Jump to content

updatehelp

Members
  • Posts

    38
  • Joined

  • Last visited

Reputation

0 Neutral
  1. anywhere.uc-host.net Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 5/13/20 Protection Event Time: 5:00 PM Log File: c084ad3e-955c-11ea-8c13-1866da062493.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.896 Update Package Version: 1.0.23778 License: Premium -System Information- OS: Windows 10 (Build 18362.778) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE, Blocked, -1, -1, 0.0.0 -Website Data- Category: Phishing Domain: anywhere.uc-host.net IP Address: 192.203.239.127 Port: 443 Type: Outbound File: C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE (end)
  2. Hi recnetly i've been getting the message that " Category: Trojan Domain: IP Address: 37.49.227.202 Port: [19] Type: Inbound File: C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe" was blocked one of twice a day. i also noticed that mcafee itself has been blocking a lot of incoming connections. what should i do? thx
  3. Results of screen317's Security Check version 0.99.88 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 67 Adobe Flash Player 15.0.0.152 Adobe Reader 10.1.11 Adobe Reader out of Date! Google Chrome 38.0.2125.101 Google Chrome 39.0.2171.13 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe windows defender MpCmdRun.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast afwServ.exe AVAST Software Avast avastui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  4. hi i rad adw cleaner and JRT. a few weird things happened to my computer. my outlook settings are all gone and it doesn't access my email. also for another program the registration information was deleted "chessbase". also my good bookmarks were deleted. is this all normal? here are the logs ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.3.1 (10.06.2014:1)OS: Windows 7 Home Premium x64Ran by d on Tue 10/07/2014 at 9:03:51.41~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Tue 10/07/2014 at 9:11:40.22End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v3.311 - Report created 07/10/2014 at 08:22:04# Updated 30/09/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : d - D-HP# Running from : C:\Users\d\Downloads\AdwCleaner.exe# Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17280 -\\ Google Chrome v38.0.2125.101 [ File : C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}Found [search Provider] : hxxp://www.ask.com/web?q={searchTerms} [ File : C:\Users\dl\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2750 octets] - [23/09/2014 01:44:27]AdwCleaner[R1].txt - [2814 octets] - [23/09/2014 23:34:25]AdwCleaner[R2].txt - [1053 octets] - [29/09/2014 09:59:09]AdwCleaner[R3].txt - [1114 octets] - [29/09/2014 10:06:50]AdwCleaner[R4].txt - [1174 octets] - [29/09/2014 20:51:03]AdwCleaner[R5].txt - [1174 octets] - [07/10/2014 08:22:04]AdwCleaner[s0].txt - [2606 octets] - [23/09/2014 23:38:48]AdwCleaner[s1].txt - [1236 octets] - [29/09/2014 20:54:48] ########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [1354 octets] ##########
  5. one other slightly wierd thing malware bytes doesnt automatically update, even though i have it set to update automatically. is this a problem?
  6. so far the redirects seem to be good, nothing popping up for 3 days., yes i do know that folder. everything seems to be ok now. do i need to do anything to clean up the tools?
  7. also i get a resolving host stall in chrome now when i search anything. this doesn't happen in IE though.
  8. sorry i pasted the wrong log, here is the correct one ComboFix 14-09-29.02 - d 09/30/2014 11:07:32.1.8 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16279.10905 [GMT -4:00]Running from: c:\users\dl\Downloads\ComboFix.exeAV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\install.exec:\users\d\AppData\Local\assembly\tmpc:\users\dl\AppData\Local\assembly\tmpc:\windows\TEMP\jna8557937401749638396.dll..((((((((((((((((((((((((( Files Created from 2014-08-28 to 2014-09-30 )))))))))))))))))))))))))))))))..2014-09-30 15:19 . 2014-09-30 15:19 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2014-09-30 15:19 . 2014-09-30 15:19 -------- d-----w- c:\users\Default\AppData\Local\temp2014-09-30 15:19 . 2014-09-30 15:19 -------- d-----w- c:\users\d\AppData\Local\temp2014-09-30 05:33 . 2014-09-30 05:33 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C2250873-2B3C-4572-9953-03A7EA2E196C}\offreg.dll2014-09-30 02:30 . 2014-09-30 02:30 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Exploit2014-09-30 02:08 . 2014-09-30 02:43 -------- d-----w- c:\programdata\Malwarebytes Anti-Exploit2014-09-30 01:47 . 2014-09-30 15:18 -------- d-----w- c:\users\d\AppData\Local\assembly2014-09-30 01:32 . 2014-09-30 01:32 -------- d-----w- c:\windows\ERUNT2014-09-26 16:18 . 2014-09-30 15:18 -------- d-----w- c:\users\dl\AppData\Local\assembly2014-09-26 06:09 . 2014-09-15 06:08 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C2250873-2B3C-4572-9953-03A7EA2E196C}\mpengine.dll2014-09-25 21:35 . 2014-09-25 21:35 -------- d-----w- c:\program files (x86)\Common Files\Skype2014-09-25 21:35 . 2014-09-25 21:35 -------- d-----r- c:\program files (x86)\Skype2014-09-25 19:06 . 2014-09-26 12:49 -------- d-----w- c:\users\d\AppData\Local\CrashDumps2014-09-24 12:51 . 2014-09-24 12:51 -------- d-----w- c:\program files (x86)\Common Files\Java2014-09-24 12:50 . 2014-09-24 12:50 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2014-09-24 12:50 . 2014-09-24 12:50 -------- d-----w- c:\program files (x86)\Java2014-09-24 04:30 . 2014-09-30 13:28 -------- d-----w- C:\FRST2014-09-24 04:02 . 2014-09-24 04:02 319912 ----a-w- c:\windows\system32\javaws.exe2014-09-24 04:02 . 2014-09-24 04:02 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll2014-09-24 04:02 . 2014-09-24 04:02 189352 ----a-w- c:\windows\system32\javaw.exe2014-09-24 04:02 . 2014-09-24 04:02 189352 ----a-w- c:\windows\system32\java.exe2014-09-24 00:36 . 2014-09-24 00:36 -------- d-sh--w- c:\users\d\AppData\Local\EmieUserList2014-09-24 00:36 . 2014-09-24 00:36 -------- d-sh--w- c:\users\d\AppData\Local\EmieSiteList2014-09-24 00:35 . 2014-09-24 00:35 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys2014-09-24 00:34 . 2014-09-24 00:34 448400 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys2014-09-23 23:13 . 2014-08-18 22:18 639488 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll2014-09-23 22:55 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll2014-09-23 22:55 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll2014-09-23 22:33 . 2014-09-23 22:33 -------- d-----w- c:\users\d\AppData\Roaming\AVAST Software2014-09-23 21:31 . 2014-09-23 21:31 -------- d-----w- c:\users\dl\AppData\Roaming\AVAST Software2014-09-23 21:29 . 2014-09-23 21:29 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys2014-09-23 21:29 . 2014-09-23 21:29 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys2014-09-23 21:29 . 2014-09-23 21:29 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys2014-09-23 21:29 . 2014-09-23 21:29 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys2014-09-23 21:29 . 2014-09-23 21:29 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys2014-09-23 21:29 . 2014-09-23 21:29 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2014-09-23 21:29 . 2014-09-23 21:29 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys2014-09-23 21:29 . 2014-09-23 21:29 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys2014-09-23 21:29 . 2014-09-23 21:29 307344 ----a-w- c:\windows\system32\aswBoot.exe2014-09-23 21:29 . 2014-09-23 21:29 43152 ----a-w- c:\windows\avastSS.scr2014-09-23 21:27 . 2014-09-23 21:27 -------- d-----w- c:\program files\AVAST Software2014-09-23 21:26 . 