First of all, thanks in advance for offering this service. I will do all I can to make sure it's as easy as possible for you to help me.
Context
I noticed a huge bandwidth usage that I cannot explain and I suspect it's due to a virus/malware. Even if it's not, I'm pretty sure I'm infected so let's do this.
Windows 7 64 bit is installed on a ssd (Drive C)
User folder is located on a hdd (Drive A) there is also some other stuff on that drive.
Three other hdd (B, M and Z) are used for data storage and some back ups. I am in the process of sorting this better.
I assume that when I have to scan something. I should scan everything? For these initial logs I did not specify anything so it might not have ran on all my drives. I'm not sure how important this is.
edit: I understand that seeing both "huge bandwidth usage" and "utorrent" in the same thread may lead to an obvious conclusion. I just want to specify that I am aware of the bandwidth usage associated with utorrent and it just doesn't add up and this is the source of my concerns. Thanks.
Logs
Context
I noticed a huge bandwidth usage that I cannot explain and I suspect it's due to a virus/malware. Even if it's not, I'm pretty sure I'm infected so let's do this.
Windows 7 64 bit is installed on a ssd (Drive C)
User folder is located on a hdd (Drive A) there is also some other stuff on that drive.
Three other hdd (B, M and Z) are used for data storage and some back ups. I am in the process of sorting this better.
I assume that when I have to scan something. I should scan everything? For these initial logs I did not specify anything so it might not have ran on all my drives. I'm not sure how important this is.
edit: I understand that seeing both "huge bandwidth usage" and "utorrent" in the same thread may lead to an obvious conclusion. I just want to specify that I am aware of the bandwidth usage associated with utorrent and it just doesn't add up and this is the source of my concerns. Thanks.
Logs
Quote:
|
Originally Posted by hijackthis.txt
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:01:53, on 2014-05-07 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17041) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\BMDStreamingServer.exe C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\CheckVersionPCI.exe C:\Program Files (x86)\Switcher\Switcher.exe A:\jbl\AppData\Roaming\uTorrent\uTorrent.exe A:\jbl\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\AVG\AVG2014\avgui.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\SysWOW64\ctfmon.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Songbird\songbird.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe A:\jbl\Desktop\mbar\mbar.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe A:\jbl\Downloads\clean my machine\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [HFS Activator] C:\Program Files (x86)\Paragon Software\HFS+ for Windows 10.0\activation\hfsactivator.exe /autostart O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AdobeCEPServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [Blackmagic CheckVersion] C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\CheckVersion.exe O4 - HKCU\..\Run: [Switcher] "C:\Program Files (x86)\Switcher\Switcher.exe" /quiet O4 - HKCU\..\Run: [AVG-Secure-Search-Update_0913b] A:\jbl\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 4a3a8c64857347d38bdc6de7832a10b0-902964253d8a22f0da2e9d87cc7eee9db214a4f9 --CMPID 0913b O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [uTorrent] "A:\jbl\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Google Update] "C:\Windows\system32\config\systemprofile\AppData\Local\Google\Desktop\Inst all\{50406a07-a0a3-d734-16c3-2a670a4b1058}\???\???\???\{50406a07-a0a3-d734-16c3-2a670a4b1058}\GoogleUpdate.exe" > (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Google Update] "C:\Windows\system32\config\systemprofile\AppData\Local\Google\Desktop\Inst all\{50406a07-a0a3-d734-16c3-2a670a4b1058}\???\???\???\{50406a07-a0a3-d734-16c3-2a670a4b1058}\GoogleUpdate.exe" > (User 'Default user') O4 - Startup: Dropbox.lnk = A:\jbl\AppData\Roaming\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe O23 - Service: Desktop Video Helper Service (dvhlp) - Unknown owner - C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\DesktopVideoHelper.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13349 bytes |
Quote:
|
Originally Posted by dds.txt
