Jump to content

grayedout

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

 Content Type 

Everything posted by grayedout

  1. grayedout
    Thanks for the info on the Group Policy Restrictions. I will put them back when we are all done. Here is the checkup.txt output file. It's not clear if both the Windows Firewall and Kaspersky Firewall are enabled. Again, I thought Kaspersky takes over the firewall and disables the Windows Firewall. Maybe not a critical as not running two anti-virus programs at the same time. I am actually running Postbox 3.0.9. Since it is Mozilla based it must have confused SecurityCheck. Results of screen317's Security Check version 0.99.81 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Kaspersky Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 12.0.0.77 Mozilla Firefox (28.0) Mozilla Thunderbird (2.0.0 Thunderbird out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe Kaspersky Lab Kaspersky Internet Security 14.0.0 avp.exe Kaspersky Lab Kaspersky Internet Security 14.0.0 avpui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  2. grayedout
    Many thanks again for all your efforts.!! Windows Defender Disabled. (I thought Kaspersky did this automatically during the install) FRST.exe run with fixlist.txt. Results follow. Malwarebytes Threat Scan run with no problems reported. Reboot and it seems ok. Malwarebytes Threat Scan run again after reboot with no problems reported. I do have a question about the deletion of the Group Policy restriction on software, in the fixlist log. I entered them there after reading this page: http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information#prevent They seemed a rather safe thing to prevent any executable from running from data space. Are they a problem to be there? Many thanks again.!! Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014 Ran by Sherron at 2014-04-08 08:09:10 Run:1 Running from C:\Users\Sherron\Portable Aps\Farbar Recovery Scan Tool Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM-x32\...\Run: [] - [X] HKLM Group Policy restriction on software: %LocalAppData%\Temp\wz*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %LocalAppData%\Temp\*.zip\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %AppData%\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %LocalAppData%\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %LocalAppData%\Temp\Rar*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %LocalAppData%\Temp\7z*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %AppData%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %LocalAppData%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV C:\Users\Sherron\AppData\Roaming\CamLayout.ini C:\Users\Sherron\AppData\Roaming\CamShapes.ini ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKLM => Group Policy Restriction on software restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. C:\Users\Sherron\AppData\Roaming\CamLayout.ini => Moved successfully. C:\Users\Sherron\AppData\Roaming\CamShapes.ini => Moved successfully. ==== End of Fixlog ====
  3. grayedout
    Thanks again for your efforts!! RogueKiller - two registry items marked and deleted AdwCleaner - no files in log AdwCleaner[R0].txt were saved TFC - finished without any error, many temp files were deleted. Files you requested are attached or inline. # AdwCleaner v3.023 - Report created 07/04/2014 at 16:47:06 # Updated 01/04/2014 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (64 bits) # Username : Sherron - STITCH # Running from : C:\Users\Sherron\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar Folder Deleted : C:\ProgramData\DeviceVM Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar Folder Deleted : C:\Program Files (x86)\openit Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search Folder Deleted : C:\Users\Sherron\AppData\Local\AVG SafeGuard toolbar Folder Deleted : C:\Users\Sherron\AppData\Local\AVG Secure Search Folder Deleted : C:\Users\Sherron\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z Folder Deleted : C:\Users\Sherron\AppData\Roaming\DeviceVM Folder Deleted : C:\Users\Sherron\AppData\Roaming\DSite Folder Deleted : C:\Users\Dennis\AppData\Local\AVG SafeGuard toolbar Folder Deleted : C:\Users\Dennis\AppData\Local\AVG Secure Search Folder Deleted : C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Conduit File Deleted : C:\Users\Sherron\AppData\Local\Temp\Uninstall.exe File Deleted : C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\searchplugins\Conduit.xml File Deleted : C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\searchplugins\SweetIm.xml ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKCU\Software\AVG SafeGuard toolbar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\dsiteproducts Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16521 -\\ Mozilla Firefox v28.0 (en-US) [ File : C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\2nfr7k7t.Sherron\prefs.js ] Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search"); Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search"); [ File : C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis\prefs.js ] Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search"); Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search"); [ File : C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\prefs.js ] Line Deleted : user_pref("CT2786678..clientLogIsEnabled", true); Line Deleted : user_pref("CT2786678.CTID", "CT2786678"); Line Deleted : user_pref("CT2786678.CurrentServerDate", "19-12-2010"); Line Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR"); Line Deleted : user_pref("CT2786678.DownloadReferralCookieData", ""); Line Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Sat Dec 18 2010 23:15:52 GMT-1000 (Hawaiian Standard Time)"); Line Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 523); Line Deleted : user_pref("CT2786678.FeedPollDate129301619375443753", "Sat Dec 18 2010 22:30:50 GMT-1000 (Hawaiian Standard Time)"); Line Deleted : user_pref("CT2786678.FeedPollDate129301619375443759", "Sat Dec 18 2010 22:30:50 GMT-1000 (Hawaiian Standard Time)"); Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444699", "Sat Dec 18 2010 22:30:47 GMT-1000 (Hawaiian Standard Time)"); Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444705", "Sat Dec 18 2010 22:30:47 GMT-1000 (Hawaiian Standard Time)"); Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444711", "Sat Dec 18 2010 22:30:47 GMT-1000 (Hawaiian Standard Time)"); Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444717", "Sat Dec 18 2010 22:30:47 GMT-1000 (Hawaiian Standard Time)"); Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444723", "Sat Dec 18 2010 22:30:47 GMT-1000 (Hawaiian Standard Time)"); Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444729", "Sat Dec 18 2010 