Jump to content

sora64

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. no, thank you very much I guess the next step is to change a lot of my passwords
  2. ok here they are again ComboFix 09-08-27.02 - tyler 08/27/2009 22:05.5.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.377 [GMT -5:00] Running from: c:\documents and settings\tyler\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\tyler\Desktop\CFScript.txt AV: avast! antivirus 4.8.1351 [VPS 090827-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} AV: Sunbelt VIPRE *On-access scanning disabled* (Outdated) {964FCE60-0B18-4D30-ADD6-EB178909041C} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\!KillBox c:\!killbox\Logs\kb.log C:\_OTM c:\_otm\MovedFiles\08212009_212735.log c:\_otm\MovedFiles\08212009_212735.res c:\_otm\MovedFiles\08212009_213450.log c:\_otm\MovedFiles\08212009_213450.res c:\_otm\MovedFiles\08212009_213548.log c:\_otm\MovedFiles\08212009_213548.res . ((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 ))))))))))))))))))))))))))))))) . 2009-08-25 02:49 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-08-25 02:49 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-08-25 02:49 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-08-25 02:49 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-08-25 02:49 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-08-25 02:49 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-08-25 02:49 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-08-25 02:49 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-08-25 02:49 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe 2009-08-25 02:49 . 2009-08-25 02:49 -------- d-----w- c:\program files\Alwil Software 2009-08-24 21:30 . 2009-08-24 21:31 -------- d-----w- c:\documents and settings\tyler\Local Settings\Application Data\Ahead 2009-08-24 21:16 . 2009-08-24 21:16 -------- d-----w- c:\documents and settings\tyler\Application Data\Ahead 2009-08-24 21:13 . 2009-08-24 21:30 -------- d-----w- c:\program files\Common Files\Ahead 2009-08-24 21:13 . 2009-08-24 21:13 -------- d-----w- c:\program files\Nero 2009-08-24 01:44 . 2009-08-24 01:44 -------- d-----w- c:\documents and settings\tyler\DoctorWeb 2009-08-22 19:10 . 2009-08-25 02:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-22 19:05 . 2009-08-22 19:05 -------- d-----w- c:\documents and settings\tyler\Application Data\Lavasoft 2009-08-22 18:50 . 2009-08-22 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-22 15:05 . 2009-08-22 15:05 -------- d-----w- c:\program files\Trend Micro 2009-08-19 02:53 . 2009-08-19 02:55 -------- d-----w- c:\documents and settings\tyler\Local Settings\Application Data\Tific 2009-08-19 02:53 . 2009-08-19 02:53 -------- d-----w- c:\documents and settings\tyler\Application Data\Tific 2009-08-19 02:53 . 2009-08-19 02:53 -------- d-----w- c:\documents and settings\tyler\Local Settings\Application Data\Symantec 2009-08-19 02:41 . 2009-08-19 02:41 -------- d-----w- c:\program files\Windows Sidebar 2009-08-19 02:41 . 2009-08-19 02:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-08-19 02:01 . 2009-08-27 21:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\Norton 2009-08-17 18:27 . 2009-08-17 18:27 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories 2009-08-17 18:07 . 2009-08-17 18:07 -------- d-----w- c:\program files\XBox 360 Controller for Windows Software 2009-08-17 16:12 . 2009-08-17 16:12 -------- d--h--w- c:\windows\system32\GroupPolicy 2009-08-17 15:50 . 2009-08-17 15:50 -------- d--h--w- c:\windows\PIF 2009-08-17 15:17 . 2009-08-17 15:17 -------- d-----w- c:\documents and settings\tyler\Application Data\Malwarebytes 2009-08-17 15:17 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-17 15:17 . 2009-08-17 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-17 15:17 . 2009-08-17 15:17 -------- d---a-w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-17 15:17 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-16 19:58 . 2009-08-16 19:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\Sunbelt 2009-08-16 02:54 . 2009-08-19 02:47 -------- d-----w- c:\program files\a-squared Free 2009-08-10 20:54 . 