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.51.2 Run by jbl at 14:02:42 on 2014-05-07 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.32745.26981 [GMT -4:00] . AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} . ============== Running Processes =============== . c:\PROGRA~2\AVG\AVG2014\avgrsa.exe C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\DesktopVideoHelper.exe C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe C:\Program Files (x86)\AVG\AVG2014\avgemca.exe C:\Windows\System32\WUDFHost.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files\Core Temp\Core Temp.exe C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe C:\Program Files\Logitech Gaming Software\LCore.exe C:\Program Files\Greenshot\Greenshot.exe C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\BMDStreamingServer.exe C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\CheckVersionPCI.exe C:\Program Files (x86)\Switcher\Switcher.exe C:\Program Files\Windows Sidebar\sidebar.exe A:\jbl\AppData\Roaming\uTorrent\uTorrent.exe A:\jbl\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\AVG\AVG2014\avgui.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\SysWOW64\ctfmon.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Songbird\songbird.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe A:\jbl\Desktop\mbar\mbar.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll uRun: [Switcher] "C:\Program Files (x86)\Switcher\Switcher.exe" /quiet uRun: [AdobeBridge] <no file> mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY mRun: [HFS Activator] C:\Program Files (x86)\Paragon Software\HFS+ for Windows 10.0\activation\hfsactivator.exe /autostart mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [AdobeCEPServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Blackmagic CheckVersion] C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\CheckVersion.exe StartupFolder: A:\jbl\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.l nk - A:\jbl\AppData\Roaming\Dropbox\bin\Dropbox.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{B1244776-80A5-484D-BCC1-E18CA8598173} : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized x64-Run: [Greenshot] C:\Program Files\Greenshot\Greenshot.exe x64-Run: [apmwinapp] C:\Program Files (x86)\Paragon Software\HFS+ for Windows 10.0\apmwinsrv.exe param x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-Run: [Blackmagic Streaming Server] C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\BMDStreamingServer.exe x64-Run: [Blackmagic CheckVersion PCI] C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\CheckVersionPCI.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - A:\jbl\AppData\Roaming\Mozilla\Firefox\Profiles\bebmhklr.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP4A6DD 605-56A0-4755-BB8D-FA1462029368 FF - plugin: A:\jbl\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\3.0.50106.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll . ============= SERVICES / DRIVERS =============== . R0 apmwin;apmwin;C:\Windows\System32\drivers\apmwin.sys [2013-8-19 50456] R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-3-27 192792] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-3-27 324376] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-3-31 130840] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-3-27 32536] R0 dlkmdldr;dlkmdldr;C:\Windows\System32\drivers\dlkmdldr.sys [2014-4-11 17200] R0 gpt_loader;GUID Partition table support driver;C:\Windows\System32\drivers\gpt_loader.sys [2013-8-19 60184] R0 mounthlp;Mounter helper driver for HFS+ volumes;C:\Windows\System32\drivers\mounthlp.sys [2013-8-19 42264] R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-8-27 297000] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-3-23 56208] R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-3-27 153368] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-4-18 237336] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-3-27 236824] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-3-31 274200] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-4-18 3645456] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-3-27 291912] R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2014-2-24 9960240] R2 dvhlp;Desktop Video Helper Service;C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\DesktopVideoHelper.exe [2014-2-24 24576] R2 HfsplusRec;HfsplusRec;C:\Windows\System32\drivers\hfsplusrec.sys [2013-8-19 15128] R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-3-22 13592] R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-5-12 413472] R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-11-7 5093216] R3 DisplayLinkUsbIo_x64;DisplayLinkUsbIo_x64;C:\Windows\System32\drivers\Displ ayLinkUsbIo_x64_7.5.54018.0.sys [2014-2-25 46384] R3 dlkmd;dlkmd;C:\Windows\System32\drivers\dlkmd.sys [2014-4-11 391984] R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408] R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-1-17 66800] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008] R3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-3-4 91352] R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-3-4 119000] R3 motubus;MOTU Audio MIDI Extension;C:\Windows\System32\drivers\motubus64.sys [2011-8-5 29808] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-9-30 80384] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-9-30 180736] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-3-22 406632] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088] S2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2013-4-14 145448] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328] S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2010-10-27 55336] S3 BlackmagicUsbIO;Blackmagic USB IO Driver;C:\Windows\System32\drivers\BlackmagicUsbIO.sys [2014-2-24 186880] S3 BMDDeckLinkAudio;BMDDeckLinkAudio;C:\Windows\System32\drivers\deckaud.sys [2014-2-24 18432] S3 deckavs;Blackmagic DeckLink WDM Streaming;C:\Windows\System32\drivers\deckavs.sys [2014-2-24 50176] S3 Hfsplus;Hfsplus;C:\Windows\System32\drivers\hfsplus.sys [2013-8-19 200472] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-17 111616] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-1-3 79240] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-1-3 15752] S3 MFWAMIDI64;MOTU Audio MIDI for 64 bit;C:\Windows\System32\drivers\mfwamidi64.sys [2011-8-5 32880] S3 MFWAWAVE64;MOTU Audio Wave for 64 bit;C:\Windows\System32\drivers\mfwawave64.sys [2011-8-5 83056] S3 MotuFWA64;MotuFWA64;C:\Windows\System32\drivers\MotuFWA64.sys [2011-8-5 600688] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-22 20992] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640] S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-30 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-26 1255736] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464] S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] . =============== File Associations =============== . FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe","%1" ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2014-05-07 17:49:56 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-05-07 14:25:14 -------- d-----w- C:\Program Files (x86)\GUM7EE0.tmp 2014-05-06 07:00:11 -------- d-s---w- C:\Windows\System32\CompatTel 2014-05-06 04:01:49 465408 ----a-w- C:\Windows\System32\aepdu.dll 2014-05-06 04:01:49 424448 ----a-w- C:\Windows\System32\aeinv.dll 2014-05-05 19:26:57 -------- d-----w- A:\jbl\AppData\Local\TechSmith 2014-05-03 14:07:13 -------- d-----w- A:\jbl\AppData\Roaming\DropboxMaster 2014-05-03 06:26:04 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2014-05-03 06:26:04 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2014-04-30 21:18:32 -------- d-----w- C:\Program Files (x86)\Minecraft 2014-04-22 17:24:09 -------- d-----w- A:\jbl\AppData\Roaming\.mono 2014-04-22 17:24:09 -------- d-----w- A:\jbl\AppData\Local\FRACTOSC 2014-04-18 19:01:56 237336 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys 2014-04-17 05:42:50 -------- d-----w- C:\Windows\Migration 2014-04-13 01:57:02 -------- d-----w- C:\Program Files (x86)\astrojargon.net 2014-04-11 15:08:05 391984 ----a-w- C:\Windows\System32\drivers\dlkmd.sys 2014-04-11 15:08:05 17200 ----a-w- C:\Windows\System32\drivers\dlkmdldr.sys 2014-04-11 04:23:24 -------- d-----w- C:\ProgramData\Resolume Arena 4 2014-04-11 04:23:24 -------- d-----w- A:\jbl\AppData\Roaming\Resolume Arena 4 2014-04-07 20:57:12 -------- d-----w- C:\Program Files (x86)\Resolume Arena 4.1.8 . ==================== Find3M ==================== . 2014-05-07 17:49:56 119000 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-05-07 17:49:36 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-03-31 20:20:54 274200 ----a-w- C:\Windows\System32\drivers\avgtdia.sys 2014-03-31 20:06:26 130840 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys 2014-03-28 02:14:26 192792 ----a-w- C:\Windows\System32\drivers\avgidsha.sys 2014-03-28 02:14:24 153368 ----a-w- C:\Windows\System32\drivers\avgdiska.sys 2014-03-28 02:07:10 236824 ----a-w- C:\Windows\System32\drivers\avgldx64.sys 2014-03-28 02:05:02 324376 ----a-w- C:\Windows\System32\drivers\avgloga.sys 2014-03-28 02:03:16 32536 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys 2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll 2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll 2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll 2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll 2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll 2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll 2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll 2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll 2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll 2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll 2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll 2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll 2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll 2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll 2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll 2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe 2014-02-25 15:26:40 46384 ----a-w- C:\Windows\System32\drivers\DisplayLinkUsbIo_x64_7.5.54018.0.sys 2014-02-25 15:26:38 948736 ----a-w- C:\Windows\System32\DisplayLinkUsbCo64_7.5.54018.0.dll 2014-02-24 16:04:06 18432 ----a-w- C:\Windows\System32\drivers\deckaud.sys 2014-02-24 16:03:54 50176 ----a-w- C:\Windows\System32\drivers\deckavs.sys 2014-02-24 16:03:42 186880 ----a-w- C:\Windows\System32\drivers\BlackmagicUsbIO.sys 2014-02-24 09:05:47 1401648 ----a-w- C:\Windows\System32\dlumd9.dll 2014-02-24 09:05:47 1401648 ----a-w- C:\Windows\System32\dlumd64.dll 2014-02-24 09:05:47 1401648 ----a-w- C:\Windows\System32\dlumd11.dll 2014-02-24 09:05:47 1401648 ----a-w- C:\Windows\System32\dlumd10.dll 2014-02-24 09:05:45 1144112 ----a-w- C:\Windows\SysWow64\dlumd9.dll 2014-02-24 09:05:45 1144112 ----a-w- C:\Windows\SysWow64\dlumd32.dll 2014-02-24 09:05:45 1144112 ----a-w- C:\Windows\SysWow64\dlumd11.dll 2014-02-24 09:05:45 1144112 ----a-w- C:\Windows\SysWow64\dlumd10.dll 2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys 2009-12-06 09:18:14 26624 --sh--w- C:\Windows\bfcs2.dll . ============= FINISH: 14:03:01.01 =============== |
Quote:
|
Originally Posted by attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 2013-03-22 18:56:57 System Uptime: 2014-05-07 09:43:11 (5 hours ago) . Motherboard: ASUSTeK Computer INC. | | P8P67 Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz | LGA1155 | 3401/100mhz . ==== Disk Partitions ========================= . A: is FIXED (NTFS) - 1863 GiB total, 416.857 GiB free. B: is FIXED (NTFS) - 1863 GiB total, 1069.63 GiB free. C: is FIXED (NTFS) - 112 GiB total, 29.809 GiB free. D: is CDROM () E: is CDROM () F: is Removable H: is Removable M: is FIXED (NTFS) - 1863 GiB total, 843.131 GiB free. Z: is FIXED (NTFS) - 1863 GiB total, 179.936 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: Description: Device ID: USB\VID_0CF3&PID_3000\6&DF2EE03&0&7 Manufacturer: Name: PNP Device ID: USB\VID_0CF3&PID_3000\6&DF2EE03&0&7 Service: . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Sentinel64 Device ID: ROOT\LEGACY_SENTINEL64\0000 Manufacturer: Name: Sentinel64 PNP Device ID: ROOT\LEGACY_SENTINEL64\0000 Service: Sentinel64 . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . 7-Zip 9.20 (x64 edition) Ableton Live 9 Suite Adobe Acrobat X Pro - English, Français, Deutsch Adobe After Effects CC Adobe AIR Adobe Creative Suite 5.5 Master Collection Adobe Creative Suite 6 Master Collection Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Help Manager Adobe Photoshop Lightroom 5 64-bit Adobe Premiere Pro CC Adobe SpeedGrade CC Adobe Story Adobe Support Advisor Adobe Widget Browser Advanced Renamer Akai Professional MPX8 Editor Apple Application Support Apple Software Update ASIO4ALL µTorrent Audio Converter Plus 4.7.1.0 AVG 2014 Avid Codecs LE Avidemux 2.5 (32-bit) AviSynth 2.6 Battle.net bl Blackmagic Design Desktop Video Calibrated{Q} XD Decode Camtasia Studio 7 Canon Utilities EOS Utility Circuits CNTRLR_Editor Core Temp version 0.99.7 Damage version 2.5 DENoise 2, After Effects-compatible plugin set DisplayLink Core Software Dropbox Effectrix EOSInfo eReg EVGA Precision X 4.0.0 ffdshow v1.3.4500 [2013-01-06] ffdshow x64 v1.3.4500 [2013-01-06] FieldsKit 3, After Effects-compatible plugin set FileFort Backup FileZilla Client 3.7.3 Fraps FTL version 1.03.3 Google Chrome Google Update Helper Greenshot 1.1.5.2643 Hearthstone HFSExplorer 0.21 Intel(R) Management Engine Components Intel(R) Rapid Storage Technology iZotope RX 2 iZotope Stutter Edit Jack Java 7 Update 51 Java Auto Updater Java(TM) 6 Update 25 Lagarith Lossless Codec (1.3.27) Left 4 Dead 2 Logitech Gaming Software Logitech Gaming Software 8.45 M30 Reverb Magic Bullet Suite 64-bit Magic Online Magic The Gathering Online marvell 91xx console driver Max 6.0.5 Max 6.1.3 Microsoft .NET Framework 4.5.1 Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 32-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 32-bit MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_CRT_x86_x64 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFC_x86_x64 Microsoft_VC80_MFCLOC_x86 Microsoft_VC80_MFCLOC_x86_x64 Microsoft_VC90_ATL_x86 Microsoft_VC90_ATL_x86_x64 Microsoft_VC90_CRT_x86 Microsoft_VC90_CRT_x86_x64 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFC_x86_x64 Microsoft_VC90_MFCLOC_x86 MIDI Yoke MOTU Hardware Mozilla Firefox 27.0.1 (x86 en-US) Mozilla Maintenance Service Mozilla Thunderbird 24.5.0 (x86 en-US) Native Instruments Absynth 5 Native Instruments FM8 Native Instruments Reaktor 5 NullpoMino version 7.5 NVIDIA 3D Vision Controller Driver 320.18 NVIDIA 3D Vision Driver 320.18 NVIDIA Control Panel 320.18 NVIDIA Graphics Driver 320.18 NVIDIA HD Audio Driver 1.3.24.2 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.12.1031 NVIDIA Stereoscopic 3D Driver Ohm Force - Ohmicide VST Paragon HFS+ for Windows™ 10.0 Path of Exile PCM Native Reverb VST Plug-in PDF Settings CS6 ph Pidgin Portal 2 proDAD Mercalli 2.0 (64bit) PV Feather v1, After Effects-compatible plugin set PxMergeModule QuickTime Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Recuva ReelSmart Motion Blur 4, After Effects-compatible plugin set REFill 2, After Effects-compatible plugin set REFlex v4, After Effects plugin set REMap v2, After Effects-compatible plugin set REMatch v1, After Effects-compatible plugin set ReNamer Renesas Electronics USB 3.0 Host Controller Driver Renoise 3.0.0 Resolume Arena 4.1.8 Rob Papen Albino 3 Rock of Ages Sanctum Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Shade/Shape 4, After Effects-compatible plugin set Skype™ 6.11 SmoothKit 3, After Effects-compatible plugin set SolForge Songbird 2.2.0 (Build 2453) SoulseekQt StarCraft II Steam Switcher 2.0.0 TeamViewer 8 TeraCopy 2.3 TL-WN851ND Driver TP-LINK Wireless Client Utility TP-LINK Wireless Configuration Utility TransMac version 8.1 Trapcode Suite 64-bit Twixtor 5, After Effects-compatible plugin set uberOptions 4.80.5 Unity Web Player Video Gogh 3, After Effects-compatible plugin set Visual Studio 2012 x64 Redistributables Visual Studio 2012 x86 Redistributables VLC media player 2.0.7 WOW Xvid MPEG-4 Video Codec Zelda Mystery of Solarus DX version 1.6.2 . ==== Event Viewer Messages From Past Week ======== . 2014-05-07 11:46:46, Error: Service Control Manager [7000] - The GEAR ASPI Filter Driver service failed to start due to the following error: This driver has been blocked from loading 2014-05-07 11:46:46, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 2014-05-07 09:44:27, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 2014-05-07 09:43:26, Error: Service Control Manager [7000] - The Sentinel64 service failed to start due to the following error: The system cannot find the device specified. 2014-05-07 05:09:17, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control. . ==== End Of File =========================== |
Quote:
|
Originally Posted by ark.txt
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-05-07 15:56:30 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Corsair_ rev.2.0_ 111.79GB Running: ipe28hon_GMER.exe; Driver: A:\jbl\AppData\Local\Temp\pwddypog.sys ---- Kernel code sections - GMER 2.1 ---- PAGE C:\Windows\system32\drivers\ataport.SYS!DllUnload fffff8800141c4a0 12 bytes {MOV RAX, 0xfffffa801881b2a0; JMP RAX} PAGE C:\Windows\system32\drivers\PCIIDEX.SYS!DllUnload fffff8800143da50 12 bytes {MOV RAX, 0xfffffa80191be2a0; JMP RAX} .text C:\Windows\system32\drivers\USBPORT.SYS!DllUnload fffff88006caed8c 12 bytes {MOV RAX, 0xfffffa801cd702a0; JMP RAX} .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960000d3f00 7 bytes [00, 98, F3, FF, 01, A6, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff960000d3f08 3 bytes [C0, 06, 02] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Switcher\Switcher.exe[4484] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000755b1465 2 bytes [5B, 75] .text C:\Program Files (x86)\Switcher\Switcher.exe[4484] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000755b14bb 2 bytes [5B, 75] .text ... * 2 .text A:\jbl\AppData\Roaming\uTorrent\uTorrent.exe[4564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000755b1465 2 bytes [5B, 75] .text A:\jbl\AppData\Roaming\uTorrent\uTorrent.exe[4564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755b14bb 2 bytes [5B, 75] .text ... * 2 .text A:\jbl\AppData\Roaming\Dropbox\bin\Dropbox.exe[4588] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 00000000755b1465 2 bytes [5B, 75] .text A:\jbl\AppData\Roaming\Dropbox\bin\Dropbox.exe[4588] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000755b14bb 2 bytes [5B, 75] .text ... * 2 ---- Devices - GMER 2.1 ---- Device \Driver\mv91xx \Device\Scsi\mv91xx1 fffffa80191c02c0 Device \FileSystem\Ntfs \Ntfs fffffa80191c62c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa801cc1e2c0 Device \Driver\cdrom \Device\CdRom0 fffffa801c4a82c0 Device \Driver\USBSTOR \Device\000000aa fffffa801c5a22c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa801cc1e2c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{B1244776-80A5-484D-BCC1-E18CA8598173} fffffa801c7f22c0 Device \Driver\USBSTOR \Device\000000ab fffffa801c5a22c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa801cc1e2c0 Device \Driver\USBSTOR \Device\000000ac fffffa801c5a22c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{3BF57ED7-A441-403E-BE26-FE34E6EEBC56} fffffa801c7f22c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa801c7f22c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa801cc1e2c0 Device \Driver\mv91xx \Device\ScsiPort1 fffffa80191c02c0 ---- Processes - GMER 2.1 ---- Library A:\jbl\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ A:\jbl\AppData\Roaming\Dropbox\bin\Dropbox.exe [4588](201 0000000003ba0000 Library a:\jbl\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphgabxl.dll (*** suspicious ***) @ A:\jbl\AppData\Roaming\Dropbox\bin\Dropbox.exe [4588](2014-05-07 19:41:45) 00000000055c0000 Library A:\jbl\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ A:\jbl\AppData\Roaming\Dropbox\bin\Dropbox.exe [4588](2013-10-18 23:5 0000000065bd0000 Library A:\jbl\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ A:\jbl\AppData\Roaming\Dropbox\bin\Dropbox.exe [4588] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 0000000065240000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00268311b288 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C 90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C 90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C 90D04@ujdew 0x6F 0x8B 0x05 0xAD ... Reg HKLM\SYSTEM\CurrentControlSet\services\ Reg HKLM\SYSTEM\CurrentControlSet\services\@Parameters\0\x202e\x2764 300 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00268311b288 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D0 4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D0 4@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D0 4@ujdew 0x6F 0x8B 0x05 0xAD ... Reg HKLM\SYSTEM\ControlSet002\services\ (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\@Parameters\0\x202e\x2764 300 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EEEBC867-F56E-BE91-FC6E-78282E00CBF6} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EEEBC867-F56E-BE91-FC6E-78282E00CBF6}@oaefkfdjciggkjjgcnjneakpaieegm 0x6A 0x61 0x64 0x63 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EEEBC867-F56E-BE91-FC6E-78282E00CBF6}@naoeaddbeiaccgnadmioaggjnadp 0x6A 0x61 0x64 0x63 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EEEBC867-F56E-BE91-FC6E-78282E00CBF6}@gbmgjicmpdbhlpdcjpigkdhcnlgihhgncfgcmddjgaedim 0x66 0x61 0x65 0x68 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EEEBC867-F56E-BE91-FC6E-78282E00CBF6}@bbghdmoalglalpeomnchpkemglomjkjmdkch 0x64 0x61 0x62 0x6D ... ---- EOF - GMER 2.1 ---- |