1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: HijackThis Newbie (Deskadkeep)

Discussion in 'Virus & Other Malware Removal' started by Kara9080, Jan 31, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. Kara9080

    Kara9080 Thread Starter

    Joined:
    Jan 31, 2005
    Messages:
    91
    Greetings

    My problem: Deskadkeep & Deskadserv

    I've run SpyBot S&D and Adaware and I still have them. I googled it and see people talking about using HijackThis to get rid of it. Since I'm a HJT newbie, I've come here for assistance.

    Please guide me through this.

    (Also, I'd like to list the programs I have running in the background of my computer and have someone tell me what is needed and what is not. Any takers?)

    The specs I know of if you need to know or care:
    (no laughing please)
    Windows 98 (now using Mozilla)
    64mb RAM
    600mhz
    15gb

    Thank you in advance for any replies,
    Kara
     
  2. mjack547

    mjack547 Malware Specialist

    Joined:
    Sep 1, 2003
    Messages:
    3,181
    Welcome to TSG

    Go to http://majorgeeks.com/download3155.html and download 'Hijack This!'.

    First make a folder on your computer in my documents called Hijackthis and then Unzip it to that folder.
    Then doubleclick the Hijackthis.exe.

    Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
    Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
    It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
    so do NOT fix anything yet.

    Someone here will be happy to help you analyze the results.
     
  3. Kara9080

    Kara9080 Thread Starter

    Joined:
    Jan 31, 2005
    Messages:
    91
    Thank you mjack. I need to download a program to open zip files. Any recommendations?
     
  4. Kara9080

    Kara9080 Thread Starter

    Joined:
    Jan 31, 2005
    Messages:
    91
    Whew! I found a free program and was able to run HJT.

    Logfile of HijackThis v1.99.0
    Scan saved at 7:23:26 PM, on 1/31/05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\ISAFE.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\LVCOMS.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\WINDOWS\SYSTEM\E_S0HIC1.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
    C:\PROGRAM FILES\YAHOO!\BROWSER\YBRWICON.EXE
    C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMON32.EXE
    C:\PROGRAM FILES\2WIRE\2PORTALMON.EXE
    C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\CAVTRAY.EXE
    C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\CAVRID.EXE
    C:\PROGRAM FILES\DESKAD SERVICE\DESKADSERV.EXE
    C:\TEMP\SALM.EXE
    C:\WINDOWS\RunDLL.exe
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETMSG.EXE
    C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
    C:\PROGRAM FILES\DESKAD SERVICE\DESKADKEEP.EXE
    C:\PROGRAM FILES\TECH-PRO UTILITIES\STARTUP\TPMENU.EXE
    C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=2c00&s=consumer&LC=0409
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?id=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c00&s=searchbar&LC=0409
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s/search?r=minisearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R3 - URLSearchHook: (no name) - _{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file)
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.altavista.com"); (C:\Program Files\Netscape\Users\default\prefs.js)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
    O2 - BHO: IEHelper Class - {CBB0A6A0-8430-11D4-814D-0050047090B1} - C:\PROGRA~1\SURFSA~1\SURFSA~1.DLL (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\PROGRAM FILES\JUNO6\QSACC\X1IEBHO.DLL (file missing)
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM220.DLL (file missing)
    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\SYSTEM\MSBE.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~2\SEARCH~1.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\SYSTEM\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O5 "LPT1:" /M "Stylus C82"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\SYSTEM\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMon32.exe"
    O4 - HKLM\..\Run: [2wSysTray] C:\PROGRAM FILES\2WIRE\2PORTALMON.EXE
    O4 - HKLM\..\Run: [VetAlert] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETMSG.EXE
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [DeskAd Service] C:\PROGRAM FILES\DESKAD SERVICE\DESKADSERV.EXE
    O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
    O4 - HKLM\..\Run: [lmnop] C:\WINDOWS\lmnop.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
    O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\SYSTEM\E_S0HIC1.EXE /A "C:\WINDOWS\SYSTEM\E_S52D4.TMP"
    O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\hcm.exe" -w
    O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Tech-Pro Menu.lnk = C:\Program Files\Tech-Pro Utilities\Startup\tpmenu.exe
    O8 - Extra context menu item: Display All Images with Full Quality - res://C:\PROGRAM FILES\JUNO6\QSACC\appres.dll/228
    O8 - Extra context menu item: Display Image with Full Quality - res://C:\PROGRAM FILES\JUNO6\QSACC\appres.dll/227
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=2c00&LC=0409 (file missing)
    O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=2c00&LC=0409 (file missing)
    O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=2c00&LC=0409 (file missing)
    O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=2c00&LC=0409 (file missing)
    O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=2c00&LC=0409 (file missing)
    O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=2c00&LC=0409 (file missing)
    O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
    O9 - Extra 'Tools' menuitem: AV Home - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
    O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
    O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
    O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
    O9 - Extra button: Compaq.net - {E19D474D-B5FD-11D2-AE0E-00C04FAEA83F} - C:\PROGRA~1\ONLINE~1\MSN50\OCX\MSNFORIE.DLL (HKCU)
    O12 - Plugin for .wav: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npaudio.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {17490F14-B6E6-11D2-8E5C-0000F87A4946} (MSN Communities Upload Control) - http://content.communities.msn.com/cs/msnupld.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {351CF0CE-B05A-11D2-ABD9-00104B685417} (PWImageControl Class) - http://ebay.sj.ipixmedia.com/code//PWActiveXImgCtl.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4404/mcfscan.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicUnlimited/ie/bridge-c8.cab
     