2009-08-10 20:54 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode) 2009-08-10 20:33 . 2009-08-10 20:33 -------- d-----w- C:\Mp3 Output 2009-08-10 20:33 . 2009-06-08 20:33 8676883 ----a-w- c:\windows\system32\mp3Media2.dll 2009-08-10 20:33 . 2009-08-10 20:33 -------- d-----w- c:\program files\Smallvideosoft 2009-08-10 20:12 . 2009-08-10 20:24 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2009-08-10 20:12 . 2009-08-10 20:24 -------- d-----w- c:\program files\DVDVideoSoft 2009-08-08 20:06 . 2009-08-08 20:06 -------- d-----w- C:\DVDVideoSoft 2009-08-08 18:56 . 2009-08-08 18:56 -------- d-----w- c:\program files\Common Files\xing shared 2009-08-08 18:55 . 2009-08-08 18:55 -------- d-----w- c:\program files\Real 2009-08-08 17:48 . 2002-07-30 22:22 171776 ----a-r- c:\windows\system32\drivers\WMP11V27.sys 2009-08-07 03:59 . 2009-08-08 18:56 -------- d-----w- c:\program files\Common Files\Real 2009-08-07 03:59 . 2009-08-08 18:29 -------- d-----w- c:\program files\Rhapsody 2009-08-06 20:50 . 2009-08-06 20:50 303104 ----a-w- c:\documents and settings\tyler\Application Data\Google\O3D\reporter.exe 2009-08-06 20:50 . 2009-08-06 20:50 462848 ----a-w- c:\documents and settings\tyler\Application Data\Google\O3D\o3d_host.dll 2009-08-06 20:50 . 2009-08-06 20:50 5238784 ----a-w- c:\documents and settings\tyler\Application Data\Mozilla\plugins\npo3dautoplugin.dll 2009-08-06 20:29 . 2009-08-06 20:29 1507328 ----a-w- c:\documents and settings\tyler\Application Data\Mozilla\plugins\O3DExtras\swiftshader_d3d9.dll 2009-08-05 00:18 . 2007-10-23 16:27 110592 ----a-w- c:\documents and settings\tyler\Application Data\U3\temp\cleanup.exe 2009-08-04 21:46 . 2008-05-02 17:41 3493888 ---ha-w- c:\documents and settings\tyler\Application Data\U3\temp\Launchpad Removal.exe 2009-08-04 21:46 . 2009-08-06 03:37 -------- d-----w- c:\documents and settings\tyler\Application Data\U3 2009-08-01 04:52 . 2009-08-01 04:52 -------- d-----w- c:\windows\system32\wbem\Repository 2009-07-31 05:30 . 2009-07-31 05:30 -------- d-----w- c:\program files\Rage 2009-07-31 05:12 . 2009-07-31 05:12 -------- d-----w- c:\program files\Red Storm Entertainment . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-28 02:20 . 2009-07-05 20:21 -------- d-----w- c:\documents and settings\tyler\Application Data\gtk-2.0 2009-08-27 21:03 . 2009-05-24 09:07 -------- d-----w- c:\documents and settings\tyler\Application Data\WTablet 2009-08-27 21:00 . 2009-05-27 00:55 -------- d---a-w- c:\documents and settings\LocalService\Application Data\WTablet 2009-08-26 23:12 . 2009-06-18 17:30 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-08-19 02:55 . 2009-06-18 17:30 -------- d-----r- c:\documents and settings\All Users\Application Data\Symantec 2009-08-16 19:50 . 2009-06-05 22:15 -------- d-----w- c:\program files\vghd 2009-08-08 20:04 . 2009-05-25 23:24 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-08-08 20:04 . 2009-05-25 23:24 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-08-08 20:04 . 2009-05-25 23:24 88 --sh--r- c:\documents and settings\All Users\Application Data\5065FC3DDF.sys 2009-08-08 20:04 . 2009-05-25 23:24 88 --sh--r- c:\documents and settings\All Users\Application Data\5065FC3DDF.sys 2009-08-08 18:55 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2009-08-08 18:55 . 2003-02-21 11:42 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-08-08 17:43 . 2009-05-17 04:47 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-01 05:20 . 2009-05-23 15:12 -------- d-----w- c:\program files\Drawing Hand 2009-08-01 04:56 . 2009-05-16 19:19 -------- d-----w- c:\program files\Linksys 2009-07-31 22:10 . 2007-01-29 18:33 23424 ----a-w- c:\documents and settings\tyler\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-31 17:37 . 2009-05-19 16:20 -------- d-----w- c:\program files\Microsoft Games 2009-07-26 21:50 . 2009-07-26 21:50 -------- d-----w- c:\program files\Cute Knight Deluxe Demo 2009-07-26 20:32 . 2009-07-26 20:32 -------- d-----w- c:\program files\Common Files\Adobe 2009-07-07 21:54 . 2009-07-06 21:14 -------- d---a-w- c:\documents and settings\tyler\Application Data\BitTorrent 2009-07-07 16:11 . 2009-07-07 16:11 -------- d-----w- c:\program files\Red Orb Entertainment 2009-07-04 19:11 . 