Jump to content

dazz156

Honorary Members
  • Posts

    21
  • Joined

  • Last visited

Everything posted by dazz156

  1. SpywareBlaster SpywareGuard are they safe to use
  2. okay thanks for your help . is it safe to never allow websites to request your physical loaction on in internet explorer and to block all trird -party cookies i delete the files out of %temp% folder all the time is that safe to do. and is it safe to block all incoming connetions in firewall settings . in cmd when i type in net view i comes up the follwing error C:\Users\darren>net view System error 6118 has occurred. The list of servers for this workgroup is not currently available do you no how i can fix this because some times it works then it wont
  3. the computer is running okay no signs of an infection. thank you for the help
  4. from what you seen in the last reports could you tell if my computer is infected with malware ComboFix.txt FSS.txt Result.txt
  5. dr web found no viruses is it safe to never allow websites to request your physical loaction on in internet explorer and to block all trird -party cookies i delete the files out of %temp% folder all the time is that safe to do. in cmd when i type in net view i comes up the follwing error C:\Users\darren>net view System error 6118 has occurred. The list of servers for this workgroup is not currently available do you no how i can fix this because some times it works then it wont
  6. toshiba recovery image i made when i got the laptop . i have microsoft security essntials do you think dr web curelt would be better then microsoft .
  7. eset online scaner was clean on viruses FRST.txt Addition.txt RKreport0_S_08132013_152501.txt mbar-log-2013-08-13 (15-26-27).txt klj.txt
  8. Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-08-2013 Ran by darren at 2013-08-13 16:57:24 Running from C:\Users\darren\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe Flash Player 11 ActiveX (Version: 11.8.800.94) Atheros Driver Installation Program (Version: 5.2) Atheros Wi-Fi Protected Setup Library CD/DVD Drive Acoustic Silencer (Version: 2.02.03) Cisco EAP-FAST Module (Version: 2.1.6) Cisco LEAP Module (Version: 1.0.12) Cisco PEAP Module (Version: 1.0.13) Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000) DVD Flick 1.3.0.7 (Version: 1.3.0.7) ERUNT 1.1j Express Burn Google Chrome (Version: 28.0.1500.95) Google Update Helper (Version: 1.3.21.153) HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.80.2.0) ImgBurn (Version: 2.5.8.0) Intel® Graphics Media Accelerator Driver Intel® Matrix Storage Manager Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Security Client (Version: 4.3.0215.0) Microsoft Security Essentials (Version: 4.3.215.0) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft XML Parser (Version: 8.20.8730.4) MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) NaturalReaderFree (Version: 11.9) NetWaiting (Version: 2.5.52) Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000) Realtek High Definition Audio Driver (Version: 6.0.1.5599) Realtek USB 2.0 Card Reader (Version: ) Synaptics Pointing Device Driver (Version: 11.2.4.0) TOSHIBA Assist (Version: 2.01.08) TOSHIBA ConfigFree (Version: 7.2.20) TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00) TOSHIBA Face Recognition (Version: 2.0.17.32) TOSHIBA Hardware Setup (Version: 2.00.08) TOSHIBA Manuals (Version: 7.40) Toshiba Online Product Information (Version: 1.00.0012) TOSHIBA Recovery Disc Creator (Version: 2.0.0.1b) TOSHIBA Supervisor Password (Version: 2.00.04) TOSHIBA Value Added Package (Version: 1.1.24) TRDCReminder (Version: 1.00.0015) TRORDCLauncher (Version: 1.0.0.1) Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) VLC media player 2.0.8 (Version: 2.0.8) Windows Media Encoder 9 Series Windows Media Encoder 9 Series (Version: 9.00.3374) ==================== Restore Points ========================= 12-08-2013 18:01:07 Restore Operation 12-08-2013 18:11:11 darren 13-08-2013 04:56:01 Removed NextUp.com-NeoSpeech Paul16 Voice 13-08-2013 05:43:27 Removed NaturalReaderFree. 13-08-2013 13:31:17 Installed NaturalReaderFree. ==================== Hosts content: ========================== 2006-11-02 11:23 - 2013-08-13 05:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {06B11361-724C-4E7A-823D-140A4523ED51} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation) Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {52408333-B08B-4492-99F6-8BED71FB8A4A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-08] (Adobe Systems Incorporated) Task: {5592D089-6A5C-4D9C-8EA7-4E67BF3DEA4F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-08] (Google Inc.) Task: {92A5D599-6CA0-4D7D-ADF8-4C69C6CB3325} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation) Task: {983B46E6-3D1E-4994-B30C-1A4242939C15} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation) Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation) Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation) Task: {AEDE4048-4F11-47A9-84EC-D7D304043F6A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-08] (Google Inc.) Task: {D9ADAB26-A456-4CE6-B398-660286E1A2F0} - System32\Tasks\NCH Software\ExpressBurnReminder => C:\Program Files\NCH Software\ExpressBurn\ExpressBurn.exe [2013-04-26] (NCH Software) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= Name: Synaptics PS/2 Port TouchPad Description: Synaptics PS/2 Port TouchPad Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Synaptics Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-08-13 14:57:34.658 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-13 14:57:34.361 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-13 14:57:33.784 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-13 14:57:33.254 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-09 19:43:40.300 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system. Date: 2013-08-09 19:16:56.989 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system. Date: 2013-08-09 19:07:33.589 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system. Date: 2013-08-09 18:58:35.684 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system. Date: 2013-08-09 05:24:08.732 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system. Date: 2013-08-09 05:24:02.139 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 36% Total physical RAM: 2939.25 MB Available physical RAM: 1866.64 MB Total Pagefile: 6108.78 MB Available Pagefile: 5126.61 MB Total Virtual: 2047.88 MB Available Virtual: 1909.59 MB ==================== Drives ================================ Drive c: (Vista) (Fixed) (Total:116.21 GB) (Free:73.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: (Data) (Fixed) (Total:115.21 GB) (Free:109.94 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 2823C420) Partition 1: (Not Active) - (Size=1 GB) - (Type=27) Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=115 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  9. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.4.4 (08.12.2013:1) OS: Windows Vista Home Premium x86 Ran by darren on 13/08/2013 at 16:12:52.96 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 13/08/2013 at 16:14:50.63 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v2.306 - Logfile created 08/13/2013 at 16:18:06 # Updated 19/07/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (32 bits) # User : darren - DARREN-PC # Boot Mode : Normal # Running from : C:\Users\darren\Downloads\AdwCleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16496 [OK] Registry is clean. -\\ Google Chrome v28.0.1500.95 File : C:\Users\darren\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R3].txt - [927 octets] - [13/08/2013 06:13:26] AdwCleaner[R4].txt - [975 octets] - [13/08/2013 06:16:28] AdwCleaner[R5].txt - [1034 octets] - [13/08/2013 16:17:51] AdwCleaner[R6].txt - [849 octets] - [13/08/2013 16:18:06] AdwCleaner[s1].txt - [990 octets] - [13/08/2013 06:13:48] AdwCleaner[s2].txt - [975 octets] - [13/08/2013 03:13:17] ########## EOF - C:\AdwCleaner[R6].txt - [1026 octets] ##########
  10. RogueKiller V8.6.5 [Aug 5 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User : darren [Admin rights] Mode : Scan -- Date : 08/13/2013 15:25:01 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK2555GSX +++++ --- User --- [MBR] 88474500f2c4441764b72ec32c69cddc [bSP] a61dcb458f730231d78b33897ce0594f : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 119000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 246786048 | Size: 117973 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_08132013_152501.txt >> Malwarebytes Anti-Rootkit BETA 1.06.1.1005 www.malwarebytes.org Database version: v2013.08.13.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 darren :: DARREN-PC [administrator] 13/08/2013 15:26:27 mbar-log-2013-08-13 (15-26-27).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: PUP Objects scanned: 211604 Time elapsed: 40 minute(s), 54 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end)
  11. will my toshiba recovery disk clean out all viruses or will i still have them
  12. will my toshiba recovery disk clean out all viruses all will still have them
  13. will someone tell me how to make a new topic
  14. if i knew how to start a new topic i would have done
  15. RogueKiller V8.6.5 [Aug 5 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User : darren [Admin rights] Mode : Scan -- Date : 08/13/2013 04:56:17 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK2555GSX +++++ --- User --- [MBR] 88474500f2c4441764b72ec32c69cddc [bSP] a61dcb458f730231d78b33897ce0594f : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 119000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 246786048 | Size: 117973 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_08132013_045617.txt >>
