Jump to content

jimbigduke6

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

Reputation

0 Neutral
  1. jimbigduke6
    ran the RK64 scan results below: TY! RogueKiller V8.6.4 _x64_ [Jul 29 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Safe mode with network support User : Mike [Admin rights] Mode : Scan -- Date : 07/29/2013 17:35:42 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9250315AS +++++ --- User --- [MBR] a32c698fd3b2a4486ac2bcfd6cbfe899 [bSP] b9818e7a885bcd3eec8b6b3757018fc4 : Windows Vista MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 227813 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 469635072 | Size: 9161 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: ST9250315AS +++++ --- User --- [MBR] ad33a3a547bba123744a073c3fd010a6 [bSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code Partition table: 0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 14883 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[0]_S_07292013_173542.txt >>
  2. jimbigduke6
    was able to run scan. Computer will only start in safe mode. If I try to start regular is beeps and windows will not load. Thanks! Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 01 Ran by Mike (administrator) on 29-07-2013 16:30:38 Running from E:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\windows\SysWOW64\svchost.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe (TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Intel Corporation) C:\windows\system32\igfxext.exe (Intel Corporation) C:\windows\system32\igfxsrvc.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (Microsoft Corporation) C:\windows\system32\LogonUI.exe (Symantec Corporation) C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.5.0.127\InstStub.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Intel Corporation) C:\windows\system32\igfxext.exe (Intel Corporation) C:\windows\system32\igfxsrvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Microsoft Corporation) C:\windows\system32\cmd.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgchsva.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgchsva.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG9\avgtray.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe (Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [] - [x] HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.) HKLM\...\Run: [smartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] () HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated) HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-06] (TOSHIBA Corporation) HKLM\...\Run: [smoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation) HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation) HKLM\...\Run: [intelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation) HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-04] (Google Inc.) MountPoints2: {f91f20f2-5fcf-11df-b0de-806e6f6e6963} - D:\autorun.exe HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-29] (TOSHIBA Corporation) HKLM-x32\...\Run: [AVG9_TRAY] - C:\PROGRA~2\AVG\AVG9\avgtray.exe [2077536 2012-01-26] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.) HKU\Mike_2\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-04] (Google Inc.) HKU\Mike_2\...\RunOnce: [avg_spchecker] - C:\Program Files (x86)\AVG\AVG9\Notification\SPChecker1.exe [406856 2011-11-24] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (No File) Startup: C:\Users\Mike_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA URLSearchHook: (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File URLSearchHook: (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {BC134C4F-4261-481A-8A3F-F82393CB74ED} URL = http://search.avg.com/route/?d=4ecd1c1d&v=7.7.26.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=b&ychte=us BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll (Symantec Corporation) BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL (Symantec Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll () BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) Toolbar: HKLM-x32 - AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll () Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File DPF: HKLM-x32 {DE625294-70E6-45ED-B895-CFFA13AEB044} http://webcam01.snomtn.com/activex/AMC.cab Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - No File Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.) Handler-x32: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll () Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Chrome: ======= CHR DefaultSearchURL: (AVG Secure Search) - http://search.avg.com/?d=4ecd1ca4&v=7.7.26.1&i=23&tp=ggl-chrome&q={searchTerms} CHR DefaultSuggestURL: (AVG Secure Search) - http://suggestqueries.google.com/complete/search?output=chrome&client=chrome&q={searchTerms} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.) CHR Plugin: (Java Platform SE 6 U17) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) CHR Extension: (Docs) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0 CHR Extension: (Google Drive) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0 CHR Extension: (YouTube) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0 CHR Extension: (Google Search) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0 CHR Extension: (Gmail) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [1025352 2011-07-26] () R2 avg9emc; C:\Program Files (x86)\AVG\AVG9\avgemc.exe [921952 2010-07-21] (AVG Technologies CZ, s.r.o.) R2 avg9wd; C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [308136 2010-07-18] (AVG Technologies CZ, s.r.o.) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe [126392 2009-12-09] (Symantec Corporation) ==================== Drivers (Whitelisted) ==================== R1 AvgLdx64; C:\Windows\System32\Drivers\avgldx64.sys [282976 2013-01-15] (AVG Technologies CZ, s.r.o.) R1 AvgMfx64; C:\Windows\System32\Drivers\avgmfx64.sys [35664 2011-11-23] (AVG Technologies CZ, s.r.o.) R1 AvgTdiA; C:\Windows\System32\Drivers\avgtdia.sys [317520 2011-05-05] (AVG Technologies CZ, s.r.o.) R3 GKUPRO2D; C:\Windows\System32\Drivers\GKUPRO2D.sys [120704 2005-02-18] (Gemplus) S1 SRTSP; C:\Windows\system32\drivers\NISx64\1105000.07F\SRTSP64.SYS [504880 2009-12-03] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1105000.07F\SRTSPX64.SYS [32304 2009-12-03] (Symantec Corporation) S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20091209.020\ENG64.SYS [x] S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20091209.020\EX64.SYS [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-29 16:30 - 2013-07-29 16:30 - 00000000 ____D C:\FRST 2013-07-29 14:54 - 2013-07-29 16:09 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-07-29 14:54 - 2013-07-29 16:09 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2013-07-29 10:21 - 2013-07-29 10:21 - 00000000 ____D C:\Users\Michele\AppData\Roaming\Malwarebytes 2013-07-25 21:27 - 2013-07-29 14:44 - 00000000 ____D C:\Users\Mike\AppData\Local\NPE 2013-07-25 19:03 - 2013-07-25 19:06 - 00000000 ____D C:\ProgramData\PC Utility Kit 2013-07-25 19:03 - 2013-07-25 19:03 - 00000000 ____D C:\Users\Mike\AppData\Roaming\PC Utility Kit 2013-07-25 19:03 - 2013-07-25 19:03 - 00000000 ____D C:\Users\Mike\AppData\Roaming\DriverCure 2013-07-25 18:23 - 2013-07-29 16:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-25 18:23 - 2013-07-25 18:23 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Mike\Downloads\mbam-setup-1.75.0.1300.exe 2013-07-25 18:23 - 2013-07-25 18:23 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Malwarebytes 2013-07-25 18:23 - 2013-07-25 18:23 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-25 18:11 - 2013-07-25 18:11 - 00322988 _____ C:\Users\Michele\AppData\Local\9f2c10a0-f56c-464d-b90f-23109eb5be53 2013-07-19 14:33 - 2013-07-19 14:33 - 00000000 ___HD C:\windows\AxInstSV 2013-07-12 09:19 - 2013-07-12 09:24 - 00000000 ____D C:\3b420703db25a6519debe6a7 2013-07-12 09:16 - 2013-06-11 19:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2013-07-12 09:16 - 2013-06-11 19:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2013-07-12 09:16 - 2013-06-11 19:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2013-07-12 09:16 - 2013-06-11 19:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2013-07-12 09:16 - 2013-06-11 19:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2013-07-12 09:16 - 2013-06-11 19:43 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2013-07-12 09:16 - 2013-06-11 19:42 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2013-07-12 09:16 - 2013-06-11 19:42 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2013-07-12 09:16 - 2013-06-11 19:42 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2013-07-12 09:16 - 2013-06-11 19:42 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll 2013-07-12 09:16 - 2013-06-11 19:42 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2013-07-12 09:16 - 2013-06-11 19:42 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2013-07-12 09:16 - 2013-06-11 19:26 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-07-12 09:16 - 2013-06-11 19:26 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-07-12 09:16 - 2013-06-11 19:26 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-07-12 09:16 - 2013-06-11 19:25 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-07-12 09:16 - 2013-06-11 19:25 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-07-12 09:16 - 2013-06-11 19:25 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-07-12 09:16 - 2013-06-11 19:25 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-07-12 09:16 - 2013-06-11 19:25 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-07-12 09:16 - 2013-06-11 19:25 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2013-07-12 09:16 - 2013-06-11 19:25 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2013-07-12 09:16 - 2013-06-11 19:25 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2013-07-12 09:16 - 2013-06-11 19:25 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-07-12 09:16 - 2013-06-11 19:25 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2013-07-12 09:16 - 2013-06-11 18:51 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-12 09:16 - 2013-06-11 18:50 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe 2013-07-12 09:16 - 2013-06-06 23:22 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-07-12 09:16 - 2013-06-06 22:37 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2013-07-12 09:15 - 2013-06-11 19:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2013-07-12 09:15 - 2013-06-11 19:25 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-07-11 09:22 - 2013-06-04 23:34 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-07-11 09:22 - 2013-06-04 02:00 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2013-07-11 09:22 - 2013-06-04 00:53 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll 2013-07-11 09:22 - 2013-05-06 02:03 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL 2013-07-11 09:22 - 2013-05-06 00:56 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL 2013-07-11 09:21 - 2013-04-09 19:34 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll 2013-07-11 09:21 - 