Jump to content

Super sluggish, can't access router


Recommended Posts

I could barely access this forum for a few minutes and now I'm fine again. I had an issue with paypal and they said my account had been accessed all over the world and to change my password using my iphone. I'm on my desktop and it's the only pc I used to access my paypal. 

 

I've run Malwarebytes a few times now, it removed around 20 pups. I guess that's what you call them. Anyway now it says I'm clean but I'm still intermittently super sluggish... like it slows down so much it's unusable. 

 

I looked thru my task manager and the only thing I could come up with is pccmservice.exe. I guess it's a bug and hitched a ride on motive?? 

 

Our internet sucks and I was half joking that maybe somebody was jacking it so I tried to change the password but I can't. I type in the address and get nothing. Chrome and IE. 

 

We went to buy new AV software yesterday but which of them even works well?? We've got avast on here but I'm not sure it's doing much. 

 

I downloaded and ran the dds.scr but wasn't sure if I was supposed to post it here. I tried clicking on other threads to see if others are but they wouldn't load. They might now... *this* page finally loaded. 

 

Anyway I've got work I need to get done online and this has taken out two days so far. I'm so thankful that I found you guys. I have no idea what's safe to download online anymore and AV software feels like a crapshoot. 

Link to post
Share on other sites

Welcome to the forum.

First:

Please run a Quick Scan with Malwarebytes like this and post the log:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

---------------------

Then please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt (DDS may not run on W8)

(please don't put logs in code or quotes and use the default font)

(Please don't forget to run the RogueKiller scan below)

General Forum P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Hi, thanks so much for the response! Hopefully this is what you meant... 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.14.07
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
THE Administrator :: DESKTOP [administrator]
 
3/14/2014 3:36:57 PM
mbam-log-2014-03-14 (15-36-57).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 407071
Time elapsed: 9 minute(s), 14 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2

Run by THE Administrator at 18:37:31 on 2014-03-14

Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3037.2070 [GMT -5:00]

.

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: avast! Antivirus *Disabled* 

.

============== Running Processes ================

.

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\dlcxcoms.exe

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\Java\jre7\bin\jqs.exe

c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\McAfee\SiteAdvisor\McChHost.exe

c:\PROGRA~1\mcafee\SITEAD~1\saui.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = www.bing.com

uWindow Title = Windows Internet Explorer provided by MSN & Bing

uSearch Bar = www.bing.com




uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: PE_IE_Helper Class: {0941C58F-E461-4E03-BD7D-44C27392ADE1} - c:\program files\ibm\lotus forms\viewer\4.0\PEhelper.dll

BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.141\McAfeeMSS_IE.dll

BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\alwil software\avast5\aswWebRepIE.dll

EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start


uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [MemoryCardManager] c:\program files\dell photo aio printer 926\memcard.exe

mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s

mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon

mRun: [AvastUI.exe] "c:\program files\alwil software\avast5\AvastUI.exe" /nogui

StartupFolder: c:\docume~1\theadm~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.141\SSScheduler.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Trusted Zone: $talisma_url$

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - 







Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

Notify: igfxcui - igfxdev.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.146\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\the administrator\application data\mozilla\firefox\profiles\3g0cs3i8.default\

FF - prefs.js: browser.search.selectedEngine - SecureSearch

FF - prefs.js: browser.startup.homepage - www.google.com


FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files\common files\motive\npMotive.dll

FF - plugin: c:\program files\epicplay\npEpicHost.dll

FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\mcafee security scan\3.8.130\npMcAfeeMSS.dll

FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

.

============= SERVICES / DRIVERS ===============

.

R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-3-27 21576]

R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-27 49944]

R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-27 180248]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-26 775952]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-8 410784]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [2013-3-27 67824]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-31 50344]

R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2011-8-22 104880]

S0 cerc6;cerc6; [x]

S2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2013-4-27 369152]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.141\McCHSvc.exe [2014-1-15 235696]

.

=============== Created Last 30 ================

.

2014-03-12 17:44:41 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-03-12 17:44:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2014-03-04 01:30:31 -------- d--h--w- c:\documents and settings\all users.windows\application data\CanonIJEGV

.

==================== Find3M  ====================

.

2014-02-24 11:46:36 920064 ----a-w- c:\windows\system32\wininet.dll

2014-02-24 11:45:58 43520 ------w- c:\windows\system32\licmgr10.dll

2014-02-24 11:45:57 1469440 ------w- c:\windows\system32\inetcpl.cpl

2014-02-24 11:45:42 18944 ------w- c:\windows\system32\corpol.dll

2014-02-24 10:54:21 385024 ------w- c:\windows\system32\html.iec

2014-02-07 02:01:37 1879040 ----a-w- c:\windows\system32\win32k.sys

2014-02-05 17:04:00 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys

2014-02-05 08:55:04 562688 ----a-w- c:\windows\system32\qedit.dll

2014-02-02 17:03:41 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2014-02-02 17:03:41 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2014-02-02 17:03:40 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2014-02-02 17:03:40 43152 ----a-w- c:\windows\avastSS.scr

2014-01-04 03:13:05 420864 ------w- c:\windows\system32\vbscript.dll

2013-12-18 17:31:35 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-12-18 17:31:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

============= FINISH: 18:38:06.39 ===============
Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 12/7/2010 5:20:26 PM

System Uptime: 3/14/2014 3:16:40 AM (15 hours ago)

.

Motherboard: Dell Inc. |  | 0U880P

Processor: Intel Pentium III Xeon processor | CPU 1 | 2493/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 288 GiB total, 257.95 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP653: 12/15/2013 5:35:48 AM - System Checkpoint

RP654: 12/16/2013 6:35:48 AM - System Checkpoint

RP655: 12/17/2013 7:35:48 AM - System Checkpoint

RP656: 12/18/2013 8:35:49 AM - System Checkpoint

RP657: 12/19/2013 3:00:14 AM - Software Distribution Service 3.0

RP658: 12/20/2013 3:35:48 AM - System Checkpoint

RP659: 12/21/2013 4:35:40 AM - System Checkpoint

RP660: 12/22/2013 5:35:40 AM - System Checkpoint

RP661: 12/23/2013 6:35:40 AM - System Checkpoint

RP662: 12/24/2013 7:35:40 AM - System Checkpoint

RP663: 12/25/2013 8:35:40 AM - System Checkpoint

RP664: 12/26/2013 9:35:40 AM - System Checkpoint

RP665: 12/27/2013 10:35:40 AM - System Checkpoint

RP666: 12/28/2013 11:35:40 AM - System Checkpoint

RP667: 12/29/2013 12:35:06 PM - System Checkpoint

RP668: 12/30/2013 12:35:40 PM - System Checkpoint

RP669: 12/31/2013 1:42:30 PM - System Checkpoint

RP670: 1/1/2014 2:35:30 PM - System Checkpoint

RP671: 1/2/2014 3:35:30 PM - System Checkpoint

RP672: 1/3/2014 4:35:30 PM - System Checkpoint

RP673: 1/4/2014 5:35:30 PM - System Checkpoint

RP674: 1/5/2014 6:35:30 PM - System Checkpoint

RP675: 1/6/2014 7:35:30 PM - System Checkpoint

RP676: 1/7/2014 8:35:24 PM - System Checkpoint

RP677: 1/8/2014 9:35:24 PM - System Checkpoint

RP678: 1/9/2014 10:35:27 PM - System Checkpoint

RP679: 1/10/2014 11:35:30 PM - System Checkpoint

RP680: 1/12/2014 12:35:26 AM - System Checkpoint

RP681: 1/13/2014 1:35:26 AM - System Checkpoint

RP682: 1/14/2014 2:35:26 AM - System Checkpoint

RP683: 1/15/2014 3:35:26 AM - System Checkpoint

RP684: 1/16/2014 3:00:19 AM - Software Distribution Service 3.0

RP685: 1/17/2014 3:19:31 AM - System Checkpoint

RP686: 1/18/2014 4:18:19 AM - System Checkpoint

RP687: 1/19/2014 5:18:19 AM - System Checkpoint

RP688: 1/20/2014 6:18:19 AM - System Checkpoint

RP689: 1/21/2014 7:18:19 AM - System Checkpoint

RP690: 1/22/2014 8:18:19 AM - System Checkpoint

RP691: 1/23/2014 9:17:24 AM - System Checkpoint

RP692: 1/24/2014 10:17:24 AM - System Checkpoint

RP693: 1/25/2014 11:17:24 AM - System Checkpoint

RP694: 1/26/2014 12:17:24 PM - System Checkpoint

RP695: 1/27/2014 1:30:15 PM - System Checkpoint

RP696: 1/28/2014 6:38:44 PM - System Checkpoint

RP697: 1/29/2014 7:17:18 PM - System Checkpoint

RP698: 1/30/2014 7:43:42 PM - System Checkpoint

RP699: 1/31/2014 2:03:21 PM - Installed Windows XP KB942288-v3.

RP700: 1/31/2014 2:03:49 PM - AA11

RP701: 2/1/2014 2:29:18 PM - System Checkpoint

RP702: 2/2/2014 10:59:14 AM - avast! antivirus system restore point

RP703: 2/2/2014 12:30:40 PM - Removed ABBYY FineReader 6.0 Sprint

RP704: 2/2/2014 12:31:12 PM - AA11

RP705: 2/3/2014 12:46:59 PM - System Checkpoint

RP706: 2/4/2014 1:11:25 PM - System Checkpoint

RP707: 2/5/2014 2:43:32 PM - System Checkpoint

RP708: 2/6/2014 3:24:49 PM - System Checkpoint

RP709: 2/7/2014 4:11:22 PM - System Checkpoint

RP710: 2/8/2014 7:39:09 PM - System Checkpoint

RP711: 2/9/2014 8:11:20 PM - System Checkpoint

RP712: 2/10/2014 8:30:29 PM - System Checkpoint

RP713: 2/11/2014 9:11:22 PM - System Checkpoint

RP714: 2/12/2014 10:11:13 PM - System Checkpoint

RP715: 2/13/2014 3:00:23 AM - Software Distribution Service 3.0

RP716: 2/14/2014 3:41:57 AM - System Checkpoint

RP717: 2/15/2014 4:34:26 AM - System Checkpoint

RP718: 2/16/2014 5:46:26 AM - System Checkpoint

RP719: 2/17/2014 6:34:27 AM - System Checkpoint

RP720: 2/18/2014 6:46:27 AM - System Checkpoint

RP721: 2/19/2014 7:46:27 AM - System Checkpoint

RP722: 2/20/2014 8:33:58 AM - System Checkpoint

RP723: 2/21/2014 9:45:58 AM - System Checkpoint

RP724: 2/22/2014 10:33:58 AM - System Checkpoint

RP725: 2/23/2014 11:33:58 AM - System Checkpoint

RP726: 2/24/2014 1:51:43 PM - System Checkpoint

RP727: 2/25/2014 3:31:35 PM - System Checkpoint

RP728: 2/26/2014 3:57:50 PM - System Checkpoint

RP729: 2/27/2014 4:33:53 PM - System Checkpoint

RP730: 2/28/2014 4:45:53 PM - System Checkpoint

RP731: 3/1/2014 5:45:53 PM - System Checkpoint

RP732: 3/2/2014 6:33:53 PM - System Checkpoint

RP733: 3/3/2014 6:45:53 PM - System Checkpoint

RP734: 3/4/2014 7:45:53 PM - System Checkpoint

RP735: 3/5/2014 7:59:11 PM - System Checkpoint

RP736: 3/6/2014 8:45:47 PM - System Checkpoint

RP737: 3/7/2014 9:57:13 PM - System Checkpoint

RP738: 3/8/2014 11:45:47 PM - System Checkpoint

RP739: 3/10/2014 12:45:46 AM - System Checkpoint

RP740: 3/11/2014 1:33:49 AM - System Checkpoint

RP741: 3/12/2014 2:33:46 AM - System Checkpoint

RP742: 3/13/2014 3:00:19 AM - System Checkpoint

RP743: 3/14/2014 3:00:15 AM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.9)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

avast! Free Antivirus

Bonjour

Canon Easy-PhotoPrint EX

Canon Easy-WebPrint EX

Canon Inkjet Printer/Scanner/Fax Extended Survey Program

Canon MP Navigator EX 4.0

Canon MP495 series MP Drivers

Canon MP495 series User Registration

Canon My Printer

Canon Solution Menu EX

Dell PC Fax

Dell Photo AIO Printer 926

Dell Resource CD

EpicPlay

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB942288-v3)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

IBM Forms Viewer 4.0.0

Intel® Graphics Media Accelerator Driver

iTunes

Java 7 Update 25

Java Auto Updater

Java 6 Update 26

Malwarebytes Anti-Malware version 1.75.0.1300

McAfee Security Scan Plus

McAfee SiteAdvisor

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Software Update for Web Folders  (English) 12

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 26.0 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NetAssistant

QuickTime

REALTEK GbE & FE Ethernet PCI-E NIC Driver

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 

Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition 

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2792100)

Security Update for Windows Internet Explorer 8 (KB2797052)

Security Update for Windows Internet Explorer 8 (KB2809289)

Security Update for Windows Internet Explorer 8 (KB2817183)

Security Update for Windows Internet Explorer 8 (KB2829530)

Security Update for Windows Internet Explorer 8 (KB2838727)

Security Update for Windows Internet Explorer 8 (KB2846071)

Security Update for Windows Internet Explorer 8 (KB2847204)

Security Update for Windows Internet Explorer 8 (KB2862772)

Security Update for Windows Internet Explorer 8 (KB2870699)

Security Update for Windows Internet Explorer 8 (KB2879017)

Security Update for Windows Internet Explorer 8 (KB2888505)

Security Update for Windows Internet Explorer 8 (KB2898785)

Security Update for Windows Internet Explorer 8 (KB2909210)

Security Update for Windows Internet Explorer 8 (KB2909921)

Security Update for Windows Internet Explorer 8 (KB2925418)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB2834902-v2)

Security Update for Windows Media Player (KB2834902)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360131)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2416400)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2757638)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2778344)

Security Update for Windows XP (KB2780091)

Security Update for Windows XP (KB2799494)

Security Update for Windows XP (KB2802968)

Security Update for Windows XP (KB2807986)

Security Update for Windows XP (KB2808735)

Security Update for Windows XP (KB2813170)

Security Update for Windows XP (KB2813345)

Security Update for Windows XP (KB2820197)

Security Update for Windows XP (KB2820917)

Security Update for Windows XP (KB2829361)

Security Update for Windows XP (KB2834886)

Security Update for Windows XP (KB2839229)

Security Update for Windows XP (KB2845187)

Security Update for Windows XP (KB2847311)

Security Update for Windows XP (KB2849470)

Security Update for Windows XP (KB2850851)

Security Update for Windows XP (KB2850869)

Security Update for Windows XP (KB2859537)

Security Update for Windows XP (KB2862152)

Security Update for Windows XP (KB2862330)

Security Update for Windows XP (KB2862335)

Security Update for Windows XP (KB2864063)

Security Update for Windows XP (KB2868626)

Security Update for Windows XP (KB2876217)

Security Update for Windows XP (KB2876315)

Security Update for Windows XP (KB2876331)

Security Update for Windows XP (KB2883150)

Security Update for Windows XP (KB2892075)

Security Update for Windows XP (KB2893294)

Security Update for Windows XP (KB2893984)

Security Update for Windows XP (KB2898715)

Security Update for Windows XP (KB2900986)

Security Update for Windows XP (KB2914368)

Security Update for Windows XP (KB2916036)

Security Update for Windows XP (KB2929961)

Security Update for Windows XP (KB2930275)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

SUPERAntiSpyware

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB2863058)

Update for Windows XP (KB2904266)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VLC media player 0.9.2

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 8

Windows Media Format Runtime

Yahoo! Install Manager

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

3/14/2014 3:18:22 AM, error: Service Control Manager [7024]  - The Background Intelligent Transfer Service service terminated with service-specific error 2147500037 (0x80004005).

3/13/2014 10:56:56 AM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'.  It has stopped monitoring the volume.

3/12/2014 12:15:54 PM, error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 9 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/12/2014 11:56:35 AM, error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 8 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/12/2014 11:10:18 AM, error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 7 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/12/2014 10:52:45 AM, error: Service Control Manager [7034]  - The iPod Service service terminated unexpectedly.  It has done this 3 time(s).

3/12/2014 10:52:30 AM, error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 6 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/12/2014 10:45:21 AM, error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 5 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/12/2014 10:42:12 AM, error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 4 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/12/2014 10:39:52 AM, error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 3 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/12/2014 10:39:30 AM, error: Service Control Manager [7034]  - The iPod Service service terminated unexpectedly.  It has done this 2 time(s).

3/11/2014 2:24:52 PM, error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/10/2014 2:40:27 PM, error: Service Control Manager [7034]  - The pcCMService service terminated unexpectedly.  It has done this 1 time(s).

3/10/2014 1:27:10 PM, error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

3/10/2014 1:04:14 PM, error: Service Control Manager [7034]  - The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

.

==== End Of File ===========================
Link to post
Share on other sites

RogueKiller V8.8.11 [Mar 14 2014] by Adlice Software





 

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : THE Administrator [Admin rights]

Mode : Scan -- Date : 03/14/2014 19:00:40

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Browser Addons : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [LOADED] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1       localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3320613AS +++++

--- User ---

[MBR] 05edda639f6e72a3e039701199aff3f5

[bSP] d70be290b98a79d156a2df3543938e3d : Windows XP MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 295204 Mo

2 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 604670535 | Size: 9993 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_03142014_190040.txt >>
Link to post
Share on other sites

Download, install and run CCleaner free to clean out temp files.
Here's a Tutorial if needed.
The default settings will be OK for now.
You may want to uncheck "cookies" in the browser sections and please stay away from the registry cleaner.

 

-------------------------------

You have about 90 system restore points on the system.
Having that many isn't necessary and takes up a lot of hard drive space.
I suggest you delete some of them, you can use CCLeaner to do that:
Open up CCLeaner > Tools > System Restore > Remove all except maybe the latest 5 restore points.
Close out CCLeaner.....empty the Recycle Bin
Right click on My Computer > Properties > System Restore > Set the pointer down to about 3%
Now you'll only create and keep about 6 restore points

----------------------------------------------------

Now lets run some scans.......

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)

    image000q.png
  • Put a checkmark beside loaded modules.

    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg
  • Click the Start Scan button.

    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:


If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.
reply1.jpg

New window that comes up.
replyer1.jpg


Then...........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.




---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Ugh, I hope I'm not repeating this. I didn't get this window to attach and had to go out and come back in. Ok here are the logs.... 

 

 

11:43:52.0953 0x0ce0  TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02
11:44:24.0968 0x0ce0  ============================================================
11:44:24.0968 0x0ce0  Current date / time: 2014/03/15 11:44:24.0968
11:44:24.0968 0x0ce0  SystemInfo:
11:44:24.0968 0x0ce0  
11:44:24.0968 0x0ce0  OS Version: 5.1.2600 ServicePack: 3.0
11:44:24.0968 0x0ce0  Product type: Workstation
11:44:24.0968 0x0ce0  ComputerName: DESKTOP
11:44:24.0968 0x0ce0  UserName: THE Administrator
11:44:24.0968 0x0ce0  Windows directory: C:\WINDOWS
11:44:24.0968 0x0ce0  System windows directory: C:\WINDOWS
11:44:24.0968 0x0ce0  Processor architecture: Intel x86
11:44:24.0968 0x0ce0  Number of processors: 2
11:44:24.0968 0x0ce0  Page size: 0x1000
11:44:24.0968 0x0ce0  Boot type: Normal boot
11:44:24.0968 0x0ce0  ============================================================
11:44:27.0656 0x0ce0  KLMD registered as C:\WINDOWS\system32\drivers\51986175.sys
11:44:27.0953 0x0ce0  System UUID: {54B00AF1-4765-2A95-C834-42642E288F07}
11:44:28.0453 0x0ce0  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:44:28.0453 0x0ce0  ============================================================
11:44:28.0453 0x0ce0  \Device\Harddisk0\DR0:
11:44:28.0453 0x0ce0  MBR partitions:
11:44:28.0453 0x0ce0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x240922A8
11:44:28.0453 0x0ce0  ============================================================
11:44:28.0500 0x0ce0  C: <-> \Device\Harddisk0\DR0\Partition1
11:44:28.0500 0x0ce0  ============================================================
11:44:28.0500 0x0ce0  Initialize success
11:44:28.0500 0x0ce0  ============================================================
11:46:11.0187 0x0c8c  Deinitialize success
 
 
 
 
11:46:27.0578 0x0ce0  TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02
11:46:31.0781 0x0ce0  ============================================================
11:46:31.0781 0x0ce0  Current date / time: 2014/03/15 11:46:31.0781
11:46:31.0781 0x0ce0  SystemInfo:
11:46:31.0781 0x0ce0  
11:46:31.0781 0x0ce0  OS Version: 5.1.2600 ServicePack: 3.0
11:46:31.0781 0x0ce0  Product type: Workstation
11:46:31.0781 0x0ce0  ComputerName: DESKTOP
11:46:31.0781 0x0ce0  UserName: THE Administrator
11:46:31.0781 0x0ce0  Windows directory: C:\WINDOWS
11:46:31.0781 0x0ce0  System windows directory: C:\WINDOWS
11:46:31.0781 0x0ce0  Processor architecture: Intel x86
11:46:31.0781 0x0ce0  Number of processors: 2
11:46:31.0781 0x0ce0  Page size: 0x1000
11:46:31.0781 0x0ce0  Boot type: Normal boot
11:46:31.0781 0x0ce0  ============================================================
11:46:35.0140 0x0ce0  KLMD registered as C:\WINDOWS\system32\drivers\16497572.sys
11:46:35.0375 0x0ce0  System UUID: {54B00AF1-4765-2A95-C834-42642E288F07}
11:46:35.0921 0x0ce0  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:46:35.0921 0x0ce0  ============================================================
11:46:35.0921 0x0ce0  \Device\Harddisk0\DR0:
11:46:35.0921 0x0ce0  MBR partitions:
11:46:35.0921 0x0ce0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x240922A8
11:46:35.0921 0x0ce0  ============================================================
11:46:35.0953 0x0ce0  C: <-> \Device\Harddisk0\DR0\Partition1
11:46:35.0953 0x0ce0  ============================================================
11:46:35.0953 0x0ce0  Initialize success
11:46:35.0953 0x0ce0  ============================================================
12:02:12.0703 0x0d04  KLMD registered as C:\WINDOWS\system32\drivers\31147184.sys
12:02:14.0265 0x0d04  Deinitialize success
 
 
 

 

TDSSKiller.3.0.0.25_15.03.2014_12.04.42_log.txt

Link to post
Share on other sites

Run TDSSKiller again and choose Delete for this one only: (no need to post the log)

12:14:43.0312 0x0d54 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

12:14:43.0312 0x0d54 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Can you run ComboFix also and post or attach the log.

MrC

Link to post
Share on other sites

Ok, will do.

 

Here's Combofix's log. I discovered with this one that saving to and running from the desktop is different than sending a shortcut to the desktop. I use Chrome and I don't know how to do it so I used IE for this one. I hope I didn't mess the other scans up. If this even makes sense. 

 

 

 

ComboFix 14-03-13.01 - THE Administrator 03/15/2014  13:33:31.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3037.2395 [GMT -5:00]
Running from: c:\documents and settings\THE Administrator\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\Application Data\Toolbar4
c:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\cache\7ada0fe3c0c81a1cea0a3ab5fa188623
c:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Football News.png
c:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Football Rumors.png
c:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Football Scores.png
c:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Football Tickets.png
c:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Football Videos.png
c:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Joobers_20pxH.png
c:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Live Football TV.png
c:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Apparel.png
c:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Jersey.png
c:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Picks.png
c:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Players.png
c:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Predictions.png
c:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Schedule.png
c:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Search.png
c:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Settings.png
c:\documents and settings\Admin\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Watch Live Football.png
c:\documents and settings\Administrator.KREIZENB-46F189\Application Data\Roaming
c:\documents and settings\Administrator.KREIZENB-46F189\Application Data\Toolbar4
c:\documents and settings\All Users.WINDOWS\Application Data\AMMYY
c:\documents and settings\All Users.WINDOWS\Application Data\AMMYY\hr
c:\documents and settings\All Users.WINDOWS\Application Data\AMMYY\settings.bin
c:\documents and settings\All Users.WINDOWS\Application Data\l_0_00_re.pad
c:\documents and settings\All Users\SPLDF.tmp
c:\documents and settings\THE Administrator\Application Data\Toolbar4
c:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\cache\7ada0fe3c0c81a1cea0a3ab5fa188623
c:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Football News.png
c:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Football Rumors.png
c:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Football Scores.png
c:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Football Tickets.png
c:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Football Videos.png
c:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Joobers_20pxH.png
c:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Live Football TV.png
c:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Apparel.png
c:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Jersey.png
c:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Picks.png
c:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Players.png
c:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Predictions.png
c:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\NFL Schedule.png
c:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Search.png
c:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Settings.png
c:\documents and settings\THE Administrator\Application Data\Toolbar4\{8E114B8E-C041-4063-A432-EBBF454E9057}\Watch Live Football.png
c:\program files\Internet Explorer\SETAD.tmp
c:\program files\Internet Explorer\SETAE.tmp
c:\windows\system32\SETB5.tmp
c:\windows\system32\SETB6.tmp
c:\windows\system32\SETB7.tmp
c:\windows\system32\SETB8.tmp
c:\windows\system32\SETB9.tmp
c:\windows\system32\SETBA.tmp
c:\windows\system32\SETBB.tmp
c:\windows\system32\SETBC.tmp
c:\windows\system32\SETBD.tmp
c:\windows\system32\SETBE.tmp
c:\windows\system32\SETBF.tmp
c:\windows\system32\SETC0.tmp
c:\windows\system32\SETC1.tmp
c:\windows\system32\SETC2.tmp
c:\windows\system32\SETC4.tmp
c:\windows\system32\SETC5.tmp
c:\windows\system32\SETC6.tmp
c:\windows\system32\SETC7.tmp
c:\windows\system32\SETC8.tmp
c:\windows\system32\SETC9.tmp
c:\windows\system32\SETCA.tmp
c:\windows\system32\SETCB.tmp
c:\windows\system32\SETCC.tmp
c:\windows\system32\SETCD.tmp
c:\windows\system32\SETCE.tmp
c:\windows\system32\SETCF.tmp
c:\windows\system32\SETD0.tmp
c:\windows\system32\SETD1.tmp
c:\windows\system32\SETD2.tmp
c:\windows\system32\SETD3.tmp
c:\windows\system32\SETD4.tmp
c:\windows\system32\SETD5.tmp
c:\windows\system32\SETD6.tmp
c:\windows\system32\SETD7.tmp
c:\windows\system32\SETD8.tmp
c:\windows\system32\SETD9.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_PCCMSERVICE
-------\Service_pcCMService
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-15 to 2014-03-15  )))))))))))))))))))))))))))))))
.
.
2014-03-15 16:29 . 2014-03-15 16:29 -------- d-----w- c:\program files\CCleaner
2014-03-14 08:19 . 2014-02-26 01:59 13312 -c----w- c:\windows\system32\dllcache\xp_eos.exe
2014-03-14 08:19 . 2014-02-26 01:59 13312 ------w- c:\windows\system32\xp_eos.exe
2014-03-12 17:44 . 2014-03-12 17:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-03-12 17:44 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-12 15:38 . 2014-03-12 15:38 -------- d-----w- c:\documents and settings\Admin
2014-03-04 01:30 . 2014-03-04 01:30 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Application Data\CanonIJEGV
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-24 11:46 . 2008-04-13 23:00 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-24 11:45 . 2008-04-13 23:00 43520 ------w- c:\windows\system32\licmgr10.dll
2014-02-24 11:45 . 2008-04-13 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-02-24 11:45 . 2008-04-13 23:00 18944 ------w- c:\windows\system32\corpol.dll
2014-02-24 10:54 . 2008-04-13 23:00 385024 ------w- c:\windows\system32\html.iec
2014-02-07 02:01 . 2008-04-13 23:00 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 17:04 . 2013-03-28 03:32 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-02-05 08:55 . 2008-04-13 23:00 562688 ----a-w- c:\windows\system32\qedit.dll
2014-02-02 17:03 . 2013-03-28 03:32 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-02-02 17:03 . 2011-06-27 00:46 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-02 17:03 . 2010-12-08 23:52 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-02-02 17:03 . 2010-12-08 23:52 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-02-02 17:03 . 2013-03-28 03:32 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-02-02 17:03 . 2011-01-19 02:25 43152 ----a-w- c:\windows\avastSS.scr
2014-02-02 17:03 . 2010-12-08 23:52 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-02-02 17:03 . 2010-12-08 23:51 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-04 03:13 . 2008-04-13 23:00 420864 ------w- c:\windows\system32\vbscript.dll
2013-12-18 17:31 . 2012-06-30 18:51 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-18 17:31 . 2012-06-30 18:51 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2003-03-19 02:20 . 2014-01-10 04:41 1060864 ----a-w- c:\program files\mozilla firefox\plugins\mfc71.dll
2003-02-21 09:42 . 2014-01-10 04:41 348160 ----a-w- c:\program files\mozilla firefox\plugins\msvcr71.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-02 17:03 259464 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-02-20 4505368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-18 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-18 150040]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-06-27 299008]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-06-15 307200]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2006-06-14 286720]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-02-02 3767096]
.
c:\documents and settings\Kreizenbeck\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\documents and settings\THE Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-15 277920]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [3/27/2013 10:32 PM 21576]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [3/27/2013 10:32 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [3/27/2013 10:32 PM 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/26/2011 7:46 PM 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/8/2010 6:52 PM 410784]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [3/27/2013 10:32 PM 67824]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [8/22/2011 10:16 PM 104880]
S0 cerc6;cerc6; [x]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [1/15/2014 7:39 PM 235696]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 16:47 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-30 17:31]
.
2014-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2014-03-15 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-03-28 17:03]
.
2014-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf2cc85af9d4fc.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-08 23:52]
.
2014-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf2cc85bc21a84.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-08 23:52]
.
2014-03-15 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-14 01:59]
.
2014-03-15 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-14 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = www.bing.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\THE Administrator\Application Data\Mozilla\Firefox\Profiles\3g0cs3i8.default\
FF - prefs.js: browser.search.selectedEngine - SecureSearch
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{618413C5-0C8D-4D0F-9600-7CED876FA3DF} - (no file)
HKCU-Run-ATT-SST - c:\program files\ATT-SST\pcBrowser.exe
c:\documents and settings\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun
SafeBoot-75627731.sys
AddRemove-EpicPlay - c:\program files\EpicPlay\epicRemoval.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-15 13:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,69,7b,f3,c8,86,91,9a,4c,8a,71,fd,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,69,7b,f3,c8,86,91,9a,4c,8a,71,fd,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(928)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dlcxcoms.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
.
**************************************************************************
.
Completion time: 2014-03-15  13:47:42 - machine was rebooted
ComboFix-quarantined-files.txt  2014-03-15 18:47
.
Pre-Run: 279,332,569,088 bytes free
Post-Run: 279,864,668,160 bytes free
.
- - End Of File - - B8249419385BDC54D753F25DB73EBA2F
8F558EB6672622401DA993E1E865C861
Link to post
Share on other sites

I discovered with this one that saving to and running from the desktop is different than sending a shortcut to the desktop. I use Chrome and I don't know how to do it so I used IE for this one. I hope I didn't mess the other scans up. If this even makes sense.

 

Well when you download with Chrome, it goes into your download folder which is usually locate in your documents. You can change it :

https://support.google.com/chrome/answer/95574?hl=en

So after you download a file you should see it at the bottom left corner of your browser

Click the little arrow and choose show in folder

When the download folder opens just copy and past the file to where eve you want it

--------------------------------------------

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

Thanks for the info about Chrome.

 

I downloaded and ran AdAware. It came up with no infected files or whatever and didn't create a log. I searched for AdwCleaner[R0].txt and the other one but nothing. Should I run it again? I probably clicked on the wrong thing. I've been at this all day and I'm tired. 

 

You guys are freakin life savers. I'm gonna get off here for awhile and maybe even feed my family then I'll be back :) 

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.03.15.04

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

THE Administrator :: DESKTOP [administrator]

 

3/15/2014 4:10:47 PM

MBAM-log-2014-03-15 (16-18-07)post.txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 403619

Time elapsed: 5 minute(s), 50 second(s)

 

Memory Processes Detected: 1

C:\Documents and Settings\All Users.WINDOWS\Application Data\Search Protection\SearchProtection.exe (PUP.Optional.SearchProtection.A) -> 3880 -> No action taken.

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Search Protection (PUP.Optional.SearchProtection.A) -> Data: C:\Documents and Settings\All Users.WINDOWS\Application Data\Search Protection\SearchProtection.exe -> No action taken.

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 1

C:\Documents and Settings\All Users.WINDOWS\Application Data\Search Protection\SearchProtection.exe (PUP.Optional.SearchProtection.A) -> No action taken.

 

(end)
Link to post
Share on other sites

I'm not sure about some of these files. I just looked back over what you said to do and I forgot to reboot into safe mode. It seemed to run just fine this time. Should I redo it in safe mode? Also, I don't remember deleting that file from MB but it's not showing up now? Unless that's one of the ones that showed up in the AdwCleaner log. 

 

 

 

# AdwCleaner v3.022 - Report created 18/03/2014 at 12:14:06
# Updated 13/03/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : THE Administrator - DESKTOP
# Running from : C:\Documents and Settings\THE Administrator\Desktop\adwcleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Documents and Settings\THE Administrator\Application Data\Mozilla\Firefox\Profiles\3g0cs3i8.default\searchplugins\conduit-search.xml
File Found : C:\END
File Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\adawaretb.xml
Folder Found C:\Documents and Settings\All Users.WINDOWS\Application Data\Free Ride Games
Folder Found C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Optimizer Pro
Folder Found C:\Documents and Settings\All Users.WINDOWS\Application Data\WeCareReminder
Folder Found C:\Documents and Settings\THE Administrator\Local Settings\Application Data\SearchProtect
Folder Found C:\Program Files\Freeze.com
Folder Found C:\Program Files\StumbleUpon
Folder Found C:\Program Files\Watch Football TV
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C792A75A-2A1F-4991-9B85-291745478A79}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Found : HKLM\Software\SearchProtect
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v26.0 (en-US)
 
[ File : C:\Documents and Settings\THE Administrator\Application Data\Mozilla\Firefox\Profiles\3g0cs3i8.default\prefs.js ]
 
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Documents and Settings\THE Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3325 octets] - [18/03/2014 12:14:06]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3385 octets] ##########
 

 

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.18.07
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
THE Administrator :: DESKTOP [administrator]
 
3/18/2014 12:29:09 PM
mbam-log-2014-03-18 (12-29-09).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 404264
Time elapsed: 5 minute(s), 2 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.