Jump to content

steve k

Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

Reputation

0 Neutral
  1. steve k
    Ok, I've been able to run Malwarebyte's Anit-Malware and SuperAnitSpyware both with quick and deep. What I see is very long boot times, that is until I get the windows login screen, and then again after login and until explorer shows my desktop. While I am waiting for explorer to show the desktop I can ^AltDel and launch task manager. These wait times are maybe 10 minutes or more. This PC used to boot in less than a minute. Here is the log. Volume in drive C has no label. Volume Serial Number is C01F-B1D3 Directory of C:\WINDOWS 04/13/2008 08:12 PM 1,033,728 explorer.exe 1 File(s) 1,033,728 bytes Directory of C:\WINDOWS\$hf_mig$\KB938828\SP2QFE 06/13/2007 07:26 AM 1,033,216 explorer.exe 1 File(s) 1,033,216 bytes Directory of C:\WINDOWS\$NtServicePackUninstall$ 06/13/2007 06:23 AM 1,033,216 explorer.exe 1 File(s) 1,033,216 bytes Directory of C:\WINDOWS\$NtUninstallKB938828$ 08/04/2004 06:00 AM 1,032,192 explorer.exe 1 File(s) 1,032,192 bytes Directory of C:\WINDOWS\ServicePackFiles\i386 04/13/2008 08:12 PM 1,033,728 explorer.exe 1 File(s) 1,033,728 bytes Directory of C:\WINDOWS\system32\dllcache\cache 04/13/2008 08:12 PM 1,033,728 explorer.exe 1 File(s) 1,033,728 bytes Total Files Listed: 6 File(s) 6,199,808 bytes 0 Dir(s) 137,388,433,408 bytes free I appreciate your help. I'm going to run windows update and then run Malwarebytes and SUPERAntiSpyware agin. I'll update the thread then.
  2. steve k
    SIGVERIF.zip
  3. steve k
    8 Unsigned, zip of SIGVERIF.TXT attached. Thanks for the help
  4. steve k
    Hi, No, explorer still will not launch. If I attempt to save a file to a folder other than the current dir, note pad locks up. I still have excessively long boot times and the wait after login to I can do something is very long > 15 mins. Also, I have had explorer running, it just seems that if a reboot happens, like this time when I ran the fix download it appeard to reboot during the process and when I logged in again it finished writing the log that i posted previously. I appreciate the assistance.
  5. steve k
    ComboFix 09-08-10.06 - Stephen 08/14/2009 15:09.3.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2814.2350 [GMT -4:00] Running from: c:\downloads\cf.exe Command switches used :: cf AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\TEMP\logishrd\LVPrcInj01.dll . ((((((((((((((((((((((((( Files Created from 2009-07-14 to 2009-08-14 ))))))))))))))))))))))))))))))) . 2009-08-13 22:27 . 2009-08-13 22:27 -------- d-----w- c:\program files\ERUNT 2009-08-13 04:09 . 2009-08-13 04:50 -------- d-s---w- C:\Combo-Fix 2009-08-13 01:31 . 2009-08-14 15:44 -------- d-----w- c:\program files\trend micro 2009-08-13 01:31 . 2009-08-13 01:31 -------- d-----w- C:\rsit 2009-08-12 22:49 . 2009-08-12 22:49 -------- d-----w- c:\documents and settings\Stephen\Application Data\Malwarebytes 2009-08-12 22:49 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-12 22:49 . 2009-08-12 22:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-12 22:49 . 2009-08-12 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-12 22:49 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-30 17:29 . 2009-07-30 17:29 -------- d-----w- C:\SVNRepository 2009-07-24 22:48 . 2009-08-14 12:37 117760 ----a-w- c:\documents and settings\Stephen\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-07-24 22:47 . 2009-07-24 22:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-07-24 22:34 . 2009-07-25 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\11791714 2009-07-21 00:42 . 2009-07-21 00:43 1914000 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe 2009-07-21 00:31 . 2009-07-25 00:25 -------- d-----w- c:\program files\NOS 2009-07-21 00:31 . 2009-07-25 00:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-07-19 02:06 . 2009-08-03 16:06 -------- d-----w- c:\documents and settings\Stephen\Local Settings\Application Data\Temp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-14 17:51 . 2008-05-21 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-08-14 17:39 . 