Jump to content

Recommended Posts

I have successfully removed MS Recovery malware but have lost my desktop icons and some programs from my start up menu. I read thru a series of postings regarding the same issue in which OTL was used to fix the problem, but I don't know what commands I need for my laptop. I am posting the scan results from OTL in hopes someone can tell me what to do. Thanks!

OTL Extras logfile created on: 5/16/2011 11:41:56 PM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = E:\xxxxxx Virus remover

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 599.00 Mb Available Physical Memory | 59.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 69.97 Gb Total Space | 46.47 Gb Free Space | 66.42% Space Free | Partition Type: NTFS

Drive E: | 1.89 Gb Total Space | 0.82 Gb Free Space | 43.10% Space Free | Partition Type: FAT32

Computer Name: xxxxxxx-B77DE3F | User Name: xxxxxxx xxxxxx | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\ATT-HSI\McciBrowser.exe" = C:\Program Files\ATT-HSI\McciBrowser.exe:*:Enabled:motivebrowser.exe -- (Alcatel-Lucent)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan

"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy

"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant

"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax

"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare

"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy

"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 22

"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1

"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload

"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour

"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext

"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme

"{461073BF-9642-4A73-B58E-157358D412AB}" = 6200

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone

"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller

"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com

"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects

"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery

"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update

"{6518675B-CC8D-4AB3-A3F6-CC02FF6548D7}" = 6200_Help

"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan

"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations

"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm

"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware

"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client

"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics

"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper

"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1

"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware

"{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.0

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc

"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules

"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3

"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director

"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C3F81504-72F3-4262-9449-487404DA75BB}" = 6200Trb

"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg

"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"ATT-SST" = AT&T Self Support Tool

"ATTToolbar" = AT&T Toolbar

"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card

"BroadJump Client Foundation" = BroadJump Client Foundation

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"CTMBDemo_Audigy" = Sound Blaster Audigy ADVANCED MB Demo

"HP Family and Friends CD" = HP Family and Friends CD

"HP Photo & Imaging" = HP Image Zone 4.7

"HPExtendedCapabilities" = HP Extended Capabilities 4.7

"ie8" = Windows Internet Explorer 8

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Security Client" = Microsoft Security Essentials

"MIXERLITE" = Mixer

"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"PrintMaster Gold 4.00" = PrintMaster Gold 4.00

"TomTom HOME" = TomTom HOME 2.7.6.2056

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 11/17/2010 12:54:45 PM | Computer Name = xxxxxxx-B77DE3F | Source = TomTomHOMEService | ID = 10000

Description =

Error - 11/19/2010 10:19:39 PM | Computer Name = xxxxxxx-B77DE3F | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/19/2010 10:24:20 PM | Computer Name = xxxxxxx-B77DE3F | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/12/2011 12:54:34 PM | Computer Name = xxxxxxx-B77DE3F | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6805.0,

P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),

P8 NIL, P9 NIL, P10 NIL.

Error - 1/29/2011 8:14:20 PM | Computer Name = xxxxxxx-B77DE3F | Source = Application Hang | ID = 1002

Description = Hanging application firefox.exe, version 1.9.2.3989, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 2/1/2011 8:41:40 PM | Computer Name = xxxxxxx-B77DE3F | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8107.0,

P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 4/28/2011 5:28:19 PM | Computer Name = xxxxxxx-B77DE3F | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80240022, P2 processdownloadresults, P3

download, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials

(edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.

Error - 5/9/2011 10:25:48 PM | Computer Name = xxxxxxx-B77DE3F | Source = Application Hang | ID = 1002

Description = Hanging application firefox.exe, version 2.0.0.4094, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 5/16/2011 6:11:26 PM | Computer Name = xxxxxxx-B77DE3F | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4

3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 5/16/2011 10:22:40 PM | Computer Name = xxxxxxx-B77DE3F | Source = Application Hang | ID = 1002

Description = Hanging application trojankiller.exe, version 2.0.9.4, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

[ Application Events ]

Error - 11/17/2010 12:54:45 PM | Computer Name = xxxxxxx-B77DE3F | Source = TomTomHOMEService | ID = 10000

Description =

Error - 11/19/2010 10:19:39 PM | Computer Name = xxxxxxx-B77DE3F | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/19/2010 10:24:20 PM | Computer Name = xxxxxxx-B77DE3F | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/12/2011 12:54:34 PM | Computer Name = xxxxxxx-B77DE3F | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6805.0,

P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),

P8 NIL, P9 NIL, P10 NIL.

Error - 1/29/2011 8:14:20 PM | Computer Name = xxxxxxx-B77DE3F | Source = Application Hang | ID = 1002

Description = Hanging application firefox.exe, version 1.9.2.3989, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 2/1/2011 8:41:40 PM | Computer Name = xxxxxxx-B77DE3F | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8107.0,

P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 4/28/2011 5:28:19 PM | Computer Name = xxxxxxx-B77DE3F | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80240022, P2 processdownloadresults, P3

download, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials

(edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.

Error - 5/9/2011 10:25:48 PM | Computer Name = xxxxxxx-B77DE3F | Source = Application Hang | ID = 1002

Description = Hanging application firefox.exe, version 2.0.0.4094, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 5/16/2011 6:11:26 PM | Computer Name = xxxxxxx-B77DE3F | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4

3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P8 NIL, P9 NIL, P10 NIL.

Error - 5/16/2011 10:22:40 PM | Computer Name = xxxxxxx-B77DE3F | Source = Application Hang | ID = 1002

Description = Hanging application trojankiller.exe, version 2.0.9.4, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]

Error - 5/16/2011 7:23:44 PM | Computer Name = xxxxxxx-B77DE3F | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service netman with

arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 5/16/2011 8:59:55 PM | Computer Name = xxxxxxx-B77DE3F | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/16/2011 9:00:11 PM | Computer Name = xxxxxxx-B77DE3F | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/16/2011 9:13:38 PM | Computer Name = xxxxxxx-B77DE3F | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/16/2011 9:15:14 PM | Computer Name = xxxxxxx-B77DE3F | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/16/2011 9:16:18 PM | Computer Name = xxxxxxx-B77DE3F | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Fips intelppm MpFilter

Error - 5/16/2011 9:17:20 PM | Computer Name = xxxxxxx-B77DE3F | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/16/2011 9:18:46 PM | Computer Name = xxxxxxx-B77DE3F | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/16/2011 9:19:57 PM | Computer Name = xxxxxxx-B77DE3F | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Fips intelppm MpFilter

Error - 5/16/2011 9:26:19 PM | Computer Name = xxxxxxx-B77DE3F | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

< End of report >

OTL logfile created on: 5/16/2011 11:41:56 PM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = E:\Cories Virus remover

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 599.00 Mb Available Physical Memory | 59.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 69.97 Gb Total Space | 46.47 Gb Free Space | 66.42% Space Free | Partition Type: NTFS

Drive E: | 1.89 Gb Total Space | 0.82 Gb Free Space | 43.10% Space Free | Partition Type: FAT32

Computer Name: xxxxxx-B77DE3F | User Name: xxxxxx xxxxxxx | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - E:\Cories Virus remover\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe (GridinSoft LLC.)

PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)

PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)

PRC - C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)

PRC - C:\WINDOWS\system32\ntvdm.exe (Microsoft Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Creative\Mixer\CTSVolFE.exe (Creative Technology Ltd)

PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)

PRC - C:\Program Files\BroadJump\Client Foundation\CFD.exe ()

========== Modules (SafeList) ==========

MOD - E:\Cories Virus remover\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found

SRV - (AppMgmt) -- File not found

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

========== Driver Services (SafeList) ==========

DRV - (MpKsle92933db) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A982BB58-145F-4149-86FC-61AB4EF45399}\MpKsle92933db.sys (Microsoft Corporation)

DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corp.)

DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)

DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)

DRV - (WUSB54GPV4SRV) -- C:\WINDOWS\system32\drivers\rt2500usb.sys (Ralink Technology Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/04 14:37:18 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/04 14:37:14 | 000,000,000 | ---D | M]

[2010/11/17 11:54:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\xxxxxx xxxxxxx\Application Data\Mozilla\Extensions

[2010/11/17 11:54:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\xxxxxx xxxxxxx\Application Data\Mozilla\Extensions\home2@tomtom.com

[2011/04/04 14:37:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\xxxxxx xxxxxxx\Application Data\Mozilla\Firefox\Profiles\yuevk7kf.default\extensions

[2011/02/06 09:10:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\xxxxxx xxxxxxx\Application Data\Mozilla\Firefox\Profiles\yuevk7kf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/04/04 14:37:30 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\xxxxxx xxxxxxx\Application Data\Mozilla\Firefox\Profiles\yuevk7kf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2011/04/04 14:37:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/02/04 15:25:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011/04/04 14:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions

[2011/04/04 14:37:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

File not found (No name found) --

[2011/02/04 15:24:47 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010/01/01 03:00:00 | 000,135,168 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll

[2011/02/04 15:24:45 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2004/08/12 08:57:47 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)

O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)

O3 - HKCU\..\Toolbar\WebBrowser: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)

O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)

O4 - HKLM..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()

O4 - HKLM..\Run: [CTSVolFE.exe] C:\Program Files\Creative\Mixer\CTSVolFE.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)

O4 - HKCU..\Run: [PqDTgJOxvviAety] File not found

O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)

O4 - Startup: C:\Documents and Settings\xxxxxx xxxxxxx\Start Menu\Programs\Startup\Event Reminder.lnk = C:\programs\pmw\PMREMIND.EXE ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1

O15 - HKCU\..Trusted Domains: att.net ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: att.net ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: sbcglobal.net ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: yahoo.com ([clientapps] http in Trusted sites)

O15 - HKCU\..Trusted Domains: yahoo.com ([clientapps] https in Trusted sites)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264211141330 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/01/21 17:37:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{4342c4ee-07c0-11df-ad2f-f700d028c7ad}\Shell - "" = AutoRun

O33 - MountPoints2\{4342c4ee-07c0-11df-ad2f-f700d028c7ad}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{4342c4ee-07c0-11df-ad2f-f700d028c7ad}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O33 - MountPoints2\{60956e35-f26b-11df-ae80-001422afc8bb}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe

O33 - MountPoints2\{7c1b250c-3099-11df-ad42-b689793750ac}\Shell\AutoRun\command - "" = wdsync.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/16 18:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/05/16 17:14:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GridinSoft

[2011/05/16 17:13:57 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer

[2011/05/16 16:55:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\xxxxxx xxxxxxx\Recent

[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/16 22:08:15 | 000,000,424 | ---- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2011/05/16 22:07:23 | 000,444,156 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/05/16 22:07:23 | 000,072,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/05/16 22:02:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/05/16 18:23:41 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/05/16 17:14:08 | 000,000,832 | ---- | M] () -- C:\Documents and Settings\xxxxxx xxxxxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Trojan Killer.lnk

[2011/05/16 17:14:08 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trojan Killer.lnk

[2011/05/16 16:50:04 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2011/05/16 14:55:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/05/14 19:53:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/05/05 10:29:04 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\xxxxxx xxxxxxx\Desktop\Microsoft Office Excel 2003.lnk

[2011/04/17 09:20:05 | 000,192,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/16 18:23:41 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/05/16 17:14:08 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\xxxxxx xxxxxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Trojan Killer.lnk

[2011/05/16 17:14:08 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trojan Killer.lnk

[2011/05/16 16:50:04 | 000,001,430 | ---- | C] () -- C:\Documents and Settings\xxxxxx xxxxxxx\Start Menu\Programs\Startup\Event Reminder.lnk

[2010/10/29 10:46:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI

[2010/04/26 21:07:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/03/25 08:28:40 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\xxxxxx xxxxxxx\Local Settings\Application Data\fusioncache.dat

[2010/03/25 08:01:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2010/03/23 06:42:17 | 000,068,977 | ---- | C] () -- C:\WINDOWS\hpoins05.dat

[2010/03/23 06:42:17 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat

[2010/03/15 22:37:33 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll

[2010/03/15 22:37:31 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll

[2010/03/15 22:37:31 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE

[2010/03/06 19:46:04 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat

[2010/01/22 20:54:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/01/22 20:42:06 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll

[2010/01/21 17:39:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010/01/21 17:33:59 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2010/01/21 11:19:57 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/01/21 11:18:40 | 000,192,976 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2004/08/12 09:11:42 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/12 09:11:41 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/12 09:04:52 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/12 09:03:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/12 09:03:20 | 000,444,156 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/12 09:03:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/12 09:03:19 | 000,072,248 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/12 09:02:25 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2004/08/12 08:59:52 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/12 08:59:46 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/12 08:57:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/12 08:56:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/05/03 14:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATTToolbar

[2010/03/22 19:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters

[2010/11/17 11:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom

[2010/03/22 19:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxx xxxxxxx\Application Data\ATTToolbar

[2010/01/22 21:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxx xxxxxxx\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010/11/17 11:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxxx xxxxxxx\Application Data\TomTom

[2011/05/16 22:08:15 | 000,000,424 | ---- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please download Unhide.exe by Grinler and save it to your Desktop.

Run it, then restart your computer.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.