In Progress "Explorer.exe Error" CMD Window Opening During Start-Up

Mdmonster101

Thread Starter
Joined
Sep 13, 2020
Messages
8
Hi, I'm of urge of support here I'm afraid my PC has been ratted or it has a trojan virus on it! When the computer boots up an error message pops up for "Explorer.exe" and CMD prompts open and close several times. My PC has also been at its all time low with running smoothly. If ANYBODY could help me resolve this issue either with an answer or a TeamViewer or something to help me fix this problem!

Tech Support Guy System Info Utility version 1.0.0.9
OS Version: Microsoft Windows 10 Home, 64 bit, Build 18363, Installed 19691231200000.000000-240
Processor: Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz, Intel64 Family 6 Model 158 Stepping 9, CPU Count: 8
Total Physical RAM: 12 GB
Graphics Card: Intel(R) HD Graphics 630, 1024 MB
Hard Drives: C: 914 GB (32 GB Free);
Motherboard: Dell Inc. 07KY25, ver A00, s/n /JM0ZKH2/CN7016373E01GM/
System: Dell Inc., ver DELL - 1072009, s/n JM0ZKH2
Antivirus: Windows Defender, Enabled and Updated
 

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
667
Hi and welcome to the Tech Support Guy. :)

I am DR M and I will be assisting you with your computer's issues. I am still in training and my fixes have to be approved by my instructor, so there may be a slight delay in my replies. Look at it as a good thing though, since you will have two people looking at your problem.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before act! Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Please, copy all the content of the required logs and paste it inside your post. Do not attach any log or other file, unless directed otherwise.

4. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs. I will be with you, as far as I can.

========================================

Let's start work.

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please copy and paste the content of these two logs in your next reply (or attach/upload).
 

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
667
Hi, Mdmonster101.

I'm currently reviewing your logs.

I will be back to you as soon as I can.
 

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
667
Hi, mdmonster101.

My comments/instructions regarding your logs:

1. Security tab for files

Did you intentionally removed the Security tab from file properties?
Code:
HKU\S-1-5-21-3147712138-149798194-388908004-1001\...\Policies\Explorer: [NoSecurityTab] 1
2. Uninstall outdated Java

Third Party software programs have long been targets for malware creators. It has been stated that "Adobe’s Reader and Flash and all versions of Java are together responsible for a total of 66 percent of the vulnerabilities in Windows systems exploited by malware. It's important to keep everything updated. Uninstall the outdated Java and if you need it, you can install the latest version from here later.
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following program on the list:
Code:
Java 8 Update 161
  • Select the above program and click Uninstall.
  • Restart the computer.

3. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system


  • Please select the entire contents of the code box below, from the "Start::" line to "End", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
Code:
Start::
CreateRestorePoint:
CloseProcesses:
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
HKU\S-1-5-21-3147712138-149798194-388908004-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_bjiqs279bdfhjvqgikmoqs1f_19_48_ssg00&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyDyEtCtAyBzytDtD0D0CyD0AyEzyyC0BtN0D0Tzu0StBzzzzyCtN1L2XzuyEtFyDyBtFtDtFyByDtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2StA0CyC0EyEzzyEyCtGyC0DtB0DtGyDyB0EyCtGtBtBtBzztGtDyB0CyDtAzz0FyD0F0C0D0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzzyEzytByCzzzztGyCyDyEtAtGyEyByEyEtGzztA1S1StG1P1TtCtD1QyCyBtC1OyC1StB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyByEyBzytCyByEtC%26cr%3D871257817%26a%3Dwsg_bjiqs279bdfhjvqgikmoqs1f_19_48_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
SearchScopes: HKU\S-1-5-21-3147712138-149798194-388908004-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_bjiqs279bdfhjvqgikmoqs1f_19_48_ssg00&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyDyEtCtAyBzytDtD0D0CyD0AyEzyyC0BtN0D0Tzu0StBzzzzyCtN1L2XzuyEtFyDyBtFtDtFyByDtN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2StA0CyC0EyEzzyEyCtGyC0DtB0DtGyDyB0EyCtGtBtBtBzztGtDyB0CyDtAzz0FyD0F0C0D0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzzyEzytByCzzzztGyCyDyEtAtGyEyByEyEtGzztA1S1StG1P1TtCtD1QyCyBtC1OyC1StB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyByEyBzytCyByEtC%26cr%3D871257817%26a%3Dwsg_bjiqs279bdfhjvqgikmoqs1f_19_48_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
FirewallRules: [{A6A34031-791C-4C36-8656-E93579D399C4}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe => No File
FirewallRules: [UDP Query User{21F22F6A-7DC0-4B32-8841-D1521195C7A9}C:\users\owner\downloads\ozln.exe] => (Allow) C:\users\owner\downloads\ozln.exe => No File
FirewallRules: [TCP Query User{2F2AA696-5BD2-427C-89D2-B504BD40A0EA}C:\users\owner\downloads\ozln.exe] => (Allow) C:\users\owner\downloads\ozln.exe => No File
FirewallRules: [UDP Query User{A4A184F7-C4CE-4354-A935-996B856A58EE}C:\users\owner\appdata\local\temp\rar$exa25756.1406\gophish.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa25756.1406\gophish.exe => No File
FirewallRules: [TCP Query User{3FEA4EC4-F16C-40BD-A0DA-E1DBEF78B109}C:\users\owner\appdata\local\temp\rar$exa25756.1406\gophish.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa25756.1406\gophish.exe => No File
FirewallRules: [{865C6F28-C4E9-4DFE-BE00-70BF0F0BE058}] => (Allow) C:\Users\Owner\AppData\Local\Chromium\Application\chrome.exe => No File
FirewallRules: [{4B4C7052-C9AF-4DB4-BDA7-B9E1CD370969}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe => No File
FirewallRules: [{3EDAE42B-77F6-41C9-B04D-1AD63B707367}] => (Allow) C:\Program Files (x86)\Nox\bin\Nox.exe => No File
FirewallRules: [UDP Query User{22E951DC-BEDA-4DA8-B664-5B89E8271FE0}C:\program files\rainmeter\rainmeter.exe] => (Allow) C:\program files\rainmeter\rainmeter.exe => No File
FirewallRules: [TCP Query User{909933BD-42E5-4AC0-B152-B2019540D2BE}C:\program files\rainmeter\rainmeter.exe] => (Allow) C:\program files\rainmeter\rainmeter.exe => No File
FirewallRules: [UDP Query User{CDDD1032-1429-4020-BBC4-03DAE0C9BD7D}C:\program files\rainmeter\rainmeter.exe] => (Allow) C:\program files\rainmeter\rainmeter.exe => No File
FirewallRules: [TCP Query User{AA229DB3-F394-4D74-A455-E2865ED57937}C:\program files\rainmeter\rainmeter.exe] => (Allow) C:\program files\rainmeter\rainmeter.exe => No File
FirewallRules: [{A898F1AC-B300-45A1-9B81-D308CC58D320}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{350A7202-6315-4726-AF68-BA5135A48ADF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{684A8D0A-BD3F-4B33-8DCB-CA6BBD6A6EC5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{4A87B232-66AA-4D18-88CD-55F7DAD36163}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{8EA059F6-B760-4016-A430-4432DDEE8112}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{50CFC787-1876-4548-BCD6-A8054CB36CE7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{65197CE3-E566-4B1D-89F7-3D9D0E0A6C29}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{032F19CB-1E0E-4A67-8D51-F50129C1E626}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\Spotify.exe => No File
FirewallRules: [{0CC3CBAF-815D-4CD8-A168-2241A84203BD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe => No File
FirewallRules: [{1D94679D-27F0-4261-AAA2-55ED1C4EBCC1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.257.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe => No File
FirewallRules: [TCP Query User{44289F1E-527D-4834-9BA4-EC7B01118D4D}C:\program files\windowsapps\arduinollc.arduinoide_1.8.39.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe] => (Allow) C:\program files\windowsapps\arduinollc.arduinoide_1.8.39.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe => No File
FirewallRules: [UDP Query User{FD52D15A-3CE3-4C95-AB13-F4E10BF4C7F0}C:\program files\windowsapps\arduinollc.arduinoide_1.8.39.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe] => (Allow) C:\program files\windowsapps\arduinollc.arduinoide_1.8.39.0_x86__mdqgnx93n4wtt\java\bin\javaw.exe => No File
FirewallRules: [TCP Query User{65C757AC-8F6D-48E3-BE68-05CE9CCFAEB2}C:\users\owner\downloads\t6rmp.exe] => (Allow) C:\users\owner\downloads\t6rmp.exe => No File
FirewallRules: [UDP Query User{EBC7C18C-515E-4B76-A060-E452DE075D0A}C:\users\owner\downloads\t6rmp.exe] => (Allow) C:\users\owner\downloads\t6rmp.exe => No File
FirewallRules: [TCP Query User{13EF5470-8BAB-4B03-B7C6-D7207A15833C}C:\program files (x86)\ubisoft\ubisoft game launcher\games\hyper scape\hyperscape.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\hyper scape\hyperscape.exe => No File
FirewallRules: [UDP Query User{5222703B-3860-4FD2-B825-1C3B5CE1076A}C:\program files (x86)\ubisoft\ubisoft game launcher\games\hyper scape\hyperscape.exe] => (Allow) C:\program files (x86)\ubisoft\ubisoft game launcher\games\hyper scape\hyperscape.exe => No File
FirewallRules: [TCP Query User{5305CD16-3929-4087-BCE6-940412BD8A63}C:\users\owner\appdata\local\temp\rar$exa8780.20222\server\winfusion.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa8780.20222\server\winfusion.exe => No File
FirewallRules: [UDP Query User{7A92A368-A9DE-4D14-B7A0-192EA681EA42}C:\users\owner\appdata\local\temp\rar$exa8780.20222\server\winfusion.exe] => (Allow) C:\users\owner\appdata\local\temp\rar$exa8780.20222\server\winfusion.exe => No File
FirewallRules: [TCP Query User{232F5FBF-9335-4F92-97D7-E3ADC910B7A2}D:\w9kggiwuk9.exe] => (Allow) D:\w9kggiwuk9.exe => No File
FirewallRules: [UDP Query User{6A963F0A-13E4-46D2-A67B-B54C28B2F15E}D:\w9kggiwuk9.exe] => (Allow) D:\w9kggiwuk9.exe => No File
FirewallRules: [TCP Query User{0755866B-587E-4101-AB60-A56E3645D16B}D:\sharefactory\anydesk.exe] => (Allow) D:\sharefactory\anydesk.exe => No File
FirewallRules: [UDP Query User{E2A60277-126D-4B40-B00A-FE809FE34FD4}D:\sharefactory\anydesk.exe] => (Allow) D:\sharefactory\anydesk.exe => No File
FirewallRules: [TCP Query User{CAE267DB-9632-41EC-A13B-3DAB092F6198}D:\$limeusb\sharefactory\anydesk.exe] => (Block) D:\$limeusb\sharefactory\anydesk.exe => No File
FirewallRules: [UDP Query User{FEF6A068-F10B-4622-939C-3EFC6EBE0EDE}D:\$limeusb\sharefactory\anydesk.exe] => (Block) D:\$limeusb\sharefactory\anydesk.exe => No File
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3147712138-149798194-388908004-1001\...\CurrentVersion\Windows: [Load] C:\Users\Owner\AppData\Local\Runtime Broker\Runtime Broker.exe <==== ATTENTION
HKU\S-1-5-21-3147712138-149798194-388908004-1001\...\Run: [Runtime Broker] => C:\Users\Owner\AppData\Local\Runtime Broker\Runtime Broker.ex
HKU\S-1-5-21-3147712138-149798194-388908004-1001\...\Run: [Explorer Services.exe] => C:\Users\Owner\AppData\Local\Temp\Explorer Services.exe [9844224 2020-09-08] (Microsoft® Windows® Operating System) [File not signed] <==== ATTENTION
HKU\S-1-5-21-3147712138-149798194-388908004-1001\...\Run: [Services.exe] => C:\Users\Owner\AppData\Local\Temp\Services.exe [6874624 2020-09-12] (bsnyxebwoivciu utvawjmeevkfuirwy) [File not signed] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [bhoagceacaklimpcejjofabngcjkebfg]
CHR HKLM\...\Chrome\Extension: [nccfgpamboionigdpfjmijhlgmgdbael]
CHR HKU\S-1-5-21-3147712138-149798194-388908004-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bhoagceacaklimpcejjofabngcjkebfg]
CHR HKU\S-1-5-21-3147712138-149798194-388908004-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nccfgpamboionigdpfjmijhlgmgdbael]
CHR HKLM-x32\...\Chrome\Extension: [bhoagceacaklimpcejjofabngcjkebfg]
CHR HKLM-x32\...\Chrome\Extension: [hncafdhkllgldnimopgfkgnlcijmonah]
CHR HKLM-x32\...\Chrome\Extension: [nccfgpamboionigdpfjmijhlgmgdbael]
C:\Users\Owner\AppData\Local\Temp\Explorer Services.exe
C:\Users\Owner\AppData\Local\Temp\Services.exe
C:\Users\Owner\AppData\Local\Runtime Broker\Runtime Broker.exe
C:\Users\Owner\AppData\Local\Runtime Broker\Runtime Broker.ex
C:\Program Files\BlueStacks\HD-Player.exe
C:\users\owner\downloads\ozln.exe
C:\Users\Owner\AppData\Local\Chromium
C:\program files\rainmeter
C:\Program Files (x86)\Bignox
C:\Program Files (x86)\Nox
C:\users\owner\downloads\t6rmp.exe
C:\Users\Owner\AppData\Roaming\cmd.exe
HKU\S-1-5-21-3147712138-149798194-388908004-1001\...\Run: [cmd.exe] => C:\Users\Owner\AppData\Roaming\cmd.exe [ ]
EmptyTemp:
End::
  • Please right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Please post the log in your next reply.
 

Mdmonster101

Thread Starter
Joined
Sep 13, 2020
Messages
8
Here’s the problem I can’t run the FRST64 fix because after clicking fix it blue screens my pc, I didn’t remove any security tab on my computer and lastly I did uninstall the java 8 update 161
 

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
667
Hi, Mdmonster101.

How long after clicking fix blue screen appears? Is it possible to see the error code you get?

Let's try run the fix from Safe mode.

1. Restart with Safe mode
  • Press the Windows icon on the keyboard together with the letter I, to get into the Settings.
  • Choose Update and Security.
  • From the menu at the left, choose Recovery.
  • Under the title Advanced startup at the right, choose Restart now.
  • From the window that will appear choose Troubleshoot and then Advanced options.
  • Choose Startup Settings and then Restart.
  • Press number 5, for choosing Safe mode with networking.
  • You will know that you are in Safe mode, if the background is black and Safe mode is written at the four corners of the screen.

2. Run the FRST fix again, as instructed here.
 

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
667
Hi, Mdmonster101.

1. Run Malwarebytes (Scan mode)
  • Download Malwarebytes and save it to your Desktop.
  • Once downloaded, close all programs and Windows on your computer.
  • Double-click on the icon on your desktop named MBSetup.exe. This will start the installation of MBAM onto your computer.
  • Follow the instructions to install the program.
  • When finished, double click the program's icon created on your Desktop.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
  1. Under the title Scan Options, all the options are checked.
  2. Under the title Windows Security Center (Premium only) is unchecked.
  3. Under the title Potentially unwanted items are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.
  • If threads are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

2. Run AdwCleaner (Scan mode)

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

In your next reply, please make sure to post:
  1. The MBAM report
  2. AdwCleaner[S0*].txt
 

Mdmonster101

Thread Starter
Joined
Sep 13, 2020
Messages
8
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/18/20
Scan Time: 9:34 AM
Log File: 9fa2e624-f9b3-11ea-8f47-484d7eccb27b.json

-Software Information-
Version: 4.2.1.89
Components Version: 1.0.1045
Update Package Version: 1.0.30031
License: Trial

-System Information-
OS: Windows 10 (Build 18362.1016)
CPU: x64
File System: NTFS
User: DESKTOP-1CA2V6Q\Owner

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 415801
Threats Detected: 33
Threats Quarantined: 0
Time Elapsed: 35 min, 24 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 1
Backdoor.AsyncRAT.MSIL.Generic, C:\USERS\OWNER\APPDATA\ROAMING\IEXPLORE.EXE, No Action By User, 10663, 819512, , , , , A7C62E0D973E4DA8AC55DC0B31626142, 5A4DC34F20E7DE5FA5FD17B7FE851138FE2FF4E6CBE71999AAA71E6763DC8F53

Module: 1
Backdoor.AsyncRAT.MSIL.Generic, C:\USERS\OWNER\APPDATA\ROAMING\IEXPLORE.EXE, No Action By User, 10663, 819512, , , , , A7C62E0D973E4DA8AC55DC0B31626142, 5A4DC34F20E7DE5FA5FD17B7FE851138FE2FF4E6CBE71999AAA71E6763DC8F53

Registry Key: 12
Trojan.BitCoinMiner.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{571035F9-E5C4-4C4A-BECD-34BFE1124F75}, No Action By User, 3778, 698506, 1.0.30031, , ame, , ,
PUP.Optional.WinTonic, HKLM\SOFTWARE\cGN0b25pY3MuY29t, No Action By User, 756, 491485, 1.0.30031, , ame, , ,
PUP.Optional.Segurazo, HKLM\SOFTWARE\SegOption, No Action By User, 5364, 757809, 1.0.30031, , ame, , ,
Backdoor.AsyncRAT.MSIL.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IEXPLORE.EXE, No Action By User, 10663, 819512, , , , , ,
Backdoor.AsyncRAT.MSIL.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IEXPLORE.EXE, No Action By User, 10663, 819512, , , , , ,
Backdoor.AsyncRAT.MSIL.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\iexplore, No Action By User, 10663, 819512, , , , , ,
Backdoor.AsyncRAT.MSIL.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{30688F3A-EF33-450F-9D22-8E9351AC4122}, No Action By User, 10663, 819512, , , , , ,
Backdoor.AsyncRAT.MSIL.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{30688F3A-EF33-450F-9D22-8E9351AC4122}, No Action By User, 10663, 819512, , , , , ,
PUP.Optional.Segurazo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SegurazoSvc, No Action By User, 5364, 713771, 1.0.30031, , ame, , ,
Trojan.BitCoinMiner.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{571035F9-E5C4-4C4A-BECD-34BFE1124F75}, No Action By User, 3778, 698505, , , , , ,
Trojan.BitCoinMiner.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\MICROSOFT\WINDOWS\GOOGLE\GoogleUpdateTaskMachineVW, No Action By User, 3778, 698505, 1.0.30031, , ame, , ,
PUP.Optional.WinTonic, HKLM\SOFTWARE\WTC-PR, No Action By User, 756, 491484, 1.0.30031, , ame, , ,

Registry Value: 2
Trojan.BitCoinMiner.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{571035F9-E5C4-4C4A-BECD-34BFE1124F75}|PATH, No Action By User, 3778, 698506, 1.0.30031, , ame, , ,
PUP.Optional.WinTonic, HKLM\SOFTWARE\WTC-PR|AFFILIATEID, No Action By User, 756, 491484, 1.0.30031, , ame, , ,

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 17
Backdoor.AsyncRAT.MSIL.Generic, C:\WINDOWS\SYSTEM32\TASKS\iexplore, No Action By User, 10663, 819512, , , , , D949B04E6D0F7ECB67F7767414E5DF62, E1E188BCDD178D59AFBFA6603DF59C7C3BF504C4A876A06E5E6BE787DBC585E3
Backdoor.AsyncRAT.MSIL.Generic, C:\USERS\OWNER\APPDATA\ROAMING\IEXPLORE.EXE, No Action By User, 10663, 819512, 1.0.30031, 671A3D4859DC979A07E54B59, dds, 00902175, A7C62E0D973E4DA8AC55DC0B31626142, 5A4DC34F20E7DE5FA5FD17B7FE851138FE2FF4E6CBE71999AAA71E6763DC8F53
Trojan.BitCoinMiner.Generic, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\GOOGLE\GOOGLEUPDATETASKMACHINEVW, No Action By User, 3778, 698505, , , , , DA80DAECA77E52C704C1DBD47D9B17A5, 1D411078C21F5BAC5B5108DDB2359614C0EFE2B7F7A7F1255CB2CB476EA160BD
Trojan.BitCoinMiner, C:\PROGRAMDATA\BHPSHNRUQB\WEBHELPER.EXE, No Action By User, 926, 832152, 1.0.30031, BC00548D01AE349819828063, dds, 00902175, 8B216DB56340FF5FD1EB2A5CD32E110A, 4445E669492265829F5A4978ED8705795997B85CFB057AA3EDF1DF18274C14A8
Malware.AI.4255894695, C:\USERS\OWNER\APPDATA\LOCAL\TEMP\AWMSXS.EXE, No Action By User, 1000000, 0, 1.0.30031, 55212984190D8DD1FDABCCA7, dds, 00902175, 61BA1B61A89A9FEFB7B65F31A5C1F51D, ACBE9333F0D9B7A81A3FEA6440285FF081D6ACA703E6DEC64DC02A05E493EECD
Generic.Malware/Suspicious, C:\USERS\OWNER\APPDATA\LOCAL\TEMP\NVYTDJ.EXE, No Action By User, 0, 392686, 1.0.30031, , shuriken, , 9EC44A0D0D47D05E537D157EEA6E499E, 5D858CA6D29FF768C69C437C538488209B382BD54F375A52DC467DE132961B05
Malware.Heuristic.1003, C:\USERS\OWNER\APPDATA\LOCAL\TEMP\DQONXL.EXE, No Action By User, 1000001, 0, 1.0.30031, 0000000000000000000003EB, dds, 00902175, C9425EF22A7BE7B37471582AB9695474, 2BCBBE03ABBE85651BA96061745E630DE7926968132457BF2CA9B32032ECAD9E
Trojan.BitCoinMiner, C:\USERS\OWNER\APPDATA\LOCAL\TEMP\KPHBMG.EXE, No Action By User, 926, 832152, 1.0.30031, BC00548D01AE349819828063, dds, 00902175, 8B216DB56340FF5FD1EB2A5CD32E110A, 4445E669492265829F5A4978ED8705795997B85CFB057AA3EDF1DF18274C14A8
Malware.Heuristic.1003, C:\USERS\OWNER\APPDATA\LOCAL\TEMP\DOEIGQ.EXE, No Action By User, 1000001, 0, 1.0.30031, 0000000000000000000003EB, dds, 00902175, C9425EF22A7BE7B37471582AB9695474, 2BCBBE03ABBE85651BA96061745E630DE7926968132457BF2CA9B32032ECAD9E
Malware.Heuristic.1003, C:\USERS\OWNER\APPDATA\LOCAL\TEMP\NVOWXL.EXE, No Action By User, 1000001, 0, 1.0.30031, 0000000000000000000003EB, dds, 00902175, C9425EF22A7BE7B37471582AB9695474, 2BCBBE03ABBE85651BA96061745E630DE7926968132457BF2CA9B32032ECAD9E
Malware.Heuristic.1003, C:\USERS\OWNER\APPDATA\LOCAL\TEMP\SSOETN.EXE, No Action By User, 1000001, 0, 1.0.30031, 0000000000000000000003EB, dds, 00902175, C9425EF22A7BE7B37471582AB9695474, 2BCBBE03ABBE85651BA96061745E630DE7926968132457BF2CA9B32032ECAD9E
Malware.Heuristic.1003, C:\USERS\OWNER\APPDATA\LOCAL\TEMP\HYNITW.EXE, No Action By User, 1000001, 0, 1.0.30031, 0000000000000000000003EB, dds, 00902175, C9425EF22A7BE7B37471582AB9695474, 2BCBBE03ABBE85651BA96061745E630DE7926968132457BF2CA9B32032ECAD9E
Generic.Malware/Suspicious, C:\USERS\OWNER\APPDATA\LOCAL\TEMP\SUQCJG.EXE, No Action By User, 0, 392686, 1.0.30031, , shuriken, , 9EC44A0D0D47D05E537D157EEA6E499E, 5D858CA6D29FF768C69C437C538488209B382BD54F375A52DC467DE132961B05
Generic.Malware/Suspicious, C:\USERS\OWNER\APPDATA\LOCAL\TEMP\TPDMGC.EXE, No Action By User, 0, 392686, 1.0.30031, , shuriken, , 9EC44A0D0D47D05E537D157EEA6E499E, 5D858CA6D29FF768C69C437C538488209B382BD54F375A52DC467DE132961B05
Generic.Malware/Suspicious, C:\USERS\OWNER\APPDATA\LOCAL\TEMP\ZIIKFQ.EXE, No Action By User, 0, 392686, 1.0.30031, , shuriken, , 9EC44A0D0D47D05E537D157EEA6E499E, 5D858CA6D29FF768C69C437C538488209B382BD54F375A52DC467DE132961B05
Trojan.BitCoinMiner, C:\USERS\OWNER\APPDATA\LOCAL\TEMP\UITYJN.EXE, No Action By User, 926, 832152, 1.0.30031, BC00548D01AE349819828063, dds, 00902175, 8B216DB56340FF5FD1EB2A5CD32E110A, 4445E669492265829F5A4978ED8705795997B85CFB057AA3EDF1DF18274C14A8
Malware.AI.3968925676, C:\USERS\OWNER\APPDATA\LOCAL\TOR\TOR.EXE, No Action By User, 1000000, 0, 1.0.30031, 48E68443D1DCF6E6EC90FFEC, dds, 00902175, D9C01AB44B47931E2346F12A600E3868, CBFC161F7E4D056EFAE0ACF9E90D1CE717C1928234F4CB213B36F9D9625151D1

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

Attachments

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
667
Hi, Mdmonster101.

The last scans detected some serious infections regarding your computer. One of the identified infections is known to use a backdoor. This allows hackers to remotely control your computer, steal critical system information and download and execute files.

Recommendations:

  • Disconnect this PC from the Internet immediately.
  • If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable.
  • Contact those financial institutions to apprise them of your situation.
Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. The choices are two: a) Clean this machine but I can't guarantee that it will be 100% secure afterwards, and b) Reinstall your Windows OS. Let me know what you decide to do.
 

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
667
Ok. Let’s do it.

1. Run Malwarebytes (Clean mode)
  • Double click the program's icon on your Desktop, as you did before.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Code:
    [*]Under the title Scan Options, all the options are checked.
    [*]Under the title Windows Security Center (Premium only) is unchecked.
    [*]Under the title Potentially unwanted items are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.
  • If threads are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are selected, and click on Quarantine/Remove selected.
  • You may need to restart the computer.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

2. Run AdwCleaner (Clean mode)
  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all threads found and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open (Note: previous scan showed no pre-installed software in your machine, so you can skip these sub steps).
      • Click OK to close it.
    • Check any pre-installed software items you want to remove (previous scan showed no pre-installed software in your machine, so you can skip this).
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start ADWCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

3. Fresh FRST logs
  • Double-click on the FRST icon to run it, as you did before. When the tool opens click Yes to disclaimer.
  • Press Scan button and wait for a while.
  • The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
  • Please copy and paste the content of these two logs in your next reply.
 

Mdmonster101

Thread Starter
Joined
Sep 13, 2020
Messages
8
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/19/20
Scan Time: 9:36 AM
Log File: 243b9a9c-fa7d-11ea-a776-484d7eccb27b.json

-Software Information-
Version: 4.2.1.89
Components Version: 1.0.1045
Update Package Version: 1.0.30085
License: Trial

-System Information-
OS: Windows 10 (Build 18362.1016)
CPU: x64
File System: NTFS
User: DESKTOP-1CA2V6Q\Owner

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 417445
Threats Detected: 27
Threats Quarantined: 27
Time Elapsed: 41 min, 0 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 7
PUP.Optional.Segurazo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SegurazoSvc, Quarantined, 5364, 713771, 1.0.30085, , ame, , ,
Trojan.BitCoinMiner.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\Google\GoogleUpdateTaskMachineVW, Quarantined, 3778, 698508, , , , , ,
Trojan.BitCoinMiner.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{571035F9-E5C4-4C4A-BECD-34BFE1124F75}, Quarantined, 3778, 698508, , , , , ,
Trojan.BitCoinMiner.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{571035F9-E5C4-4C4A-BECD-34BFE1124F75}, Quarantined, 3778, 698508, , , , , ,
PUP.Optional.WinTonic, HKLM\SOFTWARE\WTC-PR, Quarantined, 756, 491484, 1.0.30085, , ame, , ,
PUP.Optional.WinTonic, HKLM\SOFTWARE\cGN0b25pY3MuY29t, Quarantined, 756, 491485, 1.0.30085, , ame, , ,
PUP.Optional.Segurazo, HKLM\SOFTWARE\SegOption, Quarantined, 5364, 757809, 1.0.30085, , ame, , ,

Registry Value: 2
Trojan.BitCoinMiner.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{571035F9-E5C4-4C4A-BECD-34BFE1124F75}|PATH, Quarantined, 3778, 698506, 1.0.30085, , ame, , ,
PUP.Optional.WinTonic, HKLM\SOFTWARE\WTC-PR|AFFILIATEID, Quarantined, 756, 491484, 1.0.30085, , ame, , ,

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 18
Trojan.BitCoinMiner.Generic, C:\WINDOWS\SYSTEM32\TASKS\MICROSOFT\WINDOWS\GOOGLE\GoogleUpdateTaskMachineVW, Quarantined, 3778, 698508, 1.0.30085, , ame, , DA80DAECA77E52C704C1DBD47D9B17A5, 1D411078C21F5BAC5B5108DDB2359614C0EFE2B7F7A7F1255CB2CB476EA160BD
Trojan.BitCoinMiner, C:\PROGRAMDATA\BHPSHNRUQB\WEBHELPER.EXE, Quarantined, 926, 832152, 1.0.30085, BC00548D01AE349819828063, dds, 00903610, 8B216DB56340FF5FD1EB2A5CD32E110A, 4445E669492265829F5A4978ED8705795997B85CFB057AA3EDF1DF18274C14A8
Malware.AI.4255894695, C:\USERS\OWNER\APPDATA\LOCAL\TEMP\AWMSXS.EXE, Quarantined, 1000000, 0, 1.0.30085, 55212984190D8DD1FDABCCA7, dds, 00903610, 61BA1B61A89A9FEFB7B65F31A5C1F51D, ACBE9333F0D9B7A81A3FEA6440285FF081D6ACA703E6DEC64DC02A05E493EECD
Generic.Malware/Suspicious, C:\USERS\OWNER\APPDATA\LOCAL\TEMP\SUQCJG.EXE, Quarantined, 0, 392686, 1.0.30085, , shuriken, , 9EC44A0D0D47D05E537D157EEA6E499E, 5D858CA6D29FF768C69C437C538488209B382BD54F375A52DC467DE132961B05
Trojan.BitCoinMiner, C:\USERS\OWNER\APPDATA\LOCAL\TEMP\UITYJN.EXE, Quarantined, 926, 832152, 1.0.30085, BC00548D01AE349819828063, dds, 00903610, 8B216DB56340FF5FD1EB2A5CD32E110A, 4445E669492265829F5A4978ED8705795997B85CFB057AA3EDF1DF18274C14A8
Malware.Heuristic.1003, C:\USERS\OWNER\APPDATA\LOCAL\TEMP\DOEIGQ.EXE, Quarantined, 1000001, 0, 1.0.30085, 0000000000000000000003EB, dds, 00903610, C9425EF22A7BE7B37471582AB9695474, 2BCBBE03ABBE85651BA96061745E630DE7926968132457BF2CA9B32032ECAD9E
Malware.Heuristic.1003, C:\USERS\OWNER\APPDATA\LOCAL\TEMP\NVOWXL.EXE, Quarantined, 1000001, 0, 1.0.30085, 0000000000000000000003EB, dds, 00903610, C9425EF22A7BE7B37471582AB9695474, 2BCBBE03ABBE85651BA96061745E630DE7926968132457BF2CA9B32032ECAD9E
Malware.Heuristic.1003, C:\USERS\OWNER\APPDATA\LOCAL\TEMP\SYJKBU.EXE, Quarantined, 1000001, 0, 1.0.30085, 0000000000000000000003EB, dds, 00903610, 17A893DDF79FC005B6DE0FB7CADC3598, F96F9DAD05285643963C35FC01D036694E40D823DCBCE533CB06E3850D627E56
Generic.Malware/Suspicious, C:\USERS\OWNER\APPDATA\LOCAL\TEMP\ZIIKFQ.EXE, Quarantined, 0, 392686, 1.0.30085, , shuriken, , 9EC44A0D0D47D05E537D157EEA6E499E, 5D858CA6D29FF768C69C437C538488209B382BD54F375A52DC467DE132961B05
Malware.Heuristic.1003, C:\USERS\OWNER\APPDATA\LOCAL\TEMP\SSOETN.EXE, Quarantined, 1000001, 0, 1.0.30085, 0000000000000000000003EB, dds, 00903610, C9425EF22A7BE7B37471582AB9695474, 2BCBBE03ABBE85651BA96061745E630DE7926968132457BF2CA9B32032ECAD9E
Malware.Heuristic.1003, C:\USERS\OWNER\APPDATA\LOCAL\TEMP\UDUGNU.EXE, Quarantined, 1000001, 0, 1.0.30085, 0000000000000000000003EB, dds, 00903610, 17A893DDF79FC005B6DE0FB7CADC3598, F96F9DAD05285643963C35FC01D036694E40D823DCBCE533CB06E3850D627E56
Malware.Heuristic.1003, C:\USERS\OWNER\APPDATA\LOCAL\TEMP\HYNITW.EXE, Quarantined, 1000001, 0, 1.0.30085, 0000000000000000000003EB, dds, 00903610, C9425EF22A7BE7B37471582AB9695474, 2BCBBE03ABBE85651BA96061745E630DE7926968132457BF2CA9B32032ECAD9E
Generic.Malware/Suspicious, C:\USERS\OWNER\APPDATA\LOCAL\TEMP\NVYTDJ.EXE, Quarantined, 0, 392686, 1.0.30085, , shuriken, , 9EC44A0D0D47D05E537D157EEA6E499E, 5D858CA6D29FF768C69C437C538488209B382BD54F375A52DC467DE132961B05
Generic.Malware/Suspicious, C:\USERS\OWNER\APPDATA\LOCAL\TEMP\TPDMGC.EXE, Quarantined, 0, 392686, 1.0.30085, , shuriken, , 9EC44A0D0D47D05E537D157EEA6E499E, 5D858CA6D29FF768C69C437C538488209B382BD54F375A52DC467DE132961B05
Malware.AI.3968925676, C:\USERS\OWNER\APPDATA\LOCAL\TOR\TOR.EXE, Quarantined, 1000000, 0, 1.0.30085, 48E68443D1DCF6E6EC90FFEC, dds, 00903610, D9C01AB44B47931E2346F12A600E3868, CBFC161F7E4D056EFAE0ACF9E90D1CE717C1928234F4CB213B36F9D9625151D1
Trojan.BitCoinMiner, C:\USERS\OWNER\APPDATA\LOCAL\TEMP\KPHBMG.EXE, Quarantined, 926, 832152, 1.0.30085, BC00548D01AE349819828063, dds, 00903610, 8B216DB56340FF5FD1EB2A5CD32E110A, 4445E669492265829F5A4978ED8705795997B85CFB057AA3EDF1DF18274C14A8
Malware.Heuristic.1003, C:\USERS\OWNER\APPDATA\LOCAL\TEMP\SWSKTS.EXE, Quarantined, 1000001, 0, 1.0.30085, 0000000000000000000003EB, dds, 00903610, 17A893DDF79FC005B6DE0FB7CADC3598, F96F9DAD05285643963C35FC01D036694E40D823DCBCE533CB06E3850D627E56
Malware.Heuristic.1003, C:\USERS\OWNER\APPDATA\LOCAL\TEMP\DQONXL.EXE, Quarantined, 1000001, 0, 1.0.30085, 0000000000000000000003EB, dds, 00903610, C9425EF22A7BE7B37471582AB9695474, 2BCBBE03ABBE85651BA96061745E630DE7926968132457BF2CA9B32032ECAD9E

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

Attachments

Mdmonster101

Thread Starter
Joined
Sep 13, 2020
Messages
8
I also have a problem with the windows search bar it will crash every time I try to type something into it, I tried running some commands into powershell and cmd but nothing seems to fix it.
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top