  5. Kara9080

    Kara9080 Thread Starter

    Joined:
    Jan 31, 2005
    Messages:
    91
    I don't know if this is helpful or not but the following are the programs running when I do ctrl/alt/delete:

    Explorer
    Cavrid
    Lmnop
    Cavtray
    Tpmenu
    Cavtray
    Salm
    Hcm
    Cm_camera
    lpmon32
    2portalmon
    Osa
    Loadqm
    Deskadserv
    Rundll
    Lvcoms
    Ybrwicon
    Systray
    Vsstat
    Vshwin32
    Hidserv
    Qttask
    E_s0hic1
    Rnaapp
    Deskadkeep
    Isafe
    Wkufun
    Vetmsg
     
  6. crushbone

    crushbone

    Joined:
    Aug 5, 2004
    Messages:
    1,137
    Hello Kara9080 and Welcome to TSG! :D

    Open Task Manager (ctrl+alt+delete) and find and end the following processes:
    DESKADSERV.EXE
    SALM.EXE
    DESKADKEEP.EXE


    Find and delete the following files or folders hilighted in RED:

    C:\PROGRAM FILES\DESKAD SERVICE
    C:\TEMP\SALM.EXE

    Run HijackThis and fix the following entries:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s/search?r=minisearch

    R3 - URLSearchHook: (no name) - _{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file)

    O2 - BHO: IEHelper Class - {CBB0A6A0-8430-11D4-814D-0050047090B1} - C:\PROGRA~1\SURFSA~1\SURFSA~1.DLL (file missing)

    O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\PROGRAM FILES\JUNO6\QSACC\X1IEBHO.DLL (file missing)

    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM220.DLL (file missing)

    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\SYSTEM\MSBE.DLL

    O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~2\SEARCH~1.DLL

    O4 - HKLM\..\Run: [DeskAd Service] C:\PROGRAM FILES\DESKAD SERVICE\DESKADSERV.EXE

    O4 - HKLM\..\Run: [salm] c:\temp\salm.exe


    Restart your computer and post a fresh HijackThis log back on this thread.
     
  7. Kara9080

    Kara9080 Thread Starter

    Joined:
    Jan 31, 2005
    Messages:
    91
    Here is my new log file. How does it look?

    Logfile of HijackThis v1.99.0
    Scan saved at 9:36:11 PM, on 2/1/05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\ISAFE.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\LVCOMS.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\WINDOWS\SYSTEM\E_S0HIC1.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\YAHOO!\BROWSER\YBRWICON.EXE
    C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMON32.EXE
    C:\PROGRAM FILES\2WIRE\2PORTALMON.EXE
    C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETMSG.EXE
    C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\CAVTRAY.EXE
    C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\CAVRID.EXE
    C:\WINDOWS\RunDLL.exe
    C:\PROGRAM FILES\OLYMPUS\CAMEDIA MASTER 4.1\CM_CAMERA.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\PROGRAM FILES\TECH-PRO UTILITIES\STARTUP\TPMENU.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
    C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=2c00&s=consumer&LC=0409
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?id=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c00&s=searchbar&LC=0409
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.altavista.com"); (C:\Program Files\Netscape\Users\default\prefs.js)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\SYSTEM\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O5 "LPT1:" /M "Stylus C82"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\SYSTEM\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMon32.exe"
    O4 - HKLM\..\Run: [2wSysTray] C:\PROGRAM FILES\2WIRE\2PORTALMON.EXE
    O4 - HKLM\..\Run: [VetAlert] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETMSG.EXE
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [lmnop] C:\WINDOWS\lmnop.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
    O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\SYSTEM\E_S0HIC1.EXE /A "C:\WINDOWS\SYSTEM\E_S52D4.TMP"
    O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\hcm.exe" -w
    O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Tech-Pro Menu.lnk = C:\Program Files\Tech-Pro Utilities\Startup\tpmenu.exe
    O8 - Extra context menu item: Display All Images with Full Quality - res://C:\PROGRAM FILES\JUNO6\QSACC\appres.dll/228
    O8 - Extra context menu item: Display Image with Full Quality - res://C:\PROGRAM FILES\JUNO6\QSACC\appres.dll/227
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=2c00&LC=0409 (file missing)
    O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avbabelfish&c=2c00&LC=0409 (file missing)
    O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=2c00&LC=0409 (file missing)
    O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avlinksearch&c=2c00&LC=0409 (file missing)
    O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=2c00&LC=0409 (file missing)
    O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/redirectors/presario/srchredir.dll?s=avhostsearch&c=2c00&LC=0409 (file missing)
    O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
    O9 - Extra 'Tools' menuitem: AV Home - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)
    O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
    O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
    O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
    O9 - Extra button: Compaq.net - {E19D474D-B5FD-11D2-AE0E-00C04FAEA83F} - C:\PROGRA~1\ONLINE~1\MSN50\OCX\MSNFORIE.DLL (HKCU)
    O12 - Plugin for .wav: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npaudio.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {17490F14-B6E6-11D2-8E5C-0000F87A4946} (MSN Communities Upload Control) - http://content.communities.msn.com/cs/msnupld.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {351CF0CE-B05A-11D2-ABD9-00104B685417} (PWImageControl Class) - http://ebay.sj.ipixmedia.com/code//PWActiveXImgCtl.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4404/mcfscan.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicUnlimited/ie/bridge-c8.cab
     
  8. crushbone

    crushbone

    Joined:
    Aug 5, 2004
    Messages:
    1,137
    Run HijackThis and fix the following entries:

    O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/...&c=2c00&LC=0409 (file missing)

    O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/...&c=2c00&LC=0409 (file missing)

    O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/...&c=2c00&LC=0409 (file missing)

    O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/...&c=2c00&LC=0409 (file missing)

    O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/...&c=2c00&LC=0409 (file missing)

    O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presario.net/scripts/...&c=2c00&LC=0409 (file missing)

    O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)

    O9 - Extra 'Tools' menuitem: AV Home - {06FE5D04-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/home (file missing)

    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/M...e/bridge-c8.cab


    Restart your computer and post a fresh HijackThis log back on this thread.
     
  9. Kara9080

    Kara9080 Thread Starter

    Joined:
    Jan 31, 2005
    Messages:
    91
    Crushbone - thank you for helping me. Are you just a volunteer?
    Is TSG really supported by donations from Paypal?

    Here is my current log file:

    Logfile of HijackThis v1.99.0
    Scan saved at 6:17:45 PM, on 2/6/05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\ISAFE.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\LVCOMS.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
    C:\PROGRAM FILES\YAHOO!\BROWSER\YBRWICON.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMON32.EXE
    C:\PROGRAM FILES\2WIRE\2PORTALMON.EXE
    C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETMSG.EXE
    C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\CAVTRAY.EXE
    C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\CAVRID.EXE
    C:\WINDOWS\MSBB.EXE
    C:\WINDOWS\RunDLL.exe
    C:\WINDOWS\SYSTEM\E_S0HIC1.EXE
    C:\PROGRAM FILES\OLYMPUS\CAMEDIA MASTER 4.1\CM_CAMERA.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\PROGRAM FILES\TECH-PRO UTILITIES\STARTUP\TPMENU.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=2c00&s=consumer&LC=0409
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?id=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c00&s=searchbar&LC=0409
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.altavista.com"); (C:\Program Files\Netscape\Users\default\prefs.js)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\SYSTEM\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O5 "LPT1:" /M "Stylus C82"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\SYSTEM\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMon32.exe"
    O4 - HKLM\..\Run: [2wSysTray] C:\PROGRAM FILES\2WIRE\2PORTALMON.EXE
    O4 - HKLM\..\Run: [VetAlert] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETMSG.EXE
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [lmnop] C:\WINDOWS\lmnop.exe
    O4 - HKLM\..\Run: [msbb] c:\windows\msbb.exe
    O4 - HKLM\..\Run: [efwxat] C:\WINDOWS\efwxat.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
    O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\SYSTEM\E_S0HIC1.EXE /A "C:\WINDOWS\SYSTEM\E_S52D4.TMP"
    O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\hcm.exe" -w
    O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Tech-Pro Menu.lnk = C:\Program Files\Tech-Pro Utilities\Startup\tpmenu.exe
    O8 - Extra context menu item: Display All Images with Full Quality - res://C:\PROGRAM FILES\JUNO6\QSACC\appres.dll/228
    O8 - Extra context menu item: Display Image with Full Quality - res://C:\PROGRAM FILES\JUNO6\QSACC\appres.dll/227
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
    O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
    O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
    O9 - Extra button: Compaq.net - {E19D474D-B5FD-11D2-AE0E-00C04FAEA83F} - C:\PROGRA~1\ONLINE~1\MSN50\OCX\MSNFORIE.DLL (HKCU)
    O12 - Plugin for .wav: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npaudio.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {17490F14-B6E6-11D2-8E5C-0000F87A4946} (MSN Communities Upload Control) - http://content.communities.msn.com/cs/msnupld.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {351CF0CE-B05A-11D2-ABD9-00104B685417} (PWImageControl Class) - http://ebay.sj.ipixmedia.com/code//PWActiveXImgCtl.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4404/mcfscan.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
     
  10. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Print this and boot to safe mode
    Fix these with HJT

    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

    O4 - HKLM\..\Run: [lmnop] C:\WINDOWS\lmnop.exe

    O4 - HKLM\..\Run: [msbb] c:\windows\msbb.exe

    O4 - HKLM\..\Run: [efwxat] C:\WINDOWS\efwxat.exe

    O9 - Extra button: Compaq.net - {E19D474D-B5FD-11D2-AE0E-00C04FAEA83F} - C:\PROGRA~1\ONLINE~1\MSN50\OCX\MSNFORIE.DLL (HKCU)


    View Hidden Files
    Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
    Make sure that "Show hidden files and folders" is checked.
    Also uncheck "Hide protected operating system files".
    Now click "Apply to all folders", Click "Apply" then "OK"

    Delete these files

    C:\WINDOWS\p_981116.exe /Q:A
    C:\WINDOWS\lmnop.exe
    c:\windows\msbb.exe
    C:\WINDOWS\efwxat.exe

    START – RUN – key in %temp% - Edit – Select all – File – Delete
    Empty the recycle bin
    Boot and post a new log
     
  11. Kara9080

    Kara9080 Thread Starter

    Joined:
    Jan 31, 2005
    Messages:
    91
    MFB - I did everything you asked, except, erm, my printer is broken so I had to write down everything you said. In the process of doing so, I forgot to boot up in safe mode... When I tried to reboot after I did everything, it locked up. I turned it off and rebooted and it came up safe mode by itself. I then rebooted again, and this time everything seemed to be okay.

    I ran HJT and here is my newest log:

    Logfile of HijackThis v1.99.0
    Scan saved at 7:48:05 PM, on 2/6/05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\ISAFE.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\LVCOMS.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SYSTEM\QTTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\YAHOO!\BROWSER\YBRWICON.EXE
    C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMON32.EXE
    C:\PROGRAM FILES\2WIRE\2PORTALMON.EXE
    C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETMSG.EXE
    C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\CAVTRAY.EXE
    C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\CAVRID.EXE
    C:\WINDOWS\RunDLL.exe
    C:\WINDOWS\SYSTEM\E_S0HIC1.EXE
    C:\PROGRAM FILES\OLYMPUS\CAMEDIA MASTER 4.1\CM_CAMERA.EXE
    C:\WINDOWS\SYSTEM\LEXBCES.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\PROGRAM FILES\TECH-PRO UTILITIES\STARTUP\TPMENU.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=2c00&s=consumer&LC=0409
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?id=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c00&s=searchbar&LC=0409
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.altavista.com"); (C:\Program Files\Netscape\Users\default\prefs.js)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
    O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\SYSTEM\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O5 "LPT1:" /M "Stylus C82"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
    O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\SYSTEM\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMon32.exe"
    O4 - HKLM\..\Run: [2wSysTray] C:\PROGRAM FILES\2WIRE\2PORTALMON.EXE
    O4 - HKLM\..\Run: [VetAlert] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETMSG.EXE
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
    O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\SYSTEM\E_S0HIC1.EXE /A "C:\WINDOWS\SYSTEM\E_S52D4.TMP"
    O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\hcm.exe" -w
    O4 - Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Tech-Pro Menu.lnk = C:\Program Files\Tech-Pro Utilities\Startup\tpmenu.exe
    O8 - Extra context menu item: Display All Images with Full Quality - res://C:\PROGRAM FILES\JUNO6\QSACC\appres.dll/228
    O8 - Extra context menu item: Display Image with Full Quality - res://C:\PROGRAM FILES\JUNO6\QSACC\appres.dll/227
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
    O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
    O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
    O12 - Plugin for .wav: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npaudio.dll
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {17490F14-B6E6-11D2-8E5C-0000F87A4946} (MSN Communities Upload Control) - http://content.communities.msn.com/cs/msnupld.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
    O16 - DPF: {351CF0CE-B05A-11D2-ABD9-00104B685417} (PWImageControl Class) - http://ebay.sj.ipixmedia.com/code//PWActiveXImgCtl.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4404/mcfscan.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
     
  12. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Think u did it!
     
  13. crushbone

    crushbone

    Joined:
    Aug 5, 2004
    Messages:
    1,137
    Good, your log is clean. (y)
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/325438

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice