1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

CiD popups

Discussion in 'Malware and Virus Removal Archive' started by aussiejohn, 2007/10/30.

  1. 2007/10/30
    aussiejohn

    aussiejohn Well-Known Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    293
    Likes Received:
    1
    My daughter has a laptop and I believe these pop ups come from Messenger Plus. She keeps getting popups from a site named CiD.
    The popup blocker is activated, I have updated and run Spybot Search and Destroy, Spyblaster and also a program called Trojan Remover all to no avail, any body got any ideas how to stop them?
     
    aussiejohn,
    #1
  2. 2007/10/30
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi aussiejohn

    Please download and install HijackThis and create a log, then a Deckard's System Scanner main.txt log and post them both here. Links and instructions here.

    Thanks
    Geri
     
    Geri,
    #2


  3. to hide this advert.

  4. 2007/10/30
    aussiejohn

    aussiejohn Well-Known Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    293
    Likes Received:
    1
    Hello Geri, here is the file for the HiJackthis...
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:34:29 AM, on 31/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    D:\GENIUS~1\GNETMOUS.EXE
    C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe
    C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [mouseElf] D:\GENIUS~1\GNETMOUS.EXE
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe "
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe "
    O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45 "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [Loud Idol Setup Grid] C:\Documents and Settings\All Users\Application Data\4 Curb Loud Idol\SUPPORT SETTINGS.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKCU\..\Run: [book ante] C:\DOCUME~1\Nicole\APPLIC~1\ELSEPL~1\AXISNEW.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?9e767b294718481f83177001c428e537
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?9e767b294718481f83177001c428e537
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{28084540-8625-4512-9D87-FF269DF48027}: NameServer = 210.80.58.34,210.80.58.42
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
    O23 - Service: iPod Service - Apple Inc. - D:\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe

    --
    End of file - 9949 bytes

    Now the DSS scan.....
    Deckard's System Scanner v20071014.68
    Run by Nicole on 2007-10-31 11:40:56
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    23: 2007-10-31 00:41:02 UTC - RP334 - Deckard's System Scanner Restore Point
    22: 2007-10-29 09:20:55 UTC - RP333 - System Checkpoint
    21: 2007-10-28 03:42:35 UTC - RP332 - System Checkpoint
    20: 2007-10-24 11:10:35 UTC - RP331 - System Checkpoint
    19: 2007-10-23 10:24:54 UTC - RP330 - System Checkpoint


    -- First Restore Point --
    1: 2007-09-27 09:05:14 UTC - RP312 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.

    Percentage of Memory in Use: 81% (more than 75%).
    Total Physical Memory: 447 MiB (512 MiB recommended).


    -- HijackThis (run as Nicole.exe) ----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:42:57 AM, on 31/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    D:\GENIUS~1\GNETMOUS.EXE
    C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe
    C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Nicole\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Nicole.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [mouseElf] D:\GENIUS~1\GNETMOUS.EXE
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe "
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe "
    O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45 "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [Loud Idol Setup Grid] C:\Documents and Settings\All Users\Application Data\4 Curb Loud Idol\SUPPORT SETTINGS.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKCU\..\Run: [book ante] C:\DOCUME~1\Nicole\APPLIC~1\ELSEPL~1\AXISNEW.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?9e767b294718481f83177001c428e537
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?9e767b294718481f83177001c428e537
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{28084540-8625-4512-9D87-FF269DF48027}: NameServer = 210.80.58.34,210.80.58.42
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
    O23 - Service: iPod Service - Apple Inc. - D:\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe

    --
    End of file - 10068 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
    R1 VETFDDNT (VET Floppy Boot Sector Monitor) - c:\windows\system32\drivers\vetfddnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
    R1 VET-FILT (VET File System Filter) - c:\windows\system32\drivers\vet-filt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
    R1 VETMONNT (VET File Monitor) - c:\windows\system32\drivers\vetmonnt.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
    R1 VET-REC (VET File System Recognizer) - c:\windows\system32\drivers\vet-rec.sys <Not Verified; Computer Associates International, Inc.; Computer Associates Antivirus>
    R2 osaio - c:\windows\system32\drivers\osaio.sys <Not Verified; Windows (R) 2000 DDK provider; OSA I/O Port Driver Version 1.0.5>
    R2 osanbm - c:\windows\system32\drivers\osanbm.sys <Not Verified; Windows (R) 2000 DDK provider; OSA int15 Driver Version 2.0.2>
    R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >

    S2 cnmpar21 (Canon BJ Port Driver Cnmpar21) - c:\bjprinter\cnmwindows\canon s200sp installer\inst\cnmpar21.sys (file missing)


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 anbmService (Notebook Manager Service) - c:\acer\emanager\anbmserv.exe <Not Verified; OSA Technologies Inc.; Acer eManager for Notebook>
    R2 O&O Defrag - c:\windows\system32\oodag.exe <Not Verified; O&O Software GmbH; O&O Defrag>


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Scheduled Tasks -------------------------------------------------------------

    2007-10-31 08:00:06 268 --ah----- C:\WINDOWS\Tasks\AE61C4F59196756D.job
    2007-10-31 07:12:08 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
    2007-10-11 06:41:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


    -- Files created between 2007-09-30 and 2007-10-31 -----------------------------

    2007-10-31 11:34:03 0 d-------- C:\Program Files\Trend Micro
    2007-10-31 11:30:02 396288 --a------ C:\HijackThis.exe <Not Verified; Trend Micro Inc.; HijackThis>
    2007-10-30 09:48:33 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-30 09:47:36 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
    2007-10-30 09:47:36 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll
    2007-10-30 09:47:36 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
    2007-10-30 09:47:36 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll
    2007-10-30 09:47:36 75264 --a------ C:\WINDOWS\system32\unacev2.dll
    2007-10-30 09:47:34 0 d-------- C:\Documents and Settings\Nicole\Application Data\Simply Super Software
    2007-10-30 09:47:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
    2007-10-19 12:18:35 0 d-------- C:\Program Files\XoftSpySE
    2007-10-08 20:52:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
    2007-10-08 16:34:47 0 d-------- C:\Program Files\Else plus


    -- Find3M Report ---------------------------------------------------------------

    2007-10-02 17:50:32 2492 --a------ C:\Documents and Settings\Nicole\Application Data\ViewerApp.dat


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp "= "Alaunch" []
    "SoundMan "= "SOUNDMAN.EXE" [18/06/2004 04:31 PM C:\WINDOWS\SOUNDMAN.EXE]
    "AGRSMMSG "= "AGRSMMSG.exe" [07/06/2004 10:15 AM C:\WINDOWS\AGRSMMSG.exe]
    "LtMoh "= "C:\Program Files\ltmoh\Ltmoh.exe" [19/03/2003 12:39 AM]
    "SynTPLpr "= "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [07/05/2004 10:49 AM]
    "SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [07/05/2004 10:49 AM]
    "RemoteControl "= "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [21/10/2003 11:52 AM]
    "IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 05:00 AM]
    "MSPY2002 "= "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [04/08/2004 05:00 AM]
    "PHIME2002ASync "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 05:00 AM]
    "PHIME2002A "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 05:00 AM]
    "ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [15/05/2004 09:10 PM]
    "LManager "= "C:\PROGRA~1\LAUNCH~1\LManager.exe" [03/09/2004 11:12 AM]
    "mouseElf "= "D:\GENIUS~1\GNETMOUS.EXE" [13/05/2003 10:41 AM]
    "CaAvTray "= "C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe" [03/10/2005 06:54 PM]
    "CAVRID "= "C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe" [03/10/2005 06:54 PM]
    "EPSON Stylus C45 Series "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.exe" [14/01/2004 05:00 AM]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [27/04/2007 09:41 AM]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [27/04/2007 11:25 AM]
    "Loud Idol Setup Grid "= "C:\Documents and Settings\All Users\Application Data\4 Curb Loud Idol\SUPPORT SETTINGS.exe" [31/10/2007 11:27 AM]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "book ante "= "C:\DOCUME~1\Nicole\APPLIC~1\ELSEPL~1\AXISNEW.exe" [08/10/2007 04:34 PM]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:00 AM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 9:05:56 PM]
    Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [30/05/2006 9:32:55 PM]
    Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [30/05/2006 9:32:59 PM]


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bd6d913-76ef-11d9-a9b1-806d6172696f}]
    AutoRun\command- D:\setupSNK.exe




    -- Hosts -----------------------------------------------------------------------

    127.0.0.1 bin.errorprotector.com ## added by CiD
    127.0.0.1 br.errorsafe.com ## added by CiD
    127.0.0.1 br.winantivirus.com ## added by CiD
    127.0.0.1 br.winfixer.com ## added by CiD
    127.0.0.1 de.errorsafe.com ## added by CiD
    127.0.0.1 de.winantivirus.com ## added by CiD
    127.0.0.1 download.cdn.winsoftware.com ## added by CiD
    127.0.0.1 download.errorsafe.com ## added by CiD
    127.0.0.1 download.systemdoctor.com ## added by CiD
    127.0.0.1 download.winantispyware.com ## added by CiD

    60 more entries in hosts file.


    -- End of Deckard's System Scanner: finished at 2007-10-31 11:44:14 ------------
     
    aussiejohn,
    #3
  5. 2007/10/30
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi aussiejohn
    OK Looks like a LOP infection.

    Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

    book ante
    MessengerPlus3
    Window Search
    Window Searching
    Lop.com
    LOP SEARCH
    Browser Enhancer
    Ultimate Browser Enhancer

    Please note any other programs that you dont recognize in that list and post them in your next response


    Please Download NoLop to your desktop from one of the links below...
    Link 1
    Link 2
    Link 3
    • First close any other programs you have running as this will require a reboot
    • Double click NoLop.exe to run it
    • Now click the button labelled "Search and Destroy "
      <<your computer will now be scanned for infected files>>
    • When scanning is finished you will be prompted to reboot only if infected, Click OK
    • Now click the "REBOOT" Button.
    • A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log
    --If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.

    Please post a new HJT log and a new dss log.

    Thanks
    Geri
     
    Geri,
    #4
  6. 2007/10/30
    aussiejohn

    aussiejohn Well-Known Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    293
    Likes Received:
    1
    Hello Geri, here are the log results from C:\NoLop.log.....

    NoLop! Log by Skate_Punk_21

    Please Note: any existing old logs will have now been renamed to NoLop!OLD.log

    Fix running from: C:\Documents and Settings\Nicole\Desktop
    [31/10/2007]
    [2:13:23 PM]

    ---Infection Files Found/Removed---
    NO INFECTION FILES FOUND - Cleaning Aborted.

    ---Listing AppData sub directories---

    C:\Documents and Settings\Default User\Application Data\Microsoft
    C:\Documents and Settings\Default User\Application Data\Identities
    C:\Documents and Settings\All Users\Application Data\Microsoft
    C:\Documents and Settings\All Users\Application Data\Adobe
    C:\Documents and Settings\All Users\Application Data\Cyberlink
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    C:\Documents and Settings\All Users\Application Data\Apple Computer
    C:\Documents and Settings\All Users\Application Data\Quicktime
    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    C:\Documents and Settings\All Users\Application Data\Udl
    C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
    C:\Documents and Settings\All Users\Application Data\Move Networks
    C:\Documents and Settings\All Users\Application Data\Ca
    C:\Documents and Settings\All Users\Application Data\4 Curb Loud Idol -- EMPTY Directory
    C:\Documents and Settings\All Users\Application Data\Size Rdr Grid 4 -- EMPTY Directory
    C:\Documents and Settings\All Users\Application Data\Yahoo!
    C:\Documents and Settings\All Users\Application Data\Simply Super Software
    C:\Documents and Settings\All Users\Application Data\Temp
    C:\Documents and Settings\Networkservice\Application Data\Microsoft
    C:\Documents and Settings\Localservice\Application Data\Microsoft
    C:\Documents and Settings\Nicole\Application Data\Identities
    C:\Documents and Settings\Nicole\Application Data\Microsoft
    C:\Documents and Settings\Nicole\Application Data\Macromedia
    C:\Documents and Settings\Nicole\Application Data\Cyberlink
    C:\Documents and Settings\Nicole\Application Data\Msninstaller
    C:\Documents and Settings\Nicole\Application Data\Microsoft Web Folders -- EMPTY Directory
    C:\Documents and Settings\Nicole\Application Data\Adobe
    C:\Documents and Settings\Nicole\Application Data\Adobeum -- EMPTY Directory
    C:\Documents and Settings\Nicole\Application Data\Icq
    C:\Documents and Settings\Nicole\Application Data\Help -- EMPTY Directory
    C:\Documents and Settings\Nicole\Application Data\Apple Computer
    C:\Documents and Settings\Nicole\Application Data\Sun
    C:\Documents and Settings\Nicole\Application Data\Simply Super Software

    Now Hijackthis....
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:27:19 PM, on 31/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    D:\GENIUS~1\GNETMOUS.EXE
    C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe
    C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    D:\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [mouseElf] D:\GENIUS~1\GNETMOUS.EXE
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe "
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe "
    O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45 "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?9e767b294718481f83177001c428e537
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?9e767b294718481f83177001c428e537
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{28084540-8625-4512-9D87-FF269DF48027}: NameServer = 210.80.58.34,210.80.58.42
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
    O23 - Service: iPod Service - Apple Inc. - D:\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe

    --
    End of file - 9676 bytes

    Now dss.....

    Deckard's System Scanner v20071014.68
    Run by Nicole on 2007-10-31 14:23:17
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    Total Physical Memory: 447 MiB (512 MiB recommended).


    -- HijackThis (run as Nicole.exe) ----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:23:34 PM, on 31/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    D:\GENIUS~1\GNETMOUS.EXE
    C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe
    C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    D:\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Nicole\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Nicole.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [mouseElf] D:\GENIUS~1\GNETMOUS.EXE
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe "
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe "
    O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45 "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?9e767b294718481f83177001c428e537
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?9e767b294718481f83177001c428e537
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{28084540-8625-4512-9D87-FF269DF48027}: NameServer = 210.80.58.34,210.80.58.42
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
    O23 - Service: iPod Service - Apple Inc. - D:\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe

    --
    End of file - 9756 bytes

    -- Files created between 2007-09-30 and 2007-10-31 -----------------------------

    2007-10-31 14:08:01 212 --a------ C:\delete.bat
    2007-10-31 11:34:03 0 d-------- C:\Program Files\Trend Micro
    2007-10-31 11:30:02 396288 --a------ C:\HijackThis.exe <Not Verified; Trend Micro Inc.; HijackThis>
    2007-10-30 09:48:33 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-30 09:47:36 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
    2007-10-30 09:47:36 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll
    2007-10-30 09:47:36 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
    2007-10-30 09:47:36 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll
    2007-10-30 09:47:36 75264 --a------ C:\WINDOWS\system32\unacev2.dll
    2007-10-30 09:47:34 0 d-------- C:\Documents and Settings\Nicole\Application Data\Simply Super Software
    2007-10-30 09:47:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
    2007-10-19 12:18:35 0 d-------- C:\Program Files\XoftSpySE
    2007-10-08 20:52:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!


    -- Find3M Report ---------------------------------------------------------------

    2007-10-02 17:50:32 2492 --a------ C:\Documents and Settings\Nicole\Application Data\ViewerApp.dat


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp "= "Alaunch" []
    "SoundMan "= "SOUNDMAN.EXE" [18/06/2004 04:31 PM C:\WINDOWS\SOUNDMAN.EXE]
    "AGRSMMSG "= "AGRSMMSG.exe" [07/06/2004 10:15 AM C:\WINDOWS\AGRSMMSG.exe]
    "LtMoh "= "C:\Program Files\ltmoh\Ltmoh.exe" [19/03/2003 12:39 AM]
    "SynTPLpr "= "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [07/05/2004 10:49 AM]
    "SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [07/05/2004 10:49 AM]
    "RemoteControl "= "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [21/10/2003 11:52 AM]
    "IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04/08/2004 05:00 AM]
    "MSPY2002 "= "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [04/08/2004 05:00 AM]
    "PHIME2002ASync "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 05:00 AM]
    "PHIME2002A "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 05:00 AM]
    "ATIPTA "= "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [15/05/2004 09:10 PM]
    "LManager "= "C:\PROGRA~1\LAUNCH~1\LManager.exe" [03/09/2004 11:12 AM]
    "mouseElf "= "D:\GENIUS~1\GNETMOUS.EXE" [13/05/2003 10:41 AM]
    "CaAvTray "= "C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe" [03/10/2005 06:54 PM]
    "CAVRID "= "C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe" [03/10/2005 06:54 PM]
    "EPSON Stylus C45 Series "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.exe" [14/01/2004 05:00 AM]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [27/04/2007 09:41 AM]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [27/04/2007 11:25 AM]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11 AM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:00 AM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 9:05:56 PM]
    Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [30/05/2006 9:32:55 PM]
    Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [30/05/2006 9:32:59 PM]


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bd6d913-76ef-11d9-a9b1-806d6172696f}]
    AutoRun\command- D:\setupSNK.exe




    -- End of Deckard's System Scanner: finished at 2007-10-31 14:24:31 ------------
     
    aussiejohn,
    #5
  7. 2007/10/31
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi aussiejohn

    Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    Now close all windows other than HiJackThis, then click Fix Checked.

    Close HJT.

    Reboot your computer.

    Please post a new HJT log.

    Let me know if the pop-ups have stopped.

    Thanks
    Geri
     
    Geri,
    #6
  8. 2007/10/31
    aussiejohn

    aussiejohn Well-Known Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    293
    Likes Received:
    1
    Hi Geri, carried out your instructions, I have had IE running for a couple of hours so far, tried numerous web pages, and thus far no pop ups have appeared, it looks like that has fixed it, he is the HJT log after it was all done, Thanks, John

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:23:35 PM, on 1/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    D:\GENIUS~1\GNETMOUS.EXE
    C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe
    C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    D:\iPod\bin\iPodService.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [mouseElf] D:\GENIUS~1\GNETMOUS.EXE
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe "
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe "
    O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45 "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?9e767b294718481f83177001c428e537
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?9e767b294718481f83177001c428e537
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{28084540-8625-4512-9D87-FF269DF48027}: NameServer = 210.80.58.34,210.80.58.42
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
    O23 - Service: iPod Service - Apple Inc. - D:\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe

    --
    End of file - 9324 bytes
     
    aussiejohn,
    #7
  9. 2007/10/31
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi John
    OK Good to hear. The HJT log looks clean.

    You can delete any tools you were asked to download and the files/folders or logs they created, There will be newer versions if ever needed again any way.

    These tools
    NoLop.exe
    dss.exe

    These files/folders.
    C:\NoLop.log
    C:\Deckard

    Empty your recycle bin or download this program, it's a good one to have.

    Download ATF Cleaner by Atribune and save it to your Desktop.
    This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
    Double click ATF-Cleaner.exe to run the program.
    Check the boxes to the left of:

    Windows Temp
    Current User Temp
    All Users Temp
    Temporary Internet Files
    Prefetch
    Java Cache
    Recycle bin

    The rest are optional - if you want it to remove everything check "Select All ".
    Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

    This would also be a good time to set a new system restore point for your machine.
    Set New System Restore Point Windows XP. - Set New System Restore Point Windows Vista
    Do not do this unless there are no other user accounts to be diagnosed.

    If there are any other user accounts on this machine, they too, must be cleaned with AdAware and Spybot S&D. Not all infections are global, nor are all fixes global.
    Log onto that user account, Run HJT and save log, post each user account here into this thread, but please, do only one at a time to avoid confusion. Please let us know that it is a different account.


    Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Spyware and Virus Removal Forms.
    http://www.windowsbbs.com/showthread.php?t=67958


    Let me know that things are OK and I will mark this thread resolved.

    Surf Safely
    Geri
     
    Geri,
    #8

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...