2009-07-04 19:11 8 ----a-w- c:\windows\system32\nvModes.dat 2009-07-04 15:59 . 2009-07-04 15:48 -------- d-----w- c:\program files\SimTheme Park 2009-07-04 15:49 . 2009-07-04 15:11 285 ----a-w- c:\windows\EReg072.dat 2009-07-03 19:32 . 2009-07-03 19:32 -------- d-----w- c:\documents and settings\tyler\Application Data\Leadertech 2009-07-03 19:26 . 2009-07-03 19:26 -------- d-----w- c:\program files\Atari 2009-07-03 03:00 . 2009-07-03 02:59 -------- d-----w- c:\program files\GIMP-2.0 2009-06-21 21:12 . 2009-06-21 21:12 262144 ----a-w- c:\windows\system32\wrap_oal.dll 2009-06-21 21:12 . 2003-03-28 03:24 86016 ----a-w- c:\windows\system32\OpenAL32.dll 2009-06-18 17:17 . 2009-06-18 17:17 0 ----a-w- c:\windows\ativpsrm.bin 2009-06-16 02:25 . 2009-06-16 02:25 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-16 02:24 . 2009-06-16 02:24 152576 ----a-w- c:\documents and settings\tyler\Application Data\Sun\Java\jre1.6.0_14\lzma.dll 2009-06-15 18:25 . 2009-06-15 18:25 4096 ----a-w- c:\windows\d3dx.dat 2009-06-08 01:56 . 2009-06-08 01:56 286 ----a-w- c:\windows\EReg213.dat 2009-06-05 22:25 . 2009-06-05 22:20 3 ----a-w- c:\windows\sbacknt.bin 2009-06-05 22:15 . 2009-06-05 22:15 152904 ----a-w- c:\windows\system32\vghd.scr . ((((((((((((((((((((((((((((( SnapShot@2009-08-22_03.39.22 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-27 21:00 . 2009-08-27 21:00 16384 c:\windows\temp\Perflib_Perfdata_4f8.dat + 2005-02-16 20:18 . 2005-02-16 20:18 90184 c:\windows\system32\NeroCo.dll - 2007-01-26 18:19 . 2009-08-22 02:40 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2007-01-26 18:19 . 2009-08-22 14:54 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2007-01-26 18:19 . 2009-08-22 14:54 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2007-01-26 18:19 . 2009-08-22 02:40 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2007-01-26 18:19 . 2009-08-22 14:54 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2007-01-26 18:19 . 2009-08-22 02:40 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-08-24 21:16 . 2009-08-24 21:16 25214 c:\windows\Installer\{3C814DE3-7174-4148-A3E2-43FFC4F21033}\ARPPRODUCTICON.exe + 2005-08-15 17:08 . 2005-08-15 17:08 5888 c:\windows\system32\drivers\imagedrv.sys + 2005-09-12 21:13 . 2005-09-12 21:13 233472 c:\windows\UNRecode.exe + 2005-09-12 21:13 . 2005-09-12 21:13 233472 c:\windows\UNNeroVision.exe + 2005-09-12 21:13 . 2005-09-12 21:13 233472 c:\windows\UNNeroShowTime.exe + 2005-09-12 21:13 . 2005-09-12 21:13 233472 c:\windows\UNNeroMediaHome.exe + 2005-09-12 21:13 . 2005-09-12 21:13 233472 c:\windows\UNNeroBackItUp.exe + 2004-07-09 14:43 . 2004-07-09 14:43 364544 c:\windows\system32\TwnLib4.dll + 2004-07-26 22:16 . 2004-07-26 22:16 471040 c:\windows\system32\imagXRA7.dll + 2004-07-26 22:16 . 2004-07-26 22:16 262144 c:\windows\system32\imagXR7.dll + 2004-07-26 22:16 . 2004-07-26 22:16 476320 c:\windows\system32\imagXpr7.dll + 2005-08-15 17:08 . 2005-08-15 17:08 127488 c:\windows\system32\drivers\imagesrv.sys + 2009-08-22 14:54 . 2009-08-22 15:16 262144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat + 2004-07-26 22:16 . 2004-07-26 22:16 1568768 c:\windows\system32\imagX7.dll + 2009-08-24 21:16 . 2009-08-24 21:16 3226112 c:\windows\Installer\30b3e.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] "Google Update"="c:\documents and settings\tyler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-11 133104] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-16 148888] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-04 61440] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-08 198160] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000] "P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2005-05-03 64512] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-12-09 18063872] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Wireless PCI Card Configuration Utility.lnk - c:\program files\Linksys\WMP11 Config Utility\WMP11CFG.exe [2009-8-1 4513280] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowOutboundPacketTooBig"= 1 (0x1) R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/24/2009 9:49 PM 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/24/2009 9:49 PM 20560] R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [5/24/2009 4:06 AM 3032360] R3 apmbatt;Microsoft APM Legacy Battery Driver;c:\windows\system32\drivers\apmbatt.sys [7/26/2009 7:40 PM 6272] R3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\NtApm.sys [1/25/2007 6:36 AM 9344] R3 WMP11V27;Instant Wireless PCI Card V2.7 Driver;c:\windows\system32\drivers\WMP11V27.sys [8/8/2009 12:48 PM 171776] S1 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?] S3 atirage;atirage;c:\windows\system32\drivers\atiragem.sys [3/15/2008 4:58 AM 70528] S3 getPlus® Installer;getPlus® Installer;c:\program files\NOS\bin\getPlus_HelperSvc.exe [5/25/2009 4:35 PM 59552] S3 k57w2k;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [6/18/2009 12:28 PM 186880] S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [5/24/2009 4:06 AM 15144] . Contents of the 'Scheduled Tasks' folder 2009-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-839522115-1708537768-1003Core.job - c:\documents and settings\tyler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-11 02:06] 2009-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-839522115-1708537768-1003UA.job - c:\documents and settings\tyler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-11 02:06] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk uInternet Connection Wizard,ShellNext = iexplore IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-27 22:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-861567501-839522115-1708537768-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(540) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-08-28 22:10 ComboFix-quarantined-files.txt 2009-08-28 03:10 ComboFix2.txt 2009-08-26 23:24 ComboFix3.txt 2009-08-24 02:26 ComboFix4.txt 2009-08-22 15:51 ComboFix5.txt 2009-08-28 03:03 Pre-Run: 52,839,071,744 bytes free Post-Run: 52,780,048,384 bytes free 235 --- E O F --- 2009-05-17 12:10 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:11:02 PM, on 8/27/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\imapi.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\tyler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager/plugin/IEGetPlugin.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169835967464 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: getPlus® Installer - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe -- End of file - 5279 bytes
  3. ok here they are ComboFix 09-08-26.05 - tyler 08/26/2009 18:18.4.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.326 [GMT -5:00] Running from: c:\documents and settings\tyler\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1351 [VPS 090826-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} AV: Sunbelt VIPRE *On-access scanning disabled* (Outdated) {964FCE60-0B18-4D30-ADD6-EB178909041C} . ((((((((((((((((((((((((( Files Created from 2009-07-26 to 2009-08-26 ))))))))))))))))))))))))))))))) . 2009-08-25 02:49 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-08-25 02:49 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-08-25 02:49 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-08-25 02:49 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-08-25 02:49 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-08-25 02:49 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-08-25 02:49 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-08-25 02:49 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-08-25 02:49 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe 2009-08-25 02:49 . 2009-08-25 02:49 -------- d-----w- c:\program files\Alwil Software 2009-08-24 21:30 . 2009-08-24 21:31 -------- d-----w- c:\documents and settings\tyler\Local Settings\Application Data\Ahead 2009-08-24 21:16 . 2009-08-24 21:16 -------- d-----w- c:\documents and settings\tyler\Application Data\Ahead 2009-08-24 21:13 . 2009-08-24 21:30 -------- d-----w- c:\program files\Common Files\Ahead 2009-08-24 21:13 . 2009-08-24 21:13 -------- d-----w- c:\program files\Nero 2009-08-24 01:44 . 2009-08-24 01:44 -------- d-----w- c:\documents and settings\tyler\DoctorWeb 2009-08-22 19:10 . 2009-08-25 02:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-22 19:05 . 2009-08-22 19:05 -------- d-----w- c:\documents and settings\tyler\Application Data\Lavasoft 2009-08-22 18:50 . 2009-08-22 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-22 18:45 . 2009-08-22 18:45 -------- d---a-w- C:\!KillBox 2009-08-22 15:05 . 2009-08-22 15:05 -------- d-----w- c:\program files\Trend Micro 2009-08-22 02:27 . 2009-08-22 02:27 -------- d-----w- C:\_OTM 2009-08-19 02:53 . 2009-08-19 02:55 -------- d-----w- c:\documents and settings\tyler\Local Settings\Application Data\Tific 2009-08-19 02:53 . 2009-08-19 02:53 -------- d-----w- c:\documents and settings\tyler\Application Data\Tific 2009-08-19 02:53 . 2009-08-19 02:53 -------- d-----w- c:\documents and settings\tyler\Local Settings\Application Data\Symantec 2009-08-19 02:41 . 2009-08-19 02:41 -------- d-----w- c:\program files\Windows Sidebar 2009-08-19 02:41 . 2009-08-26 23:12 -------- d-----w- c:\program files\Norton AntiVirus 2009-08-19 02:41 . 2009-08-26 23:14 -------- d-----w- c:\program files\NortonInstaller 2009-08-19 02:41 . 2009-08-19 02:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-08-19 02:01 . 2009-08-19 02:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\Norton 2009-08-17 18:27 . 2009-08-17 18:27 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories 2009-08-17 18:07 . 2009-08-17 18:07 -------- d-----w- c:\program files\XBox 360 Controller for Windows Software 2009-08-17 16:12 . 2009-08-17 16:12 -------- d--h--w- c:\windows\system32\GroupPolicy 2009-08-17 15:50 . 2009-08-17 15:50 -------- d--h--w- c:\windows\PIF 2009-08-17 15:17 . 2009-08-17 15:17 -------- d-----w- c:\documents and settings\tyler\Application Data\Malwarebytes 2009-08-17 15:17 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-17 15:17 . 2009-08-17 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-17 15:17 . 2009-08-17 15:17 -------- d---a-w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-17 15:17 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-16 19:58 . 2009-08-16 19:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\Sunbelt 2009-08-16 02:54 . 2009-08-19 02:47 -------- d-----w- c:\program files\a-squared Free 2009-08-10 20:54 . 2009-08-10 20:54 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode) 2009-08-10 20:33 . 2009-08-10 20:33 -------- d-----w- C:\Mp3 Output 2009-08-10 20:33 . 2009-06-08 20:33 8676883 ----a-w- c:\windows\system32\mp3Media2.dll 2009-08-10 20:33 . 2009-08-10 20:33 -------- d-----w- c:\program files\Smallvideosoft 2009-08-10 20:12 . 2009-08-10 20:24 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2009-08-10 20:12 . 2009-08-10 20:24 -------- d-----w- c:\program files\DVDVideoSoft 2009-08-08 20:06 . 2009-08-08 20:06 -------- d-----w- C:\DVDVideoSoft 2009-08-08 18:56 . 2009-08-08 18:56 -------- d-----w- c:\program files\Common Files\xing shared 2009-08-08 18:55 . 2009-08-08 18:55 -------- d-----w- c:\program files\Real 2009-08-08 17:48 . 2002-07-30 22:22 171776 ----a-r- c:\windows\system32\drivers\WMP11V27.sys 2009-08-07 03:59 . 2009-08-08 18:56 -------- d-----w- c:\program files\Common Files\Real 2009-08-07 03:59 . 2009-08-08 18:29 -------- d-----w- c:\program files\Rhapsody 2009-08-06 20:50 . 2009-08-06 20:50 303104 ----a-w- c:\documents and settings\tyler\Application Data\Google\O3D\reporter.exe 2009-08-06 20:50 . 2009-08-06 20:50 462848 ----a-w- c:\documents and settings\tyler\Application Data\Google\O3D\o3d_host.dll 2009-08-06 20:50 . 2009-08-06 20:50 5238784 ----a-w- c:\documents and settings\tyler\Application Data\Mozilla\plugins\npo3dautoplugin.dll 2009-08-06 20:29 . 2009-08-06 20:29 1507328 ----a-w- c:\documents and settings\tyler\Application Data\Mozilla\plugins\O3DExtras\swiftshader_d3d9.dll 2009-08-05 00:18 . 2007-10-23 16:27 110592 ----a-w- c:\documents and settings\tyler\Application Data\U3\temp\cleanup.exe 2009-08-04 21:46 . 2008-05-02 17:41 3493888 ---ha-w- c:\documents and settings\tyler\Application Data\U3\temp\Launchpad Removal.exe 2009-08-04 21:46 . 2009-08-06 03:37 -------- d-----w- c:\documents and settings\tyler\Application Data\U3 2009-08-01 04:52 . 2009-08-01 04:52 -------- d-----w- c:\windows\system32\wbem\Repository 2009-07-31 05:30 . 2009-07-31 05:30 -------- d-----w- c:\program files\Rage 2009-07-31 05:12 . 2009-07-31 05:12 -------- d-----w- c:\program files\Red Storm Entertainment 2009-07-28 20:43 . 2009-07-30 00:19 -------- d-----w- c:\documents and settings\tyler\Local Settings\Application Data\Roblox 2009-07-28 20:30 . 2009-08-08 03:41 -------- d-----w- c:\documents and settings\tyler\Local Settings\Application Data\RobloxDownloads 2009-07-28 20:30 . 2009-08-05 19:45 -------- d-----w- c:\documents and settings\tyler\Local Settings\Application Data\RobloxVersions . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-26 23:12 . 2009-06-18 17:30 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-08-26 22:52 . 2009-05-24 09:07 -------- d-----w- c:\documents and settings\tyler\Application Data\WTablet 2009-08-26 22:17 . 2009-05-27 00:55 -------- d---a-w- c:\documents and settings\LocalService\Application Data\WTablet 2009-08-19 02:55 . 2009-06-18 17:30 -------- d-----r- c:\documents and settings\All Users\Application Data\Symantec 2009-08-16 19:50 . 2009-06-05 22:15 -------- d-----w- c:\program files\vghd 2009-08-08 20:04 . 2009-05-25 23:24 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-08-08 20:04 . 2009-05-25 23:24 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-08-08 20:04 . 2009-05-25 23:24 88 --sh--r- c:\documents and settings\All Users\Application Data\5065FC3DDF.sys 2009-08-08 20:04 . 2009-05-25 23:24 88 --sh--r- c:\documents and settings\All Users\Application Data\5065FC3DDF.sys 2009-08-08 18:55 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2009-08-08 18:55 . 2003-02-21 11:42 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-08-08 17:43 . 2009-05-17 04:47 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-01 05:20 . 2009-05-23 15:12 -------- d-----w- c:\program files\Drawing Hand 2009-08-01 04:56 . 2009-05-16 19:19 -------- d-----w- c:\program files\Linksys 2009-07-31 22:10 . 2007-01-29 18:33 23424 ----a-w- c:\documents and settings\tyler\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-31 17:37 . 2009-05-19 16:20 -------- d-----w- c:\program files\Microsoft Games 2009-07-31 04:09 . 2009-07-05 20:21 -------- d-----w- c:\documents and settings\tyler\Application Data\gtk-2.0 2009-07-26 21:50 . 2009-07-26 21:50 -------- d-----w- c:\program files\Cute Knight Deluxe Demo 2009-07-26 20:32 . 2009-07-26 20:32 -------- d-----w- c:\program files\Common Files\Adobe 2009-07-07 21:54 . 2009-07-06 21:14 -------- d---a-w- c:\documents and settings\tyler\Application Data\BitTorrent 2009-07-07 16:11 . 2009-07-07 16:11 -------- d-----w- c:\program files\Red Orb Entertainment 2009-07-04 19:11 . 2009-07-04 19:11 8 ----a-w- c:\windows\system32\nvModes.dat 2009-07-04 15:59 . 2009-07-04 15:48 -------- d-----w- c:\program files\SimTheme Park 2009-07-04 15:49 . 2009-07-04 15:11 285 ----a-w- c:\windows\EReg072.dat 2009-07-03 19:32 . 2009-07-03 19:32 -------- d-----w- c:\documents and settings\tyler\Application Data\Leadertech 2009-07-03 19:26 . 2009-07-03 19:26 -------- d-----w- c:\program files\Atari 2009-07-03 03:00 . 2009-07-03 02:59 -------- d-----w- c:\program files\GIMP-2.0 2009-06-21 21:12 . 2009-06-21 21:12 262144 ----a-w- c:\windows\system32\wrap_oal.dll 2009-06-21 21:12 . 2003-03-28 03:24 86016 ----a-w- c:\windows\system32\OpenAL32.dll 2009-06-18 17:17 . 2009-06-18 17:17 0 ----a-w- c:\windows\ativpsrm.bin 2009-06-16 02:25 . 2009-06-16 02:25 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-16 02:24 . 2009-06-16 02:24 152576 ----a-w- c:\documents and settings\tyler\Application Data\Sun\Java\jre1.6.0_14\lzma.dll 2009-06-15 18:25 . 2009-06-15 18:25 4096 ----a-w- c:\windows\d3dx.dat 2009-06-08 01:56 . 2009-06-08 01:56 286 ----a-w- c:\windows\EReg213.dat 2009-06-05 22:25 . 2009-06-05 22:20 3 ----a-w- c:\windows\sbacknt.bin 2009-06-05 22:15 . 2009-06-05 22:15 152904 ----a-w- c:\windows\system32\vghd.scr . ((((((((((((((((((((((((((((( SnapShot@2009-08-22_03.39.22 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-26 22:16 . 2009-08-26 22:16 16384 c:\windows\temp\Perflib_Perfdata_55c.dat + 2005-02-16 20:18 . 2005-02-16 20:18 90184 c:\windows\system32\NeroCo.dll - 2007-01-26 18:19 . 2009-08-22 02:40 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2007-01-26 18:19 . 2009-08-22 14:54 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2007-01-26 18:19 . 2009-08-22 14:54 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2007-01-26 18:19 . 2009-08-22 02:40 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2007-01-26 18:19 . 2009-08-22 14:54 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2007-01-26 18:19 . 2009-08-22 02:40 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-08-24 21:16 . 2009-08-24 21:16 25214 c:\windows\Installer\{3C814DE3-7174-4148-A3E2-43FFC4F21033}\ARPPRODUCTICON.exe + 2005-08-15 17:08 . 2005-08-15 17:08 5888 c:\windows\system32\drivers\imagedrv.sys + 2005-09-12 21:13 . 2005-09-12 21:13 233472 c:\windows\UNRecode.exe + 2005-09-12 21:13 . 2005-09-12 21:13 233472 c:\windows\UNNeroVision.exe + 2005-09-12 21:13 . 2005-09-12 21:13 233472 c:\windows\UNNeroShowTime.exe + 2005-09-12 21:13 . 2005-09-12 21:13 233472 c:\windows\UNNeroMediaHome.exe + 2005-09-12 21:13 . 2005-09-12 21:13 233472 c:\windows\UNNeroBackItUp.exe + 2004-07-09 14:43 . 2004-07-09 14:43 364544 c:\windows\system32\TwnLib4.dll + 2004-07-26 22:16 . 2004-07-26 22:16 471040 c:\windows\system32\imagXRA7.dll + 2004-07-26 22:16 . 2004-07-26 22:16 262144 c:\windows\system32\imagXR7.dll + 2004-07-26 22:16 . 2004-07-26 22:16 476320 c:\windows\system32\imagXpr7.dll + 2005-08-15 17:08 . 2005-08-15 17:08 127488 c:\windows\system32\drivers\imagesrv.sys + 2009-08-22 14:54 . 2009-08-22 15:16 262144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat + 2004-07-26 22:16 . 2004-07-26 22:16 1568768 c:\windows\system32\imagX7.dll + 2009-08-24 21:16 . 2009-08-24 21:16 3226112 c:\windows\Installer\30b3e.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] "Google Update"="c:\documents and settings\tyler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-11 133104] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-16 148888] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-04 61440] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-08 198160] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000] "P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2005-05-03 64512] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-12-09 18063872] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Wireless PCI Card Configuration Utility.lnk - c:\program files\Linksys\WMP11 Config Utility\WMP11CFG.exe [2009-8-1 4513280] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowOutboundPacketTooBig"= 1 (0x1) R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/24/2009 9:49 PM 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/24/2009 9:49 PM 20560] R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [5/24/2009 4:06 AM 3032360] R3 apmbatt;Microsoft APM Legacy Battery Driver;c:\windows\system32\drivers\apmbatt.sys [7/26/2009 7:40 PM 6272] R3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\NtApm.sys [1/25/2007 6:36 AM 9344] R3 WMP11V27;Instant Wireless PCI Card V2.7 Driver;c:\windows\system32\drivers\WMP11V27.sys [8/8/2009 12:48 PM 171776] R4 IDSxpx86;IDSxpx86;\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.111\Definitions\IPSDefs\20090730.005\IDSxpx86.sys --> c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.111\Definitions\IPSDefs\20090730.005\IDSxpx86.sys [?] R4 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1100000.073\SYMDS.SYS --> c:\windows\system32\drivers\NAV\1100000.073\SYMDS.SYS [?] R4 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1100000.073\SYMEFA.SYS --> c:\windows\system32\drivers\NAV\1100000.073\SYMEFA.SYS [?] S1 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?] S3 atirage;atirage;c:\windows\system32\drivers\atiragem.sys [3/15/2008 4:58 AM 70528] S3 getPlus® Installer;getPlus® Installer;c:\program files\NOS\bin\getPlus_HelperSvc.exe [5/25/2009 4:35 PM 59552] S3 k57w2k;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [6/18/2009 12:28 PM 186880] S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [5/24/2009 4:06 AM 15144] --- Other Services/Drivers In Memory --- *Deregistered* - BHDrvx86 *Deregistered* - ccHP *Deregistered* - SRTSPX . Contents of the 'Scheduled Tasks' folder 2009-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-839522115-1708537768-1003Core.job - c:\documents and settings\tyler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-11 02:06] 2009-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-839522115-1708537768-1003UA.job - c:\documents and settings\tyler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-11 02:06] . - - - - ORPHANS REMOVED - - - - HKLM-Run-NWEReboot - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk uInternet Connection Wizard,ShellNext = iexplore IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-26 18:23 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-861567501-839522115-1708537768-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(560) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(1512) c:\program files\RocketDock\RocketDock.dll c:\program files\Windows Media Player\wmpband.dll c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll c:\program files\Common Files\Ahead\Lib\NeroSearchTrayHook.dll c:\program files\Common Files\Ahead\Lib\MFC71U.DLL c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-08-26 18:24 ComboFix-quarantined-files.txt 2009-08-26 23:24 ComboFix2.txt 2009-08-24 02:26 ComboFix3.txt 2009-08-22 15:51 ComboFix4.txt 2009-08-22 03:44 Pre-Run: 53,050,580,992 bytes free Post-Run: 52,994,686,976 bytes free 248 --- E O F --- 2009-05-17 12:10 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:35:03 PM, on 8/26/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\tyler\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\tyler\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\tyler\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\tyler\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\tyler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager/plugin/IEGetPlugin.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169835967464 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: getPlus® Installer - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe -- End of file - 5624 bytes
  4. Thank you for the reply, but i finally got it fixed last night using avast anti virus
  5. i have been fighting a virus for about a week and i have tried every thing to remove these 2 files c:\windows\system32\drivers\mrxdavv.sys c:\windows\system32\kwave.sys i got these (or the other way around) through "windows anti virus pro" which is gone now but something keeps reinstalling it, my computer amd phenom ii x2 3.1 1 gb ddr3 windows xp pro service pack 2 Norton antivirus 2010 beta considering im on a tight budget and the hard drive was given to me with a fresh xp install and no disks i would love to get rid of this i have tried: malwarebytes combofix a-squared and coping random data over all free space here is hijack this log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:31:26 PM, on 8/24/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\RocketDock\RocketDock.exe C:\Documents and Settings\tyler\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe C:\Documents and Settings\tyler\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\tyler\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\tyler\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\tyler\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.0.0.115\IPSBHO.DLL O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\tyler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager/plugin/IEGetPlugin.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169835967464 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: getPlus® Installer - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\17.0.0.115\ccSvcHst.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe -- End of file - 5718 bytes
  6. i have been fighting a virus for about a week and i have tried every thing to remove these 2 files c:\windows\system32\drivers\mrxdavv.sys c:\windows\system32\kwave.sys i got these (or the other way around) through "windows anti virus pro" which is gone now but something keeps reinstalling it, my computer amd phenom ii x2 3.1 1 gb ddr3 windows xp pro service pack 2 Norton antivirus 2010 beta considering im on a tight budget and the hard drive was given to me with a fresh xp install and no disks i would love to get rid of this i have tried: malwarebytes combofix a-squared and coping random data over all free space
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.