Posts by PhilliePhan

Dear PP and Gerbil, Many thanks for all your help. I am sorry that I have replied only now. This is because I am also coping with the demolition last week of my conservatory and all the dining furniture in it by a stolen vehicle, i.e. getting quotes, seeing surveyors etc.

That has to be a real hassle!

No worries on our side - we forum veterans are used to sporadic replies and realize that "real life" always takes precedence...
The only time that they are problematic is when a poster is doing all sorts of "fixes" on their own in between those replies - that just serves to confuse us.

I followed your advice, Gerbil, and Backed up half, and then half again, re-booting each time. Actually as an Operations Research Scientist I ought to have remembered that this is one of the standard procedures in Search Theory. However, somehow or other the problem disappeared and did not re-appear even when I got down to the last '04' entry and so I cannot pinpoint what was causing 'Common' to show at start-up. I am grateful indeed to you both.

That is indeed odd, given that all we did was remove a bunch of registry keys and then put them back just as they were.... Oh, well - sometimes it is better not to question the how or why and just keep our fingers crossed that the change sticks ;)

However, another problem is current as well …

Thanks for your reply.
My only problem I have now is I have my old inbox, drafts, sent items and deleted items folders under the Personal Folder at the top. I can't delete them through the GUI but I hope I can find where they reside and then I'll try to zap them there.

Happy to help :)

I don't know if you can delete those without causing problems, but you could probably drill down and give it a try.
On my XP box, they are here:
C:\Documents and Settings\UserName\Local Settings\Application Data\Identities\- long string of numbers - \Microsoft\Outlook Express

Cheers,
PP

I was just looking for a way to hopefully combine my clones into one and clean out the duplicates etc.. . . . . I am sure you will probably agree that a clean recovery is the best and easiest way to go - it just takes forever to update everything!

Yeah - definitely the easiest and most effective course of action!

And, perhaps most importantly, a clean install won't have you pulling out your hair and threatening your machine at sledgehammerpoint..... Is that a word? Like gunpoint? ;)

Cheers :)
PP

Any other thoughts short of installing Outlook on my old machine and then doing an upgrade, then copying the new Contacts file over to my new machine?

Sorry, I didn't think about two computers. You'd think there'd be an easy way to do this, but it is M$ after all . . .

Perhaps you could use a flash drive or cd to transfer to new compy. Similar to this:
http://www.ehow.com/how_6002724_do-outlook-express-windows-mail_.html

You could probably export to .csv and put that on pen drive and go from there.....

Cheers :)
PP

Oh, a small point which may save you some time. The quickest way to pinpoint using PP's O4 entry restoration is to restore half of them, then depending upon the result you either restore half the remaining or remove half the originals, and so on.

Agreed - much quicker than my method.

-- I am curious as to which 04 is causing the issue. I only looked at the HP entries that pointed to Program Files rather than Startup..... Well, I guess we'll see soon enough.

PP:)

Resetting IE solved both of the problems described. Thanks.

You're welcome. :)

I just don't see in Outlooks Import tool a place where it asks for a .wab or a .pab file. Am I missing something?

Have you looked at this?

http://support.microsoft.com/kb/286116

How to drag address information to Outlook
It is possible to drag individual or groups of Windows Address Book entries to Outlook. To do this, follow these steps:

1. On the Start menu, point to Find, and then click Files And Folders.
2. In the Open box, type .wab, and then click OK.
3. Double-click the Windows Address Book file from which you want to move addresses.
4. Start Outlook if it is not already running.
5. Resize Outlook so that the Windows Address Book and Outlook are visible next to each other on the screen. Verify that the Outlook Contacts folder is visible in the resized Outlook window.
6. Select an entry from the Windows Address Book. Drag it to the Contacts folder. A new Outlook Contact form is created with the information from the Windows Address Book entry. Click Save and close.

PP:)

Reply to PP: Many thanks. This has solved the problem. I note that it has also deleted everything from the system tray except the Lan status.

Actually, that really hasn't "solved" anything - rather, we have confirmed that one of those keys that we removed is indeed the culprit.
Now, we need to restore all the working ones so you get their functionality back while we pinpoint the bad one and deal with it accordingly....

