1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active Possible virus, Win Installer starts to load during boot

Discussion in 'Malware and Virus Removal Archive' started by EL CONJUNTO, 2010/02/02.

  1. 2010/02/02
    EL CONJUNTO

    EL CONJUNTO Well-Known Member Thread Starter

    Joined:
    2005/02/21
    Messages:
    135
    Likes Received:
    2
    [Active] Possible virus, Win Installer starts to load during boot

    As per your suggestion (Broni) I am posting the log files using DDS. maybe you can find something.

    DDS.txt

    DDS (Ver_09-12-01.01) - NTFSx86
    Run by at 14:42:26.04 on Tue 02/02/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1281 [GMT -5:00]

    AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Elantech\ktp.exe
    C:\Program Files\Compal\Smart Battery\SMBTray.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Compal\Wireless Select Switch\WLSS.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccSvcHst.exe
    C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe
    C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
    C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccSvcHst.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Documents and Settings\Ryan Hooper\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.gmail.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uInternet Settings,ProxyOverride = <local>
    uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    uURLSearchHooks: H - No File
    mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.5.0.127\IPSBHO.DLL
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
    BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
    uRun: [Aim6]
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [nwdirewc] c:\documents and settings\ryan hooper\local settings\application data\ixmckb\dbcnsysguard.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
    uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe "
    uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 - "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6; FunWebProducts; .NET CLR 1.1.4322)" - "http://www.shockwave.com/contentPlay/shockwave.jsp?id=jigsawpuzzles&refCode=&brand=ag "
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [KTPWare] c:\program files\elantech\ktp.exe
    mRun: [SMBTray] c:\program files\compal\smart battery\SMBTray.exe
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe "
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [WLSS] c:\program files\compal\wireless select switch\WLSS.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
    IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
    IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=GRxdm020VQUS
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1216266508921
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    Notify: PFW - UmxWnp.Dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\ryanho~1\applic~1\mozilla\firefox\profiles\ebsfzt1p.default\
    FF - prefs.js: browser.search.selectedEngine - MyWebSearch
    FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com/
    FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRxdm020VQUS&fl=0&ptb=1SDWBPRF7T.ZVpKF3f2TPw&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
    FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.1.0.19\ipsffplgn\components\IPSFFPl.dll
    FF - plugin: c:\documents and settings\ryan hooper\application data\move networks\plugins\npqmp071701000002.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);

    ============= SERVICES / DRIVERS ===============

    R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2007-8-13 9856]
    R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2009-6-8 108024]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1105000.07f\symds.sys [2010-1-28 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1105000.07f\symefa.sys [2010-1-28 172592]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.1.0.19\definitions\bashdefs\20100128.001\BHDrvx86.sys [2009-12-4 529456]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1105000.07f\cchpx86.sys [2010-1-28 501888]
    R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2009-4-1 73720]
    R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2009-4-28 55288]
    R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2009-6-8 115704]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1105000.07f\ironx86.sys [2010-1-28 116272]
    R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2009-6-8 145912]
    R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2009-3-27 58872]
    R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\17.5.0.127\ccsvchst.exe [2010-1-28 126392]
    R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\SymcPCCULaunchSvc.exe [2009-12-9 103280]
    R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\norton pc checkup\engine\2.0.2.506\ccSvcHst.exe [2009-12-9 126392]
    R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2009-6-15 760664]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-7-17 24652]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-1-26 102448]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.1.0.19\definitions\ipsdefs\20100128.002\IDSXpx86.sys [2010-1-29 329592]
    R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2009-4-1 205304]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.1.0.19\definitions\virusdefs\20100201.048\NAVENG.SYS [2010-2-2 84912]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.1.0.19\definitions\virusdefs\20100201.048\NAVEX15.SYS [2010-2-2 1323568]
    S2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\av2007\ccschedulersvc.exe --> c:\program files\ca\av2007\ccschedulersvc.exe [?]
    S2 gupdate1c9abaf73e94064;Google Update Service (gupdate1c9abaf73e94064);c:\program files\google\update\GoogleUpdate.exe [2009-3-23 133104]
    S2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2009-4-1 875000]
    S2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2009-4-1 207352]

    =============== Created Last 30 ================

    2010-01-31 18:20:39 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
    2010-01-29 15:08:13 0 ----a-w- c:\windows\system32\drivers\TBM1D.tmp
    2010-01-27 00:10:51 0 d-sha-r- C:\cmdcons
    2010-01-27 00:09:09 98816 ----a-w- c:\windows\sed.exe
    2010-01-27 00:09:09 77312 ----a-w- c:\windows\MBR.exe
    2010-01-27 00:09:09 261632 ----a-w- c:\windows\PEV.exe
    2010-01-27 00:09:09 161792 ----a-w- c:\windows\SWREG.exe
    2010-01-27 00:09:02 0 d-----w- C:\fixer
    2010-01-26 23:31:22 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
    2010-01-26 23:31:22 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
    2010-01-26 23:31:22 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-01-26 23:31:22 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-01-26 23:31:21 0 d-----w- c:\program files\Symantec
    2010-01-26 23:30:33 0 d-----w- c:\windows\system32\drivers\NAV
    2010-01-26 23:30:28 0 d-----w- c:\program files\Norton AntiVirus
    2010-01-26 23:24:55 0 d-----w- c:\program files\VS Revo Group
    2010-01-26 21:17:49 0 d-----w- c:\windows\pss
    2010-01-26 19:34:02 0 d-----w- c:\docume~1\ryanho~1\applic~1\Malwarebytes
    2010-01-26 19:17:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-26 19:17:19 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-01-26 19:17:19 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-01-26 19:17:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-01-21 16:40:05 0 d-----w- c:\docume~1\ryanho~1\applic~1\Office Genuine Advantage
    2010-01-14 14:01:08 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

    ==================== Find3M ====================

    2010-01-06 16:36:12 57848 ---ha-w- c:\windows\system32\mlfcache.dat
    2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
    2008-08-20 07:58:54 774144 ----a-w- c:\program files\RngInterstitial.dll

    ============= FINISH: 14:42:55.31 ===============

    Attach.txt

    DDS (Ver_09-12-01.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/2/2008 9:44:53 PM
    System Uptime: 2/2/2010 10:22:15 AM (4 hours ago)

    Motherboard: - | | IFL91
    Processor: Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz | U2E1 | 1828/mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 112 GiB total, 79.435 GiB free.
    D: is CDROM ()
    F: is CDROM (CDFS)
    G: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP219: 11/5/2009 2:36:14 PM - System Checkpoint
    RP220: 11/7/2009 12:17:27 PM - System Checkpoint
    RP221: 11/8/2009 11:56:43 AM - System Checkpoint
    RP222: 11/9/2009 12:51:29 PM - System Checkpoint
    RP223: 11/10/2009 2:14:25 PM - System Checkpoint
    RP224: 11/11/2009 3:55:04 PM - System Checkpoint
    RP225: 11/12/2009 5:24:53 PM - System Checkpoint
    RP226: 11/16/2009 3:48:40 PM - System Checkpoint
    RP227: 11/17/2009 7:36:15 PM - System Checkpoint
    RP228: 11/18/2009 8:28:13 PM - System Checkpoint
    RP229: 11/19/2009 9:12:38 PM - System Checkpoint
    RP230: 11/22/2009 11:51:40 AM - System Checkpoint
    RP231: 11/23/2009 2:27:28 PM - System Checkpoint
    RP232: 11/24/2009 2:50:44 PM - System Checkpoint
    RP233: 11/25/2009 3:09:11 PM - System Checkpoint
    RP234: 11/30/2009 2:32:44 PM - System Checkpoint
    RP235: 12/1/2009 5:33:47 PM - System Checkpoint
    RP236: 12/2/2009 6:38:32 PM - System Checkpoint
    RP237: 12/2/2009 11:06:16 PM - Software Distribution Service 3.0
    RP238: 12/4/2009 9:59:53 AM - Software Distribution Service 3.0
    RP239: 12/4/2009 4:21:37 PM - Software Distribution Service 3.0
    RP240: 12/8/2009 4:49:01 PM - System Checkpoint
    RP241: 12/9/2009 10:29:43 AM - Software Distribution Service 3.0
    RP242: 12/10/2009 4:59:06 PM - System Checkpoint
    RP243: 12/13/2009 2:10:04 AM - System Checkpoint
    RP244: 12/14/2009 12:28:00 PM - System Checkpoint
    RP245: 12/15/2009 1:40:58 PM - System Checkpoint
    RP246: 12/16/2009 10:24:46 PM - System Checkpoint
    RP247: 12/17/2009 10:25:32 PM - System Checkpoint
    RP248: 12/19/2009 3:29:37 PM - System Checkpoint
    RP249: 12/20/2009 3:39:11 PM - System Checkpoint
    RP250: 12/21/2009 6:34:40 PM - System Checkpoint
    RP251: 12/23/2009 6:57:00 PM - System Checkpoint
    RP252: 12/24/2009 9:25:43 PM - System Checkpoint
    RP253: 12/25/2009 10:17:45 PM - System Checkpoint
    RP254: 12/26/2009 10:23:20 PM - System Checkpoint
    RP255: 12/28/2009 7:43:02 PM - System Checkpoint
    RP256: 12/30/2009 7:51:59 PM - System Checkpoint
    RP257: 1/3/2010 6:49:18 PM - System Checkpoint
    RP258: 1/4/2010 6:55:47 PM - System Checkpoint
    RP259: 1/5/2010 7:47:07 PM - System Checkpoint
    RP260: 1/7/2010 4:50:59 PM - System Checkpoint
    RP261: 1/10/2010 5:44:21 PM - System Checkpoint
    RP262: 1/11/2010 7:05:13 PM - System Checkpoint
    RP263: 1/12/2010 7:34:27 PM - System Checkpoint
    RP264: 1/13/2010 8:28:36 PM - System Checkpoint
    RP265: 1/14/2010 8:50:29 PM - System Checkpoint
    RP266: 1/15/2010 12:35:46 AM - Software Distribution Service 3.0
    RP267: 1/17/2010 12:21:58 PM - System Checkpoint
    RP268: 1/18/2010 6:08:22 PM - System Checkpoint
    RP269: 1/19/2010 6:53:59 PM - System Checkpoint
    RP270: 1/20/2010 7:23:01 PM - System Checkpoint
    RP271: 1/20/2010 11:55:33 PM - Software Distribution Service 3.0
    RP272: 1/21/2010 9:54:02 AM - Software Distribution Service 3.0
    RP273: 1/24/2010 5:29:25 PM - System Checkpoint
    RP274: 1/25/2010 9:49:25 AM - Software Distribution Service 3.0
    RP275: 1/27/2010 12:32:26 PM - System Checkpoint
    RP276: 1/28/2010 7:56:50 PM - System Checkpoint
    RP277: 1/31/2010 8:26:11 PM - System Checkpoint
    RP278: 2/2/2010 12:16:27 PM - System Checkpoint

    ==== Installed Programs ======================

    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Acrobat Elements 6.0
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe PageMaker 6.5
    Adobe Photoshop 5.5
    Adobe Reader 8.1.2
    Adobe Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Reader 8.1.4
    Adobe Shockwave Player
    AIM 6
    AIM Toolbar
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    BufferChm
    CA Personal Firewall
    CA Pest Patrol Realtime Protection
    Destinations
    DeviceFunctionQFolder
    DeviceManagementQFolder
    Download Updater (AOL LLC)
    EMSC
    eSupportQFolder
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToMeeting 4.0.0.320
    High Definition Audio Driver Package - KB888111
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    HP Deskjet 5900 series
    HP Imaging Device Functions 5.0
    HP Software Update
    HP Solution Center & Imaging Support Tools 5.0
    HPDeskjet5900Series
    HPProductAssistant
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PROSet/Wireless Software
    iPod Updater 2004-11-15
    Ipswitch WS_FTP LE
    iTunes
    Java(TM) 6 Update 7
    KTP Ware PS/2-x86 5.0.3.13
    Malwarebytes' Anti-Malware
    mCore
    mDriver
    mDrWiFi
    MediaShow 3.0
    mHelp
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Windows Journal Viewer
    mIWA
    mLogView
    mMHouse
    Motorola SM56 Data Fax Modem
    Move Media Player
    Mozilla Firefox (3.5.7)
    mPfMgr
    mPfWiz
    mProSafe
    mSCfg
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser
    mWlsSafe
    mZConfig
    Norton AntiVirus
    Norton PC Checkup
    OGA Notifier 2.0.0048.0
    PokerStars
    Power2Go 4.0
    PowerDVD
    PowerProducer
    PowerStarter
    QuickTime
    QuickTime for Windows (32-bit)
    RealArcade
    Realtek High Definition Audio Driver
    Revo Uninstaller 1.85
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
    Safari
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB973704)
    Security Update for Microsoft Office Excel 2007 (KB973593)
    Security Update for Microsoft Office Outlook 2007 (KB972363)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB969693)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB969604)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Skypeâ„¢ 3.8
    Smart Battery
    Snood Deluxe
    SolutionCenter
    Status
    TrayApp
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office InfoPath 2007 (KB976416)
    Update for Outlook 2007 Junk Email Filter (kb977839)
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Viewpoint Media Player
    WebEx Support Manager for Internet Explorer
    WebFldrs XP
    WebReg
    Windows Driver Package - Intel (NETw4x32) net (09/26/2007 11.5.0.32)
    Windows Driver Package - Intel (w29n51) net (07/25/2007 9.0.4.37)
    Windows Driver Package - Intel net (09/26/2007 11.5.0.32)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows XP Service Pack 3
    Wireless Select Switch
    Wow Video&Audio utility

    ==== Event Viewer Messages From Past Week ========

    1/27/2010 2:20:10 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccHP eeCtrl EMSC Fips intelppm KmxAgent KmxFile KmxFw KmxStart SRTSP SRTSPX SymIRON SYMTDI
    1/27/2010 12:46:37 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    1/26/2010 7:26:22 PM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}
    1/26/2010 7:24:50 PM, error: Service Control Manager [7022] - The HIPS Configuration Interpreter service hung on starting.
    1/26/2010 7:24:50 PM, error: Service Control Manager [7001] - The HIPS Policy Manager service depends on the HIPS Configuration Interpreter service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    1/26/2010 7:24:50 PM, error: Service Control Manager [7001] - The HIPS Event Manager service depends on the HIPS Configuration Interpreter service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    1/26/2010 7:24:50 PM, error: Service Control Manager [7000] - The CA Common Scheduler Service service failed to start due to the following error: The system cannot find the file specified.
    1/26/2010 7:23:19 PM, error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.
    1/26/2010 7:23:19 PM, error: SRTSP [4] - Error loading virus definitions.
    1/26/2010 6:45:17 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl EMSC Fips intelppm KmxAgent KmxFile KmxFw KmxStart
    1/26/2010 5:53:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: EMSC Fips intelppm KmxAgent KmxFile KmxFw KmxStart
    1/26/2010 5:49:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
    1/26/2010 5:48:30 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    1/26/2010 5:48:21 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD EMSC Fips intelppm IPSec KmxAgent KmxFile KmxFw KmxStart MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
    1/26/2010 5:48:21 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    1/26/2010 5:48:21 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/26/2010 5:48:21 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/26/2010 5:48:21 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    1/26/2010 5:48:21 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/26/2010 5:48:21 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/26/2010 5:48:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    1/26/2010 5:47:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/26/2010 5:47:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}
    1/26/2010 5:42:31 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service CaCCProvSP with arguments " " in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF}
    1/26/2010 4:22:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: EMSC Fips intelppm KmxAgent KmxFile KmxFw KmxStart VET-FILT VET-REC VETEFILE VETMONNT
    1/26/2010 4:15:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    1/26/2010 3:16:26 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 5 time(s).
    1/26/2010 3:16:11 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 4 time(s).
    1/26/2010 3:06:11 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 3 time(s).
    1/26/2010 2:38:11 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 2 time(s).
    1/26/2010 2:34:39 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).

    ==== End Of File ===========================
     
    EL CONJUNTO,
    #1
  2. 2010/02/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I assume, Norton is your current security program?
    I can see also CA Internet Security Suite installed and running.

    If you have 2007, or 2008 version, run this uninstaller: http://homeofficekb.ca.com/CIDocume...ExternalCallID=0&Ver=&AddBookmark=0&KDId=3153
    If 2009 version, run this one: http://homeofficekb.ca.com/CIDocume...eturn=0&GUID=2C7EA220FA7F4DA3804C806F3CE0ADAE

    When done....

    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

    STEP 1. Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    PHYSICALLY DISCONNECT FROM THE INTERNET

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Click Scan your Computer... button.
    * Click Scanning Preferences/Control Center... button.
    * Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Terminate memory threats before quarantining.
    * Click the Close button to leave the control center screen.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
    * Make sure everything has a checkmark next to it and click Next.
    * A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
    * If asked if you want to reboot, click Yes.
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
    Post SUPERAntiSpyware log.

    RECONNECT TO THE INTERNET

    RESTART COMPUTER!

    STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    RESTART COMPUTER

    STEP 4. Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Installer under Version 2.0.2
    [DO NOT download version 2.0.3 (beta)]
    Install, and run it.
    Post HijackThis log.
    NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #2


  3. to hide this advert.

  4. 2010/02/05
    EL CONJUNTO

    EL CONJUNTO Well-Known Member Thread Starter

    Joined:
    2005/02/21
    Messages:
    135
    Likes Received:
    2
    Broni,
    Sorry for the delay... The CA Uninstaller worked great. It seems the original CA program uninstaller did not do the job and probably was trying to load during the boot. Now everything runs fine. The first scan with the SuperAntiSpyware came up clean with no errors. However it took 4hrs and 32 mins to complete! There are WAY TOO MUCH music and Video files! I like helping people but I don't have that much time and the computer is unavailable to take with me. The owner is very happy with things the way they are and says it never ran so fast. If you would like me to send you a scan the way the computer is now let me know. The current NortonA/V is just a trial version and I'd like to uninstall it and re-install a fresh copy of CA since its already paid for. Let me know, and once again thank you very much for the help!
     
    EL CONJUNTO,
    #3
  5. 2010/02/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    broni,
    #4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...