1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help.....can't get to google

Discussion in 'Virus & Other Malware Removal' started by wnt2binkauai, Sep 24, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. wnt2binkauai

    wnt2binkauai Thread Starter

    Joined:
    Sep 23, 2003
    Messages:
    48
    I think something is on my computer but I'm not sure what it is. When I try to go to google, I get the following message:

    "Are you trying to get to Google?
    Your computer is running software that doesn’t allow you to use Google.
    You’re seeing this page because your computer is trying to send you to a website that is pretending to be Google. Over the past few weeks, you may have seen a website that looks like Google, but launches pop-up windows and does not work like Google. That page is not affiliated with Google in any way and is intended to deceive you.

    Why is this happening?
    Most likely a program was installed on your computer automatically and without your knowledge when you downloaded an otherwise harmless piece of software. Or you may have been tricked into clicking on a disguised download button while visiting a website.

    What can I do about it?
    This problem can be fixed fairly easily, but will require that you make changes in a file that is part of your computer’s operating system. You should always be cautious when making these kinds of adjustments, as they may affect the performance of your computer. If you are not comfortable doing this yourself, you may want to print out this page and show it to someone whose technical knowledge you trust.

    What steps do I take?
    The first step is to remove the entry for Google from your hosts file. This entry is telling your computer where to send your computer instead of to Google.

    In Windows, open the Notepad program. You can do this by going to the Start menu in the lower left of your screen, selecting “Programs,” then “Accessories,” then “Notepad.”

    In the Notepad menu, click on “File,” then “Open.” You will see a new window asking which file to open. You may need to change "Files of type" to "All Files" instead of "Text Documents". The actual file to open is listed below:

    If your computer is running Windows XP, Window NT, or Windows 2000, the file is located in the folder found by following this path:

    My Computer >Local Disk(C) >Windows >System32 >Drivers >etc >hosts

    If your computer is running Windows 98, Second Edition or Windows ME, the file is located in the folder found by following this path:

    My Computer >Local Disk(C) >Windows >hosts

    Once you have opened this file, remove entirely any line of text that contains “google.com”, “www.google.com” or other Google domains (such as “google.co.uk”). To remove the text, highlight it by dragging your pointer across the line while holding down the mouse button. Once the text is highlighted, hit the Backspace or Delete button, then save the file by going to the File menu and clicking “Save.” You can now exit Notepad.

    What else can I do?
    You might want to try software that attempts to detect and uninstall programs like this one. While we do not have a relationship with anyone who offers this software and we cannot endorse a particular product, the most popular programs for doing this seem to be Spybot Search and Destroy and LavaSoft's AdAware. The particular program affecting your computer is relatively new, so these products might not be able to detect and repair this type of problem yet.

    The next step is to learn more. You can visit http://www.doxdesk.com/parasite/ to review information about a number of known self-installing software programs. Several articles on the web may be helpful, such as

    · http://www.theage.com.au/articles/2003/04/14/1050172507212.html
    · http://news.com.com/2100-1023-877568.html
    · http://news.com.com/2100-1023-257592.html

    Investigate individual programs using search engines. Try keywords such as "spyware," "scumware," and "adware."
    Once you’re informed, take action. Help your family and friends avoid these annoying programs. If you can find the site that installed this software on your computer, let them know how you feel about it. You might also want to track down companies that benefit from having your web visits redirected, and share your feelings with them.

    Finally, it's quick and easy to file a complaint with the Federal Trade Commission (FTC). This U.S. government agency handles complaints about deceptive or unfair business practices. To file a complaint, visit: http://www.ftc.gov/ and click on "File a Complaint Online", or call 1-877-FTC-HELP. Or write to:

    Federal Trade Commission
    CRC-240
    Washington, D.C. 20580

    If your complaint is against a company in another country, you can file it at http://www.econsumer.gov/. "

    I tried to do what it says, but I couldn't see the Hosts in the Windows folder. Any help would be greatly appreciated. Thanks.
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,181
    First Name:
    Derek
    Do it the easy way


    go to http://www.tomcoyote.org/hjt/ , and download 'Hijack This!'.
    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log somewhere, and please copy & paste its contents to the forum.

    It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet.
    Someone here will be happy to help you analyze the results.
     
  3. wnt2binkauai

    wnt2binkauai Thread Starter

    Joined:
    Sep 23, 2003
    Messages:
    48
    Thanks. I think I have a lot of junk. here it is:

    Logfile of HijackThis v1.97.2
    Scan saved at 6:20:18 AM, on 9/24/2003
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0600)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\SCARDSVR.EXE
    C:\PROGRAM FILES\COMPAQ\COMPAQ MESSAGE SCREENER\BIN\COMPAQ-RBA.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\WINDOWS\PCTVOICE.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\DOWNLOADED PROGRAM FILES\CCPM_0237.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
    C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thewmurchannel.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kazaa-lite.ws/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.kazaa-lite.ws/results.php?show=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?s=searchicon&c=2C01&lc=0409
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kazaa-lite.ws/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.kazaa-lite.ws/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.kazaa-lite.ws/
    O1 - Hosts: 127.127.127.127 elite
    O1 - Hosts: 64.191.95.139 www.google.com
    O1 - Hosts: 64.191.95.139 google.com
    O1 - Hosts: 64.191.95.139 www.altavista.com
    O1 - Hosts: 64.191.95.139 altavista.com
    O1 - Hosts: 64.191.95.139 search.yahoo.com
    O1 - Hosts: 64.191.95.139 uk.search.yahoo.com
    O1 - Hosts: 64.191.95.139 ca.search.yahoo.com
    O1 - Hosts: 64.191.95.139 jp.search.yahoo.com
    O1 - Hosts: 64.191.95.139 au.search.yahoo.com
    O1 - Hosts: 64.191.95.139 de.search.yahoo.com
    O1 - Hosts: 64.191.95.139 search.yahoo.co.jp
    O1 - Hosts: 64.191.95.139 www.lycos.de
    O1 - Hosts: 64.191.95.139 www.lycos.ca
    O1 - Hosts: 64.191.95.139 www.lycos.jp
    O1 - Hosts: 64.191.95.139 www.lycos.co.jp
    O1 - Hosts: 64.191.95.139 alltheweb.com
    O1 - Hosts: 64.191.95.139 web.ask.com
    O1 - Hosts: 64.191.95.139 ask.com
    O1 - Hosts: 64.191.95.139 www.ask.com
    O1 - Hosts: 64.191.95.139 www.teoma.com
    O1 - Hosts: 64.191.95.139 search.aol.com
    O1 - Hosts: 64.191.95.139 www.looksmart.com
    O1 - Hosts: 64.191.95.139 ca.search.msn.com
    O1 - Hosts: 64.191.95.139 fr.ca.search.msn.com
    O1 - Hosts: 64.191.95.139 search.fr.msn.be
    O1 - Hosts: 64.191.95.139 search.fr.msn.ch
    O1 - Hosts: 64.191.95.139 search.latam.yupimsn.com
    O1 - Hosts: 64.191.95.139 search.msn.at
    O1 - Hosts: 64.191.95.139 search.msn.be
    O1 - Hosts: 64.191.95.139 search.msn.ch
    O1 - Hosts: 64.191.95.139 search.msn.co.in
    O1 - Hosts: 64.191.95.139 search.msn.co.jp
    O1 - Hosts: 64.191.95.139 search.msn.co.kr
    O1 - Hosts: 64.191.95.139 search.msn.com.br
    O1 - Hosts: 64.191.95.139 search.msn.com.hk
    O1 - Hosts: 64.191.95.139 search.msn.com.my
    O1 - Hosts: 64.191.95.139 search.msn.com.sg
    O1 - Hosts: 64.191.95.139 search.msn.com.tw
    O1 - Hosts: 64.191.95.139 search.msn.co.za
    O1 - Hosts: 64.191.95.139 search.msn.de
    O1 - Hosts: 64.191.95.139 search.msn.dk
    O1 - Hosts: 64.191.95.139 search.msn.es
    O1 - Hosts: 64.191.95.139 search.msn.fi
    O1 - Hosts: 64.191.95.139 search.msn.fr
    O1 - Hosts: 64.191.95.139 search.msn.it
    O1 - Hosts: 64.191.95.139 search.msn.nl
    O1 - Hosts: 64.191.95.139 search.msn.no
    O1 - Hosts: 64.191.95.139 search.msn.se
    O1 - Hosts: 64.191.95.139 search.ninemsn.com.au
    O1 - Hosts: 64.191.95.139 search.t1msn.com.mx
    O1 - Hosts: 64.191.95.139 search.xtramsn.co.nz
    O1 - Hosts: 64.191.95.139 search.yupimsn.com
    O1 - Hosts: 64.191.95.139 uk.search.msn.com
    O1 - Hosts: 64.191.95.139 search.lycos.com
    O1 - Hosts: 64.191.95.139 www.lycos.com
    O1 - Hosts: 64.191.95.139 www.google.ca
    O1 - Hosts: 64.191.95.139 google.ca
    O1 - Hosts: 64.191.95.139 www.google.uk
    O1 - Hosts: 64.191.95.139 www.google.co.uk
    O1 - Hosts: 64.191.95.139 www.google.com.au
    O1 - Hosts: 64.191.95.139 www.google.co.jp
    O1 - Hosts: 64.191.95.139 www.google.jp
    O1 - Hosts: 64.191.95.139 www.google.at
    O1 - Hosts: 64.191.95.139 www.google.be
    O1 - Hosts: 64.191.95.139 www.google.ch
    O1 - Hosts: 64.191.95.139 www.google.de
    O1 - Hosts: 64.191.95.139 www.google.dk
    O1 - Hosts: 64.191.95.139 www.google.fi
    O1 - Hosts: 64.191.95.139 www.google.fr
    O1 - Hosts: 64.191.95.139 www.google.com.gr
    O1 - Hosts: 64.191.95.139 www.google.com.hk
    O1 - Hosts: 64.191.95.139 www.google.ie
    O1 - Hosts: 64.191.95.139 www.google.co.il
    O1 - Hosts: 64.191.95.139 www.google.it
    O1 - Hosts: 64.191.95.139 www.google.co.kr
    O1 - Hosts: 64.191.95.139 www.google.com.mx
    O1 - Hosts: 64.191.95.139 www.google.nl
    O1 - Hosts: 64.191.95.139 www.google.co.nz
    O1 - Hosts: 64.191.95.139 www.google.pl
    O1 - Hosts: 64.191.95.139 www.google.pt
    O1 - Hosts: 64.191.95.139 www.google.com.ru
    O1 - Hosts: 64.191.95.139 www.google.com.sg
    O1 - Hosts: 64.191.95.139 www.google.co.th
    O1 - Hosts: 64.191.95.139 www.google.com.tr
    O1 - Hosts: 64.191.95.139 www.google.com.tw
    O1 - Hosts: 64.191.95.139 google.at
    O1 - Hosts: 64.191.95.139 google.be
    O1 - Hosts: 64.191.95.139 google.de
    O1 - Hosts: 64.191.95.139 google.dk
    O1 - Hosts: 64.191.95.139 google.fi
    O1 - Hosts: 64.191.95.139 google.fr
    O1 - Hosts: 64.191.95.139 google.com.hk
    O1 - Hosts: 64.191.95.139 google.ie
    O1 - Hosts: 64.191.95.139 google.co.il
    O1 - Hosts: 64.191.95.139 google.it
    O1 - Hosts: 64.191.95.139 google.co.kr
    O1 - Hosts: 64.191.95.139 google.com.mx
    O1 - Hosts: 64.191.95.139 google.nl
    O1 - Hosts: 64.191.95.139 google.co.nz
    O1 - Hosts: 64.191.95.139 google.pl
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
    O4 - HKLM\..\Run: [WCOLOREAL] C:\Program Files\COMPAQ\COLOREAL\COLOREAL.EXE
    O4 - HKLM\..\Run: [CpqBootPerfDb] C:\Cpqs\Scom\CpqBootPerfDb.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
    O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [ScardSvr] C:\WINDOWS\SYSTEM\ScardSvr.exe
    O4 - HKLM\..\RunServices: [Compaq_RBA] C:\PROGRAM FILES\COMPAQ\COMPAQ MESSAGE SCREENER\BIN\COMPAQ-RBA.EXE
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .ipp: C:\PROGRA~1\INTERN~1\Plugins\npimth32.dll
    O12 - Plugin for .ipt: C:\PROGRA~1\INTERN~1\Plugins\npimth32.dll
    O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://64.75.222.51/activex/AxisCamControl.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {C3EF17D6-2201-11D4-9F0E-00B0D011B1AE} (Communities.com Passport) - http://cartoonorbit.cartoonnetwork.com/orbiter11020/winorbiter.cab
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://www.rimfiremedia.com/code//PWActiveXImgCtl.cab
    O16 - DPF: {E2CF5C45-7CCC-11D4-9BD1-0080C6F60B6A} (CouponsComBrxpdf2 Control) - http://ftp.coupons.com/brxpdf2.cab
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://128.171.15.137:8000/wfplayer/tdserver.cab
    O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/download/bin/actxcab.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.ea.com/downloads/games/common/ieell.cab
    O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://aol.ea.com/downloads/games/common/snoopy/iesnoopy.cab
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/ea/needforspeed/install.cab
    O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://aol.ea.com/downloads/games/common/boot_strap/iegils.cab
    O16 - DPF: {4129EA54-F04E-11D3-BF96-00C04F0E7BE2} (CMV4 Class) - http://www102.coolsavings.com/download/cscmv4X.cab