2014-09-23 21:27 -------- d-----w- c:\programdata\AVAST Software2014-09-23 19:08 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll2014-09-23 19:08 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll2014-09-23 05:45 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll2014-09-23 05:44 . 2014-09-30 00:55 -------- d-----w- C:\AdwCleaner2014-09-15 17:54 . 2014-09-15 17:54 -------- d-----w- c:\program files\iPod2014-09-15 17:54 . 2014-09-15 17:55 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF692014-09-15 17:54 . 2014-09-15 17:55 -------- d-----w- c:\program files\iTunes2014-09-15 17:54 . 2014-09-15 17:55 -------- d-----w- c:\program files (x86)\iTunes2014-09-09 17:44 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll2014-09-09 17:44 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll2014-09-09 17:44 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll2014-09-09 17:44 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll2014-09-09 17:44 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll2014-09-09 17:44 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll2014-09-09 17:44 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll2014-09-09 17:44 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll2014-09-09 17:44 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll2014-09-09 17:43 . 2014-09-05 02:10 578048 ----a-w- c:\windows\system32\aepdu.dll2014-09-09 17:43 . 2014-09-05 02:05 424448 ----a-w- c:\windows\system32\aeinv.dll2014-09-08 17:38 . 2014-09-08 17:39 -------- d-----w- C:\srevice 12...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-09-30 02:23 . 2013-08-15 02:55 17408 ----a-w- c:\windows\system32\rpcnetp.exe2014-09-30 02:23 . 2013-08-12 14:08 69792 ----a-w- c:\windows\SysWow64\rpcnet.dll2014-09-24 03:50 . 2013-08-15 02:55 17408 ----a-w- c:\windows\SysWow64\rpcnetp.dll2014-09-24 03:49 . 2013-08-15 02:55 17408 ----a-w- c:\windows\SysWow64\rpcnetp.exe2014-09-24 00:13 . 2014-04-10 13:20 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-09-23 22:32 . 2011-03-29 02:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2014-09-23 19:05 . 2012-02-29 23:10 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-09-23 19:05 . 2012-02-29 23:10 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-09-15 13:06 . 2010-11-21 03:27 278152 ------w- c:\windows\system32\MpSigStub.exe2014-08-29 17:01 . 2013-05-10 16:54 101694776 ----a-w- c:\windows\system32\MRT.exe2014-08-23 02:07 . 2014-08-28 10:24 404480 ----a-w- c:\windows\system32\gdi32.dll2014-08-23 01:45 . 2014-08-28 10:24 311808 ----a-w- c:\windows\SysWow64\gdi32.dll2014-08-23 00:59 . 2014-08-28 10:24 3163648 ----a-w- c:\windows\system32\win32k.sys2014-08-21 20:03 . 2014-01-26 15:09 536984 ----a-w- c:\windows\system32\drivers\RapportKE64.sys2014-07-25 06:35 . 2014-07-25 06:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll2014-07-25 03:47 . 2014-07-25 03:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll2014-07-18 16:38 . 2014-07-18 16:38 491008 ----a-r- c:\users\dl\AppData\Roaming\Microsoft\Installer\{19C7ABD4-4445-48B0-9D02-5A706D080688}\RDMC.exe2014-07-18 16:38 . 2014-07-18 16:38 481280 ----a-r- c:\users\dl\AppData\Roaming\Microsoft\Installer\{19C7ABD4-4445-48B0-9D02-5A706D080688}\EikonDesktop.exe2014-07-18 16:38 . 2014-07-18 16:38 318976 ----a-r- c:\users\dl\AppData\Roaming\Microsoft\Installer\{19C7ABD4-4445-48B0-9D02-5A706D080688}\EikonExcel.exe2014-07-14 02:02 . 2014-08-13 22:41 1216000 ----a-w- c:\windows\system32\rpcrt4.dll2014-07-14 01:40 . 2014-08-13 22:41 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll2014-07-09 02:03 . 2014-08-13 22:42 7168 ----a-w- c:\windows\system32\KBDTAT.DLL2014-07-09 02:03 . 2014-08-13 22:42 6656 ----a-w- c:\windows\system32\KBDRU.DLL2014-07-09 02:03 . 2014-08-13 22:42 7168 ----a-w- c:\windows\system32\KBDRU1.DLL2014-07-09 02:03 . 2014-08-13 22:42 7168 ----a-w- c:\windows\system32\KBDYAK.DLL2014-07-09 02:03 . 2014-08-13 22:42 7168 ----a-w- c:\windows\system32\KBDBASH.DLL2014-07-09 01:31 . 2014-08-13 22:42 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL2014-07-09 01:31 . 2014-08-13 22:42 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-08-27 22041192].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2011-12-05 291096]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-12-22 362432]"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]"AIMPro"="c:\program files (x86)\AIM\AIM Pro\aimpro.exe" [2007-10-09 5043528]"Absolute Notifier"="c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2013-07-19 85864]"Malwarebytes Anti-Exploit"="c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe" [2014-08-29 440632]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-09-23 4085896]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896].c:\users\dl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\original1.desktop.ini [2013-5-10 174].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2013-4-8 209920].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"DisableCAD"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1)"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]@="".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 MouseWithoutBordersSvc;Mouse without Borders Service;c:\program files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe;c:\program files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [x]R2 rpcld;Remote Procedure Call (RPC) LD;c:\programdata\Rpcnet\Bin\rpcld.exe;c:\programdata\Rpcnet\Bin\rpcld.exe [x]R3 ATRK;ATRK;c:\users\dl\Dropbox\alapin\TrendMicro AntiThreat Toolkit\hc_attk\atrk64.sys;c:\users\dl\Dropbox\alapin\TrendMicro AntiThreat Toolkit\hc_attk\atrk64.sys [x]R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]R3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\DRIVERS\ew_jucdcecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcecm.sys [x]R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]R3 RapportKE64;RapportKE64;c:\windows\system32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]R3 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]R3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe;c:\program files\Common Files\AuthenTec\TrueService.exe [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]S0 aswRvrt;avast! Revert; [x]S0 aswVmm;avast! VM Monitor; [x]S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [x]S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]S1 RapportCerberus_80049;RapportCerberus_80049;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80049.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80049.sys [x]S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]S2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [x]S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe;c:\program files\CrashPlan\CrashPlanService.exe [x]S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe [x]S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 SmbDrv;SmbDrv;c:\windows\system32\drivers\Smb_driver.sys;c:\windows\SYSNATIVE\drivers\Smb_driver.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - ESPROTECTIONDRIVER.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-09-25 03:52 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-09-30 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-29 19:05].2014-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-09 15:57].2014-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-09 15:57].2014-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-781968581-105214310-1320907150-1003Core.job- c:\users\dl\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-14 21:25].2014-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-781968581-105214310-1320907150-1003UA.job- c:\users\dl\AppData\Local\Google\Update\GoogleUpdate.exe [2014-08-14 21:25].2014-09-29 c:\windows\Tasks\HPCeeScheduleFordl.job- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2014-09-23 21:29 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-05-11 1425408]"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]"Persistence"="c:\windows\system32\igfxpers.exe" [2013-05-25 439064]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-05-25 170264]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-05-25 398616].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-07-09 21720].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"AppInit_DLLs"=c:\windows\System32\nvinitx.dll.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{824C7CCD-F389-42FE-AA64-6469601361B5}: NameServer = 8.8.8.8,8.8.4.4.- - - - ORPHANS REMOVED - - - -.ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\d\AppData\Roaming\Dropbox\bin\DropboxExt.19.dllShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\d\AppData\Roaming\Dropbox\bin\DropboxExt.19.dllShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\d\AppData\Roaming\Dropbox\bin\DropboxExt.19.dllWow6432Node-HKLM-Run-<NO NAME> - (no file)c:\users\dl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\d\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartupc:\users\dl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\original1.Dropbox.lnk - c:\users\d\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartupHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startHKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexecShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exeAddRemove-Bloomberg Keyboard v11.1 - c:\windows\System32\drivers\UNWISE.EXEAddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID]@DACL=(02 0000).[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}]@DACL=(02 0000)@="Dropbox Autoplay COM Server".[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}]@Class="REG_SZ"@DACL=(02 0000)@="PSFactoryBuffer".[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]@DACL=(02 0000)@="SyncingOverlayHandler Class".[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]@DACL=(02 0000)@="ErrorOverlayHandler Class".[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{C9E37353-EC76-4A58-B575-BBA8B4BD06D1}]@DACL=(02 0000).[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}]@DACL=(02 0000)@="SkyDriveEx".[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}]@DACL=(02 0000)@="SynTPCpl0""LocalizedString"="Synaptics TouchPad V8.1""System.ApplicationName"="Synaptics.SynTPCpl0""System.ControlPanel.Category"="2""System.Software.TasksFileUrl"="c:\\ProgramData\\Synaptics\\SynTP\\SynTPCpl0.xml".[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}]@DACL=(02 0000).[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]@DACL=(02 0000)@="UpToDateOverlayHandler Class".[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}]@DACL=(02 0000)@="SyncFileInformationProvider Class".[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]@DACL=(02 0000)@="DropboxExt".[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]@DACL=(02 0000)@="DropboxExt".[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]@DACL=(02 0000)@="DropboxExt".[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]@DACL=(02 0000)@="DropboxExt".[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]@DACL=(02 0000)@="DropboxExt".[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]@DACL=(02 0000)@="DropboxExt".[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]@DACL=(02 0000)@="DropboxExt".[HKEY_USERS\S-1-5-21-781968581-105214310-1320907150-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]@DACL=(02 0000)@="DropboxExt".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.15".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-09-30 11:24:54ComboFix-quarantined-files.txt 2014-09-30 15:24.Pre-Run: 249,573,908,480 bytes freePost-Run: 249,311,731,712 bytes free.- - End Of File - - 552A4E9A9C1636B6CE1657C8FFF6079C
  9. hi i get the error application has generated an exception that could not be handled. procedd id = 0x1990, threat id=0x1e50 (7760) click Ok to terminate the application click cancel to debug the application. the program did produce a log though Farbar Recovery Scan Tool (x64) Version: 26-09-2014Ran by dl at 2014-09-30 09:28:20Running from C:\Users\dl\DownloadsBoot Mode: Normal ================== Search Registry: "searchnet;blinkxcore" =========== ===================== Search result for "searchnet" ========== [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{D92078C4-1B1D-4122-B77C-847294D3E05A}"="v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=66.45.56.100-66.45.56.199|Name=searchnet.blinkxcore.com|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{D92078C4-1B1D-4122-B77C-847294D3E05A}"="v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=66.45.56.100-66.45.56.199|Name=searchnet.blinkxcore.com|" ===================== Search result for "blinkxcore" ========== [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{D92078C4-1B1D-4122-B77C-847294D3E05A}"="v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=66.45.56.100-66.45.56.199|Name=searchnet.blinkxcore.com|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{D92078C4-1B1D-4122-B77C-847294D3E05A}"="v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=66.45.56.100-66.45.56.199|Name=searchnet.blinkxcore.com|"====== End Of Search ======
  10. Farbar Recovery Scan Tool (x64) Version: 26-09-2014 Ran by dl at 2014-09-30 09:28:20 Running from C:\Users\dl\Downloads Boot Mode: Normal ================== Search Registry: "searchnet;blinkxcore" =========== ===================== Search result for "searchnet" ========== [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{D92078C4-1B1D-4122-B77C-847294D3E05A}"="v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=66.45.56.100-66.45.56.199|Name=searchnet.blinkxcore.com|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{D92078C4-1B1D-4122-B77C-847294D3E05A}"="v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=66.45.56.100-66.45.56.199|Name=searchnet.blinkxcore.com|" ===================== Search result for "blinkxcore" ========== [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{D92078C4-1B1D-4122-B77C-847294D3E05A}"="v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=66.45.56.100-66.45.56.199|Name=searchnet.blinkxcore.com|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{D92078C4-1B1D-4122-B77C-847294D3E05A}"="v2.10|Action=Block|Active=TRUE|Dir=Out|RA4=66.45.56.100-66.45.56.199|Name=searchnet.blinkxcore.com|" ====== End Of Search ======
  11. Malwarebytes Anti-Malware www.malwarebytes.org Update, 9/29/2014 7:45:00 AM, SYSTEM, D-HP, Scheduler, Malware Database, 2014.9.29.2, 2014.9.29.4, Protection, 9/29/2014 7:45:26 AM, SYSTEM, D-HP, Protection, Refresh, Starting, Protection, 9/29/2014 7:45:26 AM, SYSTEM, D-HP, Protection, Malicious Website Protection, Stopping, Protection, 9/29/2014 7:45:27 AM, SYSTEM, D-HP, Protection, Malicious Website Protection, Stopped, Protection, 9/29/2014 7:45:45 AM, SYSTEM, D-HP, Protection, Refresh, Success, Protection, 9/29/2014 7:45:46 AM, SYSTEM, D-HP, Protection, Malicious Website Protection, Starting, Protection, 9/29/2014 7:45:46 AM, SYSTEM, D-HP, Protection, Malicious Website Protection, Started, Update, 9/29/2014 8:39:57 AM, SYSTEM, D-HP, Scheduler, Malware Database, 2014.9.29.4, 2014.9.29.5, Protection, 9/29/2014 8:39:58 AM, SYSTEM, D-HP, Protection, Refresh, Starting, Protection, 9/29/2014 8:39:58 AM, SYSTEM, D-HP, Protection, Malicious Website Protection, Stopping, Protection, 9/29/2014 8:39:58 AM, SYSTEM, D-HP, Protection, Malicious Website Protection, Stopped, Protection, 9/29/2014 8:40:04 AM, SYSTEM, D-HP, Protection, Refresh, Success, Protection, 9/29/2014 8:40:04 AM, SYSTEM, D-HP, Protection, Malicious Website Protection, Starting, Protection, 9/29/2014 8:40:05 AM, SYSTEM, D-HP, Protection, Malicious Website Protection, Started, Update, 9/29/2014 9:45:59 AM, SYSTEM, D-HP, Scheduler, Malware Database, 2014.9.29.5, 2014.9.29.6, Protection, 9/29/2014 9:46:00 AM, SYSTEM, D-HP, Protection, Refresh, Starting, Protection, 9/29/2014 9:46:00 AM, SYSTEM, D-HP, Protection, Malicious Website Protection, Stopping, Protection, 9/29/2014 9:46:00 AM, SYSTEM, D-HP, Protection, Malicious Website Protection, Stopped, Protection, 9/29/2014 9:46:06 AM, SYSTEM, D-HP, Protection, Refresh, Success, Protection, 9/29/2014 9:46:06 AM, SYSTEM, D-HP, Protection, Malicious Website Protection, Starting, Protection, 9/29/2014 9:46:07 AM, SYSTEM, D-HP, Protection, Malicious Website Protection, Started, Update, 9/29/2014 10:44:42 AM, SYSTEM, D-HP, Scheduler, Malware Database, 2014.9.29.6, 2014.9.29.7, Protection, 9/29/2014 10:44:49 AM, SYSTEM, D-HP, Protection, Refresh, Starting, Protection, 9/29/2014 10:44:50 AM, SYSTEM, D-HP, Protection, Malicious Website Protection, Stopping, Protection, 9/29/2014 10:44:50 AM, SYSTEM, D-HP, Protection, Malicious Website Protection, Stopped, Protection, 9/29/2014 10:44:56 AM, SYSTEM, D-HP, Protection, Refresh, Success, Protection, 9/29/2014 10:44:56 AM, SYSTEM, D-HP, Protection, Malicious Website Protection, Starting, Protection, 9/29/2014 10:44:56 AM, SYSTEM, D-HP, Protection, Malicious Website Protection, Started, Update, 9/29/2014 12:41:06 PM, SYSTEM, D-HP, Scheduler, Malware Database, 2014.9.29.7, 2014.9.29.9, Protection, 9/29/2014 12:41:07 PM, SYSTEM, D-HP, Protection, Refresh, Starting, Protection, 9/29/2014 12:41:08 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Stopping, Protection, 9/29/2014 12:41:08 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Stopped, Protection, 9/29/2014 12:41:14 PM, SYSTEM, D-HP, Protection, Refresh, Success, Protection, 9/29/2014 12:41:14 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Starting, Protection, 9/29/2014 12:41:15 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Started, Update, 9/29/2014 2:30:21 PM, SYSTEM, D-HP, Scheduler, Malware Database, 2014.9.29.9, 2014.9.29.11, Protection, 9/29/2014 2:30:22 PM, SYSTEM, D-HP, Protection, Refresh, Starting, Protection, 9/29/2014 2:30:23 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Stopping, Protection, 9/29/2014 2:30:23 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Stopped, Protection, 9/29/2014 2:30:29 PM, SYSTEM, D-HP, Protection, Refresh, Success, Protection, 9/29/2014 2:30:29 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Starting, Protection, 9/29/2014 2:30:30 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Started, Update, 9/29/2014 5:59:24 PM, SYSTEM, D-HP, Scheduler, Malware Database, 2014.9.29.11, 2014.9.29.12, Protection, 9/29/2014 5:59:24 PM, SYSTEM, D-HP, Protection, Refresh, Starting, Protection, 9/29/2014 5:59:25 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Stopping, Protection, 9/29/2014 5:59:25 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Stopped, Protection, 9/29/2014 5:59:39 PM, SYSTEM, D-HP, Protection, Refresh, Success, Protection, 9/29/2014 5:59:39 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Starting, Protection, 9/29/2014 5:59:40 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Started, Update, 9/29/2014 8:02:38 PM, SYSTEM, D-HP, Scheduler, Malware Database, 2014.9.29.12, 2014.9.29.14, Protection, 9/29/2014 8:02:39 PM, SYSTEM, D-HP, Protection, Refresh, Starting, Protection, 9/29/2014 8:02:39 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Stopping, Protection, 9/29/2014 8:02:40 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Stopped, Protection, 9/29/2014 8:03:40 PM, SYSTEM, D-HP, Protection, Refresh, Success, Protection, 9/29/2014 8:03:40 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Starting, Protection, 9/29/2014 8:03:41 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Started, Protection, 9/29/2014 9:56:28 PM, SYSTEM, D-HP, Protection, Malware Protection, Starting, Protection, 9/29/2014 9:56:28 PM, SYSTEM, D-HP, Protection, Malware Protection, Started, Protection, 9/29/2014 9:56:29 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Starting, Protection, 9/29/2014 9:57:44 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Started, Detection, 9/29/2014 9:59:49 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49974, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Detection, 9/29/2014 9:59:49 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49974, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Detection, 9/29/2014 9:59:49 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49975, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Detection, 9/29/2014 10:13:27 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 50473, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Protection, 9/29/2014 10:23:57 PM, SYSTEM, D-HP, Protection, Malware Protection, Starting, Protection, 9/29/2014 10:23:58 PM, SYSTEM, D-HP, Protection, Malware Protection, Started, Protection, 9/29/2014 10:23:58 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Starting, Protection, 9/29/2014 10:24:18 PM, SYSTEM, D-HP, Protection, Malicious Website Protection, Started, (end)
  12. ~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.2.3 (09.27.2014:1) OS: Windows 7 Home Premium x64 Ran by d on Mon 09/29/2014 at 21:32:49.65 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{70AC9BAC-E975-40CE-B361-AE6048A26D49} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{70AC9BAC-E975-40CE-B361-AE6048A26D49} ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 09/29/2014 at 21:40:27.52 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.