Solved Computer infected (Completed 8-steps, logs attached)

[Squidget1031]

Hello,

We've been having problems with our computer for the past couple of weeks. It started out with the internet running really slowly: pages took forever to load, would not load completely, and/or freeze. If we tried to watch a video, it would also take forever to load and be very choppy and/or freeze with the sound continuing to loop. Most recently, my husband tried to log onto Ebay and after he entered his username/password, he was redirected to a dummy page asking for social security number, credit card number, ATM PIN etc. Obviously, we did not input that information. I tried to use System Restore, selected a timepoint, and shut down the computer, but when I reloaded, a window appeared saying the point could not be used. I tried additional timepoints, with the same results. I also downloaded Mozilla Firefox (thinking the issue may have been with Internet Explorer), but the problems still remain.

I am by no means a computer expert but I did what I knew how to do up to this point: System Restore, run a virus scan (McAfee), and scan for Malware and Spyware (Malwarebytes and SuperANTISpyware). The virus scan turned up clean and the malware/spyware scans found some potentially hazardous objects which I then deleted. We have had similar infections in the past, but they always seemed to get cleaned up. This time, it seems like something is still hanging around on our machine.

I have attached my logs from the 8-step removal process and hope that someone can see something that I'm missing and direct me in how to fix whatever it is. Thanks, in advance, for your help!

 

[Bobbye]

Welcome to TechSpot. I'll try and help with the malware.

I notice your Host files are routing through:
OrgName: Interserver, Inc
OrgID: INTER-83
Address: 110 Meadowlands Pkwy
Address: 1st Floor
City: Secaucus
StateProv: NJ

The last 2 Domains appear to be legitimate, but none of the 'review' Domains are. But this is not a normal configuration for the Host files.

The main reason you're slow is because you have too many processes starting on boot, then running in the background.

Please reopen HijackThis to 'do system scan only.'. Check each of the following if present:
O1 - Hosts: 69.10.51.38 a1.review.zdnet.com
O1 - Hosts: 69.10.51.38 d1.reviews.cnet.com
O1 - Hosts: 69.10.51.38 reviews.riverstreams.co.uk
O1 - Hosts: 69.10.51.38 reviews.download.com
O1 - Hosts: 69.10.51.38 review.2009softwarereviews.com
O1 - Hosts: 69.10.51.38 reviews.pcmag.com
O1 - Hosts: 69.10.51.38 reviews.pcadvisor.co.uk
O1 - Hosts: 69.10.51.38 reviews.techradar.com
O1 - Hosts: 69.10.51.38 reviews.pcpro.co.uk
O1 - Hosts: 69.10.51.38 www.reevoo.com
O1 - Hosts: 69.10.51.38 toptenreviews.com

Close all Windows except HJT and click on "Fix Checked."

Please download ComboFix HERE:

• With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
  Important! Save the renamed download to your desktop.
  
• Please disable all security programs, such as antiviruses, antispywares, and firewalls.
  
• Double click on the setup file on the desktop to run
• If prompted to download and install the Recovery Console, please do so.
  (Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
• If prompted to update, please allow.
• Click on Yes, to continue scanning for malware.
• When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.

Notes:

• 
  1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  2. ComboFix may reset a number of Internet Explorer's settings.
  3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.
  4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run.

.
Run Eset NOD32 Online AntiVirus Scanner HERE

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the Active X control to install
• Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
• Click Scan
• Wait for the scan to finish
• Re-enable your Antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Follow with a rescan using HijackThis.
Please include Combofix report, Eset log and new HJTlog in next reply.

Please do not make any other changes to your computer (like installing programs, using other cleaning tools, etc.), while I am helping you unless I instruct you to. DO NOT make any Registry Changes. And it is recommended that if you are running any Registry editing program, that you either uninstall or disable while we are in the cleaning process Do Not attempt any more System restores. Restore Points can become infected and if used, can reinfect a system. We will have you remove the old restore points when the system is clean
===================================
These sound more like RAM problem or other system problem: How much RAM is on the system?

It started out with the internet running really slowly: pages took forever to load, would not load completely, and/or freeze.

If we tried to watch a video, it would also take forever to load and be very choppy and/or freeze with the sound continuing to loop.

This does sound like malware- possibly phishing: Do you have the phishing filter enabled in IE?

he was redirected to a dummy page asking for social security number, credit card number, ATM PIN etc.

 

[Squidget1031]

Thanks for the assistance!

I have attached the logs you requested. However, the ESET Online Scanner did not create a log file in the path you listed (it did not make a folder in the Programs folder, but instead downloaded to My Documents\Downloads). I saved the report from the scan and have attached that, instead. It's probably not the same and if it is not sufficient, how can I get it to save correctly?

I am aware that we have way too many programs running when the computer starts up. I tried to disable some of them by running "msconfig" but it will not allow me to make any changes. It keeps saying that an administrator must do it. I even started the computer in safe mode and logged on as "Administrator" and it still would not let me make any changes. Is there something that I am missing? What else can I do to disable some of those programs so that they aren't constantly running?

Our system has 504 MB of RAM. We have never had an issue with the computer going this slowly or videos randomly freezing. Sure, there are times where it seems like you have to wait a long time, but lately, it's just been ridiculous.

I'm not sure if the phishing filter is enabled on Internet Explorer. My husband was actually on Firefox when that page popped up ... How do I check that?

Also, can you explain what was going on with the Host files? What does that mean?

Thanks again! I really appreciate it.

 

[Squidget1031]

After a second look, I found the ESET logfile. Please disregard the "report" from my previous post!

 

[Bobbye]

Squidget, you have a HelpAssistant Malware infection. When we remove that, I think your permissions issue wil resolve. If it does not, we'll work on that. I will also assistt you in using the msconfig utility amd give you a short tip on the Save Location> how to set, how to change.
Please print the instructions below for this program. You will not have access to the directions once you have started

Please download HelpAsst mebroot fix.exe by noahdefrea and save to your desktop

• Close out all other open programs and windows.
• Double-click on it to run the tool and follow any prompts.
• If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.
• Upon restarting, please wait about 5 minutes, go to > Run..., and in the Open dialog box, type: helpasst -mbrt
  Make sure you leave a space between helpasst -mbrt.
• Click OK or press Enter.
• HelpAsst fix will create and open a log when done.
• Copy and paste the contents of that log into your next reply.

In the event the tool does not detect an mbr infection and completes, do this:

• Go to > Run> in the Open dialog box type: mbr -f
• Click OK or press Enter.
• Now, please do the Start > Run > mbr -f command a second time.
• Shut down the computer (do not restart, but shut it down). Wait about five minutes, then start it back up.
• After restart go to > Run> in the Open dialog box, type: helpasst -mbrt
  Make sure you leave a space between helpasst and -mbrt.
• Click OK or press Enter.
• HelpAsst fix will create and open a log when done.
• Copy and paste the contents of that log into your next reply.

-- Important note to Dell users: Fixing the mbr may prevent access to the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a few known fixes for this, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually. You will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).
Source: BleepingComputer
=================================
When completed: Please download OTMovit by Old Timer and save to your desktop.

• Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :Processes	
  
  :Services
  
  :Reg
  
  :Files  
  C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\JYX8AEM2\index[1].htm	
  C:\Documents and Settings\HelpAssistant.AREBRO\Local Settings\Temp\CSM22.tmp	
  C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe	
  c:\documents and settings\HelpAssistant.AREBRO\WINDOWS
  c:\documents and settings\HelpAssistant.AREBRO\PrivacIE
  c:\documents and settings\HelpAssistant.AREBRO\UserData
  c:\documents and settings\HelpAssistant.AREBRO\IETldCache
  c:\program files\Viewpoint\Common\ViewpointService.exe
   c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
  c:\documents and settings\HelpAssistant.AREBRO
  c:\documents and settings\HelpAssistant\UserData
  c:\documents and settings\HelpAssistant\IETldCache
  c:\documents and settings\HelpAssistant
  
  
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

We will also have to make some changes in the Firefox preferences and close the rogue ports the 'assistant' has opened. We do this a step at a time, with only the programs run that I instruct you to run. Make no other changes which included running any registry program or removing registry entries.

 

[Squidget1031]

I'm getting an 404 Not Found error message when I click on the link to "HelpAssist mebroot fix.exe" in your reply.

 

[Bobbye]

Okay, hold on. I'm seeing if Broni has a different one. This was good yesterday- they do this all the time!

 

[Bobbye]

Here you go:
http://noahdfear.net/downloads/HelpAsst/HelpAsst_mebroot_fix.exe

 

[Squidget1031]

Thank you for all of your help thus far! My husband and I both agree that things seem to be working better since we have been running your fixes.

The HelpAsst log is attached. The OTMovit log was too big to attach as one document, so I split it into multiple documents and attached them separately.

Please let me know what to do next.

 

[Bobbye]

My apology- I replied to this. I've had several posts that aren't going through.

I said that I was going to ask Broni to look at the removals. HelpAssist actually sets up a pseudo-account. But I want to make sure the removals are only what they should be. I have never seen an OTMoveIt with this much content!

Please don't clean out any files or do a System Restore until we check this content, okay?

 

[Squidget1031]

No problem. I'll wait for further instruction. Thanks again for all of your help so far!

 

[Bobbye]

Okay, I'd like you to run Combofix again. You can do a right click> delete on the exe file on the desktop for Combofix. This just deletes the old report, not the program itself. You should be running a lot better now with all those files removed- let's make sure we got them all!

Attach new Combofix report to next reply.

 

[Squidget1031]

The computer has been working a lot better since we started ... Were all those files in the OTMovit log things that have been removed?? If so, I can't believe that there was so much junk sitting around on this computer!

Anyway, the Combofix log is attached.

Thanks again!

 

[Bobbye]

Amazing isn't it s to how many files get infected! And it still left a backup!

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad and copy/paste the text in the code below into it:

File::
c:\windows\system32\E7215C648C.sys
c:\documents and settings\Anthony\Application Data\Real\Update\setup3.10\
c:\program files\Viewpoint\Common\ViewpointService.exe 

Folder::

Dir::
C:\HelpAsst_backup

Registry::

Driver::
Viewpoint Manager

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.
====================
Please do a new scan with the Eset online scanner. I need to see if any other entries need to be removed.

So on next reply:
Attach CFFix report
Attach new Eset log
Rescan with HJT once more and paste in new log.

 

[Squidget1031]

Here are the logs and HJT report that you requested ...

I had to attach the HJT report rather than paste it in because it made my response too long (by about 2000 characters).

Also, when I ran the ESET scan I UNchecked "removed found threats" (from your earlier instructions). Was that correct or should I have left it checked this time?

 

[Bobbye]

(You did the right thing in Eset)

Please download OTMovit by Old Timer and save to your desktop.

• Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :Processes	
  explore.exe
  :Services
  Viewpoint Manager Service
  :Reg
  
  :Files  
  c:\program files\Viewpoint\Common\ViewpointService.exe
  C:\HelpAsst_backup\C\DOCUME~1\HELPAS~1.ARE\Local Settings\Temp\CSM22.tmp
  c:\documents and settings\Anthony\Application Data\Real\Update\setup3.10\setup.exe
  C:\HelpAsst_backup
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Do one more Eset scan after this. If both are clean and the problems have been resolved, I'll have you remove the cleaning tools and old restore points. (DO NOT do a System Restore at this point. Malware is in the restore points and will reinfect the machine. I'll have you remove the old restore points at the end.)

 

[Squidget1031]

Here are the logs for OTM and ESET ... Again, the OTM log is really, really long and had to be split into sections.

Have I won a record for the longest log attachments, yet??

 

[Bobbye]

It is amazing how pervasive this it! I'd like you to do a few things as prevention and removal:

1. Run TFC (Temp File Cleaner)
Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
Empty the Recycle Bin
==============================
2. Reset Cookies
For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
AdBlock Plus
Easy List
==================================
3. Add Domains to the Restricted Sites:
IE> Tools> Internet Options> Security>- Restricted Sites> enter each>APPLY / OK. close & restart IE.
4. Block in Privacy
IE> Internet Options> Privacy> Sites> enter teach> BLOCK> APPLY / OK -close and restart IE.
The list:
*.atdmt.com
*.att.atdmt.com
*.click.atdmt.com
*.clk.atdmt.com
*.image.atdmt.com
*.rmd.atdmt.com
*.spd.atdmt.com
*.spe.atdmt.com
*.switch.atdmt.com
*.view.atdmt.com
*.www.atdmt.com
These were the most common domains for the HelpAssistant. Use of the * acts as a Wild Card.

5. Consider these programs for Extra Security

• Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
• IE/Spyad This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
• MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
• Google Toolbar Get the free google toolbar to help stop pop up windows.

Broni and I are finding that this malware- as you have witnessed- hits every file it can find. Script is embedded in banners and ads, so by blocking or restricting them, you can keep these sources off of the system.

Let's remove the cleaning tools and see where we are> keep Hijackthis as I want you to run it once more:

Uninstall ComboFix and all Backups of the files it deleted

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

Remove all of the tools we used and the files and folders they created

• Download OTCleanIt by OldTimer and save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.

• Go to Start > All Programs > Accessories > System Tools
• Click "System Restore".
• Choose "Create a Restore Point" on the first screen then click "Next".
• Give the Restore Point a name> click "Create".
  
• Go back and follow the path to > System Tools.
  [*]Click "OK" to select the partition or drive you want.
  [*]Click the "More Options" Tab.
  [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

No logs are required from these programs. After the Tools have been removed annd you have emptied the Recycle Bin again, see how the system is running. Advise me of any remaining problems.

Then rescan with HJT so I can make sure no entries remain- just leave that one log.

 

[Squidget1031]

Things seem to be running much better since we began this process.

I followed all of the instructions, but I could not figure out how to remove all of the previous System Restore points. After creating the new point, I went back to "System Tools" but could not select a drive ...

 

[Bobbye]

The most direct way to drop the old restore points is: Control Panel> System> System Restore tab> Check 'turn off System Restore> Apply> OK.
Reboot
Go back and uncheck 'turn off System Restore points> Apply> OK
Reboot
Now set a new restore point.
The system is usually set to the Local Drive which is C.
=============
An extra if wanted: Stopping unnecessary processes from starting on boot and running in the background. Print out the following if wanted- do what you can.

This sometimes works better in Safe Mode:
Start> Run> type in services.msc> double click on each and set Startup type as directed:
Apple Mobile Device - Manual
Bonjour> Manual
brkrsvc.exe> Disable, Stop
gupdate> Disable, Stop
gusvc> Disable, Stop
iPod Service> Manual
Java Quick Starter (jqs) - Disable,Stop
CRVS> Manual
WMDM PMSP Service> Manual
iPodService.exe> Manual
When finished, Exit Services and reboot.
===================================
Start> Run> type in msconfig> enter> Selective Startup >Startup tab> Uncheck all of the processes below:

1)Realsched: REAL PLAYER:
1. UNCHECK all 'Real', Real Player' and 'Real One' entries on the Startup menu
2. If you use Real Player disable the auto-update feature in your Tools- Preferences- Automatic Services- AutoUpdate (In RealPlayer).
Right click on Start> Explore> Programs> Common> Real Update> right click> delete the file "realshed.exe"
-----------
2)opware32.exe: scanner
-----------
3)iTunesHelper.exe: ITUNES Big resource user!
Background task installed by Apple's iTunes music player and also by version 7 of QuickTime which now comes inseparably bundled with iTunes. It is thought that this task used to be a 3rd party add-on program in the early days of Apple's iPod when its iTunes software was incompatible with many CD-Writers. This task does not need to be installed as a startup since iTunes starts it up anyway when it needs it. It uses nearly 6MB of memory.
------------------
4)CyberLink Uncheck all processes
[o]EverioService.exe: Related to the Cyberlink software supplied with JVC's Everio camcorders. ...
[o]DVDLauncher.exe: PowerCinema video viewing software
[o]RichVideo.exe: enhanced editing of videos
--------------
5)AppleMobileDeviceService.exe
6)Bonjour/mDNSResponder.exe
7)jqs.exe
8)MsPMSPSv.exe

When finished> click on Apply> OK> Reboot
NOTE: You will get a nag message that you can ignore and close after checking 'don't show this message again.' Stay in Selective Startup.
================================
Congratulations! You've done a great job and the system is clean!
Let me know if you have any questions.

 

[Squidget1031]

Thanks again for all of your help with this!!

I will go through and try to disable some of those programs ...

Also, as of last week, we have been getting this Windows Installer pop-up when we log on. It says that "Microsoft Office XP Professional with Front Page" wants to update. However, when we click "OK" and begin the process, it times out and then says that a CD is needed (which we do not have). Is there any way to turn that off, as well?

 

[Bobbye]

Start> Run> type in msconfig> enter> Selective Startup> Startup tab> uncheck any processes for:
"Microsoft Office XP Professional with Front Page"> Apply> OK.

The first time you reboot after making this change, you will get a nag message that you can ignore and close after checking 'don't show this message again.' Stay in Selective Startup.

This should prevent the update pop-up when you log on.

 

[Squidget1031]

Things have been running great since my last post (about a week ago). I think it's safe to say our problems have been solved.

Thanks so much for all of the help!!

 

[Bobbye]

You're welcome- glad to help. I'll close the thread after leaving these tips for you:

Please follow these simple steps to keep your computer clean and secure:

1.Disable and Enable System Restore: See System Restore Guide This will help you understand what this is, why you need to clean and set restore points and what information is in them.
2.Stay current on updates:

• Visit the Microsoft Download Sitefrequently. You should get All updates marked Critical and the current SP updates: Windows XP> SP2, SP3.
• Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
• Check this site often.Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.

3.Make Internet Explorer safer. Follow the suggestions HERE This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features.
4.Remove Temporary Internet Files regularly: Use ATF Cleaner by Atribune or TFC
5. Use an AntiVirus Software(only one)
See Virus, Spyware, and Malware Protection and Removal Resources

6.Use a good, bi-directional firewall(one software firewall) I recommend either of these software firewalls.- both are free and good:
Comodo or Zone Alarm
7.Consider these programs for Extra Security

• Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
• IE/Spyad This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
• MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
• Google Toolbar Get the free google toolbar to help stop pop up windows.

If I can be of further assistance, please let me know. .