    O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.hiltonwaikoloavillage.com/04-experiencenow/webcam/camera.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {5CE8C9BE-B561-4311-8C03-D6F6C1CAF7E1} (CSND_AX.ctlCSND_AX) - http://www3.compaq.com/support/sndetect/CSND_AX.CAB
    O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://web14.compaq.com/falco/SysQuery.cab
    O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://activex.microsoft.com/activex/controls/WindowsMedia/downloadcontrol.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553542500} - http://active.macromedia.com/flash2/cabs/swflash.cab
    O16 - DPF: {A2A62F90-6106-11D3-96F3-00105A771372} (KaraokeComCtl Class) - http://www.kiddonet.com/lapware/actmenu/KaraokeAnim/karaokeCom.ocx
    O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://12.47.101.191/central/02030105/cccabs/CleverContent.cab
    O16 - DPF: {D702FBF4-EE60-11D0-BD5B-00A0C91F4635} (CFForm Runtime) - http://www.soundclick.com/CFIDE/classes/CFJava.cab
    O16 - DPF: {E056E5AD-F719-11D2-971E-00902717B179} (bookonweb.docBook) - http://cciw.com/np4/book/pages/BookOnWeb.CAB
    O16 - DPF: {908F3C82-B57E-11D4-BF33-00A0CCE8754B} (TInterActXInstallObject) - http://www.mathxl.com/wizmodules/interact/installers/InterActXInstall.cab
    O16 - DPF: {E389B374-BB5A-4A73-ACF4-3CE63E4C1DE9} (Brxpdf5 Control) - http://a19.g.akamai.net/7/19/7125/1239/ftp.coupons.com/brxpdf5.cab
    O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai.net/7/19/7125/3110/ftp.coupons.com/r31/brix6ie.cab
    O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwirenetworks.net/inbrowser/cabfiles/2.5.26/Hiwire.cab
    O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
    O16 - DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} (LSICapture Control) - http://www.link-systems.com/~sdk/SDK/paste/lsiw9x.cab
    O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://www113.coolsavings.com/download/cscmv5X.cab
    O16 - DPF: {6549A570-A17C-466B-B160-D6C10FE9261F} (EPIC Coupon Control) - http://216.24.232.130/ActiveX/EpicCouponStg.cab
    O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiqonline.com/WebIQ/bin/WebIQ.cab
    O16 - DPF: {73954DC6-A1B2-4157-966F-D9914A39F59C} (Vividence Connector Launcher) - http://task.vividence.com/download/ConnectorLauncher.cab
    O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish.com/SnapfishUploader.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {43B70AAD-23F4-4FD8-ADD9-441D8592EEB8} (Snapfish Fix Photo Control) - http://www.snapfish.com/SnapfishImageEditor.cab
    O16 - DPF: {80F1B906-D066-11D3-AD70-009027B8ADBC} (WebPlayer Class) - http://content.hiwirenetworks.net/inbrowser/cabfiles/2.5.30/Hiwire.cab
    O16 - DPF: {330110A5-F627-4DD7-B0F1-24D09C4DA870} (CouponsIncIECtl1 Class) - http://a19.g.akamai.net/7/19/7125/1404/ftp.coupons.com/v7/cpnsie1.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {C6B086D2-146B-47A4-A218-B82DCAF2D872} (cpbrxpie Control) - http://ftp.coupons.com/r3120/cpbrxpie.cab
    O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?1059130728680
    O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.sunterra.com/downloads/svh/svideo3.cab
    O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.substance.com/save/makeover.cab
    O16 - DPF: {345CA9DC-1600-4CD2-BFCF-7B57DD1A32DA} (NeoworkInstall Control) - http://easyinstall.icons.com.ne.kr/easyinstall/ocx/ver1003/NeoworkInstall.cab
    O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.145/2_0/ACNePlayer.cab
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,181
    First Name:
    Derek
    run hijackthis, tick all below, doublecheck to make sure you haven't missed any, close all browser windows & press fix checked

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kazaa-lite.ws/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.kazaa-lite.ws/results.php?show=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/...C01&lc=0409
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kazaa-lite.ws/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.kazaa-lite.ws/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.kazaa-lite.ws/
    O1 - Hosts: 127.127.127.127 elite
    O1 - Hosts: 64.191.95.139 www.google.com
    O1 - Hosts: 64.191.95.139 google.com
    O1 - Hosts: 64.191.95.139 www.altavista.com
    O1 - Hosts: 64.191.95.139 altavista.com
    O1 - Hosts: 64.191.95.139 search.yahoo.com
    O1 - Hosts: 64.191.95.139 uk.search.yahoo.com
    O1 - Hosts: 64.191.95.139 ca.search.yahoo.com
    O1 - Hosts: 64.191.95.139 jp.search.yahoo.com
    O1 - Hosts: 64.191.95.139 au.search.yahoo.com
    O1 - Hosts: 64.191.95.139 de.search.yahoo.com
    O1 - Hosts: 64.191.95.139 search.yahoo.co.jp
    O1 - Hosts: 64.191.95.139 www.lycos.de
    O1 - Hosts: 64.191.95.139 www.lycos.ca
    O1 - Hosts: 64.191.95.139 www.lycos.jp
    O1 - Hosts: 64.191.95.139 www.lycos.co.jp
    O1 - Hosts: 64.191.95.139 alltheweb.com
    O1 - Hosts: 64.191.95.139 web.ask.com
    O1 - Hosts: 64.191.95.139 ask.com
    O1 - Hosts: 64.191.95.139 www.ask.com
    O1 - Hosts: 64.191.95.139 www.teoma.com
    O1 - Hosts: 64.191.95.139 search.aol.com
    O1 - Hosts: 64.191.95.139 www.looksmart.com
    O1 - Hosts: 64.191.95.139 ca.search.msn.com
    O1 - Hosts: 64.191.95.139 fr.ca.search.msn.com
    O1 - Hosts: 64.191.95.139 search.fr.msn.be
    O1 - Hosts: 64.191.95.139 search.fr.msn.ch
    O1 - Hosts: 64.191.95.139 search.latam.yupimsn.com
    O1 - Hosts: 64.191.95.139 search.msn.at
    O1 - Hosts: 64.191.95.139 search.msn.be
    O1 - Hosts: 64.191.95.139 search.msn.ch
    O1 - Hosts: 64.191.95.139 search.msn.co.in
    O1 - Hosts: 64.191.95.139 search.msn.co.jp
    O1 - Hosts: 64.191.95.139 search.msn.co.kr
    O1 - Hosts: 64.191.95.139 search.msn.com.br
    O1 - Hosts: 64.191.95.139 search.msn.com.hk
    O1 - Hosts: 64.191.95.139 search.msn.com.my
    O1 - Hosts: 64.191.95.139 search.msn.com.sg
    O1 - Hosts: 64.191.95.139 search.msn.com.tw
    O1 - Hosts: 64.191.95.139 search.msn.co.za
    O1 - Hosts: 64.191.95.139 search.msn.de
    O1 - Hosts: 64.191.95.139 search.msn.dk
    O1 - Hosts: 64.191.95.139 search.msn.es
    O1 - Hosts: 64.191.95.139 search.msn.fi
    O1 - Hosts: 64.191.95.139 search.msn.fr
    O1 - Hosts: 64.191.95.139 search.msn.it
    O1 - Hosts: 64.191.95.139 search.msn.nl
    O1 - Hosts: 64.191.95.139 search.msn.no
    O1 - Hosts: 64.191.95.139 search.msn.se
    O1 - Hosts: 64.191.95.139 search.ninemsn.com.au
    O1 - Hosts: 64.191.95.139 search.t1msn.com.mx
    O1 - Hosts: 64.191.95.139 search.xtramsn.co.nz
    O1 - Hosts: 64.191.95.139 search.yupimsn.com
    O1 - Hosts: 64.191.95.139 uk.search.msn.com
    O1 - Hosts: 64.191.95.139 search.lycos.com
    O1 - Hosts: 64.191.95.139 www.lycos.com
    O1 - Hosts: 64.191.95.139 www.google.ca
    O1 - Hosts: 64.191.95.139 google.ca
    O1 - Hosts: 64.191.95.139 www.google.uk
    O1 - Hosts: 64.191.95.139 www.google.co.uk
    O1 - Hosts: 64.191.95.139 www.google.com.au
    O1 - Hosts: 64.191.95.139 www.google.co.jp
    O1 - Hosts: 64.191.95.139 www.google.jp
    O1 - Hosts: 64.191.95.139 www.google.at
    O1 - Hosts: 64.191.95.139 www.google.be
    O1 - Hosts: 64.191.95.139 www.google.ch
    O1 - Hosts: 64.191.95.139 www.google.de
    O1 - Hosts: 64.191.95.139 www.google.dk
    O1 - Hosts: 64.191.95.139 www.google.fi
    O1 - Hosts: 64.191.95.139 www.google.fr
    O1 - Hosts: 64.191.95.139 www.google.com.gr
    O1 - Hosts: 64.191.95.139 www.google.com.hk
    O1 - Hosts: 64.191.95.139 www.google.ie
    O1 - Hosts: 64.191.95.139 www.google.co.il
    O1 - Hosts: 64.191.95.139 www.google.it
    O1 - Hosts: 64.191.95.139 www.google.co.kr
    O1 - Hosts: 64.191.95.139 www.google.com.mx
    O1 - Hosts: 64.191.95.139 www.google.nl
    O1 - Hosts: 64.191.95.139 www.google.co.nz
    O1 - Hosts: 64.191.95.139 www.google.pl
    O1 - Hosts: 64.191.95.139 www.google.pt
    O1 - Hosts: 64.191.95.139 www.google.com.ru
    O1 - Hosts: 64.191.95.139 www.google.com.sg
    O1 - Hosts: 64.191.95.139 www.google.co.th
    O1 - Hosts: 64.191.95.139 www.google.com.tr
    O1 - Hosts: 64.191.95.139 www.google.com.tw
    O1 - Hosts: 64.191.95.139 google.at
    O1 - Hosts: 64.191.95.139 google.be
    O1 - Hosts: 64.191.95.139 google.de
    O1 - Hosts: 64.191.95.139 google.dk
    O1 - Hosts: 64.191.95.139 google.fi
    O1 - Hosts: 64.191.95.139 google.fr
    O1 - Hosts: 64.191.95.139 google.com.hk
    O1 - Hosts: 64.191.95.139 google.ie
    O1 - Hosts: 64.191.95.139 google.co.il
    O1 - Hosts: 64.191.95.139 google.it
    O1 - Hosts: 64.191.95.139 google.co.kr
    O1 - Hosts: 64.191.95.139 google.com.mx
    O1 - Hosts: 64.191.95.139 google.nl
    O1 - Hosts: 64.191.95.139 google.co.nz
    O1 - Hosts: 64.191.95.139 google.pl