However, my current problem with the C:/Program Files/Common appearing at start-up was occasioned by installing drivers for the HP 6100 All-in-one and may be connected with the fact that I still have the HP 5500 installed as a back-up printer. Who knows? Certainly HP are not interested.

Yup - I think you are onto something there - that is probably the cause....

Now, let's pinpoint the problem:

-- Run HijackThis and click Open the Misc Tools section.
-- Where it says Configuration, click the Backups button.
You'll see the items you "fixed" with HJT.
You'll need to select them and Restore them by clicking the Restore button. You will also need to Reboot after each restoration to see when the problem returns.
You can do this one by one or in small groups of two or three. Obviously the small groups would be less tedious since you need to reboot each time.

When the problem returns, you can use HJT to "Fix" (remove) the …

@nocindy - I split you off into your own thread.

What issues are you having with your compy?

PP:)

In cases such as this, 90% of the time it is a bad registry value that is responsible.

-- Did you try uninstalling and re-installing the printer?

At this point, we can resort to some "trial and error." Some would use msconfig - after all, that's what it is there for - but you can also use HijackThis.

Run HijackThis and do a System Scan Only
-- Place a check in the box for each of the 04 entries and click "Fix Checked."
Reboot and let us know if the common folder opens at startup.

Also, do a fresh HijackThis scan after rebooting and save the log and post it for us so we can verify it was done correctly and we'll go from there.

PP:)

I tried SeaTools, and the drive failed the short test(self diagnostic).

Sorry to hear that!

I agree with gerbil that drive cannot be reliable - probably better to recycle.
Especially given the prices for much larger drives are so low these days...

PP:)

Ah... that is because PP's fixit worked for you - it ws scripted to remove those entries from registry, and so they no longer appear in hijackthis.

Actually, it was very poorly scripted by me. I wasn't paying close enough attention when returning the keys with a slight modification. That didn't take.

-- What it does tell us, though, is that since those keys were deleted and the problem still occurred, they were not the culprit......

Let's return those deleted keys so that you don't lose their functionality:
Please download the attached RestoreIt.zip.
-- RightClick it and extract RestoreIt.reg to the Desktop.
-- DoubleClick on RestoreIt.reg.reg and allow it to merge into the registry.

-- Hey Gerbil, what are you onto? What am I missing?

PP:)

I'd done BartPE to CD before, but not USB. I'll check that out. Thanks!

You're welcome :)

Hopefully you can find some more up to date info.

I had looked at BartPE as a tool to help people who were badly infected with malware, but it was way too complicated for forum use. An Ubuntu Live CD is far easier to work with (or, rather, easier for the average user to create).

Best Luck to you - let us know if you get it to work!

Cheers
PP

Many thanks. However, when I re-booted, 'Common' still popped up.

OK - well this is not proving to be as simple as it should be.

A few things we can try:

1 - Move HijackThis.exe to C:\Program Files\HijackThis.
You will need to create the C:\Program Files\HijackThis folder and then place the HJT executable in there.

-- Run HJT and do a System scan only.
-- Check the boxes for the following:

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

Then, click "FIX Checked."

Reboot and see if the problem remains. Let me know how you fare. Bear in mind that you will lose the functionality of these keys and will have to manually update, etc... At the very least, doing this will rule them in or out as the culprit.

If that fails, you can also try uninstalling and then re-installing the printer, though, since the problem seems to be with the HP software, doing this may not help.

Cheers :)
PP

....... I do hope 'smartfart' returns with the howto suggested above. Understanding the large effort required, let me be the first to say 'THANK YOU' in advance! Thank you.

Hi Tom,

You ought to be able to find a number of guides to do this floating on the web....

Here's an old one I came across while experimenting with BartPE some time ago:
http://articles.techrepublic.com.com/5100-22_11-5928902.html

I never tried it, so not sure whether it works.

Cheers :)
PP

In addition to Gerbil's suggestion, you might want to try SeaTools.

Seagate has a good walkthrough:
http://www.seagate.com/staticfiles/support/seatools/user%20guides/SeaTools_for_Windows.EN.pdf

Best Luck :)
PP

many thanks. I received your post today. MM

Happy to try to help.

Let's give this a go:

Please download the attached FixIt.zip.
-- RightClick it and extract FixIt.reg to the Desktop.
-- DoubleClick on FixIt.reg and allow it to merge into the registry.

Reboot and see if the "common" folder opens at startup.

Let me know how things went and if you encountered any problems along the way.

Best Luck :)
PP

I'm trying to help a friend with a problem.. . . .
You may assume that full AV scans have turned up nothing. Thanks.

I haven't used IE in years, so probably can't be much help. Just wanted to pass along a couple helpful links:

http://support.microsoft.com/kb/318378

http://support.microsoft.com/kb/923737 --> This may be best to start with

http://windows.microsoft.com/en-US/windows-vista/Reset-Internet-Explorer-7-settings

See if you are able to reset IE and then see if the issues continue. Bear in mind that the problem may not lie in IE - this ought to help point you in the right direction.

Best Luck :)
PP

Many thanks indeed. Here is the log:

Well . . .at quick glance, that looks OK.
There is definitely a borked or poorly formatted HP registry key in play here and we need to track it down.

-- Please download the attached peek.zip and extract peek.bat toi the Desktop.
-- Doubleclick peek.bat to run it. A log will pop up - please save that and copy&paste the peek.txt for me and we'll see if we can sort this out.

Cheers :)
PP

thanks again

Happy to help :)

-- Go ahead and download a fresh copy of combofix and give it another run and let's see what it finds.

-- Definitely look into SandBoxIE. He's got a great tutorial on site + plus it is easy to use. Install will put a shortcut on your desktop to "run browser sandboxed." Have them use that.....

PP:)

I have the same problem and none of the above solutions cured it. The 'Common' folder contains drivers for the HP 6110 printer. Moggie moonshin 5th. Nov

Please download and run HijackThis v2.0.4 - You can put it on your desktop. Normally, it shouldn't go there, but for our purposes that will work just fine.

-- Select the option to Do a system scan and save the logfile and then post that log for me.

Cheers :)
PP

Next time this stuff happens the kids will get the boot! Maybe someone could teach me how to know if someone is going to porn sites on my computer, I am gone often and there is someone that has access to this computer, often alone. I find that the cookies and temp files are deleted all the time.... other than that is there a way?

In all honesty, the best thing that you can do is lay down the law to whomever is using the machine.
There is site-blocking software as well as spyware tools to tell you who is surfing what sites, but I don't recommend them. There are ways to get around them + the ones that report "after the fact" are only good for assigning blame for the infected machine.

Best thing you can do is to threaten to take away access to the computer....

-- Or, learn to use a tool such as SandBoxIE and then teach them how to use it to run their browser "sandboxed" and how to clear the sandbox after use.
The SandBoxIE site has a good tutorial - check it out.

-- Also, make sure to install a good AV / Firewall / Anti-malware solution. I like the Kaspersky Suite, but there are also many decent free options as well.

Gave the combofix a quick look - looks OK. How are things running?
I am going to leave …

I hope this is what you have asked me for. Sorry it took so long but I have been busier than usual.. . .

Yeah - I'm in the same boat. Had to pick up extra work to just scape by these days....

-- Definitely, if you've got a user visiting questionable sites, make them stop!

Anyhoo, just saw your post. AVZ logs are incomplete, but no worries. Let's go ahead with the following now:

Locate the copy of Combofix if it is still on your machine and DELETE it.

Then follow the instructions in the link below to download a fresh copy of Combofix and run it:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please follow the instructions in the linky very carefully to run it and then post the combofix log for me.
Be sure to install Recovery Console (if you are able to do so) and disable any other security programs or Anti-Virus programs as per the linky before running Combofix!

THEN:
Please download JavaRa.zip to your Desktop and Extract it to its own folder.

-- Make sure ALL browsers are CLOSED.
-- DoubleClick on JavaRa.exe to run it and then select your language of choice.
-- Click Remove Older Versions.
-- Follow the prompts and a log will pop up. You can post this if you wish - I really don't need it, though.
-- Then, please go …

OK - Let's go in this direction:

You can print out the bit for AVP Tool if need be.

-- See if you are able to run the GMER scans from the Read Me linky. If so, post those logs for me.

-- Also, I'd like to see the DDS Attach log

-- Please Download Kaspersky's AVP Tool

-- Save AVP Tool to your Desktop.
-- Please boot to Safe Mode (tap F8 at reboot - Do Not use msconfig!)

Once in Safe Mode:
-- DoubleClick the AVP Tool setup file to run it.
Follow the prompts and it should install to your Desktop Folder
-- If you get a prompt for scanning in Safe Mode, click OK.
-- AVP Tool will open.
-- Click the Manual Disinfection Tab
-- Click the Gathering system information Button and let it run
-- When it finishes, click the link “Open folder” to access the folder where the report is saved.

Please save the log and post it for me with the others.

THEN:
Please select the Automatic Scan Tab
Be sure the following boxes are checked:
• System Memory
• Startup Objects
• Disk Boot Sectors.
• My Computer.
• All other drives

-- Please click the Scan Button.
AVP Tool should Neutralize any objects it finds. If some …

Is this what you wanted? I am in and out too.

Yes - That's the one.

Nothing really jumps out at me from the scanlog.
The thing is, it looks as though you have done a lot already. I see combofix has been run around a week ago - that will get a lot of the most recent baddies.

I'd really need to see the combofix log to get a handle on what you have been battling in order to advise you further.

-- Did you run combofix on your own or did you use a service such as LogMeIn Rescue Service?

-- Also, I don't see any Anti-Virus program. Did you remove one?

-- What about CyberDefender AntiSpyware 2010? Did you install that? I seem to recall a Rogue by that name a few years ago.

Let me know what symptoms you are still experiencing (other than issues with MBAM) as well as the above and we can try another tack - Without knowing what has already been removed, it's tough to deal with the collateral damage left behind.

Cheers :)
PP

i have the same problem and i pretty much know ABSOLUTLY FOR A FACT that it is
C:\WINDOWS\system32\svchost.exe
because that is the only odd one out that i have!
i have tried multiple times to delete it but it says that it cannot be deleted!

Say what now?

C:\WINDOWS\system32\svchost.exe is quite legit and NOT a baddie. There is a reason you cannot delete it.

Now, malware will disguise itself as scvhost.exe. Usually misspelling (scvhost / svchosts / etc..) the .exe or placing it in a different directory.

But what you listed is legit and needed for Windows to operate properly.

Cheers :)
PP

EDIT: Hey crunchie - didn't see you there while on phone and watching the World Series... LOL!

I did. Scan log = access denied.
What next?

Hey JJ,

What problems/symptoms are you having?

-- The viewing of hidden files is not really that necessary unless you are doing manual removal of baddies. Not a good idea if one is inexperienced. Especially if you are poking around the registry.......

-- Are you able to run DDS as per the linky?
http://www.daniweb.com/forums/thread134865.html

Try DDS and post that for me. Let me know if there is a problem.

I am not around much these days due to work, but I generally check in a couple times a day.

Cheers :)
PP

please let me know what I can delete without causing problems. my machine is running slow and I run ESET security and have run spybot but am sure there are other grimlins in my machine

Most BHOs and 04 startups can be removed without problem.

-- Have you run MBAM as per the "Read Me First" linky? Give that a go and post the log.

Also, and oldie but goodie ---> http://miekiemoes.blogspot.com/2008/02/help-my-computer-is-slow.html

Cheers :)
PP

Malwarebytes will not update and it seems clear that this step was important. I asked them for help and got some instructions about going to some hidden files but the tab for "show hidden files is not available. . . .

Are you able to run Malwarebytes' Anti-malware?
If you just recently downloaded it, please go ahead and run it and post the scanlog and we'll have a look.

Cheers :)
PP

Any ideas on what is causing this?

It is hard to say.

Could be a legit .dll that's now borked, but I'll wager it's a malware .dll that has been removed, but the corresponding registry key is still there to call it on startup.
You can probably fix this most easily with HijackThis - just "Fix" that startup entry.

However, I recommend running MBAM and posting that log plus DDS as per the linky below:

http://www.daniweb.com/forums/thread134865.html

Cheers :)
PP

here's my mbam log:

Great - looks like it got quite a bit.

We still need to see the other scanlogs to see what remains to be dealt with.

I will try to check back as time permits over the weekend.

Cheers :)
PP

Would really appreciate if you guys could help me out with this.

Hey Niklas,

Run the steps in the linky below and post the logs and we'll see what's left after MBAM has done its thing:

http://www.daniweb.com/forums/thread134865.html

Cheers :)
PP

can anyone pls help me out with the AAA logo creator serial passkey...or sugest where i can download he keygen.tnx

This is not the site for that - Sorry.

We get enough idiots infecting their machines this way as it is.....

Thread closed :)

Your help is gratefully appreciated! Let me know if there is anything else I can describe or another log file I can post. I put a new HijackThis log at the end as well.

Hi drfinkelstein,

Given the multiple rootkits showing in the logs, I would recommend wiping the HD and reinstalling Windows.

It is possible to have a go at cleaning the machine, but you will never really be able to "trust" it again. Especially if you do a lot of online buying / selling / banking etc...

If it were my machine, I'd wipe it. But where's the fun in that, right? If you'd like to try to clean it, let me know and we'll go from there....

Cheers :)
PP

Do you want to see the current log from MBAM that didn't find anything?
Thanks as always.

Happy to help.

No need to see the clean log.
Don't really see much in the other logs outside of some minor updating ( Adobe / Java / etc...).

If the machine is still giving you trouble, go ahead with the combofix and we'll go from there.

Cheers :)
PP

PP please let me know what you think. I am running a second MBAM now and I will post that new scan when completed.

Hey Scott - took a quick cursory look and don't see much, but that is par for the course these days. Not a lot seems to show up.

-- Make sure the new MBAM is from Normal Windows boot.

I'll have a peek and try to get back to you over the weekend.
If, in the meantime, you feel like firing up a run of combofix (since I imagine you are on good terms with it by now), you could do that and post the log for me.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

PP:)

should i perform a full scan, or quick scan with Microsoft Malicious Software Removal Tool?

Don't worry about that one - I'd like to see the GMER logs and DDS.

PP:)

i have also performed a MBAM security check and saved the log.

Please post your MBAM log. Also, please follow the linky below and post the requested scanlogs (including a fresh MBAM with updated database):

http://www.daniweb.com/forums/thread134865.html

With any luck, I or another volunteer will be able to assist you further as time permits.

Cheers :)
PP

Can any one help me?

Please follow the steps in the linky below and post the requested scanlogs.

http://www.daniweb.com/forums/thread134865.html

I will try to check back as time permits.

Cheers :)
PP

At it backs it up first.

So long as you make sure to back it up - better safe than sorry.

-- You really should have ONE AV app. I was not counting SAS - only the two you mentioned:
McAfee and Avast!
There is a high potential for conflicts, slowdowns and loss of effectiveness with more than one resident AV.

Cheers :)
PP

think there is a registry value making it open on startup and changing the settings again! Can someone give me some suggestions of where to find it? Sorry I'm a bit of a noob with the registry...

I agree with rch1231 - Run MBAM and see what shakes out
-- Also, you really should not be running multiple AV apps. Remove one.

If you want to search the registry for for those known file names, try Bill James' or Bobbi Flekman's Registry Search tools:

http://www.billsway.com/vbspage/
http://www.xs4all.nl/~fstaal01/regsearch-us.html

Cheers :)
PP

I do not use IE, never do. Firefox is my go-to browser.

Try this:
-- Download the attached FixIt.zip and Extract FixIt.bat from the Zip to your Desktop.
-- DoubleClick on FixIt.bat to run it.

Then, retry with MBAM and post the results.

Best Luck :)
PP

At the very least, the concept of keeping third party applications updated should be mentioned as it is a critical preventative security measure.

That is indeed a good idea.

Unfortunately, those threads are quite old (especially in "malware prevention years") and in need of complete reworking.

I've been meaning to update or replace them, but just don't have the time these days.

Thanks for the suggestion.

PP :)

same site as mentioned, but my default fundamental settings are chinese or somthing, a lot of other basic things are chinese. i need help changing it, i had a hard time reading the instructions, luckily i read the instructions beforehand on the site carefully like said. LOL

That is bizarre.

Let's first remove Combofix and the files/folders it created:

• Click Start > Run
• Type or Copy&Paste ComboFix /Uninstall into the Run box. (Be sure there is a space between the x and the / if you type it)
• Click OK

-- Did you check in Control Panel > Language&Region Options? Maybe you can change it there?

I will be away much of the weekend - will try to check back as time permits. Judy may be around to offer a suggestion or two....

Cheers :)
PP

Part of my job is cleaning viruses and malware off of customers systems.. . .

MBAM is most effective when run in Normal Windows Boot. We only recommend Safe Mode when Normal Boot is not an option.

Please follow Biker920's link and post those scanlogs for us.

Please bear in mind that, with this being a holiday weekend in the US, responses may be delayed.

Cheers :)
PP

A HP pavilion dv9000 laptop running vista home premium is the culprit, it has behaved in a rather eccentric manner almost from day one, though I suspect vista to be the cause rather than the machine.
I keep tinkering down to an absolute minimum as an ardent believer in the "If it aint broke..." rule, and also due to a lack of expertise. It actually gave pretty good service right until the warranty ran out when the optical drive promptly failed. I have no axe to grind with hp, just telling it like it is,keep all my important stuff on old Dell running XP as it proved to be more stable.

Still, probably a good idea to invest in a backup hard drive. Perhaps an external drive might fit the bill the best?

I, too, subscribe to the "if it ain't broke" principle . . . . But, it is wise to be prepared for the worst. Especially when you are getting plenty of warning signals of impending doom.....

Cheers :)
PP

So I'm wondering if I just take a copy of my MSOE.dll and put it in his windows folder if that would work?

Should I start a new thread or keep this one going? Thanks...

I split this off into a new topic for you.

Go ahead and copy the .dll and see if that helps. Also, re-register it, while you are at it.

Let us know how that shakes out.

Cheers :)
PP

it started when i downloaded a cracked keygen and it looked suspicious but i let my guard down and downloaded it anyways because i had just downloaded a keygen for photoshop cs5 and it worked with no problems..... any help would be greatly appreciated. thank you for taking your time to help me. Kenny G

Hi Kenny,

It sounds to me like you have been bitten by one of the newer TDSS Rootkit variants.

In cases such as yours, we generally recommend that you contact the support staff of the site you download your cracks and keygens from for removal assistance.
Our volunteers tend not to get involved with these cases.

Best Luck :)
PP

TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
00:54:22:625 0784 Results:
00:54:22:625 0784 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
00:54:22:625 0784 File objects infected / cured / cured on reboot: 1 / 0 / 1

Great - That should have helped.

In this case, I'd like to go with another step as well:
If you already have Combofix on your machine, DELETE it.

Then follow the instructions in the link below to download a fresh copy of Combofix and run it:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please follow the instructions in the linky very carefully to run it and then post the combofix log for us.
Be sure to install Recovery Console (if you are able to do so) and disable any other security programs or Anti-Virus programs as per the linky before running Combofix!

Cheers :)
PP

i keep finding "(random letters)tssd.exe" in my task manager and i close them. . . . .

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-06-21 21:36:27
Windows 5.1.2600 Service Pack 2
Running: nxg6jws3.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\kflyyfog.sys

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Sorry for the delay and runaround - we have very few regular volunteers these days.

I suggest getting right to business:

Please download TDSSKiller.zip and Extract TDSSKiller.exe from the ZIP to your Desktop.
-- Click START > RUN and type or Copy&Paste the following command into the Run Box and hit ENTER.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\LogIt.txt -v

Let the tool run. If you get a Hidden service detected message, DO NOT take any action. Just press ENTER and allow the tool to continue.

Likewise, TDSSKiller may tell you a Reboot is necessary for the cure to take effect. Press “Y” or Enter when prompted to do so.

Once it finishes, please post the C:\LogIt.txt for us. Let's see if the MSRT missed anything....

Cheers :)
PP