1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Help with Hijack?/

Discussion in 'Windows XP' started by jramstead, Jul 27, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. jramstead

    jramstead Thread Starter

    Joined:
    May 23, 2004
    Messages:
    56
    (y) Would someone please take a look at this for me, and tell me what I can nuke.
    I am having trouble with activex and I think something in here could be doing it.
    Thanks alot.
     
  2. jramstead

    jramstead Thread Starter

    Joined:
    May 23, 2004
    Messages:
    56
    forgoLogfile of HijackThis v1.98.2
    Scan saved at 5:59:37 PM, on 7/27/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Documents and Settings\John Ramstead\Desktop\shortcuts\HijackThis19802.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: history1900s.about.com
    O15 - Trusted Zone: www.apu.edu
    O15 - Trusted Zone: www.artsig.com
    O15 - Trusted Zone: www.bassandwalleyeboats.com
    O15 - Trusted Zone: www.billingsgazette.com
    O15 - Trusted Zone: formula23.blogspot.com
    O15 - Trusted Zone: search.blossom.com
    O15 - Trusted Zone: *.bozemandailychronicle.com
    O15 - Trusted Zone: gfworrell.home.bresnan.net
    O15 - Trusted Zone: home.bresnan.net
    O15 - Trusted Zone: download.broadbandmedic.com
    O15 - Trusted Zone: www.businessmt.com
    O15 - Trusted Zone: www.carroll.edu
    O15 - Trusted Zone: www1.chapman.edu
    O15 - Trusted Zone: osubeavers.collegesports.com
    O15 - Trusted Zone: www.cympm.com
    O15 - Trusted Zone: www.download.com
    O15 - Trusted Zone: www.downloadzipcode.com
    O15 - Trusted Zone: www.egriz.com
    O15 - Trusted Zone: www.eilatgordinlevitan.com
    O15 - Trusted Zone: www.einsatzgruppenarchives.com
    O15 - Trusted Zone: p223.ezboard.com
    O15 - Trusted Zone: pub182.ezboard.com
    O15 - Trusted Zone: pub222.ezboard.com
    O15 - Trusted Zone: www.flagfocus.info
    O15 - Trusted Zone: msn.foxsports.com
    O15 - Trusted Zone: espn.go.com
    O15 - Trusted Zone: sports.espn.go.com
    O15 - Trusted Zone: www.goducks.com
    O15 - Trusted Zone: www.ci.great-falls.mt.us
    O15 - Trusted Zone: www.greatfallsonline.net
    O15 - Trusted Zone: www.groveslam.com
    O15 - Trusted Zone: www.havredailynews.com
    O15 - Trusted Zone: www.helenair.com
    O15 - Trusted Zone: www.historyplace.com
    O15 - Trusted Zone: www.imaging-resource.com
    O15 - Trusted Zone: www.in-depthangling.com
    O15 - Trusted Zone: www.isymbolz.com
    O15 - Trusted Zone: www.madison.k12.wi.us
    O15 - Trusted Zone: www.kaspersky.com
    O15 - Trusted Zone: www.keloland.com
    O15 - Trusted Zone: www.lavasoft.de
    O15 - Trusted Zone: www.lei-extras.com
    O15 - Trusted Zone: www.liveleaderboard.com
    O15 - Trusted Zone: www.lowrance.com
    O15 - Trusted Zone: www.majorgeeks.com
    O15 - Trusted Zone: mapserver.maptech.com
    O15 - Trusted Zone: www.maptech.com
    O15 - Trusted Zone: www.melissadata.com
    O15 - Trusted Zone: www.missoulian.com
    O15 - Trusted Zone: www.montanagrizzlies.com
    O15 - Trusted Zone: www.montanastandard.com
    O15 - Trusted Zone: content.health.msn.com
    O15 - Trusted Zone: encarta.msn.com
    O15 - Trusted Zone: img.slate.msn.com
    O15 - Trusted Zone: search.msn.com
    O15 - Trusted Zone: www.msn.com
    O15 - Trusted Zone: www.mtech.edu
    O15 - Trusted Zone: www.myezboard.com
    O15 - Trusted Zone: www.naia.org
    O15 - Trusted Zone: www.naiafootball.net
    O15 - Trusted Zone: www.nws.noaa.gov
    O15 - Trusted Zone: www.wrh.noaa.gov
    O15 - Trusted Zone: apps5.oingo.com
    O15 - Trusted Zone: www.paypal.com
    O15 - Trusted Zone: www.photo-forums.com
    O15 - Trusted Zone: www.photo.net
    O15 - Trusted Zone: www.photosig.com
    O15 - Trusted Zone: amch.questionmarket.com
    O15 - Trusted Zone: *.remember.org
    O15 - Trusted Zone: *.schooltree.org
    O15 - Trusted Zone: www.schoolwatchers.com
    O15 - Trusted Zone: www.sportsjuice.com
    O15 - Trusted Zone: www.stardate.org
    O15 - Trusted Zone: fwp.state.mt.us
    O15 - Trusted Zone: rwis.mdt.state.mt.us
    O15 - Trusted Zone: www.mdt.state.mt.us
    O15 - Trusted Zone: forums.techguy.org
    O15 - Trusted Zone: www.thebotd.com
    O15 - Trusted Zone: *.thehulltruth.net
    O15 - Trusted Zone: www.usacops.com
    O15 - Trusted Zone: www.usdcoyotes.com
    O15 - Trusted Zone: ask.usgs.gov
    O15 - Trusted Zone: edcw2ks15.cr.usgs.gov
    O15 - Trusted Zone: erg.usgs.gov
    O15 - Trusted Zone: vikings.vcsu.edu
    O15 - Trusted Zone: myaccount.verizonwireless.com
    O15 - Trusted Zone: wbillpay.verizonwireless.com
    O15 - Trusted Zone: www.verizonwireless.com
    O15 - Trusted Zone: www.vmisales.com
    O15 - Trusted Zone: www.walleyecentral.com
    O15 - Trusted Zone: www.walleyesunlimited.com
    O15 - Trusted Zone: *.wandascountryhome.com
    O15 - Trusted Zone: *.windowsmedia.com
    O15 - Trusted Zone: www.wnmu.edu
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab
    O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)t to add hijack.
     
  3. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    download http://www.mvps.org/winhelp2002/DelDomains.inf

    Right click the DelDomains.inf file and click Install, making sure Internet Explorer is closed. You won't see anything happen. Give it a minute.

    Note, if you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection
    ================

    Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
    · Install ewido.
    · Run the application
    · Click on scanner
    · Click Complete System Scan and the scan will begin.
    · When the scan is finished, Set all items to delete
    · Apply all actions
    · look at the bottom of the screen and click the Save report button.
    · Save the report to your C: Drive
    This will take some time to run!
    RE-Boot
    Post that log and a new HiJack log
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    That's an old version of HiJacl

    Click here to download HJTsetup.exe:

    http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item5
    Scroll down to the download section

    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  5. jramstead

    jramstead Thread Starter

    Joined:
    May 23, 2004
    Messages:
    56
    Logfile of HijackThis v1.99.1
    Scan saved at 7:42:35 PM, on 7/27/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
    C:\program files\microsoft office\OFFICE11\WINWORD.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: history1900s.about.com
    O15 - Trusted Zone: www.apu.edu
    O15 - Trusted Zone: www.artsig.com
    O15 - Trusted Zone: www.bassandwalleyeboats.com
    O15 - Trusted Zone: www.billingsgazette.com
    O15 - Trusted Zone: formula23.blogspot.com
    O15 - Trusted Zone: search.blossom.com
    O15 - Trusted Zone: *.bozemandailychronicle.com
    O15 - Trusted Zone: gfworrell.home.bresnan.net
    O15 - Trusted Zone: home.bresnan.net
    O15 - Trusted Zone: download.broadbandmedic.com
    O15 - Trusted Zone: www.businessmt.com
    O15 - Trusted Zone: www.carroll.edu
    O15 - Trusted Zone: www1.chapman.edu
    O15 - Trusted Zone: osubeavers.collegesports.com
    O15 - Trusted Zone: www.cympm.com
    O15 - Trusted Zone: www.download.com
    O15 - Trusted Zone: www.downloadzipcode.com
    O15 - Trusted Zone: www.egriz.com
    O15 - Trusted Zone: www.eilatgordinlevitan.com
    O15 - Trusted Zone: www.einsatzgruppenarchives.com
    O15 - Trusted Zone: p223.ezboard.com
    O15 - Trusted Zone: pub182.ezboard.com
    O15 - Trusted Zone: pub222.ezboard.com
    O15 - Trusted Zone: www.flagfocus.info
    O15 - Trusted Zone: msn.foxsports.com
    O15 - Trusted Zone: espn.go.com
    O15 - Trusted Zone: sports.espn.go.com
    O15 - Trusted Zone: www.goducks.com
    O15 - Trusted Zone: www.ci.great-falls.mt.us
    O15 - Trusted Zone: www.greatfallsonline.net
    O15 - Trusted Zone: www.groveslam.com
    O15 - Trusted Zone: www.havredailynews.com
    O15 - Trusted Zone: www.helenair.com
    O15 - Trusted Zone: www.historyplace.com
    O15 - Trusted Zone: www.imaging-resource.com
    O15 - Trusted Zone: www.in-depthangling.com
    O15 - Trusted Zone: www.isymbolz.com
    O15 - Trusted Zone: www.madison.k12.wi.us
    O15 - Trusted Zone: www.kaspersky.com
    O15 - Trusted Zone: www.keloland.com
    O15 - Trusted Zone: www.lavasoft.de
    O15 - Trusted Zone: www.lei-extras.com
    O15 - Trusted Zone: www.liveleaderboard.com
    O15 - Trusted Zone: www.lowrance.com
    O15 - Trusted Zone: www.majorgeeks.com
    O15 - Trusted Zone: *.majorgeeks.com
    O15 - Trusted Zone: mapserver.maptech.com
    O15 - Trusted Zone: www.maptech.com
    O15 - Trusted Zone: www.melissadata.com
    O15 - Trusted Zone: www.missoulian.com
    O15 - Trusted Zone: www.montanagrizzlies.com
    O15 - Trusted Zone: www.montanastandard.com
    O15 - Trusted Zone: content.health.msn.com
    O15 - Trusted Zone: encarta.msn.com
    O15 - Trusted Zone: img.slate.msn.com
    O15 - Trusted Zone: search.msn.com
    O15 - Trusted Zone: www.msn.com
    O15 - Trusted Zone: www.mtech.edu
    O15 - Trusted Zone: www.myezboard.com
    O15 - Trusted Zone: www.naia.org
    O15 - Trusted Zone: www.naiafootball.net
    O15 - Trusted Zone: *.naiafootball.net
    O15 - Trusted Zone: www.nws.noaa.gov
    O15 - Trusted Zone: www.wrh.noaa.gov
    O15 - Trusted Zone: apps5.oingo.com
    O15 - Trusted Zone: www.paypal.com
    O15 - Trusted Zone: www.photo-forums.com
    O15 - Trusted Zone: www.photo.net
    O15 - Trusted Zone: www.photosig.com
    O15 - Trusted Zone: amch.questionmarket.com
    O15 - Trusted Zone: *.remember.org
    O15 - Trusted Zone: *.schooltree.org
    O15 - Trusted Zone: www.schoolwatchers.com
    O15 - Trusted Zone: www.sportsjuice.com
    O15 - Trusted Zone: www.stardate.org
    O15 - Trusted Zone: fwp.state.mt.us
    O15 - Trusted Zone: rwis.mdt.state.mt.us
    O15 - Trusted Zone: www.mdt.state.mt.us
    O15 - Trusted Zone: forums.techguy.org
    O15 - Trusted Zone: www.thebotd.com
    O15 - Trusted Zone: *.thehulltruth.net
    O15 - Trusted Zone: www.usacops.com
    O15 - Trusted Zone: www.usdcoyotes.com
    O15 - Trusted Zone: ask.usgs.gov
    O15 - Trusted Zone: edcw2ks15.cr.usgs.gov
    O15 - Trusted Zone: erg.usgs.gov
    O15 - Trusted Zone: vikings.vcsu.edu
    O15 - Trusted Zone: myaccount.verizonwireless.com
    O15 - Trusted Zone: wbillpay.verizonwireless.com
    O15 - Trusted Zone: www.verizonwireless.com
    O15 - Trusted Zone: www.vmisales.com
    O15 - Trusted Zone: *.vmisales.com
    O15 - Trusted Zone: www.walleyecentral.com
    O15 - Trusted Zone: www.walleyesunlimited.com
    O15 - Trusted Zone: *.wandascountryhome.com
    O15 - Trusted Zone: *.windowsmedia.com
    O15 - Trusted Zone: www.wnmu.edu
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Do post #3 and then post a new log
     
  7. jramstead

    jramstead Thread Starter

    Joined:
    May 23, 2004
    Messages:
    56
    Logfile of HijackThis v1.99.1
    Scan saved at 8:59:05 PM, on 7/27/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 8:50:39 PM 7/27/2006

    + Scan result:



    HKLM\SOFTWARE\msbb -> Adware.180Solutions : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTbarISTbar -> Adware.HotBar : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\MaxSpeed -> Adware.Maxspeed : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\SearchRelevancy -> Adware.SearchRelevancy : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\SearchRelevancy\Update -> Adware.SearchRelevancy : Cleaned with backup (quarantined).
    C:\Program Files\MaxSpeed -> Adware.SideFind : Cleaned with backup (quarantined).
    C:\Program Files\Windows TaskAd -> Adware.WinTaskAd : Cleaned with backup (quarantined).
    C:\Program Files\Windows TaskAd\Info.txt -> Adware.WinTaskAd : Cleaned with backup (quarantined).
    C:\Documents and Settings\Courtney\Local Settings\Temp\remove.exe -> Downloader.Keenval.f : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\in10b6s.dll -> Dropper.Small.abe : Cleaned with backup (quarantined).
    C:\Documents and Settings\Courtney\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Courtney\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\John Ramstead\Cookies\john [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\John Ramstead\Cookies\john [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\John Ramstead\Cookies\john [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Sandy.JOHN.000\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\John Ramstead\Cookies\john [email protected][1].txt -> TrackingCookie.Addynamix : Cleaned.
    C:\Documents and Settings\John Ramstead\Cookies\john [email protected][1].txt -> TrackingCookie.Adserver : Cleaned.
    C:\Documents and Settings\Courtney\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\Chris\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\Courtney\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\Sandy.JOHN.000\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\Courtney\Cookies\[email protected][1].txt -> TrackingCookie.Bluestreak : Cleaned.
    C:\Documents and Settings\Courtney\Cookies\[email protected][2].txt -> TrackingCookie.Bridgetrack : Cleaned.
    C:\Documents and Settings\John Ramstead\Cookies\john [email protected][2].txt -> TrackingCookie.Bridgetrack : Cleaned.
    C:\Documents and Settings\John Ramstead\Cookies\john [email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned.
    C:\Documents and Settings\John Ramstead\Cookies\john [email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\John Ramstead\Cookies\john [email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.
    C:\Documents and Settings\Courtney\Cookies\[email protected][2].txt -> TrackingCookie.Casalemedia : Cleaned.
    C:\Documents and Settings\John Ramstead\Cookies\john [email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned.
    C:\Documents and Settings\Courtney\Cookies\[email protected][1].txt -> TrackingCookie.Centrport : Cleaned.
    C:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned.
    C:\Documents and Settings\Courtney\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Sandy.JOHN.000\Cookies\[email protected][2].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\John Ramstead\Cookies\john [email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
    C:\Documents and Settings\Courtney\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.
    C:\Documents and Settings\John Ramstead\Cookies\john [email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.
    C:\Documents and Settings\Courtney\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned.
    C:\Documents and Settings\Courtney\Cookies\[email protected][1].txt -> TrackingCookie.Fastclick : Cleaned.
    C:\Documents and Settings\Courtney\Cookies\[email protected][1].txt -> TrackingCookie.Fastclick : Cleaned.
    C:\Documents and Settings\Courtney\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\Documents and Settings\Courtney\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\John Ramstead\Cookies\john [email protected][1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\John Ramstead\Cookies\john [email protected][1].txt -> TrackingCookie.Overture : Cleaned.
    C:\Documents and Settings\Courtney\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned.
    C:\Documents and Settings\John Ramstead\Cookies\john [email protected][2].txt -> TrackingCookie.Pointroll : Cleaned.
    C:\Documents and Settings\John Ramstead\Cookies\john [email protected][2].txt -> TrackingCookie.Qksrv : Cleaned.
    C:\Documents and Settings\John Ramstead\Cookies\john [email protected][2].txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\Documents and Settings\Courtney\Cookies\[email protected][1].txt -> TrackingCookie.Revenue : Cleaned.
    C:\Documents and Settings\Courtney\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned.
    C:\Documents and Settings\John Ramstead\Cookies\john [email protected][1].txt -> TrackingCookie.Ru4 : Cleaned.
    C:\Documents and Settings\John Ramstead\Cookies\john [email protected][2].txt -> TrackingCookie.Sexcounter : Cleaned.
    C:\Documents and Settings\Chris\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned.
    C:\Documents and Settings\Courtney\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned.
    C:\Documents and Settings\John Ramstead\Cookies\john [email protected][2].txt -> TrackingCookie.Specificclick : Cleaned.
    C:\Documents and Settings\John Ramstead\Cookies\john [email protected][2].txt -> TrackingCookie.Statcounter : Cleaned.
    C:\Documents and Settings\Courtney\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Courtney\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Courtney\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\John Ramstead\Cookies\john [email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\John Ramstead\Cookies\john [email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
    C:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Tracking101 : Cleaned.
    C:\Documents and Settings\Courtney\Cookies\[email protected][1].txt -> TrackingCookie.Tracking101 : Cleaned.
    C:\Documents and Settings\Courtney\Cookies\[email protected][1].txt -> TrackingCookie.Tradedoubler : Cleaned.
    C:\Documents and Settings\John Ramstead\Cookies\john [email protected][2].txt -> TrackingCookie.Tradedoubler : Cleaned.
    C:\Documents and Settings\Courtney\Cookies\[email protected][2].txt -> TrackingCookie.Trafficmp : Cleaned.
    C:\Documents and Settings\Courtney\Cookies\[email protected][2].txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\Documents and Settings\Courtney\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Courtney\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\John Ramstead\Cookies\john [email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\John Ramstead\Cookies\john [email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Courtney\Cookies\[email protected][2].txt -> TrackingCookie.Zedo : Cleaned.
    C:\Documents and Settings\John Ramstead\Cookies\john [email protected][1].txt -> TrackingCookie.Zedo : Cleaned.


    ::Report end
     
  8. jramstead

    jramstead Thread Starter

    Joined:
    May 23, 2004
    Messages:
    56
  9. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You may want to print this or save it to notepad as we will go to safe mode.

    Fix these with HJT – mark them, close IE, click fix checked

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154

    R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)

    O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe

    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS

    DownLoad http://www.downloads.subratam.org/KillBox.zip

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\PROGRA~1\COMMON~1\WinTools

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  10. jramstead

    jramstead Thread Starter

    Joined:
    May 23, 2004
    Messages:
    56
    MFDnSC,
    Thanks for all your help, did as you said. Couldn't get the files to delete in Killbox,
    said they weren't there. Went back to a forum where I got the pop up and it didn't show up this time around, although one of the posters removed a moving attatchment in his post.
    Thanks a bunch . Should I post a new hijak log now?
     
  11. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Yes new log
     
  12. jramstead

    jramstead Thread Starter

    Joined:
    May 23, 2004
    Messages:
    56
    Logfile of HijackThis v1.99.1
    Scan saved at 9:39:50 PM, on 7/29/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
    C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\PROGRA~1\McAfee\MSC\mctskshd.exe
    C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    C:\WINDOWS\system32\HPZinw12.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\SiteAdvisor\SiteAdv.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
    O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
     
  13. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Solved Help Hijack
  1. Robertico22
    Replies:
    8
    Views:
    226
  2. Clueless63
    Replies:
    1
    Views:
    269
  3. RoKGiYeon
    Replies:
    8
    Views:
    394
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/487023

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice