# Explorer.exe doesn't load with Windows XP



## mikemunkie (Aug 19, 2009)

Hi,

I've got Windows XP and when I boot up, all I get is the desktop background, windows explorer doesn't load up.
I've searched for similar problems, and some have found that it is possible to manually start explorer but
if I ctrl+alt+delete, I get the task manager, but when I go to file>new task, and enter 'explorer.exe'
Windows cannot find the file. I've looked in the windows folders, but explorer.exe appears to have vanished.
If I start in safe mode, I get the same problem.
I've tried system restore via msconfig, but there are no restore points other than with today's date. When I tried to restore to this, it said it was not possible.

I've downloaded hijack this via my laptop, here is the log.



> Logfile of Trend Micro HijackThis v2.0.2
> Scan saved at 22:59:17, on 16/08/2010
> Platform: Windows XP SP3 (WinNT 5.01.2600)
> MSIE: Internet Explorer v8.00 (8.00.6001.18702)
> ...


I hope someone can help!


----------



## surferdude2 (Jul 7, 2010)

Since explorer.exe is a protected file, two things come to mind.

1. Virus or malware

2. Corrupt user profile.

Let's attack them in that order. I'll ask that your hjt log be reviewed by folks in the virus and Malware forum first.


----------



## mikemunkie (Aug 19, 2009)

Since posting, I tried copying explorer.exe from my laptop (also on XP SP3) onto my troublesome PC via a USB stick. 
I can load explorer from the USB, and can copy it to the PC and it appears to work, but when I reboot, explorer has gone again.
It has also started to spontaneously reboot when I leave it on for more than 5 minutes. There are no warnings, it just turns itself off and starts again.


----------



## surferdude2 (Jul 7, 2010)

It occurs natively on an SP3 system in these locations:

C:\WINDOWS\explorer.exe
C:\WINDOWS\ServicePackFiles\i386\explorer.exe
C:\WINDOWS\SYSTEM32\dllcache\explorer.exe

It's a protected file and can't disappear without help and that normally means something evil.

If it's not in those locations and especially if it's anywhere else, sit tight and someone will pick up on this from the AV forum.


----------



## itsjusme (Aug 19, 2006)

Did you start having this problem before or after you ran COMBOFIX?


----------



## Byteman (Jan 24, 2002)

It is no longer possible to use Hijackthis alone to decide if there is malware present (and this has been true for quite some time).

I have alerted someone who specializes in this sort of thing, which I feel may be a new piece of malware. There is a good probability the cause is malware related so this is not a thread to be posting in, just yet anyway!

They will be along but not until tomorrow morning, so let's hold off on the advice please, at least until the advisor has a couple of scans and whaatever they need to check done.


----------



## Byteman (Jan 24, 2002)

I would say, since ComboFix normally ends explorer.exe when it runs, and it is loading each time you start up, that is why you are seeing it happen.

You can try using the Run line command to delete ComboFix:

combofix /Uninstall

Or, fix those two entries for CF using Hijackthis

Close all browsers, email, IM, chat, game etc windows, even this window before you fix anything.

Run Hijackthis. Tick each of the two items and then, click Fix Checked.

O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\CF17823.exe /c C:\Combo-Fix\Combobatch.bat
O4 - HKLM\..\RunOnce: [combofix] C:\WINDOWS\system32\CF17823.exe /c C:\Combo-FixCombobatch.bat

Then, use the combofix /UNINSTALL command in Run.


----------



## mikemunkie (Aug 19, 2009)

I had the problem before I tried combofix.
When I tried to remove it as described, it just ran as normal.
I ran hijackthis and removed the 2 entries you suggested, but combofix /uninstall didn't work, just ran it as normal again.
Then I deleted combofix.exe from the desktop (which I probably shouldn't have done)
I still have the original problem.
I've done another hijackthis scan.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:47:59, on 17/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [MCW Startup] "C:\Program Files\Monitor Calibration Wizard\MCW.exe" /s
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = Application Data\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (Egg Money Manager Digital Safe) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) - 
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) - 
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.6.0_06) - 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c985e88d1ec762) (gupdate1c985e88d1ec762) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 8785 bytes


----------



## dvk01 (Dec 14, 2002)

why did you run combofix on your own without instructiosn to do so

look in C:\qoobox for the combofix.txt file so we can see what it did

I suspect that there won't be alog because it was an interupted run & the entries were setting it up to run on reboot

IF no log in qoobox then

Delete any existing version of ComboFix you have sitting on your desktop
*Please read and follow all these instructions very carefully*​
Download ComboFix from *Here* or *Here*to your Desktop.

***Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer***
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


*Very Important!* *Temporarily disable* your *anti-virus* and *anti-malware* real-time protection and any *script blocking components of them or your firewall*_* before* _performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results" or stop combofix running at all_
Click on *THIS LINK * to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re enable the protection again after combofix has finished*
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running 
Double click on *combofix.exe* & follow the prompts.​If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this 
When finished, it will produce a report for you. 
Please post the *"C:\ComboFix.txt" * for further review

*****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze *****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read  HERE  why we disable autoruns

*Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version. *

Please tell us if it has cured the problems or if there are any outstanding issues


----------



## mikemunkie (Aug 19, 2009)

I did combofix because I couldn't resist, knew it was wrong!
I did have the problem before using it though.

Anyway, I have performed another combofix scan with the version you suggested and did as you said.
I copied explorer from the system32 folder into the windows folder and it appears to be working ok now, it loads on restart.
I'm concerned that there might still be something on there so am not using the computer other than as directed.
The combofix log is below:

ComboFix 10-08-16.03 - Mike 17/08/2010 8:55.12.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3327.2394 [GMT 1:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Thumbs.db
.
((((((((((((((((((((((((( Files Created from 2010-07-17 to 2010-08-17 )))))))))))))))))))))))))))))))
.
2010-08-17 07:14 . 2008-04-14 00:12 1033728 -c--a-w- c:\windows\system32\dllcache\explorer.exe
2010-08-17 07:14 . 2008-04-14 00:12 1033728 ----a-w- c:\windows\explorer.exe
2010-08-17 07:00 . 2010-08-17 07:01 -------- d-----w- C:\Combo-Fixx
2010-08-17 07:00 . 2010-08-17 07:00 389120 ----a-w- c:\windows\system32\CF27374.exe
2010-08-17 06:54 . 2010-08-17 06:57 -------- d-----w- C:\Combo-Fix
2010-08-17 06:54 . 2010-08-17 06:52 389120 ----a-w- c:\windows\system32\CF25990.exe
2010-08-17 06:39 . 2010-08-17 06:39 389120 ----a-w- c:\windows\system32\CF23312.exe
2010-08-17 06:31 . 2010-08-17 06:31 389120 ----a-w- c:\windows\system32\CF21816.exe
2010-08-17 06:19 . 2010-08-17 06:18 389120 ----a-w- c:\windows\system32\CF19334.exe
2010-08-17 06:14 . 2010-08-17 06:14 -------- d-----w- c:\documents and settings\Mike\WINDOWS
2010-08-16 21:51 . 2010-08-16 21:49 389120 ----a-w- c:\windows\system32\CF17823.exe
2010-08-16 15:37 . 2010-08-17 07:14 -------- d-----w- C:\128a0540cb0f26d2990347
2010-08-15 21:01 . 2010-08-15 21:07 -------- d-----w- c:\documents and settings\Mike\Application Data\377D5FD81D18903EA4BC0C1BD98C5356
2010-07-25 16:54 . 2010-07-25 16:54 -------- d-----w- c:\documents and settings\Mike\Application Data\Settings
2010-07-25 16:52 . 2010-07-25 16:52 -------- d-----w- c:\documents and settings\Mike\Application Data\DigiTech
2010-07-25 16:52 . 2010-05-21 18:46 2979671 -c--a-w- c:\documents and settings\All Users\Application Data\{623EA537-46B3-4540-A259-8E2831675E5A}\JamManagerInstaller.exe
2010-07-25 16:52 . 2010-07-25 16:52 -------- d-----w- c:\program files\DigiTech
2010-07-24 23:36 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-17 07:59 . 2008-06-18 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Bitmeter2
2010-08-17 07:48 . 2010-03-14 20:23 -------- d-----w- c:\documents and settings\Mike\Application Data\Dropbox
2010-08-16 21:45 . 2008-06-18 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-08-15 21:49 . 2008-06-21 22:14 -------- d-----w- c:\documents and settings\Mike\Application Data\uTorrent
2010-08-15 20:31 . 2009-11-12 11:30 -------- d-----w- c:\program files\Winamp Remote
2010-07-31 17:51 . 2008-09-30 22:40 -------- d-----w- c:\documents and settings\Mike\Application Data\Winamp
2010-07-31 17:28 . 2009-11-10 23:38 -------- d-----w- c:\documents and settings\Mike\Application Data\vlc
2010-07-31 17:14 . 2010-04-26 15:20 -------- d-----w- c:\documents and settings\Mike\Application Data\gtk-2.0
2010-07-31 17:01 . 2008-06-22 17:18 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-31 16:49 . 2008-06-18 17:12 -------- d-----w- c:\program files\Winamp
2010-07-31 16:49 . 2010-04-27 09:43 -------- d-----w- c:\program files\Winamp Detect
2010-07-25 16:52 . 2010-07-25 16:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{623EA537-46B3-4540-A259-8E2831675E5A}
2010-06-30 12:31 . 2007-05-25 01:53 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 19:20 . 2010-06-28 19:20 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb325.tmp.exe
2010-06-24 12:22 . 2007-05-25 01:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2007-05-25 01:53 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03 . 2007-05-25 01:53 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2007-05-24 18:29 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-22 13:48 . 2010-05-22 13:48 655360 ----a-w- c:\documents and settings\Mike\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-05-22 13:48 . 2010-05-22 13:48 282624 ----a-w- c:\documents and settings\Mike\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-05-22 13:48 . 2010-05-22 13:48 208896 ----a-w- c:\documents and settings\Mike\Application Data\Spotify\Gracenote\gnsdk_dsp.dll
2010-05-21 18:43 . 2010-07-25 16:51 1142784 -c--a-w- c:\documents and settings\All Users\Application Data\{623EA537-46B3-4540-A259-8E2831675E5A}\OFFLINE\25B6367E\6FC27DC1\JamManager.exe
2008-07-25 17:55 . 2009-01-18 12:18 27385856 ----a-w- c:\program files\Vogue.dll
2003-05-03 10:59 . 2010-05-10 19:57 921 ----a-w- c:\program files\VSTPluginsdefault.csv
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Mike\Application Data\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Mike\Application Data\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Mike\Application Data\Dropbox\bin\DropboxExt.13.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TClockEx"="c:\program files\TClockEx\TCLOCKEX.EXE" [2000-03-09 89088]
"MCW Startup"="c:\program files\Monitor Calibration Wizard\MCW.exe" [2002-12-20 321024]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-18 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRISMSVR.EXE"="c:\program files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE" [2004-07-02 295001]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-17 17880576]
"CTHelper"="CTHELPER.EXE" [2005-08-08 16384]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-08-08 18944]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Mike\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Mike\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-6-23 113664]
Bitmeter2.lnk - c:\program files\Codebox\BitMeter\BitMeter2.exe [2008-5-8 1458176]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpeakComputer Speaking Clock.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SpeakComputer Speaking Clock.lnk
backup=c:\windows\pss\SpeakComputer Speaking Clock.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpeedTouch 121g Wireless USB Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SpeedTouch 121g Wireless USB Monitor.lnk
backup=c:\windows\pss\SpeedTouch 121g Wireless USB Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2007-10-11 07:45 31232 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2005-08-08 06:10 16384 ----a-w- c:\windows\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2005-08-08 06:10 18944 ----a-w- c:\windows\system32\CTXFIHLP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2004-08-10 03:04 59392 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-02-19 23:10 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 21:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 09:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
2007-07-12 09:42 2491688 ----a-w- c:\program files\CyberLink\Power2Go\Power2GoExpress.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 09:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-14 20:01 71216 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-04-17 17:24 17880576 ----a-w- c:\windows\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 11:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-08-20 05:15 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-06-18 16:14 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 15:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS12 Preload]
2008-06-09 11:03 397456 ----a-w- c:\program files\Corel\Corel VideoStudio 12\uvPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CTAudSvcService"=3 (0x3)
"WZCSVC"=3 (0x3)
"TapiSrv"=3 (0x3)
"RichVideo"=2 (0x2)
"RemoteRegistry"=2 (0x2)
"LightScribeService"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector Express\\PDX.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Mike\\Desktop\\Downloads\\utorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\symds.sys [26/05/2010 21:25 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [26/05/2010 21:25 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100719.001\BHDrvx86.sys [20/07/2010 00:28 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [26/05/2010 21:25 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [26/05/2010 21:25 116784]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [26/05/2010 21:24 126392]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [25/05/2007 09:05 34944]
R3 BT4501G;SpeedTouch 121g Wireless USB Adapter Driver;c:\windows\system32\drivers\BT4501G.sys [10/11/2009 10:24 349824]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/05/2010 20:11 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100813.004\IDSXpx86.sys [15/08/2010 21:40 331640]
S2 gupdate1c985e88d1ec762;Google Update Service (gupdate1c985e88d1ec762);c:\program files\Google\Update\GoogleUpdate.exe [03/02/2009 11:16 133104]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Mike\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Mike\LOCALS~1\Temp\ALSysIO.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/11/2009 14:55 1684736]
S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [05/01/2009 12:31 30192]
S4 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [25/05/2007 03:13 24971]
S4 m5287;m5287;c:\windows\system32\drivers\m5287.sys [25/05/2007 03:13 103680]
S4 m5288;m5288;c:\windows\system32\drivers\m5288.sys [25/05/2007 03:13 210304]
S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [25/05/2007 03:13 52480]
S4 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [25/05/2007 03:13 89749]
S4 Symiedera_s;Symiedera_s; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 09:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-07-25 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.1.0.14\DriverRobot.exe [2009-11-10 14:35]
2010-08-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-18 07:36]
2010-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cac62bee36b8dc.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 10:16]
2010-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 10:16]
2010-08-17 c:\windows\Tasks\User_Feed_Synchronization-{95112359-63FF-45A2-9A3C-C1B5A144CEBB}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} - hxxps://moneymanager.egg.com/Pinsafe/accounttracking.cab
DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} - hxxp://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-BullGuard - c:\program files\BullGuard Software\BullGuard\bullguard.exe
MSConfigStartUp-Google Update - c:\documents and settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
MSConfigStartUp-ZoneAlarm Client - c:\program files\Zone Labs\ZoneAlarm\zlclient.exe

**************************************************************************
scanning hidden processes ... 
scanning hidden autostart entries ... 
scanning hidden files ... 
scan completed successfully
hidden files: 
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1308)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-08-17 09:02:23
ComboFix-quarantined-files.txt 2010-08-17 08:02
Pre-Run: 459,452,407,808 bytes free
Post-Run: 459,386,286,080 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
- - End Of File - - 990F576ACB4B638A19B2D9E0F4AD6C8A


----------



## dvk01 (Dec 14, 2002)

nothing obvious wrong there
* Run Kaspersky online virus scan *Kaspersky Online Scanner*.

After the updates have downloaded, click on the "Scan Settings" button.
select the *(b)"Spyware, Adware, Dialers and other potentially dangerous programs" *for the scan.
Under "Please select a target to scan", click "My Computer".
When the scan is finished, Save the results from the scan!

Note: Kavscan is a scanner only & won't fix anything but will normally find the most infected files so it's report gives us a good place to work from 

If that won't run then 
Run an online antivirus check from one of the following sites

http://www.eset.com/online-scanner
http://www.pandasoftware.com/activescan/
http://www.bitdefender.com/scan8/ie.html


----------



## mikemunkie (Aug 19, 2009)

I did the Kaspersky online scanner, came up with nothing except those that were in Norton's quarantine. 
All seems ok now


----------



## dvk01 (Dec 14, 2002)

*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
* Click *START* then * RUN*
* Now type *Combofix /Uninstall * in the runbox and click *OK*. Note the *space *between the *X* and the */U*, it needs to be there.









This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

go here* http://www.thespykiller.co.uk/index.php?page=3 *for info on how to tighten your security settings and how to help prevent future attacks.

and scan here* http://secunia.com/software_inspector/ * for out of date & vulnerable common applications on your computer and update whatever it suggests

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place


----------



## mikemunkie (Aug 19, 2009)

thanks for your help


----------