2007-11-19 20:11 -------- d-----w- c:\program files\Password Safe 2009-08-14 04:23 . 2008-12-30 20:08 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-08-10 01:38 . 2007-08-06 14:12 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-07-24 22:47 . 2008-12-30 20:08 -------- d-----w- c:\documents and settings\Stephen\Application Data\SUPERAntiSpyware.com 2009-07-18 15:59 . 2007-09-11 22:37 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2009-07-18 15:58 . 2008-03-04 20:18 0 ----a-w- c:\windows\system32\drivers\logiflt.iad 2009-07-09 15:21 . 2009-07-09 15:21 -------- d-----w- c:\program files\Netgear WGPS606 2009-07-09 00:30 . 2009-02-16 18:08 -------- d-----w- c:\program files\eclipse 2009-07-08 23:55 . 2009-07-08 23:55 -------- d-----w- c:\program files\eclipse-galileo 2009-07-08 15:13 . 2008-03-04 20:09 -------- d-----w- c:\program files\Common Files\LogiShrd 2009-07-08 15:05 . 2007-09-11 22:31 -------- d-----w- c:\program files\Logitech 2009-07-08 15:05 . 2008-03-04 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd 2009-07-08 14:59 . 2007-09-11 22:31 -------- d-----w- c:\program files\Common Files\Logitech 2009-07-01 14:31 . 2009-07-01 13:35 256 ----a-w- c:\windows\system32\pool.bin 2009-06-29 13:16 . 2009-06-26 19:56 -------- d-----w- c:\program files\Common Files\Research In Motion 2009-06-29 13:03 . 2009-06-29 13:03 -------- d-----w- c:\documents and settings\Stephen\Application Data\Research In Motion 2009-06-26 19:56 . 2009-06-26 19:56 -------- d-----w- c:\program files\Research In Motion 2009-06-24 15:08 . 2007-12-26 16:57 -------- d-----w- c:\documents and settings\Stephen\Application Data\Apple Computer 2009-06-24 13:33 . 2007-12-26 16:55 -------- d-----w- c:\program files\Apple Software Update 2009-06-23 23:43 . 2009-06-23 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-06-23 23:43 . 2007-12-26 16:56 -------- d-----w- c:\program files\iTunes 2009-06-23 23:42 . 2009-06-23 23:42 -------- d-----w- c:\program files\iPod 2009-06-23 23:42 . 2007-12-26 16:54 -------- d-----w- c:\program files\Common Files\Apple 2009-06-23 23:41 . 2009-06-23 23:41 -------- d-----w- c:\program files\Bonjour 2009-06-23 23:40 . 2009-06-23 23:39 -------- d-----w- c:\program files\QuickTime 2009-06-23 23:36 . 2007-12-26 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-06-23 23:33 . 2009-06-23 23:33 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe 2009-06-23 23:28 . 2009-03-12 13:57 -------- d-----w- c:\program files\Aniosoft iBackup Suite 2009-06-15 23:10 . 2009-06-15 23:04 -------- d-----w- c:\documents and settings\Stephen\Application Data\gnupg 2009-06-15 22:55 . 2009-06-15 22:55 -------- d-----w- c:\program files\GNU 2009-06-05 15:42 . 2009-06-23 23:36 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-06-05 15:42 . 2007-12-26 16:54 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys . ((((((((((((((((((((((((((((( SnapShot@2009-08-13_01.14.16 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-14 19:43 . 2009-08-14 19:43 16384 c:\windows\Temp\Perflib_Perfdata_5c8.dat - 2009-07-24 22:47 . 2009-07-24 22:47 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe + 2009-07-24 22:47 . 2009-08-13 01:35 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe - 2009-07-24 22:47 . 2009-07-24 22:47 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe + 2009-07-24 22:47 . 2009-08-13 01:35 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe + 2009-08-14 14:14 . 2009-08-14 14:14 299008 c:\windows\ERDNT\8-14-2009\Users\00000002\UsrClass.dat + 2009-08-14 14:14 . 2005-10-20 16:02 163328 c:\windows\ERDNT\8-14-2009\ERDNT.EXE + 2009-08-13 22:27 . 2009-08-13 22:27 299008 c:\windows\ERDNT\8-13-2009\Users\00000002\UsrClass.dat + 2009-08-13 22:27 . 2005-10-20 16:02 163328 c:\windows\ERDNT\8-13-2009\ERDNT.EXE + 2009-08-14 14:14 . 2009-08-14 14:14 11579392 c:\windows\ERDNT\8-14-2009\Users\00000001\NTUSER.DAT + 2009-08-13 22:27 . 2009-08-13 22:27 11579392 c:\windows\ERDNT\8-13-2009\Users\00000001\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152] "CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2007-11-20 731136] "MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2008-04-14 208896] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-13 148888] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-06-05 615696] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-13 13684736] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] c:\documents and settings\Stephen\Start Menu\Programs\Startup\ Password Safe.lnk - c:\program files\Password Safe\pwsafe.exe [2007-9-2 1241088] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-2-5 98304] Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-2-5 98304] APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2007-8-6 221247] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-7-22 577597] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-6 815104] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\downloads\\NetTalk\\NetTalk.exe"= "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 74480] R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [5/5/2009 4:35 PM 100944] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [5/5/2009 4:34 PM 41424] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/20/2008 10:49 AM 99376] R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [4/27/2009 8:39 PM 87696] S3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe [3/10/2009 10:44 AM 68096] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/12/2009 6:49 PM 38160] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 4:22 PM 34064] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [5/5/2009 4:35 PM 79888] S3 VICAMUSB;3Com HomeConnect USB Camera;c:\windows\system32\drivers\vicamusb.sys --> c:\windows\system32\drivers\vicamusb.sys [?] S4 Nuance Watcher Daemon;Nuance Watcher Daemon;c:\program files\Nuance\Common\core-services\bin\watcher-daemon-win32-service.exe [8/10/2007 2:20 PM 360448] S4 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [9/27/2006 8:33 PM 116464] . Contents of the 'Scheduled Tasks' folder 2009-08-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34] 2009-08-14 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-21 18:49] 2009-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1606980848-725345543-1003Core.job - c:\documents and settings\Stephen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-08 23:31] 2009-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1606980848-725345543-1003UA.job - c:\documents and settings\Stephen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-08 23:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ FF - ProfilePath - c:\documents and settings\Stephen\Application Data\Mozilla\Firefox\Profiles\hc32xax2.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/|http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - plugin: c:\documents and settings\Stephen\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-14 15:48 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] @DACL=(02 0000) "Installed"="1" @="" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] @DACL=(02 0000) "NoChange"="1" "Installed"="1" @="" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] @DACL=(02 0000) "Installed"="1" @="" . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\BRSS01A.EXE c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-08-14 16:01 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-14 20:00 ComboFix2.txt 2009-08-13 01:22 Pre-Run: 137,451,253,760 bytes free Post-Run: 137,446,252,544 bytes free 293 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:18:13 PM, on 8/14/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\procexp.exe C:\Program Files\trend micro\findem.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKUS\S-1-5-18\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'Default user') O4 - Startup: Password Safe.lnk = C:\Program Files\Password Safe\pwsafe.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: APC UPS Status.lnk = ? O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: BrlAPI - Unknown owner - C:\cygwin\bin\cygrunsrv.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe -- End of file - 5058 bytes Thanks for the help!!
  6. steve k
    Hi, I am experiencing similar problems as some other users have posted. My current situation is task manager will run and I can seem to launch most applications except explorer. I was following an earlier post about Malwarebytes getting stuck on c:\windows\system32\zipfldr.dll. I ran through as much as I could and after Combo-Fix ran I was able to see my taskbar, etc. I was then able to run Malwarebytes and did a full scan. It found about 20 items which I had it then clean. Then I rebooted, and I am back to where I was before I ran Combo-Fix. So, I thought i might run it again, and it now gives me an error that says ComboFix can not be renamed Combo-Fix. I figure I can either remove the original log or try another name but thought better and decided to ask for help as I seem to be going in circles. Malware bytes took about 11 hours to run the first time. Logs: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:05:03 PM, on 8/13/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\procexp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\trend micro\findem.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Stephen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'Default user') O4 - Startup: Password Safe.lnk = C:\Program Files\Password Safe\pwsafe.exe O4 - Startup: WASTE.lnk = C:\Program Files\WASTE\WASTE.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: APC UPS Status.lnk = ? O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} (pmjpegaudio Class) - http://192.168.0.253/JpegInst.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1228921806406 O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://bn-sav01.nuance.com/webinstall/webinst.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://wbs27beta.webex.com/client/T27L/training/ieatgpc.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {EAEFAD15-8753-45EF-94B0-1BAA7970CC21} (pmpeg4cam Class) - http://192.168.0.253/MpegInst.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: BrlAPI - Unknown owner - C:\cygwin\bin\cygrunsrv.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Nuance Watcher Daemon - Unknown owner - C:\Program Files\Nuance\Common\core-services\bin\watcher-daemon-win32-service.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe -- End of file - 9497 bytes "Silent Runners.vbs", revision 59, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"" [MS] "Google Update" = ""C:\Documents and Settings\Stephen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c" ["Google Inc."] "SUPERAntiSpyware" = "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" ["SUPERAntiSpyware.com"] "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "SigmatelSysTrayApp" = "stsystra.exe" ["SigmaTel, Inc."] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "DVDLauncher" = ""C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"" ["CyberLink Corp."] "ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"] "vptray" = "C:\PROGRA~1\SYMANT~1\VPTray.exe" ["Symantec Corporation"] "CoolSwitch" = "C:\WINDOWS\system32\taskswitch.exe" [null data] "itype" = ""c:\Program Files\Microsoft IntelliType Pro\itype.exe"" [MS] "IntelliPoint" = ""C:\Program Files\Microsoft IntelliPoint\ipoint.exe"" [MS] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"] "dvd43" = "C:\Program Files\dvd43\dvd43_tray.exe" [empty string] "MP10_EnsureFileVer" = "C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions" [MS] "BluetoothAuthenticationAgent" = "rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" [MS] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre6\bin\jusched.exe"" ["Sun Microsystems, Inc."] "QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."] "iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."] "BlackBerryAutoUpdate" = "C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background" ["Research In Motion Limited"] "LogitechQuickCamRibbon" = ""C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide" ["Logitech Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Notifier BHO" \InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll" ["Google Inc."] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = "Java Plug-In 2 SSV Helper" \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."] {E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl" -> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension" -> {HKLM...CLSID} = "Display Panning CPL Extension" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{51EEE242-AD87-11d3-9C1E-0090278BBD99}" = "Vim Shell Extension" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Vim\vim70\gvimext.dll" ["Tianmiao Hu's Developer Studio"] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}" = "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}" -> {HKLM...CLSID} = "ImageExtractorShellExt Class" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Visio11\VISSHE.DLL" [null data] "{D66DC78C-4F61-447F-942B-3FB6980118CF}" = "{D66DC78C-4F61-447F-942B-3FB6980118CF}" -> {HKLM...CLSID} = "CInfoTipShellExt Class" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Visio11\VISSHE.DLL" [null data] "{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places" -> {HKLM...CLSID} = "My Bluetooth Places" \InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["Broadcom Corporation."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{BDA77241-42F6-11d0-85E2-00AA001FE28C}" = "LDVP Shell Extensions" -> {HKLM...CLSID} = "VpshellEx Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"] "{1825D0FA-5B0C-4e20-A929-3EFD15B6DF71}" = "IntelliType Pro Touchpad Control Property Page" -> {HKLM...CLSID} = "IntelliType Pro Touchpad Control Property Page" \InProcServer32\(Default) = ""c:\Program Files\Microsoft IntelliType Pro\itcpltp.dll"" [MS] "{A2569D1F-4E06-43EC-9825-0088B471BE47}" = "IntelliType Pro Wireless Control Panel Property Page" -> {HKLM...CLSID} = "IntelliType Pro Wireless Control Panel Property Page" \InProcServer32\(Default) = ""c:\Program Files\Microsoft IntelliType Pro\itcplwir.dll"" [MS] "{97FA8AA2-EE77-4FF2-9449-424D8924EF21}" = "IntelliType Pro Zooming Control Panel Property Page" -> {HKLM...CLSID} = "IntelliType Pro Zooming Property Page" \InProcServer32\(Default) = ""c:\Program Files\Microsoft IntelliType Pro\itcplzm.dll"" [MS] "{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB}" = "IntelliType Pro Scrolling Control Panel Property Page" -> {HKLM...CLSID} = "IntelliType Pro Scrolling Property Page" \InProcServer32\(Default) = ""c:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll"" [MS] "{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2}" = "IntelliType Pro Key Settings Control Panel Property Page" -> {HKLM...CLSID} = "IntelliType Pro Key Settings Property Page" \InProcServer32\(Default) = ""c:\Program Files\Microsoft IntelliType Pro\itcplkey.dll"" [MS] "{20082881-FC36-4E47-9A7A-644C95FF749F}" = "IntelliPoint Wireless Control Panel Property Page" -> {HKLM...CLSID} = "Wireless Property Page" \InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll"" [MS] "{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}" = "IntelliPoint Wheel Control Panel Property Page" -> {HKLM...CLSID} = "Wheel Property Page" \InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll"" [MS] "{653DCCC2-13DB-45B2-A389-427885776CFE}" = "IntelliPoint Activities Control Panel Property Page" -> {HKLM...CLSID} = "Activities Property Page" \InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplact.dll"" [MS] "{124597D8-850A-41AE-849C-017A4FA99CA2}" = "IntelliPoint Buttons Control Panel Property Page" -> {HKLM...CLSID} = "Buttons Property Page" \InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll"" [MS] "{6D0E6651-1CD8-11d6-92C4-0003479E4848}" = "NVIDIA NT4 Multimon Control Panel Extension" -> {HKLM...CLSID} = "NVIDIA NT4 Multimon Control Panel Extension" \InProcServer32\(Default) = "nvnt4cpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{30351348-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN" -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll" ["http://tortoisesvn.net"] "{30351347-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN" -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll" ["http://tortoisesvn.net"] "{3035134A-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN" -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll" ["http://tortoisesvn.net"] "{3035134C-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN" -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll" ["http://tortoisesvn.net"] "{30351346-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN" -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll" ["http://tortoisesvn.net"] "{30351349-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN" -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll" ["http://tortoisesvn.net"] "{3035134B-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN" -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll" ["http://tortoisesvn.net"] "{3035134D-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN" -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll" ["http://tortoisesvn.net"] "{3035134E-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN" -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll" ["http://tortoisesvn.net"] "{3035134F-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN" -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll" ["http://tortoisesvn.net"] "{30351350-7B7D-4FCC-81B4-1E394CA267EB}" = "TortoiseSVN" -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll" ["http://tortoisesvn.net"] "{C5994560-53D9-4125-87C9-F193FC689CB2}" = "TortoiseOverlays" -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll" ["http://tortoisesvn.net"] "{C5994561-53D9-4125-87C9-F193FC689CB2}" = "TortoiseOverlays" -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll" ["http://tortoisesvn.net"] "{C5994562-53D9-4125-87C9-F193FC689CB2}" = "TortoiseOverlays" -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll" ["http://tortoisesvn.net"] "{C5994563-53D9-4125-87C9-F193FC689CB2}" = "TortoiseOverlays" -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll" ["http://tortoisesvn.net"] "{C5994564-53D9-4125-87C9-F193FC689CB2}" = "TortoiseOverlays" -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll" ["http://tortoisesvn.net"] "{C5994565-53D9-4125-87C9-F193FC689CB2}" = "TortoiseOverlays" -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll" ["http://tortoisesvn.net"] "{C5994566-53D9-4125-87C9-F193FC689CB2}" = "TortoiseOverlays" -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll" ["http://tortoisesvn.net"] "{C5994567-53D9-4125-87C9-F193FC689CB2}" = "TortoiseOverlays" -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll" ["http://tortoisesvn.net"] "{C5994568-53D9-4125-87C9-F193FC689CB2}" = "TortoiseOverlays" -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll" ["http://tortoisesvn.net"] "{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device" -> {HKLM...CLSID} = "Mobile Device" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Wcesview.dll" [MS] "{7D5C4BDD-B015-4401-8731-1507B87DE297}" = "QBVersionTool" -> {HKLM...CLSID} = "VersionShellExt Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Intuit\QuickBooks\QBVersionTool.dll" ["Intuit Inc."] "{34F4B935-17DC-4885-8BC9-CCD1ADF42F93}" = "Record ISO Image to CD" -> {HKLM...CLSID} = "CISORecorderContextMenu Object" \InProcServer32\(Default) = "C:\Program Files\ISO Recorder\ISORecorder.dll" ["Alex Feinman"] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {HKLM...CLSID} = "iTunes" \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided) -> {HKLM...CLSID} = "SABShellExecuteHook Class" \InProcServer32\(Default) = "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" ["SuperAdBlocker.com"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Aedebug\ <<!>> "Debugger" = ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\vs7jit.exe" -p %ld -e %ld" [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> !SASWinLogon\DLLName = "C:\Program Files\SUPERAntiSpyware\SASWINLO.dll" ["SUPERAntiSpyware.com"] <<!>> NavLogon\DLLName = "C:\WINDOWS\system32\NavLogon.dll" ["Symantec Corporation"] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {30351349-7B7D-4FCC-81B4-1E394CA267EB}\(Default) = (no title provided) -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll" ["http://tortoisesvn.net"] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ EDPShell\(Default) = "{58549232-7081-4541-882C-767DB238453C}" -> {HKLM...CLSID} = "EDPShellExtObj Class" \InProcServer32\(Default) = "C:\Program Files\ExamDiff Pro\EDPShell.dll" ["PrestoSoft"] gvim\(Default) = "{51EEE242-AD87-11d3-9C1E-0090278BBD99}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Vim\vim70\gvimext.dll" ["Tianmiao Hu's Developer Studio"] LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}" -> {HKLM...CLSID} = "VpshellEx Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"] TortoiseSVN\(Default) = "{30351349-7B7D-4FCC-81B4-1E394CA267EB}" -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll" ["http://tortoisesvn.net"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ TortoiseSVN\(Default) = "{30351349-7B7D-4FCC-81B4-1E394CA267EB}" -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll" ["http://tortoisesvn.net"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Create ISO Image from directory\(Default) = "{34F4B935-17DC-4885-8BC9-CCD1ADF42F93}" -> {HKLM...CLSID} = "CISORecorderContextMenu Object" \InProcServer32\(Default) = "C:\Program Files\ISO Recorder\ISORecorder.dll" ["Alex Feinman"] EDPShell\(Default) = "{58549232-7081-4541-882C-767DB238453C}" -> {HKLM...CLSID} = "EDPShellExtObj Class" \InProcServer32\(Default) = "C:\Program Files\ExamDiff Pro\EDPShell.dll" ["PrestoSoft"] LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}" -> {HKLM...CLSID} = "VpshellEx Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"] MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}" -> {HKLM...CLSID} = "MBAMShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"] TortoiseSVN\(Default) = "{30351349-7B7D-4FCC-81B4-1E394CA267EB}" -> {HKLM...CLSID} = "TortoiseSVN" \InProcServer32\(Default) = "C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll" ["http://tortoisesvn.net"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}" -> {HKLM...CLSID} = "MBAMShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "HonorAutoRunSetting" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "DisableRegistryTools" = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKCU\Software\Policies\Microsoft\Windows\System\ "DisableCMD" = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Disable the command prompt} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ DVDDecrypterPlayDVDMovieOnArrival\ "Provider" = "DVD Decrypter" "InvokeProgID" = "DVDDecrypter" "InvokeVerb" = "PlayDVDMovieOnArrival_Decrypt" HKLM\SOFTWARE\Classes\DVDDecrypter\shell\PlayDVDMovieOnArrival_Decrypt\Command\(Default) = ""C:\Program Files\DVD Decrypter\DVDDecrypter.exe" /MODE READ /SOURCE "%1"" ["LIGHTNING UK!"] EZPixAutoplay\ "Provider" = "EZ-Pix" "InvokeProgID" = "EZPix.Autoplay" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\EZPix.Autoplay\shell\open\command\(Default) = ""C:\Program Files\EZ-Pix\ezpix.exe" "/CAM:%1"" [file not found] iTunesBurnCDOnArrival\ "Provider" = "iTunes" "InvokeProgID" = "iTunes.BurnCD" "InvokeVerb" = "burn" HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."] iTunesImportSongsOnArrival\ "Provider" = "iTunes" "InvokeProgID" = "iTunes.ImportSongsOnCD" "InvokeVerb" = "import" HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."] iTunesPlaySongsOnArrival\ "Provider" = "iTunes" "InvokeProgID" = "iTunes.PlaySongsOnCD" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."] iTunesShowSongsOnArrival\ "Provider" = "iTunes" "InvokeProgID" = "iTunes.ShowSongsOnCD" "InvokeVerb" = "showsongs" HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."] MSWPDShellNamespaceHandler\ "Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = " " -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS] PDVDPlayDVDMovieOnArrival\ "Provider" = "PowerDVD" "InvokeProgID" = "DVD" "InvokeVerb" = "PlayWithPowerDVD" HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" MOVIE "%L"" ["CyberLink Corp."] RhapsodyCDBurningOnArrival\ "Provider" = "Rhapsody" "InvokeProgID" = "Rhapsody.CDBurn.3" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\Rhapsody.CDBurn.3\shell\open\command\(Default) = "C:\PROGRA~1\VCASTM~1\\rhapsody.exe /burn "%1"" ["RealNetworks, Inc."] RhapsodyDeviceOnArrival\ "Provider" = "Rhapsody" "ProgID" = "Rhapsody.HWEventHandler" HKLM\SOFTWARE\Classes\Rhapsody.HWEventHandler\CLSID\(Default) = "{5717E2AC-8A5C-47b7-BFE5-50BAD65AB904}" -> {HKLM...CLSID} = "Rhapsody Helper" \LocalServer32\(Default) = ""C:\PROGRA~1\VCASTM~1\rhaphlpr.exe"" ["RealNetworks, Inc."] RhapsodyMusicDevice\ "Provider" = "Rhapsody" "InvokeProgID" = "Rhapsody.MusicDevice.3" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\Rhapsody.MusicDevice.3\shell\open\command\(Default) = "C:\PROGRA~1\VCASTM~1\\rhapsody.exe /device: "%1"" ["RealNetworks, Inc."] RhapsodyPlayCDAudioOnArrival\ "Provider" = "Rhapsody" "InvokeProgID" = "Rhapsody.AudioCD.3" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\Rhapsody.AudioCD.3\shell\play\command\(Default) = "C:\PROGRA~1\VCASTM~1\\rhapsody.exe /play "%1"" ["RealNetworks, Inc."] RhapsodyRipCDAudioOnArrival\ "Provider" = "Rhapsody" "InvokeProgID" = "Rhapsody.AudioCDRip.3" "InvokeVerb" = "rip" HKLM\SOFTWARE\Classes\Rhapsody.AudioCDRip.3\shell\rip\command\(Default) = "C:\PROGRA~1\VCASTM~1\\rhapsody.exe /rip "%1"" ["RealNetworks, Inc."] VLCPlayCDAudioOnArrival\ "Provider" = "VideoLAN VLC media player" "InvokeProgID" = "VLC.CDAudio" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file cdda:%1" ["VideoLAN Team"] VLCPlayDVDMovieOnArrival\ "Provider" = "VideoLAN VLC media player" "InvokeProgID" = "VLC.DVDMovie" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file dvd:%1" ["VideoLAN Team"] WinampMTPHandler\ "Provider" = "Winamp" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = "C:\Program Files\Winamp\winamp.exe" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] WinampPlayMediaOnArrival\ "Provider" = "Winamp" "InvokeProgID" = "Winamp.File" "InvokeVerb" = "Play" HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"] HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"] Startup items in "Stephen" & "All Users" startup folders: --------------------------------------------------------- C:\Documents and Settings\Stephen\Start Menu\Programs\Startup "Password Safe" -> shortcut to: "C:\Program Files\Password Safe\pwsafe.exe -s" ["SourceForge.net"] "WASTE" -> shortcut to: "C:\Program Files\WASTE\WASTE.exe" ["GNU"] C:\Documents and Settings\All Users\Start Menu\Programs\Startup "Adobe Gamma Loader.exe" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] "Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] "APC UPS Status" -> shortcut to: "C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe" ["American Power Conversion Corporation"] "Bluetooth" -> shortcut to: "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" ["Broadcom Corporation."] "QuickBooks Update Agent" -> shortcut to: "C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe" ["Intuit Inc."] "VPN Client" -> shortcut to: "C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico -user_logon" [null data] Enabled Scheduled Tasks: ------------------------ "AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."] "Google Software Updater" -> launches: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe scheduled_start" ["Google"] "GoogleUpdateTaskUserS-1-5-21-1202660629-1606980848-725345543-1003Core" -> launches: "C:\Documents and Settings\Stephen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c" ["Google Inc."] "GoogleUpdateTaskUserS-1-5-21-1202660629-1606980848-725345543-1003UA" -> launches: "C:\Documents and Settings\Stephen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Inc."] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 29 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{F2CF5485-4E02-4F68-819C-B92DE9277049}" -> {HKLM...CLSID} = "&Links" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\ "ButtonText" = "Create Mobile Favorite" "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {HKLM...CLSID} = "Create Mobile Favorite" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\INetRepl.dll" [MS] {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\ "MenuText" = "Create Mobile Favorite..." "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {HKLM...CLSID} = "Create Mobile Favorite" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\INetRepl.dll" [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Research" {CCA281CA-C863-46EF-9331-5C8D4460577F}\ "ButtonText" = "@btrez.dll,-4015" "MenuText" = "@btrez.dll,-4017" "Script" = "C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm" [null data] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ APC UPS Service, APC UPS Service, "C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe" ["American Power Conversion Corporation"] Bluetooth Service, btwdins, "C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe" ["Broadcom Corporation."] Bluetooth Support Service, BthServ, "C:\WINDOWS\system32\svchost.exe -k bthsvcs" {"C:\WINDOWS\System32\bthserv.dll" [MS]} BrSplService, Brother XP spl Service, "C:\WINDOWS\system32\brsvc01a.exe" ["brother Industries Ltd"] Cisco Systems, Inc. VPN Service, CVPND, ""C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe"" ["Cisco Systems, Inc."] Java Quick Starter, JavaQuickStarterService, ""C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."] Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Process Monitor, LVPrcSrv, ""C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe"" ["Logitech Inc."] Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]} Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Bluetooth Printer Port\Driver = "bthcrp.dll" ["Broadcom Corporation."] Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] Microsoft Office Live Meeting Document Writer Monitor\Driver = "lmdimon.dll" [MS] SmarThru PC Fax Port\Driver = "SamFaxPort.dll" ["Samsung Software Center, Moscow"] SUGW2 Langmon\Driver = "SUGW2LMK.DLL" ["Samsung Electronics."] ---------- (launch time: 2009-08-13 19:47:19) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 58 seconds, including 10 seconds for message boxes)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.