 848384] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);C:\Windows\System32\drivers\s0016bus.sys [2008-5-16 115240] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;C:\Windows\System32\drivers\s0016mdfl.sys [2008-5-16 19496] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;C:\Windows\System32\drivers\s0016mdm.sys [2008-5-16 158760] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);C:\Windows\System32\drivers\s0016mgmt.sys [2008-5-16 137256] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);C:\Windows\System32\drivers\s0016nd5.sys [2008-5-16 34344] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;C:\Windows\System32\drivers\s0016obex.sys [2008-5-16 136744] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);C:\Windows\System32\drivers\s0016unic.sys [2008-5-16 151592] S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-4-21 155824] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136] S3 tap0801;TAP-Win32 Adapter V8;C:\Windows\System32\drivers\tap0801.sys [2005-4-14 30720] S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2010-8-3 30720] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-24 57856] S3 USB_Ethernet_Adaptor;USB to Ethernet Adapter;C:\Windows\System32\drivers\USB_Ethernet_Adaptor.sys [2013-1-8 21504] S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2012-12-19 106408] S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\System32\drivers\vpcuxd.sys [2011-2-23 16384] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-31 1255736] S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-7-12 98208] S4 CronService;Cron Service for Prey;C:\Program Files\Prey\platform\windows\cronsvc.exe [2011-2-16 19968] S4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2013-2-5 137488] S4 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-8-14 60928] S4 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-5-26 2666880] . =============== File Associations =============== . FileExt: .bat: Notepad++_file="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" FileExt: .txt: Notepad++_file="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [userChoice] FileExt: .ini: Notepad++_file="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" . =============== Created Last 30 ================ . 2013-06-06 04:31:48 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2013-06-06 04:31:47 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2013-06-06 04:31:46 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2013-06-06 04:31:46 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys 2013-06-06 04:31:46 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2013-06-06 04:31:35 41664 ----a-w- C:\Windows\avastSS.scr 2013-06-03 12:18:59 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1A463B6F-A7C5-4D2E-9D06-17E952AF717E}\offreg.dll 2013-06-02 15:12:23 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1A463B6F-A7C5-4D2E-9D06-17E952AF717E}\mpengine.dll 2013-06-02 15:09:55 1930752 ----a-w- C:\Windows\System32\authui.dll 2013-06-02 15:09:54 70144 ----a-w- C:\Windows\System32\appinfo.dll 2013-06-02 15:09:54 1796096 ----a-w- C:\Windows\SysWow64\authui.dll 2013-06-02 15:09:54 111448 ----a-w- C:\Windows\System32\consent.exe 2013-06-02 15:09:50 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll 2013-06-02 15:09:50 230400 ----a-w- C:\Windows\System32\wwansvc.dll 2013-06-02 15:09:47 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-06-02 11:32:46 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-06-01 06:01:06 225280 ----a-w- C:\Windows\USBT610phmgunin.exe 2013-06-01 06:01:00 -------- d-----w- C:\Users\thomas\AppData\Roaming\MobileAction 2013-05-31 02:25:21 49152 ----a-w- C:\Windows\SysWow64\WDec3.ocx 2013-05-31 02:25:21 180224 ----a-w- C:\Windows\SysWow64\imsised.exe 2013-05-31 02:25:20 198848 ----a-w- C:\Windows\SysWow64\MCI32.OCX 2013-05-31 02:25:20 166600 ----a-w- C:\Windows\SysWow64\msmask32.ocx 2013-05-31 02:25:20 -------- d-----w- C:\Windows\SysWow64\aspi 2013-05-31 02:25:17 -------- d-----w- C:\Program Files (x86)\intelliScore Ensemble WAV to MIDI Converter Demo 2013-05-31 02:11:29 -------- d-----w- C:\Program Files (x86)\Audacity 2013-05-23 10:16:14 237840 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys 2013-05-23 10:16:10 120080 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys 2013-05-23 10:16:05 -------- d-----w- C:\Program Files\Oracle 2013-05-22 05:21:06 158067944 ----a-w- C:\Users\thomas\oo33.exe 2013-05-21 22:09:38 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{873A69B2-451F-4EBD-9462-4EFD717EEFD5}\gapaengine.dll 2013-05-18 15:20:41 -------- d-----w- C:\Program Files (x86)\Winamp Detect 2013-05-15 03:31:09 -------- d-----w- C:\ProgramData\Cisco Systems 2013-05-15 02:15:35 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll 2013-05-10 23:20:36 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-05-08 04:41:27 -------- d-sh--w- C:\Users\thomas\AppData\Local\ms-drivers 2013-05-07 13:27:18 -------- d-----w- C:\Program Files (x86)\mSecure . ==================== Find3M ==================== . 2013-06-05 08:11:37 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys 2013-05-22 23:11:19 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-22 23:11:19 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-05-10 23:20:26 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-05-10 23:20:26 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll 2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-04-04 02:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe 2013-03-15 06:14:04 131856 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys . ============= FINISH: 21:23:32.39 =============== Attached.txt DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 30/03/2010 7:19:10 a.m. System Uptime: 6/06/2013 7:18:28 p.m. (2 hours ago) . Motherboard: Alienware | | 0VWGCV Processor: Genuine Intel® CPU U7300 @ 1.30GHz | U2E1 | 1729/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 451 GiB total, 131.205 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: VirtualBox Host-Only Ethernet Adapter Device ID: ROOT\NET\0000 Manufacturer: Oracle Corporation Name: VirtualBox Host-Only Ethernet Adapter PNP Device ID: ROOT\NET\0000 Service: VBoxNetAdp . ==== System Restore Points =================== . RP734: 6/06/2013 4:30:47 p.m. - avast! Free Antivirus Setup RP735: 6/06/2013 4:35:00 p.m. - avast! Free Antivirus Setup RP736: 6/06/2013 5:03:51 p.m. - Removed Google Drive RP737: 6/06/2013 7:23:22 p.m. - Windows Update . ==== Hosts File Hijack ====================== . Hosts: 172.16.32.1 e4200.local16 Hosts: 172.16.32.10 test.local16 Hosts: 172.16.32.10 m.test.local16 Hosts: 172.16.32.10 dev.local16 Hosts: 172.16.32.10 m.dev.local16 Hosts: 172.16.32.10 lockstore.local16 Hosts: 172.16.32.10 concrete.local16 . ==== Installed Programs ====================== . 3DMark 7-Zip 9.13 (x64 edition) AbsoluteTelnet Version 9.18 Accelerometer Active@ Partition Manager Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.03) Adobe Shockwave Player 12.0 Advertising Center Aiseesoft Total Video Converter Aiseesoft TS Video Converter Alienware On-Screen Display Android SDK Tools Apache HTTP Server 2.2.15 Aspell English Dictionary-0.50-2 Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Audacity 2.0.3 avast! Free Antivirus AviSynth 2.5 Battery Meter BlackBerry Desktop Software 7.0 Broadcom 802.11 Network Adapter Canon Easy-PhotoPrint EX Canon Inkjet Printer Driver Add-On Module Canon My Printer CanoScan Toolbox Ver4.9 CCleaner Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module CPUID CPU-Z 1.60 CPUID HWMonitor 1.17 Crysis® CrystalDiskMark 3.0.1c CyberLink DVD Suite CyberLink PowerDVD 8 CyberLink YouCam D3DX10 Daniusoft DVD Creator(Build 1.5.0.20) Defraggler Dropbox DVD Decrypter (Remove Only) DVD Shrink 3.2 DW WLAN Card Utility EaseUS Partition Master 9.1.1 Home Edition Emicsoft TRP Converter EMSC eReg erLT EVGA Precision X 3.0.3 Exact Audio Copy 1.0beta3 ffdshow [rev 2583] [2009-01-05] FFmpeg for Audacity on Windows FileZilla Client 3.6.0.2 FLAC 1.2.1b (remove only) Flashtool FormatFactory 3.00 Free Audio CD to MP3 Converter version 1.3.12.1228 Freemake Video Converter version 3.2.1 Futuremark SystemInfo Geekbench 2.3 GIMP 2.6.11 GNU Aspell 0.50-3 GNU Privacy Guard GOM Player Google Chrome Google Earth Google Update Helper Gordon's Gate Flash Driver 2.2.0.1 Haali Media Splitter HandBrake 0.9.8 Hard Reset Demo HD Tune 2.55 Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678) HWiNFO64 Version 3.95 Hybrid Graphics Driver 260.63 iBBDemo2 ieSpell ImagXpress ImgBurn Inkscape 0.48.2 inSSIDer 3 Intel® Graphics Media Accelerator Driver intelliScore Ensemble WAV to MIDI Converter Demo IrfanView (remove only) Java 7 Update 11 (64-bit) Java 7 Update 21 Java Auto Updater JMicron 1394 Filter Driver LAME v3.98.3 for Audacity LightScribe System Software 1.10.27.1 Link Shell Extension Logitech SetPoint 6.32 Logitech Unifying Software 2.10 Macromedia Fireworks MX 2004 Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office Word Viewer 2003 Microsoft Security Client Microsoft Security Essentials Microsoft SkyDrive Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2010 Tools for Office Runtime (x64) MiniTool Partition Wizard Home Edition 7.8 Mozilla Firefox 21.0 (x86 en-US) Mozilla Thunderbird 22.0 (x86 en-US) mSecure MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Music Manager MySQL Server 5.5 MySQL Workbench 5.2 CE Nero 9 Essentials Nero BurnRights Nero BurnRights Help Nero ControlCenter Nero CoverDesigner Nero CoverDesigner Help Nero Disc Copy Gadget Nero Disc Copy Gadget Help Nero DiscSpeed Nero DiscSpeed Help Nero DriveSpeed Nero DriveSpeed Help Nero Express Help Nero InfoTool Nero InfoTool Help Nero Installer Nero Online Upgrade Nero Rescue Agent Nero RescueAgent Help Nero StartSmart Nero StartSmart Help NeroExpress neroxml Network Printer Wizard Notepad++ NVIDIA Control Panel 260.63 NVIDIA HD Audio Driver 1.3.18.0 NVIDIA Install Application NVIDIA nView 135.36 NVIDIA nView Desktop Manager NVIDIA PhysX NVIDIA PhysX System Software 9.10.0514 OpenAL OpenOffice.org 3.4 OpenVPN 2.3.0-I001 Opera 12.15 Opera Next 12.15 Oracle VM VirtualBox 4.2.12 PHP 5.3.5 Pocket version 1.0 PowerDVD PowerProducer PuTTY version 0.61 QMC QNAP Finder Realtek High Definition Audio Driver Resistor1.00 RT 7 Lite (64-Bit) RT 7 Lite x64 Safari SDFormatter SeaTools for Windows Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Simple Adblock Sony Ericsson Update Engine Sony Mobile Update Service Sony PC Companion 2.10.155 Sothink Video Converter SPG Video Player 1.0 Steam swMSM Synaptics Pointing Device Driver System Requirements Lab System Requirements Lab for Intel System Requirements Lab for Intel (64-bit) T610-616-618-628-630 USB-Handset Manager TAP-Windows 9.9.2 TeamViewer 7 Tftpd64 Standalone Edition (remove only) TrueCrypt TSDoctor TsRemux 0.23.2 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Video Encoder 1.4 VideoReDo TVSuite Version 4.20.6.614 VLC media player 2.0.6 VobSub v2.23 (Remove Only) WIDCOMM Bluetooth Software Win7 Library Tool v1.10 Winamp Winamp Detector Plug-in Windows Internet Explorer Platform Preview Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Media Encoder 9 Series WinPcap 4.1.2 WinSCP 4.3.4 Wireshark 1.6.2 . ==== Event Viewer Messages From Past Week ======== . 6/06/2013 9:15:06 a.m., Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. 6/06/2013 7:24:03 p.m., Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.151.1719.0). 6/06/2013 7:19:09 p.m., Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFS cdrom prodrv06 prohlp02 prosync1 sfhlp01 6/06/2013 7:18:54 p.m., Error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: Access is denied. 6/06/2013 7:18:51 p.m., Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware. 6/06/2013 7:18:51 p.m., Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware. 6/06/2013 7:18:48 p.m., Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\prodrv06.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 6/06/2013 5:45:38 p.m., Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 6/06/2013 5:45:38 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 6/06/2013 5:45:38 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 6/06/2013 5:45:37 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 6/06/2013 5:45:37 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 6/06/2013 5:45:36 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 6/06/2013 5:45:30 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 6/06/2013 5:43:44 p.m., Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 6/06/2013 5:41:44 p.m., Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AFS aswRdr aswRvrt aswSnx aswSP aswVmm cdrom DfsC discache HWiNFO32 MpFilter NetBIOS NetBT nsiproxy prodrv06 prohlp02 prosync1 Psched rdbss sfhlp01 spldr tdx truecrypt VBoxDrv VBoxUSBMon vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf 6/06/2013 5:41:42 p.m., Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 6/06/2013 5:41:42 p.m., Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 6/06/2013 5:41:42 p.m., Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 6/06/2013 5:41:42 p.m., Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 6/06/2013 5:41:42 p.m., Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 6/06/2013 5:41:42 p.m., Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 6/06/2013 5:41:42 p.m., Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 6/06/2013 5:41:42 p.m., Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 6/06/2013 5:41:42 p.m., Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 6/06/2013 5:41:42 p.m., Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 6/06/2013 5:41:42 p.m., Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 6/06/2013 4:14:12 p.m., Error: Service Control Manager [7000] - The Microsoft Network Inspection service failed to start due to the following error: Access is denied. 6/06/2013 10:26:24 a.m., Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR20. 4/06/2013 2:21:19 a.m., Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NisSrv service. 4/06/2013 2:20:49 a.m., Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MsMpSvc service. 3/06/2013 2:31:58 p.m., Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. . ==== End Of File =========================== RougeKiller Report RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : john [Admin rights] Mode : Scan -- Date : 06/06/2013 20:51:16 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 7 ¤¤¤ [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$d60782dac31c2b71800738103d4cb417\@ [-] --> FOUND [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-1609726283-737579647-4226795270-1000\$d60782dac31c2b71800738103d4cb417\@ [-] --> FOUND [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$d60782dac31c2b71800738103d4cb417\U --> FOUND [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1609726283-737579647-4226795270-1000\$d60782dac31c2b71800738103d4cb417\U --> FOUND [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$d60782dac31c2b71800738103d4cb417\L --> FOUND [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1609726283-737579647-4226795270-1000\$d60782dac31c2b71800738103d4cb417\L --> FOUND ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost 127.0.0.1 dev.local ::1 dev.local 127.0.0.1 lockstore.local ::1 lockstore.local 127.0.0.1 www.lockstore.local ::1 www.lockstore.local 127.0.0.1 alien.local ::1 alien.local 127.0.0.1 popwin.local ::1 popwin.local 127.0.0.1 concrete.local ::1 concrete.local 127.0.0.1 m.concrete.local ::1 m.concrete.local 127.0.0.1 www.concrete.local ::1 www.concrete.local 127.0.0.1 media.concrete.local ::1 media.concrete.local [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9500420AS +++++ --- User --- [MBR] 5e95c3493df0297608f4477f570ab54a [bSP] aa0f964089f9edd071e87baa2ed5ab73 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 461899 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_06062013_02d2051.txt >> RKreport[1]_S_06062013_02d2051.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.