    then

    download AdAware 6 181
    Before you scan with AdAware, check for updates of the reference file by using the "webupdate".

    Then ........

    Make sure the following settings are made and on -------"ON=GREEN"
    From main window :Click "Start" then " Activate in-depth scan"

    then......

    click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

    then.........

    go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" ...........then........"Cleaning engine" and tick "Automaticly try to unregister objects prior to deletion" and "Let windows remove files in use at next reboot"

    then...... click "proceed" to save your settings.

    Now to scan it´s just to click the "Scan" button.

    When scan is finished, mark everything for removal and get rid of it.

    then
    Download Spybot - Search & Destroy from http://security.kolla.de

    After installing, first press Online, and search for, put a check mark at, and install all updates.
    Next, close all Internet Explorer and OE windows, hit 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.


    then post a new hijackthis log to check what is left

    you really want to review all your O16 dpf entries and delete any that are not from MIcrosoft, macromedia or other legitimate bodies
     
  5. wnt2binkauai

    wnt2binkauai Thread Starter

    Joined:
    Sep 23, 2003
    Messages:
    48
    Thanks! I've done all that you've suggested. Here's my new Hijack log:
    Logfile of HijackThis v1.97.2
    Scan saved at 12:30:08 PM, on 9/24/2003
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0600)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\SCARDSVR.EXE
    C:\PROGRAM FILES\COMPAQ\COMPAQ MESSAGE SCREENER\BIN\COMPAQ-RBA.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\WINDOWS\PCTVOICE.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
    C:\WINDOWS\SYSTEM\WINOA386.MOD
    C:\WINDOWS\TEMP\TD_0002.DIR\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thewmurchannel.com/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
    O4 - HKLM\..\Run: [WCOLOREAL] C:\Program Files\COMPAQ\COLOREAL\COLOREAL.EXE
    O4 - HKLM\..\Run: [CpqBootPerfDb] C:\Cpqs\Scom\CpqBootPerfDb.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
    O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
    O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [ScardSvr] C:\WINDOWS\SYSTEM\ScardSvr.exe
    O4 - HKLM\..\RunServices: [Compaq_RBA] C:\PROGRAM FILES\COMPAQ\COMPAQ MESSAGE SCREENER\BIN\COMPAQ-RBA.EXE
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .ipp: C:\PROGRA~1\INTERN~1\Plugins\npimth32.dll
    O12 - Plugin for .ipt: C:\PROGRA~1\INTERN~1\Plugins\npimth32.dll
    O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://64.75.222.51/activex/AxisCamControl.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {C3EF17D6-2201-11D4-9F0E-00B0D011B1AE} (Communities.com Passport) - http://cartoonorbit.cartoonnetwork.com/orbiter11020/winorbiter.cab
    O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://www.rimfiremedia.com/code//PWActiveXImgCtl.cab
    O16 - DPF: {E2CF5C45-7CCC-11D4-9BD1-0080C6F60B6A} (CouponsComBrxpdf2 Control) - http://ftp.coupons.com/brxpdf2.cab
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://128.171.15.137:8000/wfplayer/tdserver.cab
    O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/download/bin/actxcab.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.ea.com/downloads/games/common/ieell.cab
    O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://aol.ea.com/downloads/games/common/snoopy/iesnoopy.cab
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/ea/needforspeed/install.cab
    O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://aol.ea.com/downloads/games/common/boot_strap/iegils.cab
    O16 - DPF: {4129EA54-F04E-11D3-BF96-00C04F0E7BE2} - http://www102.coolsavings.com/download/cscmv4X.cab
    O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.hiltonwaikoloavillage.com/04-experiencenow/webcam/camera.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {5CE8C9BE-B561-4311-8C03-D6F6C1CAF7E1} (CSND_AX.ctlCSND_AX) - http://www3.compaq.com/support/sndetect/CSND_AX.CAB
    O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://web14.compaq.com/falco/SysQuery.cab
    O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://activex.microsoft.com/activex/controls/WindowsMedia/downloadcontrol.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553542500} - http://active.macromedia.com/flash2/cabs/swflash.cab
    O16 - DPF: {A2A62F90-6106-11D3-96F3-00105A771372} (KaraokeComCtl Class) - http://www.kiddonet.com/lapware/actmenu/KaraokeAnim/karaokeCom.ocx
    O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://12.47.101.191/central/02030105/cccabs/CleverContent.cab
    O16 - DPF: {D702FBF4-EE60-11D0-BD5B-00A0C91F4635} (CFForm Runtime) - http://www.soundclick.com/CFIDE/classes/CFJava.cab
    O16 - DPF: {E056E5AD-F719-11D2-971E-00902717B179} (bookonweb.docBook) - http://cciw.com/np4/book/pages/BookOnWeb.CAB
    O16 - DPF: {908F3C82-B57E-11D4-BF33-00A0CCE8754B} (TInterActXInstallObject) - http://www.mathxl.com/wizmodules/interact/installers/InterActXInstall.cab
    O16 - DPF: {E389B374-BB5A-4A73-ACF4-3CE63E4C1DE9} (Brxpdf5 Control) - http://a19.g.akamai.net/7/19/7125/1239/ftp.coupons.com/brxpdf5.cab
    O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai.net/7/19/7125/3110/ftp.coupons.com/r31/brix6ie.cab
    O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab
    O16 - DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} (LSICapture Control) - http://www.link-systems.com/~sdk/SDK/paste/lsiw9x.cab
    O16 - DPF: {6549A570-A17C-466B-B160-D6C10FE9261F} (EPIC Coupon Control) - http://216.24.232.130/ActiveX/EpicCouponStg.cab
    O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiqonline.com/WebIQ/bin/WebIQ.cab
    O16 - DPF: {73954DC6-A1B2-4157-966F-D9914A39F59C} (Vividence Connector Launcher) - http://task.vividence.com/download/ConnectorLauncher.cab
    O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish.com/SnapfishUploader.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {43B70AAD-23F4-4FD8-ADD9-441D8592EEB8} (Snapfish Fix Photo Control) - http://www.snapfish.com/SnapfishImageEditor.cab
    O16 - DPF: {330110A5-F627-4DD7-B0F1-24D09C4DA870} (CouponsIncIECtl1 Class) - http://a19.g.akamai.net/7/19/7125/1404/ftp.coupons.com/v7/cpnsie1.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {C6B086D2-146B-47A4-A218-B82DCAF2D872} (cpbrxpie Control) - http://ftp.coupons.com/r3120/cpbrxpie.cab
    O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://64.124.45.181/downloads/ccpm_0237.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?1059130728680
    O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.sunterra.com/downloads/svh/svideo3.cab
    O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.substance.com/save/makeover.cab
    O16 - DPF: {345CA9DC-1600-4CD2-BFCF-7B57DD1A32DA} (NeoworkInstall Control) - http://easyinstall.icons.com.ne.kr/easyinstall/ocx/ver1003/NeoworkInstall.cab
    O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.145/2_0/ACNePlayer.cab

    What do they 016DPF mean? Any suggestions on what I should get rid of? Thanks for all your help.
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,181
    First Name:
    Derek
    i would get rid of all these below using hijackthis. if any legitimate program needs them again then they will prompt for a fresh download.

    run hijackthis, tick all below, doublecheck to make sure you haven't missed any, close all browser windows & press fix checked

    O16 - DPF: {C3EF17D6-2201-11D4-9F0E-00B0D011B1AE} (Communities.com Passport) - http://cartoonorbit.cartoonnetwork..../winorbiter.cab

    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://www.rimfiremedia.com/code//PWActiveXImgCtl.cab
    O16 - DPF: {E2CF5C45-7CCC-11D4-9BD1-0080C6F60B6A} (CouponsComBrxpdf2 Control) - http://ftp.coupons.com/brxpdf2.cab
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://128.171.15.137:8000/wfplayer/tdserver.cab
    O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.brightstreet.com/cif/...bin/actxcab.cab

    O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://aol.ea.com/downloads/games/common/ieell.cab
    O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://aol.ea.com/downloads/games/c...py/iesnoopy.cab
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/...eed/install.cab
    O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} (EABootStrap Class) - http://aol.ea.com/downloads/games/c...trap/iegils.cab
    O16 - DPF: {4129EA54-F04E-11D3-BF96-00C04F0E7BE2} - http://www102.coolsavings.com/download/cscmv4X.cab
    O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.hiltonwaikoloavillage.co...bcam/camera.cab

    O16 - DPF: {A2A62F90-6106-11D3-96F3-00105A771372} (KaraokeComCtl Class) - http://www.kiddonet.com/lapware/act.../karaokeCom.ocx
    O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://12.47.101.191/central/020301...everContent.cab
    O16 - DPF: {D702FBF4-EE60-11D0-BD5B-00A0C91F4635} (CFForm Runtime) - http://www.soundclick.com/CFIDE/classes/CFJava.cab
    O16 - DPF: {E056E5AD-F719-11D2-971E-00902717B179} (bookonweb.docBook) - http://cciw.com/np4/book/pages/BookOnWeb.CAB
    O16 - DPF: {908F3C82-B57E-11D4-BF33-00A0CCE8754B} (TInterActXInstallObject) - http://www.mathxl.com/wizmodules/in...ActXInstall.cab
    O16 - DPF: {E389B374-BB5A-4A73-ACF4-3CE63E4C1DE9} (Brxpdf5 Control) - http://a19.g.akamai.net/7/19/7125/1...com/brxpdf5.cab
    O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai.net/7/19/7125/3...r31/brix6ie.cab
    O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/gam...nts/y/zt3_x.cab
    O16 - DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} (LSICapture Control) - http://www.link-systems.com/~sdk/SDK/paste/lsiw9x.cab
    O16 - DPF: {6549A570-A17C-466B-B160-D6C10FE9261F} (EPIC Coupon Control) - http://216.24.232.130/ActiveX/EpicCouponStg.cab
    O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiqonline.com/WebIQ/bin/WebIQ.cab
    O16 - DPF: {73954DC6-A1B2-4157-966F-D9914A39F59C} (Vividence Connector Launcher) - http://task.vividence.com/download/...torLauncher.cab
    O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish.com/SnapfishUploader.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {43B70AAD-23F4-4FD8-ADD9-441D8592EEB8} (Snapfish Fix Photo Control) - http://www.snapfish.com/SnapfishImageEditor.cab
    O16 - DPF: {330110A5-F627-4DD7-B0F1-24D09C4DA870} (CouponsIncIECtl1 Class) - http://a19.g.akamai.net/7/19/7125/1.../v7/cpnsie1.cab

    O16 - DPF: {C6B086D2-146B-47A4-A218-B82DCAF2D872} (cpbrxpie Control) - http://ftp.coupons.com/r3120/cpbrxpie.cab

    O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.sunterra.com/downloads/svh/svideo3.cab
    O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.substance.com/save/makeover.cab
    O16 - DPF: {345CA9DC-1600-4CD2-BFCF-7B57DD1A32DA} (NeoworkInstall Control) - http://easyinstall.icons.com.ne.kr/...workInstall.cab
    O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.145/2_0/ACNePlayer.cab
     
  7. wnt2binkauai

    wnt2binkauai Thread Starter

    Joined:
    Sep 23, 2003
    Messages:
    48
    Thank you very much for all your help.
     
  8. ALICE P

    ALICE P

    Joined:
    Sep 24, 2003
    Messages:
    4
    PLEASE HELP ME DVK01 , I CANNOT FIX THIS MYSELF, too expensive, if I follow your directions (HIJACK) and get the log, will you help me get rid of the friggin thing PLEASE!!!!!!
     
  9. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,181
    First Name:
    Derek
    alice

    go to http://www.tomcoyote.org/hjt/ , and download 'Hijack This!'.
    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log somewhere, and please copy & paste its contents to the forum.

    It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet.
    Someone here will be happy to help you analyze the results
     
  10. ALICE P

    ALICE P

    Joined:
    Sep 24, 2003
    Messages:
    4
    Thanks Derek!
    I will do it tonight, after work, I already have Hijack this and Adaware. I will do Hijack This Scan Tonight and post results.
    Are you in England, if so where? I live in US, but my gramma is from Liverpool.
    Alice
     
  11. ALICE P

    ALICE P

    Joined:
    Sep 24, 2003
    Messages:
    4
    I believe the GOOGLE SPYWARE CAME FROM COOLSEARCH.com
    I REMEMBER USING THIS SEARCH, and then This FAKE GOOGLE APPEARED.

    BEWARE OF www.COOL SEARCH --SEARCH UTILITY
     
  12. ALICE P

    ALICE P

    Joined:
    Sep 24, 2003
    Messages:
    4
    Hi, I am so-------Aggravated....Please Help.......Look at this Hijack This File and tell me what is safe to delete. THANK YOU!!! Alice
    Computer is now extremely slow, Browser was attacked by FAKE GOOGLE almost 2 weeks ago
    Logfile of HijackThis v1.97.2
    Scan saved at 9:10:51 PM, on 9/25/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\ptsnoop.exe
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\TEMP\ZTV2E0\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.sureseeker.com/search.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sassieshop.com/2mystique/shoppers/shopperlogout.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.sureseeker.com/search.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.highstream.net/members/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.highstream.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\PROGRA~1\E-BOOK~1\FLIPAL~1\FpLaunch.DLL
    O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL (file missing)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [PP5300usb] C:\PAPRPORT\FBDirect.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - Startup: Reboot.exe
    O4 - Startup: PaperPort OneTouch.lnk = C:\PAPRPORT\FBDirect.exe
    O4 - Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://free.aol.com
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/2...apple.com/qt503/us/win/QuickTimeInstaller.exe
    O16 - DPF: {D4A31C0A-7C73-4702-9EFF-4F98DD229A23} - http://server2.myesp.com/toolbar2/myband.cab
    O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compuserve.com/chat/RTCChat.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37589.5605439815

     
  13. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,181
    First Name:
    Derek
    run hijackthis, tick all below, doublecheck to make sure you haven't missed any, close all browser windows & press fix checked

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.sureseeker.com/search.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sassieshop.com/2mystique...opperlogout.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.sureseeker.com/search.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.highstream.net/members/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.highstream.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redi...&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redi...amp;ar=iesearch
    O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL (file missing)
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL (file missing)
    O4 - Startup: Reboot.exe
    O4 - Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O15 - Trusted Zone: http://free.aol.com
    O16 - DPF: {D4A31C0A-7C73-4702-9EFF-4F98DD229A23} - http://server2.myesp.com/toolbar2/myband.cab
    O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compuserve.com/chat/RTCChat.cab


    then
    download AdAware 6 181
    Before you scan with AdAware, check for updates of the reference file by using the "webupdate".

    Then ........

    Make sure the following settings are made and on -------"ON=GREEN"
    From main window :Click "Start" then " Activate in-depth scan"

    then......

    click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

    then.........

    go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" ...........then........"Cleaning engine" and tick "Automaticly try to unregister objects prior to deletion" and "Let windows remove files in use at next reboot"

    then...... click "proceed" to save your settings.

    Now to scan it´s just to click the "Scan" button.

    When scan is finished, mark everything for removal and get rid of it.

    then
    Download Spybot - Search & Destroy from http://security.kolla.de

    After installing, first press Online, and search for, put a check mark at, and install all updates.
    Next, close all Internet Explorer and OE windows, hit 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.


    then post a new hijackthis log to check what is left
     
  14. ALICE P

    ALICE P

    Joined:
    Sep 24, 2003
    Messages:
    4
    Derek, what about the www.google.com/ie (IN MY LOG ABOVE)Should that be checked to fix also. I usually use MSN SEARCH, and recently I deleted the yahoo companion bar. I should not have any Google on my computer at all! You have the www.highstream Also for me to check, THIS IS MY INTERNET SERVICE PROVIDER, I don't think that needs fixing. I have Adaware already and will post more tonight. I really appreciate all your Help with This, THANKS
    ALICE (USA) GEORGIA
     
  15. cyberclix

    cyberclix

    Joined:
    Sep 26, 2003
    Messages:
    2
    I have been trying all kinds of goofy things in Win2K Pro to get my internet working. The problem was that I could not access certain sites like MSNBC and others. I looked at the
    c:\windows\system32\drivers hosts file in Notepad and deleted the contents. Of course I saved a back up, and VOILA I can see all the sites I was unable to get to ... WOW!
    Learning everyday ... thanks for the tip!!! (y) (y) :D
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/167039

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice