There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Malware Removal & HijackThis Logs
Tag Cloud
adware audio bios blue screen boot bsod computer connection crash dell desktop drivers error excel firefox freeze google hard drive hardware hijackthis install internet laptop linux malware network no sound outlook problem recovery router safe mode screen server slow sound speakers spyware startup trojan usb video virus vista vundo windows windows 7 windows vista windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Hijackthis - program (New)

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
 
Thread Tools
Stormbug's Avatar
Junior Member with 5 posts.
  
Join Date: Aug 2004
Experience: Intermediate
25-Aug-2004, 06:10 AM #1
Unhappy Hijackthis - program
My operating system is: Win98 se

I was wondering if you could help me out of this sort of problerm, i used "hijackthis" program and i did the scan, now i don't know what to remove from the list,could you tell me what i need to remove?

my hijackthis list:

Logfile of HijackThis v1.97.7
Scan saved at 12:34:05, on 25.8.2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\MY DOCUMENTS\LOTTA\HP VALOKUVA OHJELMA\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\MY DOCUMENTS\LOTTA\HP VALOKUVA OHJELMA\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\MY DOCUMENTS\LOTTA\HP VALOKUVA OHJELMA\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\SIDE WINDER\COMMON\SWTRAYV4.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\MMTRAYLSI.EXE
C:\WINDOWS\SYSTEM\MMTRAY2K.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\REFMPEGACID\DATE WAIT.EXE
C:\WINDOWS\SYSTEM\MMTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\WINDOWS\APPLICATION DATA\MORE MEMO CLOCK THIRD\HTM INSIDE.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
D:\HIJAC THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uqrrghgqhdwis.com/wb_u048...ZGnT/A5eQ.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ecppevwmyg.com/wb_u048ntg...FxeajTjsr9.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
F1 - win.ini: run=hpfsched
N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\vz4vlj9a.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_02.src "); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\vz4vlj9a.slt\prefs.js)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\MY DOCUMENTS\PDF READER\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHELPER.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {BF6F5B14-22DF-618D-22E7-B916EC76B715} - C:\PROGRAM FILES\THEMP3\FORSLOW.EXE
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\My Documents\Lotta\HP valokuva ohjelma\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\My Documents\Lotta\HP valokuva ohjelma\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\SIDEWI~1\COMMON\SWTRAYV4.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [20736330.exe] C:\WINDOWS\System\20736330.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Chin Support] C:\PROGRA~1\REFMPE~1\DATE WAIT.exe
O4 - HKLM\..\Run: [WinFast_Gamma] rundll32.exe wfcpl.dll,DllLoadGammaRampSettings
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Clock Third This Joy] C:\WINDOWS\Application Data\more memo clock third\Htm Inside.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: PowerReg Scheduler.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...870.5223958333
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://216.65.38.226/crack.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
Register for free to hide this ad!
Rollin' Rog's Avatar
Computer Specs
Moderator with 44,831 posts.
  
Join Date: Dec 2000
Location: North of Hollywoodland
Experience: I know when to fold em'
25-Aug-2004, 12:00 PM #2
Have these instructions printed or in a convenient Notepad (or Wordpad) file so you can view them in Safe Mode. Have "show hidden (or all) files" checked in Folder Options > View in case you have to search for any hidden files to delete. Also ensure you do NOT have "hide file extensions..." enabled in Folder Options > View

Download and unzip to a convenient location the CoolWebShredder, CWShredder.exe available here: http://www.computercops.biz/downloads-cat-14.html

Then:

1 >> Restart in Safe Mode: http://service1.symantec.com/SUPPORT...01052409420406

2 >> In Safe Mode run the CoolWebShredder and have it "fix" detected problems. Then run HijackThis and check and "fix" the following entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uqrrghgqhdwis.com/wb_u04...bZGnT/A5eQ.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ecppevwmyg.com/wb_u048nt...XFxeajTjsr9.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [20736330.exe] C:\WINDOWS\System\20736330.exe

^^ find and delete the file 20736330.exe

O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart

Messenger Plus must be removed through Add/Remove programs. It installs and maintains a "lop.com" hijack, which will return otherwise.

Additional cleanup instructions: Go to the Control Panel > Internet Options applet. Clear the Temporary Internet Cache, History and Offline Content. Go to the Programs tab and select "reset web settings", including your home page if it has been altered. You can reset that later to what you desire.


3 >> on reboot, use the latest version of HijackThis, available below, to post a new Scanlog.

http://www.net-integration.net/tools/hijackthis.html
Stormbug's Avatar
Junior Member with 5 posts.
  
Join Date: Aug 2004
Experience: Intermediate
25-Aug-2004, 01:21 PM #3
I did all you said and i was unable to find and delete the file 20736330.exe and i was unable to remove messenger plus,computer opened a new window that said that messenger plus couldn't be fully removed. Here is the new scan log:

Logfile of HijackThis v1.98.2
Scan saved at 20:22:27, on 25.8.2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\MY DOCUMENTS\LOTTA\HP VALOKUVA OHJELMA\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\MY DOCUMENTS\LOTTA\HP VALOKUVA OHJELMA\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\LOADQM.EXE
C:\MY DOCUMENTS\LOTTA\HP VALOKUVA OHJELMA\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\MMTRAYLSI.EXE
C:\WINDOWS\SYSTEM\MMTRAY2K.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\D-TOOLS\DAEMON.EXE
C:\WINDOWS\SYSTEM\MMTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\APPLICATION DATA\MORE MEMO CLOCK THIRD\HTM INSIDE.EXE
C:\PROGRAM FILES\REFMPEGACID\DATE WAIT.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
D:\HIJAC THIS\2\HIJACKTHIS.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.domeydmkqaexokjbvv.net/wb...xeajTjsr9.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R3 - Default URLSearchHook is missing
F1 - win.ini: run=hpfsched
N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\vz4vlj9a.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_02.src "); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\vz4vlj9a.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\MY DOCUMENTS\PDF READER\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHELPER.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {BF6F5B14-22DF-618D-22E7-B916EC76B715} - C:\PROGRAM FILES\THEMP3\FORSLOW.EXE
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\My Documents\Lotta\HP valokuva ohjelma\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\My Documents\Lotta\HP valokuva ohjelma\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinFast_Gamma] rundll32.exe wfcpl.dll,DllLoadGammaRampSettings
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Clock Third This Joy] C:\WINDOWS\Application Data\more memo clock third\Htm Inside.exe
O4 - HKLM\..\Run: [Chin Support] C:\PROGRA~1\REFMPE~1\DATE WAIT.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - D:\VISUAL ROUTE INSTALL\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - D:\VISUAL ROUTE INSTALL\vrie.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://216.65.38.226/crack.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
Rollin' Rog's Avatar
Computer Specs
Moderator with 44,831 posts.
  
Join Date: Dec 2000
Location: North of Hollywoodland
Experience: I know when to fold em'
25-Aug-2004, 03:05 PM #4
If the Messenger Plus! 3 folder is still present in C:\Program Files, go ahead and delete that. You may need to do it in Safe Mode.

Then install, update if available, and run a full drive Ad-Aware SE scan. Install the VX2 Plugin and run that as well from the "add-ons" window once you have completed the orginal scan.


Then reboot and run HijackThis again. check and fix this entry if present.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.domeydmkqaexokjbvv.net/w...FxeajTjsr9.html

Reboot, go online for a few minutes and run HijackThis again to verify it does not return.

Post the new log.

Ad-Aware Home Page


http://download.lavasoft.de.edgesuit...vx2cleaner.exe


Also can you just shed some light on what these programs are, I'm not familiar with them and don't see any readily available info:

O4 - HKLM\..\Run: [Clock Third This Joy] C:\WINDOWS\Application Data\more memo clock third\Htm Inside.exe
O4 - HKLM\..\Run: [Chin Support] C:\PROGRA~1\REFMPE~1\DATE WAIT.exe
Stormbug's Avatar
Junior Member with 5 posts.
  
Join Date: Aug 2004
Experience: Intermediate
26-Aug-2004, 10:50 AM #5
Ad-aware program found 43 bad files and i deleted them.i did the vx2 plug in thing and it didn't find anything,but as you can see the R0 - HKLM thing still comes to the list. And i don't know what thease programs are, they just appeared a few weeks ago :
O4 - HKLM\..\Run: [Clock Third This Joy] C:\WINDOWS\Application Data\more memo clock third\Htm Inside.exe
O4 - HKLM\..\Run: [Chin Support] C:\PROGRA~1\REFMPE~1\DATE WAIT.exe


here is my new scan list:

Logfile of HijackThis v1.98.2
Scan saved at 17:47:24, on 26.8.2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\MY DOCUMENTS\LOTTA\HP VALOKUVA OHJELMA\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOCUMENTS\LOTTA\HP VALOKUVA OHJELMA\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\MY DOCUMENTS\LOTTA\HP VALOKUVA OHJELMA\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\MMTRAYLSI.EXE
C:\WINDOWS\SYSTEM\MMTRAY2K.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\D-TOOLS\DAEMON.EXE
C:\WINDOWS\SYSTEM\MMTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\APPLICATION DATA\MORE MEMO CLOCK THIRD\HTM INSIDE.EXE
C:\PROGRAM FILES\REFMPEGACID\DATE WAIT.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
D:\HIJAC THIS\2\HIJACKTHIS.EXE
C:\WINDOWS\NOTEPAD.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bbepnqauwrg.com/wb_u048nt...xeajTjsr9.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R3 - Default URLSearchHook is missing
F1 - win.ini: run=hpfsched
N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\vz4vlj9a.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_02.src "); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\vz4vlj9a.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\MY DOCUMENTS\PDF READER\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHELPER.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {BF6F5B14-22DF-618D-22E7-B916EC76B715} - C:\PROGRAM FILES\THEMP3\FORSLOW.EXE
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\My Documents\Lotta\HP valokuva ohjelma\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\My Documents\Lotta\HP valokuva ohjelma\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinFast_Gamma] rundll32.exe wfcpl.dll,DllLoadGammaRampSettings
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Clock Third This Joy] C:\WINDOWS\Application Data\more memo clock third\Htm Inside.exe
O4 - HKLM\..\Run: [Chin Support] C:\PROGRA~1\REFMPE~1\DATE WAIT.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - D:\VISUAL ROUTE INSTALL\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - D:\VISUAL ROUTE INSTALL\vrie.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://216.65.38.226/crack.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
Rollin' Rog's Avatar
Computer Specs
Moderator with 44,831 posts.
  
Join Date: Dec 2000
Location: North of Hollywoodland
Experience: I know when to fold em'
26-Aug-2004, 12:40 PM #6
Since you don't know what these programs are, go ahead and use HijackThis to "fix" them, then look in Add/Remove programs for any reference to them, if found, remove them there

O4 - HKLM\..\Run: [Clock Third This Joy] C:\WINDOWS\Application Data\more memo clock third\Htm Inside.exe
O4 - HKLM\..\Run: [Chin Support] C:\PROGRAM Files\REFMPE~1\DATE WAIT.exe


If not found, locate their program folders and see what's in them; if nothing you recognize, delete them.

These entries should be "fixed" in HijackThis:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bbepnqauwrg.com/wb_u048n...FxeajTjsr9.html
O2 - BHO: (no name) - {BF6F5B14-22DF-618D-22E7-B916EC76B715} - C:\PROGRAM FILES\THEMP3\FORSLOW.EXE

^^ see what is in the "themp3" folder and delete it if nothing recognizable and legitimate

O4 - HKLM\..\Run: [Clock Third This Joy] C:\WINDOWS\Application Data\more memo clock third\Htm Inside.exe
O4 - HKLM\..\Run: [Chin Support] C:\PROGRAM Files\REFMPE~1\DATE WAIT.exe

>>> All of these procedures should be performed in Safe Mode. Also once again go to Internet Options > Programs tab and "reset web settings".

On reboot, before reconnecting to the internet, run HijackThis again to see if any of those entries have returned; then connect to the internet again and after about 10 minutes, run another Scanlog and see if things have changed.

Post here the final scanlog; if it returns I'll have some other diagnostic tools for you to use
Stormbug's Avatar
Junior Member with 5 posts.
  
Join Date: Aug 2004
Experience: Intermediate
27-Aug-2004, 04:27 AM #7
probably the problerm has been resolved because the date wait and the other things did not come back even after i connected to the internet, and i removed the files that you said to take a look. there was some "window search" in the add remove programs and i removed it.
here is the final scan log:

Logfile of HijackThis v1.98.2
Scan saved at 11:15:20, on 27.8.2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\MY DOCUMENTS\LOTTA\HP VALOKUVA OHJELMA\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\MY DOCUMENTS\LOTTA\HP VALOKUVA OHJELMA\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\LOADQM.EXE
C:\MY DOCUMENTS\LOTTA\HP VALOKUVA OHJELMA\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\MMTRAYLSI.EXE
C:\WINDOWS\SYSTEM\MMTRAY2K.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\D-TOOLS\DAEMON.EXE
C:\WINDOWS\SYSTEM\MMTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\NOTEPAD.EXE
D:\HIJAC THIS\2\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R3 - Default URLSearchHook is missing
F1 - win.ini: run=hpfsched
N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\vz4vlj9a.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_02.src "); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\vz4vlj9a.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\MY DOCUMENTS\PDF READER\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHELPER.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\My Documents\Lotta\HP valokuva ohjelma\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\My Documents\Lotta\HP valokuva ohjelma\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinFast_Gamma] rundll32.exe wfcpl.dll,DllLoadGammaRampSettings
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - D:\VISUAL ROUTE INSTALL\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - D:\VISUAL ROUTE INSTALL\vrie.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://216.65.38.226/crack.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

I wondered if you could tell me how to be sure that thease kind of problerms would not come back again,perhaps you could tell me some program that refuses them,i tried to use two different kind of firewall programs (not at the same time)and when i had installed firewall program my computer started to reboot himself without warning,after i had un installed firewall my computer did not any more reboot himself.i tink thats kind of weird, i hope you can help me out.
Rollin' Rog's Avatar
Computer Specs
Moderator with 44,831 posts.
  
Join Date: Dec 2000
Location: North of Hollywoodland
Experience: I know when to fold em'
27-Aug-2004, 10:32 AM #8
The scanlog is clean, so that does seem to have licked it.

Basically, give this link a read and perhaps check out the programs recommended. I'm a minimalist myself, never having much problem with these things, probably because I stick mostly with Opera as my browser, and have never used Outlook express. Also by experience, I know what MS updates really are critical. Others should just install all the ones MS deems critical.

How Did I Get Infected?

Judicious browsing and downloading habits are really your best defense, and keeping the updates for IE and Outlook Express, if you use that, current.

I really recommend everyone install and get comfortable with an alternate browser such as Opera or Mozilla Firefox -- even if you prefer to stick with IE as your default for awhile.
Closed Thread Bookmark and Share

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Smart Search

Find your solution!

« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 06:43 PM.
Copyright © 1996 - 2009 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2009, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.