Jump to content

Axr

Members
  • Content Count

    7
  • Joined

  • Last visited

About Axr

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I have 2 paid premium copies of malwarebytes. My computer wants to connect to internet in order to run scans on the drive In my boot up it has boot process of EMS loading to hypervisor. Hypervisor should not be on Windows 7 home. I have in autoruns reg keys to office Office is not installed on this computer Malwarebytes generates a lot of revenue from the sale of their products but poor support for the cutomer as evidence by pissed off complaints from comsumers. I'm fed up and will be filing complaint with consumer protection division of state attorney generals office and FTC under consumer protection laws. My computer became infected while this product failed to stop the instrusion and all but ignored in obtain support for my product after repeated request.
  2. I meant to say oem recovery disk took me back to 2009 windows 7 32bit premium I looked at task manager it has program nircmd.3xe Running I ran aswMBR in safe mode without fixing anything Disk 0 boot \Device\harddisk0\DRO -> \Device\Ide\IAAStorageDevice-0 It shows Disk 0 unknown MBR code Disk 0 partition 1 00 27 Hidden NTFS WinRE NTSF 6000 mb offset 2048
  3. It was on live chat and they said will send me case number in email which they did. I follow the instructions and several replies but no response. This was 3 weeks ago. Ive been without laptop for over month now. The logs I sent was after I ran OEM recovery disk. Something does seem right as if on restart the computer boots up in ram disk before loading C drive. There is 5.9 partition before C partition which with windows image file I assume is recovery image The recovery disk to me back to windows 7 home premium. So yesteday, i update to current Windows 7 2018 about 800mb of updates. However something is still in controll of this computer. I tried to run FRST and it says I must first be connected to internet to scan the computer? The same thing with Rkill. Must be on the internet to scan the computer On D drive in the recycle bin there is file setup.exe with 0 bytes I also noted that I have russian keyboard and other russian files under drivers .sys Can you still help?
  4. Yes I'm still here. I had to replace my router difficulty connecting to internet
  5. Still waiting?? Is there something wrong? Support ticket 2280331 by Philip malwarebytes support?
  6. Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018 Ran by Hannspree User (05-04-2018 14:07:20) Running from F:\M Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2013-05-28 17:00:08) Boot Mode: Safe Mode (minimal) ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4007488331-1904091925-3465478802-500 - Administrator - Disabled) Brynn (S-1-5-21-4007488331-1904091925-3465478802-1001 - Limited - Enabled) => C:\Users\Brynn Guest (S-1-5-21-4007488331-1904091925-3465478802-501 - Limited - Disabled) Hannspree User (S-1-5-21-4007488331-1904091925-3465478802-1000 - Administrator - Enabled) => C:\Users\Hannspree User ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Emsisoft Anti-Malware (Enabled - Out of date) {15510D9D-6530-DA29-224F-7BA1BDD1CB58} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Emsisoft Anti-Malware (Enabled - Out of date) {AE30EC79-430A-D5A7-18FF-40D3C65681E5} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.14 - Atheros Communications Inc.) Atheros Driver Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 8.0.0.238 - Atheros) BleachBit (HKLM\...\BleachBit) (Version: 1.5.2 - BleachBit) Bluetooth Win7 Suite (HKLM\...\{101A497C-7EF6-4001-834D-E5FA1C70FEFA}) (Version: 6.04.002 - Atheros Communications) CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform) Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 11.0 - Emsisoft Ltd.) Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 8.5.5.1 - Sentelic) HashTab 6.0.0.28 (HKLM\...\HashTab) (Version: 6.0.0.28 - Implbits Software) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2302 - Intel Corporation) Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 50.1.0 (x86 en-US) (HKLM\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) OSD (HKLM\...\{660D6E77-AADA-41E6-9E18-1300D4381FB7}) (Version: 1.00.000 - ) PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6045 - Realtek Semiconductor Corp.) Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.) RogueKiller version 12.7.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.7.4.0 - Adlice Software) Spybot Anti-Beacon (HKLM\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 1.6 - Safer-Networking Ltd.) SpywareBlaster 5.5 (HKLM\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC) SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.4400 - SRS Labs, Inc.) Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.7.0 - Tweaking.com) Windows Firewall Control (HKLM\...\Windows Firewall Control) (Version: 4.0.9.7 - BiniSoft.org) WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 31.0.2014.0 - BillP Studios) WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - ) Wireshark 1.12.7 (32-bit) (HKLM\...\Wireshark) (Version: 1.12.7 - The Wireshark developer community, hxxp://www.wireshark.org) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files\Bluetooth Suite\BtvAppExt.dll [2009-10-28] (TODO: <Company name>) ContextMenuHandlers1: [WinRAR] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File ContextMenuHandlers2: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd) ContextMenuHandlers3: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes) ContextMenuHandlers4: [WinRAR] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-02-11] (Intel Corporation) ContextMenuHandlers6: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU.DLL [2015-10-21] (Emsisoft Ltd) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes) ContextMenuHandlers6: [WinRAR] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {ED801FC7-478B-47B1-B51E-2D840EE4E5AE} - System32\Tasks\{22596FBB-EF7C-4FD9-8BBF-099D94718DFE} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller" (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Hannspree User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BleachBit\BleachBit-homepage.lnk -> hxxp://bleachbit.sourceforge.net ==================== Loaded Modules (Whitelisted) ============== 2009-10-28 20:12 - 2009-10-28 20:12 - 000061440 _____ () C:\Program Files\Bluetooth Suite\AthCopyHook.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125] AlternateDataStreams: C:\Users\Hannspree User\Downloads\EmsisoftAntiMalwareSetup.exe:BDU [0] AlternateDataStreams: C:\Users\Hannspree User\Downloads\mbam-setup-2.2.1.1043.exe:BDU [0] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\...\1001movie.com -> 1001movie.com There are 6091 more sites. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:04 - 2017-11-04 20:56 - 000004929 _____ C:\Windows\system32\Drivers\etc\hosts 0.0.0.0 a.ads1.msn.com 0.0.0.0 a.ads2.msads.net 0.0.0.0 a.ads2.msn.com 0.0.0.0 a.rad.msn.com 0.0.0.0 a-0001.a-msedge.net 0.0.0.0 a-0002.a-msedge.net 0.0.0.0 a-0003.a-msedge.net 0.0.0.0 a-0004.a-msedge.net 0.0.0.0 a-0005.a-msedge.net 0.0.0.0 a-0006.a-msedge.net 0.0.0.0 a-0007.a-msedge.net 0.0.0.0 a-0008.a-msedge.net 0.0.0.0 a-0009.a-msedge.net 0.0.0.0 ac3.msn.com 0.0.0.0 ad.doubleclick.net 0.0.0.0 adnexus.net 0.0.0.0 adnxs.com 0.0.0.0 ads.msn.com 0.0.0.0 ads1.msads.net 0.0.0.0 ads1.msn.com 0.0.0.0 aidps.atdmt.com 0.0.0.0 aka-cdn-ns.adtech.de 0.0.0.0 a-msedge.net 0.0.0.0 apps.skype.com 0.0.0.0 az361816.vo.msecnd.net 0.0.0.0 az512334.vo.msecnd.net 0.0.0.0 b.ads1.msn.com 0.0.0.0 b.ads2.msads.net 0.0.0.0 b.rad.msn.com 0.0.0.0 bs.serving-sys.com There are 83 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4007488331-1904091925-3465478802-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hannspree User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: Media is not connected to internet. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: bdruninstaller => "C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setupdownloader.exe" /args:"/after_restart" MSCONFIG\startupreg: InstallerLauncher => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (02/17/2018 07:02:55 AM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). Error: (01/28/2018 07:16:18 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Users\Hannspree User\Desktop\HANNSPREE RECOVERY\procexp64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (01/28/2018 06:44:45 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). Error: (12/17/2017 06:16:45 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "E:\A MALWARE SCAN\HitmanPro_x64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (12/17/2017 06:04:27 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). Error: (11/11/2017 09:22:52 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). Error: (11/04/2017 11:03:30 PM) (Source: Windows Search Service) (EventID: 1019) (User: ) Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-4007488331-1904091925-3465478802-1000}/">. Error: (11/04/2017 11:02:53 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: The index cannot be initialized. Details: The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801) System errors: ============= Error: (04/05/2018 02:00:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. Error: (04/05/2018 01:59:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. Error: (04/05/2018 01:59:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. Error: (04/05/2018 01:59:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. Error: (04/05/2018 01:59:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. Error: (04/05/2018 01:59:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. Error: (04/05/2018 01:59:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. Error: (04/05/2018 01:59:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. Windows Defender: =================================== Date: 2014-05-15 17:52:09.751 Description: Windows Defender scan has been stopped before completion. Scan ID:{37AED7E9-D60B-4D2E-AD66-89A940958A4D} Scan Type:AntiSpyware Scan Parameters:Quick Scan CodeIntegrity: =================================== Date: 2017-11-04 20:44:06.556 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system. Date: 2017-11-04 20:38:06.723 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system. Date: 2017-11-04 20:01:17.141 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system. Date: 2017-08-18 21:27:49.942 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system. Date: 2017-08-18 20:51:59.429 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks32.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Genuine Intel(R) CPU U4100 @ 1.30GHz Percentage of memory in use: 19% Total physical RAM: 2012.16 MB Available physical RAM: 1627.34 MB Total Virtual: 4024.32 MB Available Virtual: 3663.07 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:39.06 GB) (Free:20.72 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (Data) (Fixed) (Total:253.17 GB) (Free:179.07 GB) NTFS Drive e: (eSysRescueLiveCD) (CDROM) (Total:0.47 GB) (Free:0 GB) CDFS Drive f: () (Removable) (Total:59.45 GB) (Free:59.1 GB) exFAT \\?\Volume{8bf2556a-13d0-11e8-8484-806e6f6e6963}\ () (Fixed) (Total:5.86 GB) (Free:1.52 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: FBA0ECD2) Partition 1: (Active) - (Size=5.9 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=39.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=253.2 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Protective MBR) (Size: 59.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================
  7. I have paid version malwarebytes with antiexploit ransomware. I have trojan, worm, roothkit that bypassed emsisoft, emet, etc Cannot boot up. Shown as security suite, avira rescue disk show 57 variants of tr/crypt.xpack.gen3 On windows 7 homecpremium. I have oem recovery disk as well as tetail copy of windows 7 ultima. Fresh installs do not work Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14.03.2018 Ran by SYSTEM on MININT-3HCVRQ6 (12-04-2018 04:44:50) Running from H:\M Platform: Windows 7 Home Premium (X86) Language: English (United States) Internet Explorer Version 8 Boot Mode: Recovery Default: ControlSet001 ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log. Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe, HKLM\...\Winlogon: [Shell] explorer.exe [x ] () Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\Default\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\Default\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe HKU\Default User\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\Default User\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 VoodooShieldService; C:\Program Files\VoodooShield\VoodooShieldService.exe [132944 2018-03-22] (VoodooSoft, LLC ) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation) S3 AeLookupSvc; %SystemRoot%\System32\aelupsvc.dll [X] S3 ALG; %SystemRoot%\System32\alg.exe [X] S3 AppIDSvc; %SystemRoot%\System32\appidsvc.dll [X] S3 Appinfo; %SystemRoot%\System32\appinfo.dll [X] S4 AudioEndpointBuilder; %SystemRoot%\System32\Audiosrv.dll [X] S4 Audiosrv; %SystemRoot%\System32\Audiosrv.dll [X] S4 AxInstSV; %SystemRoot%\System32\AxInstSV.dll [X] S3 BDESVC; %SystemRoot%\System32\bdesvc.dll [X] S2 BFE; %SystemRoot%\System32\bfe.dll [X] S3 BITS; %SystemRoot%\System32\qmgr.dll [X] S4 Browser; %SystemRoot%\System32\browser.dll [X] S4 bthserv; %SystemRoot%\system32\bthserv.dll [X] S3 CertPropSvc; %SystemRoot%\System32\certprop.dll [X] S2 clr_optimization_v2.0.50727_32; %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [X] S2 CryptSvc; %SystemRoot%\system32\cryptsvc.dll [X] S2 DcomLaunch; %SystemRoot%\system32\rpcss.dll [X] S3 defragsvc; %Systemroot%\System32\defragsvc.dll [X] S4 Dhcp; %SystemRoot%\system32\dhcpcore.dll [X] S4 Dnscache; %SystemRoot%\System32\dnsrslvr.dll [X] S3 dot3svc; %SystemRoot%\System32\dot3svc.dll [X] S2 DPS; %SystemRoot%\system32\dps.dll [X] S4 EapHost; %SystemRoot%\System32\eapsvc.dll [X] S4 EFS; %SystemRoot%\System32\lsass.exe [X] S4 ehRecvr; %systemroot%\ehome\ehRecvr.exe [X] S4 ehSched; %systemroot%\ehome\ehsched.exe [X] S2 eventlog; %SystemRoot%\System32\wevtsvc.dll [X] S2 EventSystem; %systemroot%\system32\es.dll [X] S4 Fax; %systemroot%\system32\fxssvc.exe [X] S4 fdPHost; %SystemRoot%\system32\fdPHost.dll [X] S4 FDResPub; %SystemRoot%\system32\fdrespub.dll [X] S3 FontCache; %SystemRoot%\system32\FntCache.dll [X] S3 FontCache3.0.0.0; %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [X] S2 gpsvc; %SystemRoot%\System32\gpsvc.dll [X] S4 hkmsvc; %SystemRoot%\system32\kmsvc.dll [X] S4 HomeGroupListener; %SystemRoot%\system32\ListSvc.dll [X] S4 HomeGroupProvider; %SystemRoot%\system32\provsvc.dll [X] S3 idsvc; "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [X] S4 IKEEXT; %SystemRoot%\System32\ikeext.dll [X] S4 IPBusEnum; %SystemRoot%\system32\ipbusenum.dll [X] S4 iphlpsvc; %SystemRoot%\System32\iphlpsvc.dll [X] S3 KeyIso; %SystemRoot%\system32\lsass.exe [X] S3 KtmRm; %systemroot%\system32\msdtckrm.dll [X] S2 LanmanServer; %SystemRoot%\system32\srvsvc.dll [X] S2 LanmanWorkstation; %SystemRoot%\System32\wkssvc.dll [X] S3 lltdsvc; %SystemRoot%\System32\lltdsvc.dll [X] S4 lmhosts; %SystemRoot%\System32\lmhsvc.dll [X] S4 Mcx2Svc; %SystemRoot%\system32\Mcx2Svc.dll [X] S2 MMCSS; %SystemRoot%\system32\mmcss.dll [X] S2 MpsSvc; %SystemRoot%\system32\mpssvc.dll [X] S3 MSDTC; %SystemRoot%\System32\msdtc.exe [X] S4 MSiSCSI; %systemroot%\system32\iscsiexe.dll [X] S3 msiserver; %systemroot%\system32\msiexec.exe /V [X] S4 napagent; %SystemRoot%\system32\qagentRT.dll [X] S4 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [X] S4 Netlogon; %systemroot%\system32\lsass.exe [X] S4 Netman; %SystemRoot%\System32\netman.dll [X] S4 netprofm; %SystemRoot%\System32\netprofm.dll [X] S4 NetTcpPortSharing; "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [X] S4 NlaSvc; %SystemRoot%\System32\nlasvc.dll [X] S2 nsi; %systemroot%\system32\nsisvc.dll [X] S4 p2pimsvc; %SystemRoot%\system32\pnrpsvc.dll [X] S4 p2psvc; %SystemRoot%\system32\p2psvc.dll [X] S4 PcaSvc; %SystemRoot%\System32\pcasvc.dll [X] S3 pla; %systemroot%\system32\pla.dll [X] S2 PlugPlay; %SystemRoot%\system32\umpnpmgr.dll [X] S4 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [X] S4 PNRPAutoReg; %SystemRoot%\system32\pnrpauto.dll [X] S4 PNRPsvc; %SystemRoot%\system32\pnrpsvc.dll [X] S4 PolicyAgent; %SystemRoot%\System32\ipsecsvc.dll [X] S2 Power; %SystemRoot%\system32\umpo.dll [X] S2 ProfSvc; %systemroot%\system32\profsvc.dll [X] S3 ProtectedStorage; %SystemRoot%\system32\lsass.exe [X] S4 QWAVE; %windir%\system32\qwave.dll [X] S4 RasAuto; %SystemRoot%\System32\rasauto.dll [X] S4 RasMan; %SystemRoot%\System32\rasmans.dll [X] S4 RemoteAccess; %SystemRoot%\System32\mprdim.dll [X] S4 RemoteRegistry; %SystemRoot%\system32\regsvc.dll [X] S2 RpcEptMapper; %SystemRoot%\System32\RpcEpMap.dll [X] S3 RpcLocator; %SystemRoot%\system32\locator.exe [X] S2 RpcSs; %SystemRoot%\system32\rpcss.dll [X] S2 SamSs; %SystemRoot%\system32\lsass.exe [X] S4 SCardSvr; %SystemRoot%\System32\SCardSvr.dll [X] S2 Schedule; %systemroot%\system32\schedsvc.dll [X] S4 SCPolicySvc; %SystemRoot%\System32\certprop.dll [X] S4 SDRSVC; %Systemroot%\System32\SDRSVC.dll [X] S4 seclogon; %windir%\system32\seclogon.dll [X] S2 SENS; %SystemRoot%\System32\sens.dll [X] S3 SensrSvc; %SystemRoot%\system32\sensrsvc.dll [X] S4 SessionEnv; %SystemRoot%\system32\sessenv.dll [X] S4 SharedAccess; %SystemRoot%\System32\ipnathlp.dll [X] S2 ShellHWDetection; %SystemRoot%\System32\shsvcs.dll [X] S4 SNMPTRAP; %SystemRoot%\System32\snmptrap.exe [X] S4 Spooler; %SystemRoot%\System32\spoolsv.exe [X] S2 sppsvc; %SystemRoot%\system32\sppsvc.exe [X] S3 sppuinotify; %SystemRoot%\system32\sppuinotify.dll [X] S4 SSDPSRV; %SystemRoot%\System32\ssdpsrv.dll [X] S4 SstpSvc; %SystemRoot%\system32\sstpsvc.dll [X] S3 StiSvc; %SystemRoot%\System32\wiaservc.dll [X] S3 swprv; %Systemroot%\System32\swprv.dll [X] S2 SysMain; %systemroot%\system32\sysmain.dll [X] S4 TabletInputService; %SystemRoot%\System32\TabSvc.dll [X] S4 TapiSrv; %SystemRoot%\System32\tapisrv.dll [X] S3 TBS; %SystemRoot%\System32\tbssvc.dll [X] S4 TermService; %SystemRoot%\System32\termsrv.dll [X] S2 Themes; %SystemRoot%\system32\themeservice.dll [X] S3 THREADORDER; %SystemRoot%\system32\mmcss.dll [X] S2 TrkWks; %SystemRoot%\System32\trkwks.dll [X] S2 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X] S4 UI0Detect; %SystemRoot%\system32\UI0Detect.exe [X] S4 upnphost; %SystemRoot%\System32\upnphost.dll [X] S2 UxSms; %SystemRoot%\System32\uxsms.dll [X] S3 VaultSvc; %SystemRoot%\system32\lsass.exe [X] S4 vds; %SystemRoot%\System32\vds.exe [X] S3 VSS; %systemroot%\system32\vssvc.exe [X] S3 W32Time; %systemroot%\system32\w32time.dll [X] S4 wbengine; "%systemroot%\system32\wbengine.exe" [X] S4 WbioSrvc; %SystemRoot%\System32\wbiosrvc.dll [X] S3 wcncsvc; %SystemRoot%\System32\wcncsvc.dll [X] S3 WcsPlugInService; %SystemRoot%\System32\WcsPlugInService.dll [X] S3 WdiServiceHost; %SystemRoot%\system32\wdi.dll [X] S3 WdiSystemHost; %SystemRoot%\system32\wdi.dll [X] S4 WebClient; %SystemRoot%\System32\webclnt.dll [X] S3 Wecsvc; %SystemRoot%\system32\wecsvc.dll [X] S3 wercplsupport; %SystemRoot%\System32\wercplsupport.dll [X] S3 WerSvc; %SystemRoot%\System32\WerSvc.dll [X] S4 WinHttpAutoProxySvc; winhttp.dll [X] S2 Winmgmt; %SystemRoot%\system32\wbem\WMIsvc.dll [X] S4 WinRM; %SystemRoot%\system32\WsmSvc.dll [X] S4 Wlansvc; %SystemRoot%\System32\wlansvc.dll [X] S3 wmiApSrv; %systemroot%\system32\wbem\WmiApSrv.exe [X] S4 WMPNetworkSvc; "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" [X] S4 WPCSvc; %SystemRoot%\System32\wpcsvc.dll [X] S4 WPDBusEnum; %SystemRoot%\system32\wpdbusenum.dll [X] S2 wscsvc; %SystemRoot%\System32\wscsvc.dll [X] S2 WSearch; %systemroot%\system32\SearchIndexer.exe /Embedding [X] S2 wuauserv; %systemroot%\system32\wuaueng.dll [X] S2 wudfsvc; %SystemRoot%\System32\WUDFSvc.dll [X] S4 WwanSvc; %SystemRoot%\System32\wwansvc.dll [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 1394ohci; \SystemRoot\system32\DRIVERS\1394ohci.sys [X] S0 ACPI; system32\DRIVERS\ACPI.sys [X] S3 AcpiPmi; \SystemRoot\system32\DRIVERS\acpipmi.sys [X] S3 adp94xx; \SystemRoot\system32\DRIVERS\adp94xx.sys [X] S3 adpahci; \SystemRoot\system32\DRIVERS\adpahci.sys [X] S3 adpu320; \SystemRoot\system32\DRIVERS\adpu320.sys [X] S1 AFD; \SystemRoot\system32\drivers\afd.sys [X] S3 agp440; \SystemRoot\system32\DRIVERS\agp440.sys [X] S3 aic78xx; \SystemRoot\system32\DRIVERS\djsvs.sys [X] S3 aliide; \SystemRoot\system32\DRIVERS\aliide.sys [X] S3 amdagp; \SystemRoot\system32\DRIVERS\amdagp.sys [X] S3 amdide; \SystemRoot\system32\DRIVERS\amdide.sys [X] S3 AmdK8; \SystemRoot\system32\DRIVERS\amdk8.sys [X] S3 AmdPPM; \SystemRoot\system32\DRIVERS\amdppm.sys [X] S3 amdsata; \SystemRoot\system32\DRIVERS\amdsata.sys [X] S3 amdsbs; \SystemRoot\system32\DRIVERS\amdsbs.sys [X] S0 amdxata; system32\DRIVERS\amdxata.sys [X] S3 AppID; \SystemRoot\system32\drivers\appid.sys [X] S3 arc; \SystemRoot\system32\DRIVERS\arc.sys [X] S3 arcsas; \SystemRoot\system32\DRIVERS\arcsas.sys [X] S3 AsyncMac; system32\DRIVERS\asyncmac.sys [X] S0 atapi; system32\DRIVERS\atapi.sys [X] S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X] S3 AthDfu; System32\Drivers\AthDfu.sys [X] S3 athr; system32\DRIVERS\athr.sys [X] S3 b06bdrv; \SystemRoot\system32\DRIVERS\bxvbdx.sys [X] S3 b57nd60x; system32\DRIVERS\b57nd60x.sys [X] S1 Beep; no ImagePath S0 BlackBox; no ImagePath S1 blbdrive; system32\DRIVERS\blbdrive.sys [X] S3 bowser; system32\DRIVERS\bowser.sys [X] S3 BrFiltLo; \SystemRoot\system32\DRIVERS\BrFiltLo.sys [X] S3 BrFiltUp; \SystemRoot\system32\DRIVERS\BrFiltUp.sys [X] S3 Brserid; \SystemRoot\System32\Drivers\Brserid.sys [X] S3 BrSerWdm; \SystemRoot\System32\Drivers\BrSerWdm.sys [X] S3 BrUsbMdm; \SystemRoot\System32\Drivers\BrUsbMdm.sys [X] S3 BrUsbSer; \SystemRoot\System32\Drivers\BrUsbSer.sys [X] S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X] S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X] S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X] S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X] S3 BtFilter; system32\DRIVERS\btfilter.sys [X] S3 BthEnum; system32\DRIVERS\BthEnum.sys [X] S3 BTHMODEM; \SystemRoot\system32\DRIVERS\bthmodem.sys [X] S3 BthPan; system32\DRIVERS\bthpan.sys [X] S3 BTHPORT; System32\Drivers\BTHport.sys [X] S3 BTHUSB; System32\Drivers\BTHUSB.sys [X] S4 cdfs; system32\DRIVERS\cdfs.sys [X] S1 cdrom; system32\DRIVERS\cdrom.sys [X] S3 circlass; \SystemRoot\system32\DRIVERS\circlass.sys [X] S0 CLFS; System32\CLFS.sys [X] S3 CmBatt; system32\DRIVERS\CmBatt.sys [X] S3 cmdide; \SystemRoot\system32\DRIVERS\cmdide.sys [X] S0 CNG; System32\Drivers\cng.sys [X] S0 Compbatt; system32\DRIVERS\compbatt.sys [X] S3 CompositeBus; system32\DRIVERS\CompositeBus.sys [X] S4 crcdisk; \SystemRoot\system32\DRIVERS\crcdisk.sys [X] S1 DfsC; System32\Drivers\dfsc.sys [X] S1 discache; System32\drivers\discache.sys [X] S0 Disk; system32\DRIVERS\disk.sys [X] S3 drmkaud; system32\drivers\drmkaud.sys [X] S3 DXGKrnl; \SystemRoot\System32\drivers\dxgkrnl.sys [X] S3 ebdrv; \SystemRoot\system32\DRIVERS\evbdx.sys [X] S3 elxstor; \SystemRoot\system32\DRIVERS\elxstor.sys [X] S3 ErrDev; \SystemRoot\system32\DRIVERS\errdev.sys [X] S3 exfat; no ImagePath S3 fastfat; no ImagePath S3 fdc; \SystemRoot\system32\DRIVERS\fdc.sys [X] S0 FileInfo; system32\drivers\fileinfo.sys [X] S3 Filetrace; system32\drivers\filetrace.sys [X] S3 flpydisk; \SystemRoot\system32\DRIVERS\flpydisk.sys [X] S0 FltMgr; system32\drivers\fltmgr.sys [X] S3 FsDepends; System32\drivers\FsDepends.sys [X] S3 fspad_wlh32; system32\DRIVERS\fspad_wlh32.sys [X] S0 Fs_Rec; no ImagePath S0 fvevol; System32\DRIVERS\fvevol.sys [X] S3 FXDrv32; \??\E:\12E2Lastesttool0309(FT34)\Windows\FXDrv32.sys [X] S3 gagp30kx; \SystemRoot\system32\DRIVERS\gagp30kx.sys [X] S3 hcw85cir; \SystemRoot\system32\drivers\hcw85cir.sys [X] S3 HdAudAddService; system32\drivers\HdAudio.sys [X] S3 HDAudBus; system32\DRIVERS\HDAudBus.sys [X] S3 HidBatt; \SystemRoot\system32\DRIVERS\HidBatt.sys [X] S3 HidBth; \SystemRoot\system32\DRIVERS\hidbth.sys [X] S3 HidIr; \SystemRoot\system32\DRIVERS\hidir.sys [X] S3 HidUsb; system32\DRIVERS\hidusb.sys [X] S3 HpSAMD; \SystemRoot\system32\DRIVERS\HpSAMD.sys [X] S3 HTTP; system32\drivers\HTTP.sys [X] S0 hwpolicy; System32\drivers\hwpolicy.sys [X] S3 i8042prt; system32\DRIVERS\i8042prt.sys [X] S0 iaStor; system32\DRIVERS\iaStor.sys [X] S3 iaStorV; \SystemRoot\system32\DRIVERS\iaStorV.sys [X] S3 igfx; system32\DRIVERS\igdkmd32.sys [X] S3 iirsp; \SystemRoot\system32\DRIVERS\iirsp.sys [X] S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X] S3 IntcHdmiAddService; system32\drivers\IntcHdmi.sys [X] S3 intelide; \SystemRoot\system32\DRIVERS\intelide.sys [X] S3 intelppm; system32\DRIVERS\intelppm.sys [X] S3 IpFilterDriver; system32\DRIVERS\ipfltdrv.sys [X] S3 IPMIDRV; \SystemRoot\system32\DRIVERS\IPMIDrv.sys [X] S3 IPNAT; System32\drivers\ipnat.sys [X] S3 IRENUM; system32\drivers\irenum.sys [X] S3 isapnp; \SystemRoot\system32\DRIVERS\isapnp.sys [X] S3 iScsiPrt; \SystemRoot\system32\DRIVERS\msiscsi.sys [X] S3 kbdclass; system32\DRIVERS\kbdclass.sys [X] S3 kbdhid; system32\DRIVERS\kbdhid.sys [X] S0 KSecDD; System32\Drivers\ksecdd.sys [X] S0 KSecPkg; System32\Drivers\ksecpkg.sys [X] S3 L1C; system32\DRIVERS\L1C62x86.sys [X] S2 lltdio; system32\DRIVERS\lltdio.sys [X] S3 LSI_FC; \SystemRoot\system32\DRIVERS\lsi_fc.sys [X] S3 LSI_SAS; \SystemRoot\system32\DRIVERS\lsi_sas.sys [X] S3 LSI_SAS2; \SystemRoot\system32\DRIVERS\lsi_sas2.sys [X] S3 LSI_SCSI; \SystemRoot\system32\DRIVERS\lsi_scsi.sys [X] S2 luafv; \SystemRoot\system32\drivers\luafv.sys [X] S3 megasas; \SystemRoot\system32\DRIVERS\megasas.sys [X] S3 MegaSR; \SystemRoot\system32\DRIVERS\MegaSR.sys [X] S3 Modem; system32\drivers\modem.sys [X] S3 monitor; system32\DRIVERS\monitor.sys [X] S3 mouclass; system32\DRIVERS\mouclass.sys [X] S3 mouhid; system32\DRIVERS\mouhid.sys [X] S0 mountmgr; System32\drivers\mountmgr.sys [X] S3 mpio; \SystemRoot\system32\DRIVERS\mpio.sys [X] S3 mpsdrv; System32\drivers\mpsdrv.sys [X] S3 MRxDAV; \SystemRoot\system32\drivers\mrxdav.sys [X] S3 mrxsmb; system32\DRIVERS\mrxsmb.sys [X] S3 mrxsmb10; system32\DRIVERS\mrxsmb10.sys [X] S3 mrxsmb20; system32\DRIVERS\mrxsmb20.sys [X] S0 msahci; system32\DRIVERS\msahci.sys [X] S3 msdsm; \SystemRoot\system32\DRIVERS\msdsm.sys [X] S1 Msfs; no ImagePath S3 mshidkmdf; \SystemRoot\System32\drivers\mshidkmdf.sys [X] S0 msisadrv; system32\DRIVERS\msisadrv.sys [X] S3 MSKSSRV; system32\drivers\MSKSSRV.sys [X] S3 MSPCLOCK; system32\drivers\MSPCLOCK.sys [X] S3 MSPQM; system32\drivers\MSPQM.sys [X] S3 MsRPC; no ImagePath S1 mssmbios; system32\DRIVERS\mssmbios.sys [X] S3 MSTEE; system32\drivers\MSTEE.sys [X] S3 MTConfig; \SystemRoot\system32\DRIVERS\MTConfig.sys [X] S0 Mup; System32\Drivers\mup.sys [X] S3 NativeWifiP; system32\DRIVERS\nwifi.sys [X] S0 NDIS; system32\drivers\ndis.sys [X] S3 NdisCap; system32\DRIVERS\ndiscap.sys [X] S3 NdisTapi; system32\DRIVERS\ndistapi.sys [X] S3 Ndisuio; system32\DRIVERS\ndisuio.sys [X] S3 NdisWan; system32\DRIVERS\ndiswan.sys [X] S3 NDProxy; no ImagePath S1 NetBIOS; system32\DRIVERS\netbios.sys [X] S1 NetBT; System32\DRIVERS\netbt.sys [X] S3 nfrd960; \SystemRoot\system32\DRIVERS\nfrd960.sys [X] S1 Npfs; no ImagePath S1 nsiproxy; system32\drivers\nsiproxy.sys [X] S3 Ntfs; no ImagePath S1 Null; no ImagePath S3 nvraid; \SystemRoot\system32\DRIVERS\nvraid.sys [X] S3 nvstor; \SystemRoot\system32\DRIVERS\nvstor.sys [X] S3 nv_agp; \SystemRoot\system32\DRIVERS\nv_agp.sys [X] S3 ohci1394; \SystemRoot\system32\DRIVERS\ohci1394.sys [X] S3 Parport; \SystemRoot\system32\DRIVERS\parport.sys [X] S0 partmgr; System32\drivers\partmgr.sys [X] S2 Parvdm; \SystemRoot\system32\DRIVERS\parvdm.sys [X] S0 pci; system32\DRIVERS\pci.sys [X] S3 pciide; \SystemRoot\system32\DRIVERS\pciide.sys [X] S3 pcmcia; \SystemRoot\system32\DRIVERS\pcmcia.sys [X] S0 pcw; System32\drivers\pcw.sys [X] S2 PEAUTH; system32\drivers\peauth.sys [X] S3 PptpMiniport; system32\DRIVERS\raspptp.sys [X] S3 Processor; \SystemRoot\system32\DRIVERS\processr.sys [X] S1 Psched; system32\DRIVERS\pacer.sys [X] S3 ql2300; \SystemRoot\system32\DRIVERS\ql2300.sys [X] S3 ql40xx; \SystemRoot\system32\DRIVERS\ql40xx.sys [X] S3 QWAVEdrv; \SystemRoot\system32\drivers\qwavedrv.sys [X] S3 RasAcd; System32\DRIVERS\rasacd.sys [X] S3 RasAgileVpn; system32\DRIVERS\AgileVpn.sys [X] S3 Rasl2tp; system32\DRIVERS\rasl2tp.sys [X] S3 RasPppoe; system32\DRIVERS\raspppoe.sys [X] S3 RasSstp; system32\DRIVERS\rassstp.sys [X] S1 rdbss; system32\DRIVERS\rdbss.sys [X] S3 rdpbus; \SystemRoot\system32\DRIVERS\rdpbus.sys [X] S1 RDPCDD; System32\DRIVERS\RDPCDD.sys [X] S1 RDPENCDD; system32\drivers\rdpencdd.sys [X] S1 RDPREFMP; system32\drivers\rdprefmp.sys [X] S3 RDPWD; no ImagePath S0 rdyboost; System32\drivers\rdyboost.sys [X] S3 RFCOMM; system32\DRIVERS\rfcomm.sys [X] S2 rspndr; system32\DRIVERS\rspndr.sys [X] S3 sbp2port; \SystemRoot\system32\DRIVERS\sbp2port.sys [X] S3 scfilter; System32\DRIVERS\scfilter.sys [X] S2 secdrv; no ImagePath S3 Serenum; \SystemRoot\system32\DRIVERS\serenum.sys [X] S3 Serial; \SystemRoot\system32\DRIVERS\serial.sys [X] S3 sermouse; \SystemRoot\system32\DRIVERS\sermouse.sys [X] S3 sffdisk; \SystemRoot\system32\DRIVERS\sffdisk.sys [X] S3 sffp_mmc; \SystemRoot\system32\DRIVERS\sffp_mmc.sys [X] S3 sffp_sd; \SystemRoot\system32\DRIVERS\sffp_sd.sys [X] S3 sfloppy; \SystemRoot\system32\DRIVERS\sfloppy.sys [X] S3 sisagp; \SystemRoot\system32\DRIVERS\sisagp.sys [X] S3 SiSRaid2; \SystemRoot\system32\DRIVERS\SiSRaid2.sys [X] S3 SiSRaid4; \SystemRoot\system32\DRIVERS\sisraid4.sys [X] S3 Smb; system32\DRIVERS\smb.sys [X] S0 spldr; no ImagePath S4 SRTSPX; \SystemRoot\system32\drivers\NIS\1100000.088\SRTSPX.SYS [X] S3 srv; System32\DRIVERS\srv.sys [X] S3 srv2; System32\DRIVERS\srv2.sys [X] S3 srvnet; System32\DRIVERS\srvnet.sys [X] S3 stexstor; \SystemRoot\system32\DRIVERS\stexstor.sys [X] S3 swenum; system32\DRIVERS\swenum.sys [X] S0 Tcpip; System32\drivers\tcpip.sys [X] S3 TCPIP6; system32\DRIVERS\tcpip.sys [X] S2 tcpipreg; System32\drivers\tcpipreg.sys [X] S3 TDPIPE; system32\drivers\tdpipe.sys [X] S3 TDTCP; system32\drivers\tdtcp.sys [X] S1 tdx; system32\DRIVERS\tdx.sys [X] S1 TermDD; system32\DRIVERS\termdd.sys [X] S3 tssecsrv; System32\DRIVERS\tssecsrv.sys [X] S3 tunnel; system32\DRIVERS\tunnel.sys [X] S3 uagp35; \SystemRoot\system32\DRIVERS\uagp35.sys [X] S3 UCORESYS; \??\F:\M\SN12E2_Bios_965HGP05\SN12E2_965HGP05\UCORESYS.SYS [X] S4 udfs; system32\DRIVERS\udfs.sys [X] S3 uliagpkx; \SystemRoot\system32\DRIVERS\uliagpkx.sys [X] S3 umbus; system32\DRIVERS\umbus.sys [X] S3 UmPass; \SystemRoot\system32\DRIVERS\umpass.sys [X] S3 usbaudio; system32\drivers\usbaudio.sys [X] S3 usbccgp; system32\DRIVERS\usbccgp.sys [X] S3 usbcir; \SystemRoot\system32\DRIVERS\usbcir.sys [X] S3 usbehci; system32\DRIVERS\usbehci.sys [X] S3 usbhub; system32\DRIVERS\usbhub.sys [X] S3 usbohci; \SystemRoot\system32\DRIVERS\usbohci.sys [X] S3 usbprint; \SystemRoot\system32\DRIVERS\usbprint.sys [X] S3 USBSTOR; system32\DRIVERS\USBSTOR.SYS [X] S3 usbuhci; system32\DRIVERS\usbuhci.sys [X] S3 usbvideo; System32\Drivers\usbvideo.sys [X] S0 vdrvroot; system32\DRIVERS\vdrvroot.sys [X] S3 vga; system32\DRIVERS\vgapnp.sys [X] S1 VgaSave; \SystemRoot\System32\drivers\vga.sys [X] S3 vhdmp; \SystemRoot\system32\DRIVERS\vhdmp.sys [X] S3 viaagp; \SystemRoot\system32\DRIVERS\viaagp.sys [X] S3 ViaC7; \SystemRoot\system32\DRIVERS\viac7.sys [X] S3 viaide; \SystemRoot\system32\DRIVERS\viaide.sys [X] S0 volmgr; system32\DRIVERS\volmgr.sys [X] S0 volmgrx; System32\drivers\volmgrx.sys [X] S0 volsnap; system32\DRIVERS\volsnap.sys [X] S3 vsmraid; \SystemRoot\system32\DRIVERS\vsmraid.sys [X] S3 VSScanner; system32\DRIVERS\vsscanner.sys [X] S3 vwifibus; system32\DRIVERS\vwifibus.sys [X] S1 vwififlt; system32\DRIVERS\vwififlt.sys [X] S3 WacomPen; \SystemRoot\system32\DRIVERS\wacompen.sys [X] S3 WANARP; system32\DRIVERS\wanarp.sys [X] S1 Wanarpv6; system32\DRIVERS\wanarp.sys [X] S3 Wd; \SystemRoot\system32\DRIVERS\wd.sys [X] S0 Wdf01000; system32\drivers\Wdf01000.sys [X] S1 WfpLwf; system32\DRIVERS\wfplwf.sys [X] S3 WIMMount; system32\drivers\wimmount.sys [X] S3 WmiAcpi; system32\DRIVERS\wmiacpi.sys [X] S4 ws2ifsl; \SystemRoot\system32\drivers\ws2ifsl.sys [X] S3 WudfPf; system32\drivers\WudfPf.sys [X] S3 WUDFRd; system32\DRIVERS\WUDFRd.sys [X] S3 __FOX__UNI_DRIVER__; \??\C:\Users\J\AppData\Local\Temp\FoxG1Driver.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) Error(1) reading file: "C:\pagefile.sys" Error(1) reading file: "C:\MSDOS.SYS" Error(1) reading file: "C:\IO.SYS" Error(1) reading file: "C:\Intel" Error(1) reading file: "C:\hiberfil.sys" Error(1) reading file: "C:\config.sys" 2018-04-12 04:35 - 2018-04-12 04:35 - 000000000 ____D C:\Panda USB Vaccine 2018-04-12 04:34 - 2018-04-06 03:37 - 000865272 _____ (Panda Security ) C:\usbvaccine.exe 2018-04-08 02:51 - 2018-04-08 03:10 - 000000000 ____D C:\RescueCD Logs 2018-04-06 00:25 - 2018-04-06 00:25 - 000000000 ____D C:\Windows\System32\SMI 2018-04-06 00:25 - 2018-04-04 13:57 - 035921920 _____ C:\Windows\System32\config\COMPON~1 2018-04-05 06:53 - 2018-04-05 06:53 - 000019532 _____ C:\Users\J\Desktop\MTB1.txt 2018-04-05 06:53 - 2013-01-09 14:26 - 000654424 _____ (Sysinternals - www.sysinternals.com) C:\Users\J\Desktop\autoruns.exe 2018-04-05 06:52 - 2017-12-09 12:32 - 015201544 _____ (Goversoft LLC) C:\Users\J\Desktop\PrivaZer34.exe 2018-04-05 06:51 - 2016-10-27 14:59 - 000465024 _____ (Bleeping Computer, LLC) C:\Users\J\Desktop\sc-cleaner.exe 2018-04-05 06:49 - 2018-04-05 06:49 - 000001811 _____ C:\Users\J\Desktop\aswMBR1.txt 2018-04-05 06:49 - 2018-04-05 06:49 - 000000512 _____ C:\Users\J\Desktop\MBR.dat 2018-04-05 06:39 - 2018-04-05 06:39 - 000001005 _____ C:\Users\J\Desktop\hijackthis.log1.txt 2018-04-04 13:58 - 2018-04-05 06:40 - 000032474 _____ C:\Users\J\Desktop\FRST.txt 2018-04-04 13:58 - 2018-04-05 06:40 - 000012019 _____ C:\Users\J\Desktop\Addition.txt 2018-04-04 13:57 - 2018-04-12 04:44 - 000000000 ____D C:\FRST 2018-04-04 13:16 - 2018-04-04 13:16 - 000000000 ____D C:\users\Administrator 2018-04-04 13:12 - 2018-04-05 06:50 - 000000462 _____ C:\Users\J\Desktop\settings.ini 2018-04-04 13:12 - 2014-03-17 10:48 - 003159616 _____ (VS Revo Group) C:\Users\J\Desktop\Revouninstaller.exe 2018-04-04 13:11 - 2018-04-05 06:44 - 000019532 _____ C:\Users\J\Desktop\MTB.txt 2018-04-04 13:10 - 2018-04-05 06:43 - 000002163 _____ C:\Users\J\Desktop\FSS.txt 2018-04-04 13:07 - 2018-04-06 06:03 - 000000000 ____D C:\Users\J\Desktop\backups 2018-04-04 13:03 - 2018-04-04 13:03 - 000000000 _____ C:\Users\J\defogger_reenable 2018-04-04 13:02 - 2018-04-05 06:38 - 000001974 _____ C:\Users\J\Desktop\Rkill.txt 2018-04-04 12:58 - 2018-04-04 12:59 - 000000000 ____D C:\Rem-VBSqt 2018-04-04 12:54 - 2015-09-06 20:32 - 000448512 _____ (OldTimer Tools) C:\Users\J\Desktop\TFC.exe 2018-04-04 12:53 - 2016-10-27 15:11 - 000892416 _____ (Farbar) C:\Users\J\Desktop\MiniToolBox INTERNET CONNECTION ISSUES.exe 2018-04-04 12:53 - 2016-05-18 00:18 - 016563352 _____ (Malwarebytes Corp.) C:\Users\J\Desktop\mbar-1.09.3.1001.exe 2018-04-04 12:52 - 2017-12-29 12:28 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\J\Desktop\iExplore.exe 2018-04-04 12:52 - 2017-12-29 11:27 - 000899584 _____ (Farbar) C:\Users\J\Desktop\FSS.exe 2018-04-04 12:51 - 2016-10-27 15:13 - 000899584 _____ (Farbar) C:\Users\J\Desktop\FARAR SCANNER SERVICE NETWORK ISSUES.exe 2018-04-04 12:51 - 2016-08-04 17:46 - 000468480 _____ () C:\Users\J\Desktop\CKScanner.exe 2018-04-04 12:51 - 2016-05-18 00:22 - 005198336 _____ (AVAST Software) C:\Users\J\Desktop\awMBR.exe 2018-04-04 12:50 - 2016-10-27 18:30 - 005198336 _____ (AVAST Software) C:\Users\J\Desktop\IEXPLOREMBR ROOTKIT.exe 2018-04-04 12:50 - 2016-08-10 19:17 - 000388608 _____ (Trend Micro Inc.) C:\Users\J\Desktop\HijackThis.exe 2018-04-04 12:49 - 2016-05-18 00:07 - 002030536 _____ (Bleeping Computer, LLC) C:\Users\J\Desktop\rkill.exe 2018-04-04 12:49 - 2014-12-31 13:51 - 015298136 _____ C:\Users\J\Desktop\RogueKiller32-64.com.exe 2018-04-04 12:49 - 2011-09-20 00:49 - 000139264 _____ () C:\Users\J\Desktop\RKUnhookerLEX.EXE 2018-04-04 12:48 - 2017-12-29 12:08 - 000114176 _____ (bartblaze) C:\Users\J\Desktop\Rem-VBS.exe 2018-04-04 12:48 - 2014-12-06 23:46 - 000050477 _____ C:\Users\J\Desktop\Defogger.exe 2018-04-04 12:46 - 2018-04-04 11:53 - 001764352 _____ (Farbar) C:\Users\J\Desktop\FRST.exe 2018-04-04 01:49 - 2018-04-04 01:49 - 000000000 ____D C:\M 2018-03-27 07:58 - 2018-03-27 20:29 - 005659794 _____ (Swearware) C:\combofix.exe 2018-03-26 17:52 - 2018-03-27 06:17 - 005659794 _____ (Swearware) C:\Users\J\Desktop\ComboFix-1.exe 2018-03-26 17:48 - 2018-04-05 06:53 - 000000000 ____D C:\ProgramData\VoodooShield 2018-03-26 17:48 - 2018-03-26 17:48 - 000001027 _____ C:\Users\Public\Desktop\Voodoo Shield.lnk 2018-03-26 17:48 - 2018-03-26 17:48 - 000000000 ____D C:\Program Files\VoodooShield 2018-03-26 17:33 - 2018-03-26 17:33 - 000000000 ____D C:\Users\J\AppData\Roaming\WinRAR 2018-03-26 15:50 - 2018-04-04 13:13 - 000000000 ____D C:\Users\J\AppData\Local\Adobe 2018-03-26 15:50 - 2018-03-26 15:50 - 000057560 _____ C:\Users\J\AppData\Local\GDIPFONTCACHEV1.DAT 2018-03-26 15:50 - 2018-03-26 15:50 - 000000000 ____D C:\Users\J\AppData\Roaming\Adobe 2018-03-26 15:50 - 2018-03-26 15:50 - 000000000 ____D C:\Users\J\AppData\Local\SRS Labs 2018-03-26 15:50 - 2018-03-26 15:50 - 000000000 ____D C:\Users\J\AppData\Local\FSP 2018-03-26 15:50 - 2018-03-26 15:50 - 000000000 ____D C:\Users\J\AppData\Local\BMExplorer 2018-03-26 15:48 - 2018-04-04 13:03 - 000000000 ____D C:\users\J 2018-03-26 15:48 - 2018-03-26 15:48 - 000000020 ___SH C:\Users\J\ntuser.ini 2018-03-26 15:48 - 2018-03-26 15:48 - 000000000 _SHDL C:\users\Default User 2018-03-26 15:48 - 2018-03-26 15:48 - 000000000 _SHDL C:\users\All Users 2018-03-26 15:48 - 2018-03-26 15:48 - 000000000 _SHDL C:\Documents and Settings 2018-03-26 15:48 - 2018-03-26 15:48 - 000000000 _SHDL C:\Documents and Settings 2018-03-26 15:48 - 2018-03-26 15:48 - 000000000 ____D C:\Users\J\AppData\Local\VirtualStore 2018-03-26 15:48 - 2009-07-13 23:48 - 000000000 ____D C:\Users\J\AppData\Roaming\Media Center Programs ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-03-26 17:49 - 2010-03-20 10:43 - 000000000 ____D C:\Program Files\WinRAR Some files in TEMP: ==================== 2018-04-05 06:47 - 2009-11-19 09:37 - 000455600 _____ (Macrovision Corporation) C:\Users\J\AppData\Local\Temp\_isC706.exe ==================== Known DLLs (Whitelisted) ========================= C:\Windows\System32\clbcatq.dll IS MISSING <==== ATTENTION C:\Windows\System32\advapi32.dll IS MISSING <==== ATTENTION C:\Windows\System32\gdi32.dll IS MISSING <==== ATTENTION C:\Windows\System32\IMAGEHLP.dll IS MISSING <==== ATTENTION C:\Windows\System32\kernel32.dll IS MISSING <==== ATTENTION C:\Windows\System32\MSCTF.dll IS MISSING <==== ATTENTION C:\Windows\System32\NORMALIZ.dll IS MISSING <==== ATTENTION C:\Windows\System32\OLEAUT32.dll IS MISSING <==== ATTENTION C:\Windows\System32\rpcrt4.dll IS MISSING <==== ATTENTION C:\Windows\System32\Setupapi.dll IS MISSING <==== ATTENTION C:\Windows\System32\SHLWAPI.dll IS MISSING <==== ATTENTION C:\Windows\System32\user32.dll IS MISSING <==== ATTENTION C:\Windows\System32\WININET.dll IS MISSING <==== ATTENTION C:\Windows\System32\WS2_32.dll IS MISSING <==== ATTENTION ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe IS MISSING <==== ATTENTION C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION C:\Windows\System32\services.exe IS MISSING <==== ATTENTION C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION C:\Windows\System32\rpcss.dll IS MISSING <==== ATTENTION C:\Windows\System32\dnsapi.dll IS MISSING <==== ATTENTION C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION C:\Windows\System32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION ==================== Association (Whitelisted) ============= ==================== Restore Points ========================= ==================== BCD ================================ The boot configuration data store could not be opened. The requested system device cannot be found. ==================== Memory info =========================== Percentage of memory in use: 12% Total physical RAM: 4060.16 MB Available physical RAM: 3568.56 MB Total Virtual: 4058.44 MB Available Virtual: 3568.46 MB ==================== Drives ================================ Drive c: (Install_OS) (Fixed) (Total:39.06 GB) (Free:38.2 GB) NTFS Drive e: (Data) (Fixed) (Total:253.17 GB) (Free:252.74 GB) NTFS Drive f: (Repair disc Windows 7 32-bit) (CDROM) (Total:0.14 GB) (Free:0 GB) UDF Drive g: (USB20FD) (Removable) (Total:14.44 GB) (Free:14.36 GB) FAT32 Drive h: () (Removable) (Total:59.45 GB) (Free:59 GB) exFAT Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: () (Fixed) (Total:5.86 GB) (Free:5.15 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: CA1EB6E0) Partition 1: (Not Active) - (Size=5.9 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=39.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=253.2 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 14.4 GB) (Disk ID: 30048BCB) Partition 1: (Not Active) - (Size=14.4 GB) - (Type=0C) ======================================================== Disk: 2 (Protective MBR) (Size: 59.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of FRST.txt ============================
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.