  16. don't no if i'm in the right place does anyone understand these log reports from Malwarebytes//AdwCleaner[s1]//ComboFix every time i do a new windows installation of toshiba recovery disk i seem to always get a Infected file what combofix has to fix and then when i go on the internet i get this message security alert you are about to leave a secure internet connection.it will be possible for others to view information you send do you want to continue? witch i never got this message before i used combo.ain't toshiba recovery disk supposed to wipe all viruses clean and fix errors so why does this happen. heres the log reports .Malwarebytes Anti-Malware Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.12.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 darren :: DARREN-PC [administrator] Protection: Enabled 12/08/2013 23:50:24 mbam-log-2013-08-12 (23-50-24).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 31500 Time elapsed: 9 minute(s), 52 second(s) [aborted] Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\darren\AppData\Local\Temp\nsu70F0.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. (end) # AdwCleaner v2.306 - Logfile created 08/13/2013 at 02:39:21 # Updated 19/07/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (32 bits) # User : darren - DARREN-PC # Boot Mode : Normal # Running from : C:\Users\darren\Downloads\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKCU\Software\Conduit Key Deleted : HKLM\Software\Conduit ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16496 [OK] Registry is clean. -\\ Google Chrome v28.0.1500.95 File : C:\Users\darren\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [868 octets] - [13/08/2013 02:38:44] AdwCleaner[s1].txt - [804 octets] - [13/08/2013 02:39:21] ########## EOF - C:\AdwCleaner[s1].txt - [863 octets] ########## ComboFix 13-08-12.01 - darren 13/08/2013 3:34.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2939.2012 [GMT 1:00] Running from: c:\users\darren\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\pt c:\windows\system32\pt\toscdspd.cpl.mui . Infected copy of c:\windows\system32\userinit.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe . . ((((((((((((((((((((((((( Files Created from 2013-07-13 to 2013-08-13 ))))))))))))))))))))))))))))))) . . 2013-08-13 02:41 . 2013-08-13 02:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-13 02:17 . 2013-07-15 02:34 7143960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AA380CC0-C2D5-405A-ADD6-2C2FB7FF37EA}\mpengine.dll 2013-08-12 22:43 . 2013-08-12 22:43 -------- d-----w- c:\programdata\Malwarebytes 2013-08-12 22:43 . 2013-08-12 22:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-08-12 22:43 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-08-12 22:07 . 2003-01-26 12:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll 2013-08-12 22:07 . 2013-08-12 22:07 -------- d-----w- c:\program files\DVD Flick 2013-08-12 22:07 . 2008-08-31 12:27 28672 ----a-w- c:\windows\system32\mousewheel.ocx 2013-08-12 22:07 . 2007-08-31 17:36 36864 ----a-w- c:\windows\system32\trayicon_handler.ocx 2013-08-12 22:07 . 2004-03-08 23:00 662288 ----a-w- c:\windows\system32\mscomct2.ocx 2013-08-12 22:07 . 2004-03-08 23:00 609824 ----a-w- c:\windows\system32\comctl32.ocx 2013-08-12 22:07 . 2004-03-08 23:00 212240 ----a-w- c:\windows\system32\richtx32.ocx 2013-08-12 22:07 . 1998-06-23 23:00 164144 ----a-w- c:\windows\system32\comct232.ocx 2013-08-12 22:06 . 2013-08-12 22:06 -------- d-----w- c:\program files\ImgBurn 2013-08-12 18:06 . 2013-07-15 02:34 7143960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-08-08 14:17 . 2013-08-08 14:17 -------- d-----w- c:\program files\Common Files\Java 2013-08-08 14:17 . 2013-08-08 14:16 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-08-08 14:17 . 2013-08-08 14:16 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-08-08 14:16 . 2013-08-08 14:16 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-08-08 14:16 . 2013-08-08 14:16 -------- d-----w- c:\program files\Java 2013-08-08 13:45 . 2013-08-08 13:45 -------- d-----w- c:\program files\NeoSpeech 2013-08-08 13:44 . 2013-08-08 13:44 -------- d-----w- c:\windows\Downloaded Installations 2013-08-08 13:42 . 2013-08-08 13:42 -------- d-----w- c:\programdata\NCH Software 2013-08-08 13:42 . 2013-08-08 13:42 -------- d-----w- c:\program files\NCH Software 2013-08-08 13:27 . 2013-08-08 13:27 -------- d-----w- c:\program files\naturalsoft 2013-08-08 13:26 . 2013-08-08 13:26 -------- d-----w- c:\programdata\NaturalSoft 2013-08-08 13:21 . 2013-07-16 04:02 698504 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-08-08 13:21 . 2013-07-16 04:02 698504 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D7E4697-FB30-470D-ABF4-0A6E5053A5E0}\gapaengine.dll 2013-08-08 12:44 . 2013-08-08 12:44 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-08-08 12:44 . 2013-08-08 12:44 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-08-08 12:24 . 2013-08-08 12:46 -------- d-----w- c:\program files\Microsoft Silverlight 2013-08-08 12:19 . 2013-08-08 12:19 -------- d-----w- c:\program files\Microsoft Security Client 2013-08-08 12:10 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys 2013-08-08 11:44 . 2013-08-08 11:46 -------- d-----w- c:\windows\system32\MRT 2013-08-08 02:22 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2013-08-08 02:22 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2013-08-08 02:22 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2013-08-08 01:54 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll 2013-08-08 01:54 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll 2013-08-08 01:47 . 2013-08-08 01:47 -------- d-----w- c:\program files\Microsoft.NET 2013-08-08 01:35 . 2013-08-08 01:35 -------- d-----w- c:\program files\Windows Portable Devices 2013-08-08 01:29 . 2013-07-15 02:34 7143960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{915A087B-E8F2-49A3-B09E-D42288D71E8F}\mpengine.dll 2013-08-08 01:29 . 2013-05-02 15:28 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-08-08 01:00 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll 2013-08-08 01:00 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll 2013-08-08 01:00 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2013-08-08 00:40 . 2009-11-08 09:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2013-08-08 00:40 . 2009-11-08 09:55 49472 ----a-w- c:\windows\system32\netfxperf.dll 2013-08-08 00:40 . 2009-11-08 09:55 297808 ----a-w- c:\windows\system32\mscoree.dll 2013-08-08 00:40 . 2009-11-08 09:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2013-08-08 00:40 . 2009-11-08 09:55 1130824 ----a-w- c:\windows\system32\dfshim.dll 2013-08-08 00:38 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe 2013-08-08 00:23 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll 2013-08-08 00:23 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll 2013-08-08 00:23 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys 2013-08-08 00:22 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll 2013-08-08 00:22 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2013-08-08 00:22 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2013-08-08 00:22 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2013-08-08 00:22 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2013-08-08 00:22 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll 2013-08-08 00:22 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2013-08-08 00:22 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2013-08-08 00:22 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2013-08-08 00:22 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll 2013-08-08 00:22 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2013-08-08 00:08 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll 2013-08-08 00:08 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll 2013-08-08 00:08 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll 2013-08-08 00:08 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll 2013-08-08 00:08 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll 2013-08-08 00:05 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2013-08-08 00:04 . 2013-04-24 04:00 985600 ----a-w- c:\windows\system32\crypt32.dll 2013-08-08 00:03 . 2013-06-04 01:50 2049024 ----a-w- c:\windows\system32\win32k.sys 2013-08-08 00:01 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll 2013-08-08 00:00 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll 2013-08-07 23:57 . 2009-09-10 14:58 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe 2013-08-07 23:57 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe 2013-08-07 23:57 . 2009-07-15 12:39 107520 ----a-w- c:\program files\Windows Media Player\wmpconfig.exe 2013-08-07 23:57 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\msdxm.ocx 2013-08-07 23:57 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll 2013-08-07 23:57 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll 2013-08-07 23:57 . 2009-07-15 12:39 107520 ----a-w- c:\program files\Windows Media Player\wmpshare.exe 2013-08-07 23:43 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2013-08-07 23:34 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll 2013-08-07 23:34 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll 2013-08-07 23:25 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2013-08-07 23:25 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2013-08-07 23:25 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2013-08-07 23:25 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2013-08-07 23:25 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2013-08-07 23:25 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2013-08-07 23:25 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2013-08-07 23:25 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2013-08-07 23:25 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2013-08-07 23:24 . 2013-08-07 23:24 -------- d-----w- c:\program files\VideoLAN 2013-08-07 23:05 . 2013-08-07 23:05 979456 ----a-w- c:\windows\system32\MFH264Dec.dll 2013-08-07 23:03 . 2013-08-07 23:03 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2013-08-07 23:03 . 2013-08-07 23:03 519680 ----a-w- c:\windows\system32\d3d11.dll 2013-08-07 23:03 . 2013-08-07 23:03 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2013-08-07 23:03 . 2013-08-07 23:03 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2013-08-07 23:03 . 2013-08-07 23:03 252928 ----a-w- c:\windows\system32\dxdiag.exe 2013-08-07 23:03 . 2013-08-07 23:03 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2013-08-07 23:03 . 2013-08-07 23:03 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2013-08-07 22:53 . 2013-08-07 22:54 -------- d-----w- c:\windows\system32\ca-ES 2013-08-07 22:53 . 2013-08-07 22:54 -------- d-----w- c:\windows\system32\eu-ES 2013-08-07 22:53 . 2013-08-07 22:53 -------- d-----w- c:\windows\system32\vi-VN 2013-08-07 22:50 . 2013-08-07 22:50 -------- d-----w- c:\windows\system32\SPReview 2013-08-07 22:39 . 2009-04-10 22:28 97792 ----a-w- c:\windows\system32\mprapi.dll 2013-08-07 22:38 . 2013-08-07 22:38 -------- d-----w- c:\windows\system32\EventProviders 2013-08-07 22:22 . 2013-08-07 22:22 -------- d-----w- c:\programdata\IsolatedStorage 2013-08-07 22:05 . 2008-04-28 15:59 20384 ----a-w- c:\windows\system32\drivers\jswpslwf.sys 2013-08-07 22:05 . 2013-08-07 22:05 -------- d-----w- c:\program files\Jumpstart 2013-08-07 22:03 . 2008-07-15 18:59 17960 ----a-w- c:\windows\system32\drivers\UVCFTR_S.SYS 2013-08-07 22:01 . 2013-08-07 22:01 -------- d-----w- c:\programdata\ToshibaEurope 2013-08-07 22:01 . 2013-08-12 18:03 -------- d-----w- c:\users\darren 2013-08-07 21:51 . 2013-08-07 21:51 -------- d-----w- c:\windows\system32\nn-NO 2013-08-07 21:51 . 2008-04-29 01:37 376832 ----a-w- c:\windows\system32\S64CPA.exe 2013-08-07 21:51 . 2008-04-29 01:37 53248 ----a-w- c:\windows\system32\athihvui.dll 2013-08-07 21:51 . 2008-04-29 01:37 393216 ----a-w- c:\windows\system32\athihvs.dll 2013-08-07 21:51 . 2013-08-07 21:51 -------- d-----w- c:\program files\Atheros 2013-08-07 21:51 . 2013-08-07 21:51 -------- d-----w- c:\program files\Cisco 2013-08-07 21:51 . 2013-08-07 22:05 -------- d-----w- c:\programdata\Atheros 2013-08-07 21:50 . 2008-07-18 17:52 279376 ----a-w- c:\windows\system32\drivers\tos_sps32.sys 2013-08-07 21:50 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-07 23:03 . 2013-08-07 23:03 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui 2013-06-18 20:50 . 2013-06-18 20:50 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-06-18 20:50 . 2013-06-18 20:50 107392 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904] "NDSTray.exe"="NDSTray.exe" [bU] "Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480] "topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944] "RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504] "Skytel"="Skytel.exe" [2007-11-20 1826816] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456] "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800] "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HsfXAudioService REG_MULTI_SZ HsfXAudioService . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-08-08 13:03 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-08 12:44] . 2013-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-08-08 13:01] . 2013-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-08-08 13:01] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . HKCU-Run-TOSCDSPD - TOSCDSPD.EXE HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe HKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL SafeBoot-WudfPf SafeBoot-WudfRd . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-08-13 03:43 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Other Running Processes ------------------------ . c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\system32\WLANExt.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe c:\windows\system32\TODDSrv.exe c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe c:\windows\system32\DRIVERS\xaudio.exe c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files\TOSHIBA\ConfigFree\NDSTray.exe c:\windows\RtHDVCpl.exe c:\windows\system32\igfxsrvc.exe c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe c:\windows\system32\igfxext.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Completion time: 2013-08-13 03:47:11 - machine was rebooted ComboFix-quarantined-files.txt 2013-08-13 02:47 . Pre-Run: 93,861,871,616 bytes free Post-Run: 93,706,547,200 bytes free . - - End Of File - - 769D8283F97D0B65C2E539DE78E551E2 5C616939100B85E558DA92B899A0FC36
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.