22:30:47 GMT-1000 (Hawaiian Standard Time)"); Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444735", "Sat Dec 18 2010 22:30:49 GMT-1000 (Hawaiian Standard Time)"); Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444741", "Sat Dec 18 2010 22:30:49 GMT-1000 (Hawaiian Standard Time)"); Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444747", "Sat Dec 18 2010 22:30:49 GMT-1000 (Hawaiian Standard Time)"); Line Deleted : user_pref("CT2786678.FeedTTL129301619375444699", 10); Line Deleted : user_pref("CT2786678.FeedTTL129301619375444723", 15); Line Deleted : user_pref("CT2786678.FeedTTL129301619375444735", 5); Line Deleted : user_pref("CT2786678.FeedTTL129301619375444747", 5); Line Deleted : user_pref("CT2786678.FirstServerDate", "16-12-2010"); Line Deleted : user_pref("CT2786678.FirstTime", true); Line Deleted : user_pref("CT2786678.FirstTimeFF3", true); Line Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false); Line Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440); Line Deleted : user_pref("CT2786678.HasUserGlobalKeys", true); Line Deleted : user_pref("CT2786678.Initialize", true); Line Deleted : user_pref("CT2786678.InitializeCommonPrefs", true); Line Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3); Line Deleted : user_pref("CT2786678.InstallationType", "UnknownIntegration"); Line Deleted : user_pref("CT2786678.InstalledDate", "Thu Dec 16 2010 09:43:34 GMT-1000 (Hawaiian Standard Time)"); Line Deleted : user_pref("CT2786678.IsGrouping", false); Line Deleted : user_pref("CT2786678.IsMulticommunity", false); Line Deleted : user_pref("CT2786678.IsOpenThankYouPage", true); Line Deleted : user_pref("CT2786678.IsOpenUninstallPage", false); Line Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Sat Dec 18 2010 09:43:37 GMT-1000 (Hawaiian Standard Time)"); Line Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440); Line Deleted : user_pref("CT2786678.LastLogin_3.2.5.2", "Sat Dec 18 2010 20:30:45 GMT-1000 (Hawaiian Standard Time)"); Line Deleted : user_pref("CT2786678.LatestVersion", "3.2.3.3"); Line Deleted : user_pref("CT2786678.Locale", "en"); Line Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83"); Line Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295"); Line Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true); Line Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true); Line Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440); Line Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Sat Dec 18 2010 09:43:36 GMT-1000 (Hawaiian Standard Time)"); Line Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Sat Dec 18 2010 09:43:20 GMT-1000 (Hawaiian Standard Time)"); Line Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Sat Dec 18 2010 17:12:48 GMT-1000 (Hawaiian Standard Time)"); Line Deleted : user_pref("CT2786678.SettingsLastUpdate", "1291825117"); Line Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504); Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Thu Dec 16 2010 09:43:20 GMT-1000 (Hawaiian Standard Time)"); Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1246790578"); Line Deleted : user_pref("CT2786678.UserID", "UN49238619971737285"); Line Deleted : user_pref("CT2786678.ValidationData_Toolbar", 2); Line Deleted : user_pref("CT2786678.WeatherNetwork", ""); Line Deleted : user_pref("CT2786678.WeatherPollDate", "Sat Dec 18 2010 23:01:50 GMT-1000 (Hawaiian Standard Time)"); Line Deleted : user_pref("CT2786678.WeatherUnit", "C"); Line Deleted : user_pref("CT2786678.alertChannelId", "1178763"); Line Deleted : user_pref("CT2786678.components.129315411424256896", false); Line Deleted : user_pref("CT2786678.myStuffEnabled", true); Line Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400); Line Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440); Line Deleted : user_pref("CT2786678.testingCtid", ""); Line Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Sat Dec 18 2010 09:43:35 GMT-1000 (Hawaiian Standard Time)"); Line Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Thu Dec 16 2010 09:43:38 GMT-1000 (Hawaiian Standard Time)"); Line Deleted : user_pref("CT2786678.usagesFlag", 2); Line Deleted : user_pref("CommunityToolbar.EngineOwner", ""); Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", ""); Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", ""); Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", ""); Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", ""); Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", ""); Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2786678"); Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678"); Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jan 05 2011 13:43:31 GMT-1000 (Hawaiian Standard Time)"); Line Deleted : user_pref("CommunityToolbar.alert.locale", "en"); Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jan 05 2011 11:08:45 GMT-1000 (Hawaiian Standard Time)"); Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234"); Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false); Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Line Deleted : user_pref("CommunityToolbar.alert.userId", "fb55273f-30af-4ba6-baf2-38beb682f50d"); Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Dec 18 2010 09:43:41 GMT-1000 (Hawaiian Standard Time)"); Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2786678"); Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", ""); [ File : C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\epq7sfbg.default\prefs.js ] [ File : C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\olft3jwu.Dennis\prefs.js ] [ File : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\twxi73es.default\prefs.js ] ************************* AdwCleaner[R0].txt - [17634 octets] - [07/04/2014 16:14:49] AdwCleaner[s0].txt - [17783 octets] - [07/04/2014 16:47:06] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [17844 octets] ########## Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Sherron (administrator) on STITCH on 07-04-2014 17:05:10 Running from C:\Users\Sherron\Portable Aps\Farbar Recovery Scan Tool Windows 7 Professional Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (UltraVNC) C:\Program Files\UltraVNC\WinVNC.exe (Silicondust USA Inc) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (UltraVNC) C:\Program Files\UltraVNC\WinVNC.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\ehome\ehRecvr.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (SEC) C:\Program Files\MagicTune Premium\MagicTune.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (OldTimer Tools) C:\Users\Sherron\Desktop\TFC.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11464296 2010-09-02] (Realtek Semiconductor) HKLM\...\Run: [MagicTuneEngine] - C:\Program Files\MagicTune Premium\MagicTuneLauncher.exe [53760 2011-01-17] () HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2903448 2011-06-06] (Adobe Systems Inc.) HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976832 2009-12-17] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [bCWipeTM Startup] - C:\Program Files (x86)\Jetico\BCWipe\BCWipeTM.exe [311296 2004-11-29] (Jetico, Inc.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM Group Policy restriction on software: %LocalAppData%\Temp\wz*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %LocalAppData%\Temp\*.zip\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %AppData%\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %LocalAppData%\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %LocalAppData%\Temp\Rar*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %LocalAppData%\Temp\7z*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %AppData%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %LocalAppData%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1805509027-3728083206-3070611810-1000\...\Run: [Adobe Acrobat Synchronizer] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1240992 2011-06-06] (Adobe Systems Incorporated) HKU\S-1-5-21-1805509027-3728083206-3070611810-1000\...\Run: [PeerBlock] - C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC) Startup: C:\Users\Sherron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PeerBlock (2).lnk ShortcutTarget: PeerBlock (2).lnk -> C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC) Startup: C:\Users\Sherron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SCHDPL32.EXE - Shortcut.lnk ShortcutTarget: SCHDPL32.EXE - Shortcut.lnk -> I:\Documents and Settings\All Users\Documents\!My portable apps\MS Schedule Plus\SCHDPL32.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6BED53DAA406CC01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us SearchScopes: HKCU - {056B05FD-3F3A-4535-83A7-D89ADEF79DA9} URL = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=4183257091&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Tcpip\..\Interfaces\{A5787263-A0C8-45E9-A3DE-95D33C5A3CC9}: [NameServer]192.168.15.1 FireFox: ======== FF ProfilePath: C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP FF SelectedSearchEngine: Google FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Extension: CheckPlaces - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\checkplaces@andyhalford.com [2014-01-07] FF Extension: Facebook Translate - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\facebook-translate@oliver.schloebe.de [2014-04-05] FF Extension: Fast Translation - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\fasttrans@kemot [2014-01-07] FF Extension: JSONView - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\jsonview@brh.numbera.com [2014-01-07] FF Extension: Link Gopher - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\linkgopher@oooninja.com [2014-01-07] FF Extension: Long URL Please - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\longurlplease@darragh.curran [2014-01-07] FF Extension: Print pages to PDF - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\printPages2Pdf@reinhold.ripper [2014-01-07] FF Extension: Nuke Anything Enhanced - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace} [2014-01-07] FF Extension: EPUBReader - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2014-01-07] FF Extension: Live HTTP Headers - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2014-01-07] FF Extension: CookieCuller - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460} [2014-01-07] FF Extension: DictionarySearch - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{a0faa0a4-f1a7-4098-9a74-21efc3a92372} [2014-01-07] FF Extension: BBCodeXtra - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc} [2014-01-07] FF Extension: DownloadHelper - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-26] FF Extension: FoxClocks - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2014-01-23] FF Extension: CSHelper - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473} [2014-03-06] FF Extension: Torbutton - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2014-01-07] FF Extension: Exif Viewer - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\exif_viewer@mozilla.doslash.org.xpi [2014-01-07] FF Extension: Ghostery - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\firefox@ghostery.com.xpi [2014-03-18] FF Extension: i2Symbol (Emoticons, Smileys, Symbols) - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\i2symbol@sciweavers.org.xpi [2014-01-07] FF Extension: Lightbeam - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2014-01-07] FF Extension: Print Edit - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\printedit@DW-dev.xpi [2014-01-07] FF Extension: Tab Counter - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\tabcounter@morac.xpi [2014-01-07] FF Extension: Session Manager - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-01-07] FF Extension: Image Zoom - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2014-01-07] FF Extension: RefControl - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2014-01-07] FF Extension: NoScript - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-07] FF Extension: Adblock Plus - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-07] FF Extension: BetterPrivacy - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-01-07] FF Extension: DownThemAll! - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-01-07] FF Extension: Greasemonkey - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-01-07] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-04-13] FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-06] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-06] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-06] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-06] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-06] ==================== Services (Whitelisted) ================= S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-08] (Kaspersky Lab ZAO) R2 HDHomeRun Service; C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe [18432 2013-03-28] (Silicondust USA Inc) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] () R2 uvnc_service; C:\Program Files\UltraVNC\WinVNC.exe [2169592 2011-05-18] (UltraVNC) S2 vToolbarUpdater15.5.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [X] ==================== Drivers (Whitelisted) ==================== R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] () R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-25] (AVG Technologies) S4 BCSWAP; C:\Windows\SysWow64\Drivers\BCSWAP.sys [98452 2001-10-28] (Jetico, Inc.) R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37392 2010-01-17] (Paragon Software Group) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-06] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-20] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-20] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-08] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-24] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-06] (Kaspersky Lab ZAO) R1 MagicTune; C:\Windows\system32\drivers\MTiCtwl.sys [23096 2008-11-04] (Samsung Electronics, Inc. ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-07] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R3 mv2; C:\Windows\System32\DRIVERS\mv2.sys [12904 2011-05-06] (UVNC BVBA) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation) R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation) R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation) R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation) R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [48144 2010-01-17] (Windows ® 2000 DDK provider) R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [158736 2010-01-17] (Paragon) S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-10-18] (Paragon) S3 gdrv; \??\C:\Windows\gdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-07 17:05 - 2014-04-07 17:05 - 00000000 ____D () C:\FRST 2014-04-07 16:54 - 2014-04-07 16:54 - 00448512 _____ (OldTimer Tools) C:\Users\Sherron\Desktop\TFC.exe 2014-04-07 16:14 - 2014-04-07 16:47 - 00000000 ____D () C:\AdwCleaner 2014-04-07 16:13 - 2014-04-07 16:13 - 01426178 _____ () C:\Users\Sherron\Desktop\AdwCleaner.exe 2014-04-07 16:12 - 2014-04-07 16:12 - 00005916 _____ () C:\Users\Sherron\Desktop\RKreport[0]_D_04072014_161232.txt 2014-04-07 16:09 - 2014-04-07 16:09 - 00005855 _____ () C:\Users\Sherron\Desktop\RKreport[0]_S_04072014_160911.txt 2014-04-07 16:00 - 2014-04-07 16:00 - 00001771 _____ () C:\Users\Sherron\Desktop\RKreport[0]_S_04052014_155734.7z 2014-04-07 15:59 - 2014-04-07 15:59 - 00005223 _____ () C:\Users\Sherron\Desktop\dds.7z 2014-04-07 15:59 - 2014-04-07 15:59 - 00001901 _____ () C:\Users\Sherron\Desktop\attach.7z 2014-04-07 15:48 - 2014-04-07 15:48 - 00000000 ____D () C:\Program Files (x86)\7-Zip 2014-04-06 15:21 - 2014-04-06 15:43 - 00014188 __RSH () C:\ProgramData\ntuser.pol 2014-04-06 08:41 - 2014-04-07 01:32 - 00000000 ____D () C:\Users\Sherron\AppData\Local\CrashDumps 2014-04-05 15:57 - 2014-04-05 15:57 - 00005926 _____ () C:\Users\Sherron\Desktop\RKreport[0]_S_04052014_155734.txt 2014-04-05 15:12 - 2014-04-05 15:15 - 00000000 ____D () C:\Users\Dennis\Hostess Contest 2014-04-04 20:09 - 2014-04-04 20:09 - 00005893 _____ () C:\Users\Sherron\Desktop\RKreport[0]_S_04042014_200918-OLD01.txt 2014-04-04 20:04 - 2014-04-04 20:15 - 00000000 ____D () C:\Users\Sherron\Desktop\RK_Quarantine 2014-04-04 20:02 - 2014-04-04 20:02 - 04527616 _____ () C:\Users\Sherron\Desktop\RogueKillerX64.exe 2014-04-04 12:41 - 2014-04-05 15:22 - 00020241 _____ () C:\Users\Sherron\Desktop\dds.txt 2014-04-04 12:41 - 2014-04-05 15:22 - 00003942 _____ () C:\Users\Sherron\Desktop\attach.txt 2014-04-04 12:37 - 2014-04-04 12:37 - 00688992 ____R (Swearware) C:\Users\Sherron\Desktop\dds.com 2014-04-04 12:36 - 2014-04-04 12:36 - 00688992 _____ (Swearware) C:\Users\Sherron\Desktop\dds.scr 2014-04-04 12:36 - 2014-04-04 12:34 - 00000824 _____ () C:\Users\Sherron\Desktop\newhosts.txt 2014-04-04 12:34 - 2014-04-04 12:34 - 00000824 _____ () C:\Users\Sherron\Documents\newhosts.txt 2014-04-03 21:20 - 2014-04-03 21:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-03 16:56 - 2013-10-01 16:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2014-04-03 16:56 - 2013-10-01 16:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-04-03 16:56 - 2013-10-01 16:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-04-03 16:56 - 2013-10-01 15:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2014-04-03 16:56 - 2013-10-01 15:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2014-04-03 16:56 - 2013-10-01 15:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-04-03 16:56 - 2013-10-01 15:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2014-04-03 16:56 - 2013-10-01 14:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2014-04-03 16:56 - 2013-10-01 14:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll 2014-04-03 16:56 - 2013-10-01 14:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll 2014-04-03 16:56 - 2013-10-01 14:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2014-04-03 16:56 - 2013-10-01 14:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2014-04-03 16:56 - 2013-10-01 13:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2014-04-03 16:56 - 2013-10-01 13:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-04-03 16:56 - 2013-10-01 13:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2014-04-03 16:56 - 2013-10-01 12:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-04-03 16:56 - 2013-10-01 10:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-04-03 16:56 - 2013-10-01 10:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-04-03 16:53 - 2014-02-28 20:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-03 16:53 - 2014-02-28 19:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-03 16:53 - 2014-02-28 19:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-03 16:53 - 2014-02-28 18:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-03 16:53 - 2014-02-28 18:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-03 16:53 - 2014-02-28 18:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-03 16:53 - 2014-02-28 18:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-03 16:53 - 2014-02-28 18:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-03 16:53 - 2014-02-28 18:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-03 16:53 - 2014-02-28 18:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-03 16:53 - 2014-02-28 18:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-03 16:53 - 2014-02-28 18:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-03 16:53 - 2014-02-28 18:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-03 16:53 - 2014-02-28 18:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-03 16:53 - 2014-02-28 18:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-03 16:53 - 2014-02-28 18:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-03 16:53 - 2014-02-28 18:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-03 16:53 - 2014-02-28 17:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-03 16:53 - 2014-02-28 17:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-03 16:53 - 2014-02-28 17:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-03 16:53 - 2014-02-28 17:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-03 16:53 - 2014-02-28 17:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-03 16:53 - 2014-02-28 17:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-03 16:53 - 2014-02-28 17:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-03 16:53 - 2014-02-28 17:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-03 16:53 - 2014-02-28 17:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-03 16:53 - 2014-02-28 17:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-03 16:53 - 2014-02-28 17:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-03 16:53 - 2014-02-28 17:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-03 16:53 - 2014-02-28 17:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-03 16:53 - 2014-02-28 17:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-03 16:53 - 2014-02-28 17:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-03 16:53 - 2014-02-28 17:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-03 16:53 - 2014-02-28 17:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-03 16:53 - 2014-02-28 16:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-03 16:53 - 2014-02-28 16:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-03 16:53 - 2014-02-28 16:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-03 16:53 - 2014-02-28 16:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-03 16:53 - 2014-02-28 16:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-03 16:53 - 2014-02-28 16:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-03 16:52 - 2014-02-06 15:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-04-03 16:52 - 2014-02-03 16:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-04-03 16:52 - 2014-02-03 16:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-04-03 16:52 - 2014-02-03 16:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-04-03 16:52 - 2014-02-03 16:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-04-03 16:52 - 2014-01-28 16:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-04-03 16:52 - 2014-01-28 16:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-04-03 16:52 - 2014-01-27 16:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-04-03 16:52 - 2013-09-24 16:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-04-03 16:52 - 2013-09-24 15:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-04-02 18:22 - 2014-04-07 16:52 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-02 18:21 - 2014-04-05 21:03 - 00001140 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-04-02 18:21 - 2014-04-05 21:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-04-02 18:21 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-02 18:21 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-27 08:36 - 2014-03-27 08:36 - 00001448 _____ () C:\Users\Sherron\Desktop\photome.exe - Shortcut.lnk 2014-03-19 12:04 - 2014-03-19 12:04 - 00000000 ____D () C:\Users\Sherron\AppData\Local\Apple Computer 2014-03-16 09:56 - 2014-03-16 10:03 - 00000741 _____ () C:\Users\Sherron\Desktop\Majjong - GameMenu.exe - Shortcut.lnk 2014-03-09 16:03 - 2014-03-09 16:03 - 00001175 _____ () C:\Users\Sherron\Desktop\TrueCrypt.exe - Shortcut.lnk ==================== One Month Modified Files and Folders ======= 2014-04-07 17:05 - 2014-04-07 17:05 - 00000000 ____D () C:\FRST 2014-04-07 17:01 - 2011-06-20 23:59 - 00000000 ____D () C:\Users\Sherron\Portable Aps 2014-04-07 16:57 - 2009-07-13 18:45 - 00015376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-07 16:57 - 2009-07-13 18:45 - 00015376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-07 16:54 - 2014-04-07 16:54 - 00448512 _____ (OldTimer Tools) C:\Users\Sherron\Desktop\TFC.exe 2014-04-07 16:53 - 2011-03-31 05:39 - 02014156 _____ () C:\Windows\WindowsUpdate.log 2014-04-07 16:52 - 2014-04-02 18:22 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-07 16:52 - 2014-01-06 15:18 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-04-07 16:49 - 2009-07-13 19:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-07 16:49 - 2009-07-13 18:51 - 00036628 _____ () C:\Windows\setupact.log 2014-04-07 16:48 - 2012-05-04 13:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-07 16:47 - 2014-04-07 16:14 - 00000000 ____D () C:\AdwCleaner 2014-04-07 16:37 - 2014-03-03 21:09 - 00000378 _____ () C:\Windows\Tasks\WpsNotifyTask_Sherron.job 2014-04-07 16:35 - 2013-05-26 20:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-07 16:34 - 2014-03-03 21:09 - 00000378 _____ () C:\Windows\Tasks\WpsUpdateTask_Sherron.job 2014-04-07 16:13 - 2014-04-07 16:13 - 01426178 _____ () C:\Users\Sherron\Desktop\AdwCleaner.exe 2014-04-07 16:12 - 2014-04-07 16:12 - 00005916 _____ () C:\Users\Sherron\Desktop\RKreport[0]_D_04072014_161232.txt 2014-04-07 16:09 - 2014-04-07 16:09 - 00005855 _____ () C:\Users\Sherron\Desktop\RKreport[0]_S_04072014_160911.txt 2014-04-07 16:08 - 2011-11-20 23:58 - 00000000 ____D () C:\Program Files\PeerBlock 2014-04-07 16:07 - 2014-01-07 23:22 - 00000000 ____D () C:\Users\Sherron\AppData\Local\PasswordSafe 2014-04-07 16:06 - 2014-02-08 21:11 - 00000000 ____D () C:\Users\Sherron\AppData\Roaming\uTorrent 2014-04-07 16:00 - 2014-04-07 16:00 - 00001771 _____ () C:\Users\Sherron\Desktop\RKreport[0]_S_04052014_155734.7z 2014-04-07 15:59 - 2014-04-07 15:59 - 00005223 _____ () C:\Users\Sherron\Desktop\dds.7z 2014-04-07 15:59 - 2014-04-07 15:59 - 00001901 _____ () C:\Users\Sherron\Desktop\attach.7z 2014-04-07 15:48 - 2014-04-07 15:48 - 00000000 ____D () C:\Program Files (x86)\7-Zip 2014-04-07 01:32 - 2014-04-06 08:41 - 00000000 ____D () C:\Users\Sherron\AppData\Local\CrashDumps 2014-04-07 01:00 - 2013-12-01 12:15 - 00000510 _____ () C:\Windows\Tasks\Malwarebytes' Scheduled Update for Sherron.job 2014-04-06 15:43 - 2014-04-06 15:21 - 00014188 __RSH () C:\ProgramData\ntuser.pol 2014-04-06 11:38 - 2011-04-12 18:15 - 00000000 ____D () C:\Users\Sherron\AppData\Roaming\vlc 2014-04-05 21:03 - 2014-04-02 18:21 - 00001140 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-04-05 21:03 - 2014-04-02 18:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-04-05 15:57 - 2014-04-05 15:57 - 00005926 _____ () C:\Users\Sherron\Desktop\RKreport[0]_S_04052014_155734.txt 2014-04-05 15:22 - 2014-04-04 12:41 - 00020241 _____ () C:\Users\Sherron\Desktop\dds.txt 2014-04-05 15:22 - 2014-04-04 12:41 - 00003942 _____ () C:\Users\Sherron\Desktop\attach.txt 2014-04-05 15:15 - 2014-04-05 15:12 - 00000000 ____D () C:\Users\Dennis\Hostess Contest 2014-04-05 15:13 - 2013-11-02 20:54 - 00000000 ____D () C:\Users\Dennis 2014-04-04 20:15 - 2014-04-04 20:04 - 00000000 ____D () C:\Users\Sherron\Desktop\RK_Quarantine 2014-04-04 20:09 - 2014-04-04 20:09 - 00005893 _____ () C:\Users\Sherron\Desktop\RKreport[0]_S_04042014_200918-OLD01.txt 2014-04-04 20:02 - 2014-04-04 20:02 - 04527616 _____ () C:\Users\Sherron\Desktop\RogueKillerX64.exe 2014-04-04 12:37 - 2014-04-04 12:37 - 00688992 ____R (Swearware) C:\Users\Sherron\Desktop\dds.com 2014-04-04 12:36 - 2014-04-04 12:36 - 00688992 _____ (Swearware) C:\Users\Sherron\Desktop\dds.scr 2014-04-04 12:34 - 2014-04-04 12:36 - 00000824 _____ () C:\Users\Sherron\Desktop\newhosts.txt 2014-04-04 12:34 - 2014-04-04 12:34 - 00000824 _____ () C:\Users\Sherron\Documents\newhosts.txt 2014-04-03 21:20 - 2014-04-03 21:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-03 18:27 - 2009-07-13 17:20 - 00000000 ____D () C:\Windows\rescache 2014-04-03 17:16 - 2011-04-12 15:59 - 00218378 _____ () C:\Windows\PFRO.log 2014-04-03 17:16 - 2009-07-13 18:45 - 00294968 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-03 16:55 - 2013-08-06 17:01 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-03 16:54 - 2011-04-10 11:57 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-03 09:51 - 2014-04-02 18:21 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-02 18:21 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2013-12-01 11:57 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-02 18:21 - 2013-12-01 11:57 - 00000000 ____D () C:\Users\Sherron\AppData\Roaming\Malwarebytes 2014-04-02 18:21 - 2013-12-01 11:57 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-02 18:19 - 2011-04-13 17:04 - 00000000 ____D () C:\Users\Public\Documents\Stitch configuration 2014-03-27 08:36 - 2014-03-27 08:36 - 00001448 _____ () C:\Users\Sherron\Desktop\photome.exe - Shortcut.lnk 2014-03-23 12:26 - 2013-06-01 12:40 - 00000000 ____D () C:\Users\Sherron\Documents\My PSP8 Files 2014-03-20 00:36 - 2014-01-06 15:18 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-03-20 00:36 - 2014-01-06 15:18 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-03-19 12:04 - 2014-03-19 12:04 - 00000000 ____D () C:\Users\Sherron\AppData\Local\Apple Computer 2014-03-16 10:03 - 2014-03-16 09:56 - 00000741 _____ () C:\Users\Sherron\Desktop\Majjong - GameMenu.exe - Shortcut.lnk 2014-03-12 07:35 - 2013-05-26 20:32 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-12 07:35 - 2012-06-04 23:59 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-12 07:35 - 2011-06-02 14:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-09 16:03 - 2014-03-09 16:03 - 00001175 _____ () C:\Users\Sherron\Desktop\TrueCrypt.exe - Shortcut.lnk 2014-03-09 11:47 - 2014-03-06 14:02 - 00004416 _____ () C:\Users\Sherron\AppData\Roaming\CamStudio.cfg 2014-03-09 11:47 - 2014-03-06 14:02 - 00000408 _____ () C:\Users\Sherron\AppData\Roaming\CamShapes.ini 2014-03-09 11:47 - 2014-03-06 14:02 - 00000408 _____ () C:\Users\Sherron\AppData\Roaming\CamLayout.ini 2014-03-09 11:47 - 2014-03-06 14:02 - 00000120 _____ () C:\Users\Sherron\AppData\Roaming\Camdata.ini Files to move or delete: ==================== C:\Users\Sherron\AppData\Roaming\CamLayout.ini C:\Users\Sherron\AppData\Roaming\CamShapes.ini C:\Users\Public\Adobe Acrobat X (10.0.2) Pro.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-30 00:12 ==================== End Of Log ============================ Addition.txt
  4. grayedout
    Thanks for your assistance. The attach.txt and dds.txt files follow inline. I had some problem with the RogueKiller program. The first time I ran it it reported 5, (I think 5), items. I clicked the report button and exited by pressing the X in the upper right hand corner of the dialog box. Then, reading your instructions again, I closed running programs and ran RogueKiller again but this time no items were reported. Both times I did not ask it to fix anything. So all I have is the log from running it the first time and it follows attach.txt and dds.txt. Thanks again!! . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 3/31/2011 8:40:54 PM System Uptime: 4/3/2014 5:15:09 PM (46 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | H67A-UD3H-B3 Processor: Intel® Core i5-2500K CPU @ 3.30GHz | Socket 1155 | 3601/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 596 GiB total, 274.917 GiB free. D: is CDROM () E: is FIXED (NTFS) - 932 GiB total, 159.595 GiB free. F: is FIXED (NTFS) - 69 GiB total, 21.739 GiB free. I: is FIXED (NTFS) - 260 GiB total, 118.066 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP204: 2/21/2014 5:50:14 AM - Windows Update RP205: 2/24/2014 2:55:41 PM - Restore Operation RP206: 2/24/2014 3:53:39 PM - Windows Update RP207: 2/24/2014 4:26:38 PM - Windows Update RP208: 2/26/2014 8:48:29 AM - Windows Update RP209: 3/2/2014 11:35:41 AM - pre-Kingsoft Office install RP210: 3/4/2014 2:27:44 AM - Windows Update RP211: 3/7/2014 2:37:42 AM - Windows Update RP212: 3/11/2014 4:25:07 AM - Windows Update RP213: 3/18/2014 5:29:39 AM - Windows Update RP214: 3/25/2014 2:38:45 AM - Windows Update RP215: 3/28/2014 4:51:16 AM - Windows Update RP216: 4/1/2014 2:39:58 AM - Windows Update RP217: 4/3/2014 4:53:37 PM - Windows Update . ==== Installed Programs ====================== . µTorrent 7-Zip 9.22beta Adobe Acrobat X Pro - English, Français, Deutsch Adobe Flash Player 12 ActiveX Adobe Flash Player 12 Plugin Adobe Photoshop Lightroom 3.6 64-bit AnswerWorks 5.0 English Runtime Apple Application Support Apple Software Update BCWipe 3.0 CyberLink PowerDirector 12 Easy Duplicate Finder v. 3.2 Epson Event Manager Epson FAX Utility Epson PC-FAX Driver EPSON Scan EPSON WorkForce 840 Series Printer Uninstall EpsonNet Print EpsonNet Setup 3.3 GIMP 2.8.6 HandBrake 0.9.9.1 HD Tune Pro 5.50 HDHomeRun Intel® Processor Graphics Jasc Paint Shop Pro 8 K-Lite Codec Pack 10.0.0 Full Kaspersky Internet Security Kingsoft Office 2013 (9.1.0.4480) MagicTunePremium Malwarebytes Anti-Malware version 2.00.0.1000 Microsoft .NET Framework 4.5.1 Microsoft Application Error Reporting Microsoft Mouse and Keyboard Center Microsoft Office Click-to-Run 2010 Microsoft Office Home and Student 2010 - English Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Mozilla Firefox 28.0 (x86 en-US) Mozilla Maintenance Service Mozilla Thunderbird (2.0.0.23) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NewBlue Video Essentials for PowerDirector ON_OFF Charge B10.0427.1 Paragon Hard Disk Manager™ 2010 Professional Password Safe PeerBlock 1.2 (r693) PFPortChecker 1.0.39 PhotoME PlayReady PC Runtime amd64 Postbox (3.0.9) Quicken 2011 QuickTime Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Renesas Electronics USB 3.0 Host Controller Driver SeaTools for Windows Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) SILKYPIX Developer Studio 3.1 SE TurboTax 2010 TurboTax 2010 whiiper TurboTax 2010 WinPerFedFormset TurboTax 2010 WinPerReleaseEngine TurboTax 2010 WinPerTaxSupport TurboTax 2010 wrapper TurboTax 2011 TurboTax 2011 WinPerFedFormset TurboTax 2011 WinPerReleaseEngine TurboTax 2011 WinPerTaxSupport TurboTax 2011 wrapper UFRaw 0.18 UltraVnc Update for Zip Opener VLC media player 2.1.2 WinRAR archiver XXConsole: Super Console Generator ver 0.96 Zip Opener Packages . ==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16521 Run by Sherron at 15:22:13 on 2014-04-05 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8109.2578 [GMT -10:00] . AV: Kaspersky Internet Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886} SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe C:\Windows\SysWow64\IntelCpHeciSvc.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files\CyberLink\Shared files\RichVideo64.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\UltraVNC\WinVNC.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe C:\Program Files\UltraVNC\WinVNC.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\ehome\ehRecvr.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\igfxtray.exe C:\Windows\system32\taskeng.exe c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\MagicTune Premium\GammaTray.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe I:\Documents and Settings\All Users\Documents\!My portable apps\MS Schedule Plus\SCHDPL32.EXE C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Postbox\postbox.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe C:\Program Files (x86)\Password Safe\pwsafe.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\taskmgr.exe C:\Program Files\PeerBlock\peerblock.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\vssvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:Tabs mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll uRun: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" mRun: [bCWipeTM Startup] "C:\Program Files (x86)\Jetico\BCWipe\BCWipeTM.exe" startup mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime StartupFolder: C:\Users\Sherron\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PEERBL~1.LNK - C:\Program Files\PeerBlock\peerblock.exe StartupFolder: C:\Users\Sherron\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SCHDPL~1.LNK - I:\Documents and Settings\All Users\Documents\!My portable apps\MS Schedule Plus\SCHDPL32.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMMAT~1.LNK - C:\Program Files\MagicTune Premium\GammaTray.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll TCP: Interfaces\{A5787263-A0C8-45E9-A3DE-95D33C5A3CC9} : NameServer = 192.168.15.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll SSODL: WebCheck - <orphaned> x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [MagicTuneEngine] C:\Program Files\MagicTune Premium\MagicTuneLauncher.exe x64-Run: [igfxTray] "C:\Windows\System32\igfxtray.exe" x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe" x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe" x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Google FF - component: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru\components\abhelperxpcom.dll FF - component: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru\components\kavlinkfilter.dll FF - component: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru\components\ffvkplugin.dll FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\npsitesafety.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll . ============= SERVICES / DRIVERS =============== . R0 hotcore3;hc3ServiceName;C:\Windows\System32\drivers\hotcore3.sys [2012-6-20 37392] R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2011-4-7 21544] R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-8-24 45856] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2013-10-8 29792] R1 klpd;klpd;C:\Windows\System32\drivers\klpd.sys [2013-4-12 15456] R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-5-14 55904] R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2013-6-6 178272] R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [2013-10-8 214512] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504] R2 HDHomeRun Service;HDHomeRun Service;C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe [2013-3-28 18432] R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-2 1809720] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-2 857912] R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2013-12-18 390672] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944] R2 uvnc_service;uvnc_service;C:\Program Files\UltraVNC\winvnc.exe [2011-11-16 2169592] R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [2013-8-25 1643184] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-4-1 317440] R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-10-8 29280] R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-10-8 29280] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-1 25816] R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-2 119512] R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-2 63192] R3 mv2;mv2;C:\Windows\System32\drivers\mv2.sys [2011-5-6 12904] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-7-26 78848] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-7-26 180224] R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2011-11-20 22600] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-4-1 349800] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfswin7.sys [2013-6-26 768680] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaywin7.sys [2013-6-26 273576] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirwin7.sys [2013-6-26 29352] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvolwin7.sys [2013-6-26 23208] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528] S1 Uim_VIM;UIM Virtual Image Plugin;C:\Windows\System32\drivers\uim_vimx64.sys [2011-10-18 352816] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088] S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-3 111616] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-20 19456] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-3 56832] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-2 1255736] S4 klflt;klflt;C:\Windows\System32\drivers\klflt.sys [2014-1-6 115296] . =============== Created Last 30 ================ . 2014-04-04 12:14:15 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{863379CB-7E31-4417-94F2-69651656773E}\offreg.dll 2014-04-04 12:13:36 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{863379CB-7E31-4417-94F2-69651656773E}\mpengine.dll 2014-04-04 02:56:04 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll 2014-04-04 02:53:15 999936 ----a-w- C:\Program Files (x86)\Internet Explorer\networkinspection.dll 2014-04-04 02:52:43 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll 2014-04-04 02:52:43 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll 2014-04-04 02:52:42 3156480 ----a-w- C:\Windows\System32\win32k.sys 2014-04-04 02:52:42 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2014-04-04 02:52:41 484864 ----a-w- C:\Windows\System32\wer.dll 2014-04-04 02:52:41 381440 ----a-w- C:\Windows\SysWow64\wer.dll 2014-04-04 02:52:41 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2014-04-04 02:52:40 624128 ----a-w- C:\Windows\System32\qedit.dll 2014-04-04 02:52:40 509440 ----a-w- C:\Windows\SysWow64\qedit.dll 2014-04-04 02:52:40 228864 ----a-w- C:\Windows\System32\wwansvc.dll 2014-04-03 04:22:20 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-04-03 04:21:42 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-04-03 04:21:42 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-04-03 04:21:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-03-19 22:04:58 -------- d-----w- C:\Users\Sherron\AppData\Local\Apple Computer 2014-03-09 00:35:49 -------- d-----w- C:\Portable programs . ==================== Find3M ==================== . 2014-03-20 10:36:02 115296 ----a-w- C:\Windows\System32\drivers\klflt.sys 2014-03-12 17:35:10 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-03-12 17:35:10 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2014-03-05 19:26:04 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll 2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll 2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll 2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll 2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll 2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll 2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll 2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll 2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll 2014-02-25 01:40:28 29280 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys 2014-01-07 02:14:50 178272 ----a-w- C:\Windows\System32\drivers\kneps.sys 2014-01-07 02:14:47 458336 ----a-w- C:\Windows\System32\drivers\kl1.sys 2011-05-30 03:20:34 1138397 ----a-w- C:\Program Files (x86)\7z922.exe . ============= FINISH: 15:22:23.45 =============== RogueKiller V8.8.15 _x64_ [Mar 27 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Sherron [Admin rights] Mode : Scan -- Date : 04/04/2014 20:09:18 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 2 ¤¤¤ [V1][sUSP PATH] DSite.job : C:\Users\Sherron\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND [V2][sUSP PATH] DSite : C:\Users\Sherron\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE - /Check [x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ [Address] EAT @firefox.exe (FREEBL_GetVector) : MSACM32.dll -> HOOKED (C:\Program Files (x86)\Mozilla Firefox\freebl3.dll @ 0x59071000) ¤¤¤ External Hives: ¤¤¤ -> F:\Documents and Settings\All Users\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - NOT_FOUND] -> F:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - FOUND] -> F:\Documents and Settings\Guest\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - FOUND] -> F:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - FOUND] -> F:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - FOUND] -> F:\Documents and Settings\Sherron\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [sys - NO_SYS] [sys32 - NOT_FOUND] | USERINFO [startup - FOUND] -> I:\windows\system32\config\SYSTEM | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND] -> I:\windows\system32\config\SOFTWARE | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND] -> I:\windows\system32\config\SECURITY | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND] -> I:\Documents and Settings\Admin\NTUSER.DAT | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND] -> I:\Documents and Settings\Admin.PUKA\NTUSER.DAT | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND] -> I:\Documents and Settings\All Users\NTUSER.DAT | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> I:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND] -> I:\Documents and Settings\Dennis\NTUSER.DAT | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND] -> I:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND] -> I:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND] -> I:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND] -> I:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND] -> I:\Documents and Settings\Sherron\NTUSER.DAT | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND] -> I:\Documents and Settings\Sherron.PUKA\NTUSER.DAT | DRVINFO [Drv - I:] | SYSTEMINFO [sys - C:] [sys32 - FOUND] | USERINFO [startup - FOUND] ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD6402AAEX-00Y9A0 ATA Device +++++ --- User --- [MBR] 5222cb3cf068a270a2330725d5df92bc [bSP] 0f0b753d2273e02330f8eb18fcf2d8b9 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 610378 MB User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) WDC WD7500BPKT-22PK4T0 ATA Device +++++ --- User --- [MBR] b8d566b31e31b9e9c9eeb12a9ef61782 [bSP] 7521e845b2ee2dc88ff9b5855e9d383c : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 266248 MB User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) SAMSUNG HD103UJ ATA Device +++++ --- User --- [MBR] c6a95c712fa17a2d9c008f601ac5119e [bSP] e6b816a9dbfaa97bf660783b81709c4a : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1 | Size: 953867 MB User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ IDE) WDC WD740GD-00FLA0 ATA Device +++++ --- User --- [MBR] 8ba46bce50eea54586df68fcd73ef8a7 [bSP] 36ed6f5a28abfef4842269d842d81288 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 70896 MB User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_04042014_200918.txt >>
  5. grayedout
    My latest scan reported 2 PUPs that are apparently related to a "sweetpacks" tool bar. I don't have a toolbar on my Firefox but would like to get rid of these. Problem is one of them is in my Firefox prefs.js and I don't want to just delete that if I might loose something that Firefox needs. prefs.js is just a text file and I can see activity related to conduit. Can that just be edited out? Would appreciate guidance on how to resolve this. I checked the Self Help Guides, 24 pages!, but did not see anything that applied to this issue. Follows is the "copy to clipboard" data from the threat report dialoge box. =============================================================== Scan Date: 4/4/2014 Scan Time: 8:46:13 AM Logfile: Administrator: Yes Version: 2.00.0.1000 Malware Database: v2014.04.04.03 Rootkit Database: v2014.03.27.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Chameleon: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Sherron Scan Type: Threat Scan Result: Completed Objects Scanned: 340788 Time Elapsed: 5 hr, 15 min, 22 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Shuriken: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 2 PUP.Optional.Conduit.A, C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\searchplugins\conduit.xml, , [8cc7f036700b70c6e850f36fb44ed030], PUP.Optional.SweetPacks.A, C:\Users\Sherron\AppData\Roaming\Mozilla\Firefox\Profiles\Dennis-XP\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://start.sweetpacks.com/?src=2&st=12&barid={934084FD-B2CE-11E2-B4AB-00188BCBE562}&q=") , ,[57fc0e180279e94d8c77f04eeb190af6] Physical Sectors: 0 (No malicious items detected) (end)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.