2013-04-02 18:51 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll ==================== One Month Modified Files and Folders ======= 2013-07-29 16:30 - 2013-07-29 16:30 - 00000000 ____D C:\FRST 2013-07-29 16:26 - 2010-07-18 14:36 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-29 16:23 - 2010-07-18 14:39 - 00000000 ____D C:\windows\system32\Drivers\Avg 2013-07-29 16:21 - 2009-07-14 00:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-29 16:21 - 2009-07-14 00:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-29 16:19 - 2009-07-14 01:13 - 00726444 _____ C:\windows\system32\PerfStringBackup.INI 2013-07-29 16:18 - 2010-07-18 14:36 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-29 16:18 - 2010-07-18 10:15 - 00001428 _____ C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-07-29 16:18 - 2010-07-18 10:15 - 00000000 ___RD C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-07-29 16:18 - 2010-07-18 10:13 - 00000000 ___RD C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-07-29 16:15 - 2009-07-14 00:51 - 00094286 _____ C:\windows\setupact.log 2013-07-29 16:13 - 2011-03-27 10:00 - 00000000 ____D C:\Users\Michele 2013-07-29 16:13 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-07-29 16:09 - 2013-07-29 14:54 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-07-29 16:09 - 2013-07-29 14:54 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2013-07-29 16:09 - 2013-07-25 18:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-29 16:09 - 2011-11-23 12:15 - 00000000 ____D C:\ProgramData\AVG Security Toolbar 2013-07-29 16:09 - 2010-12-01 20:08 - 00000000 ____D C:\Program Files (x86)\Veetle 2013-07-29 16:09 - 2010-07-18 15:10 - 00000000 ____D C:\Users\Mike_2 2013-07-29 16:09 - 2010-07-18 14:37 - 00000000 ____D C:\ProgramData\avg9 2013-07-29 16:09 - 2010-07-18 10:13 - 00000000 ____D C:\Users\Mike 2013-07-29 16:09 - 2010-05-14 23:27 - 00000000 ____D C:\ProgramData\Norton 2013-07-29 16:08 - 2009-07-13 23:20 - 00000000 ____D C:\windows\registration 2013-07-29 14:44 - 2013-07-25 21:27 - 00000000 ____D C:\Users\Mike\AppData\Local\NPE 2013-07-29 12:25 - 2009-07-14 03:44 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-07-29 10:21 - 2013-07-29 10:21 - 00000000 ____D C:\Users\Michele\AppData\Roaming\Malwarebytes 2013-07-26 09:53 - 2011-03-27 10:08 - 00000000 ____D C:\Users\Michele\Documents\Outlook Files 2013-07-25 19:06 - 2013-07-25 19:03 - 00000000 ____D C:\ProgramData\PC Utility Kit 2013-07-25 19:03 - 2013-07-25 19:03 - 00000000 ____D C:\Users\Mike\AppData\Roaming\PC Utility Kit 2013-07-25 19:03 - 2013-07-25 19:03 - 00000000 ____D C:\Users\Mike\AppData\Roaming\DriverCure 2013-07-25 18:23 - 2013-07-25 18:23 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Mike\Downloads\mbam-setup-1.75.0.1300.exe 2013-07-25 18:23 - 2013-07-25 18:23 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Malwarebytes 2013-07-25 18:23 - 2013-07-25 18:23 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-25 18:15 - 2010-07-18 14:29 - 00000000 ____D C:\Users\Mike\AppData\Local\Google 2013-07-25 18:11 - 2013-07-25 18:11 - 00322988 _____ C:\Users\Michele\AppData\Local\9f2c10a0-f56c-464d-b90f-23109eb5be53 2013-07-24 18:24 - 2010-05-14 23:00 - 01731514 _____ C:\windows\WindowsUpdate.log 2013-07-24 18:00 - 2012-04-01 17:10 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-07-19 14:33 - 2013-07-19 14:33 - 00000000 ___HD C:\windows\AxInstSV 2013-07-14 18:29 - 2013-02-14 17:35 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-07-14 18:21 - 2010-07-18 14:36 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-07-14 18:21 - 2010-07-18 14:36 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-07-12 09:39 - 2009-07-14 00:45 - 00429456 _____ C:\windows\system32\FNTCACHE.DAT 2013-07-12 09:37 - 2013-03-13 18:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-12 09:37 - 2013-03-13 18:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-07-12 09:37 - 2010-04-04 01:36 - 00343586 _____ C:\windows\PFRO.log 2013-07-12 09:36 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-12 09:36 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-07-12 09:35 - 2009-07-14 03:45 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-12 09:32 - 2010-05-14 23:05 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-07-12 09:24 - 2013-07-12 09:19 - 00000000 ____D C:\3b420703db25a6519debe6a7 2013-07-12 09:19 - 2011-03-14 21:00 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-17 17:42 ==================== End Of Log ============================
  3. jimbigduke6
    I just got it to boot and went to repair your computer, per your directions I selected the US keyboard option. When I try to log into any of the accounts the password field is automatically populated. seems as though the virus is entering the ramdom text to keep me from logging in?
  4. jimbigduke6
    Thanks for the quick reply. Now the computer will not allow me to boot to save mode. It hangs up during the boot and beeps continuously.
  5. jimbigduke6
    I was infected last week and thought that i had resolved the problem with Symantec Eraser and Malware bytes. The virus is back and worse now than ever. I will not allow me to enter the password for the admin account or any other account on the box. When I go to these accounts the virus populates the password screen with the unlimited characters. I even got the machine to boot in Safe mode command line only and the virus enters an endless amount of zeros (0) at the command line and will not let me enter any commands. Any help is appreciated. Thanks
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.