1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

hijackthislog

Discussion in 'Virus & Other Malware Removal' started by shaz2004, Sep 17, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. shaz2004

    shaz2004 Thread Starter

    Joined:
    Sep 17, 2004
    Messages:
    8
    Background info: wind98 os, internet explorer6.

    error message on screen 'this program has performed an
    illegal operation and will be shut down'
    the details are
    'EXPLORER caused an invalid page fault in
    module EXPLORER.EXE at 0167:0040dcf7.
    Registers:
    EAX=00000000 CS=0167 EIP=0040dcf7 EFLGS=00010246
    EBX=00000000 SS=016f ESP=0093fe90 EBP=0093feb4
    ECX=0093ffbc DS=016f ESI=00000000 FS=3ccf
    EDX=0043003c ES=016f EDI=00000000 GS=0000
    Bytes at CS:EIP:
    8b 38 85 ff 7e 19 56 ff 35 70 50 41 00 ff 15 00
    Stack dump:
    00000000 00530478 0040dd5f 00000000 00530478 00530478
    00000102 0093fec8 6680e03b 0093fef8 0040b5fc 00000344
    00435f14 00435450 00000001 50003f2f'
    am still able to open internet explorer, but if i
    chose 'close' on the error message it closes all opened
    pages and folders that are open at the time, shutdown firewall and anti virus and the message reappears within seconds. have run upto date
    antivirus software with nothing found. tried 'ctrl-alt-
    del' to end the explorer program but it wont close. the
    windows start button on the toolbar has also been frozen
    scince about the same time is this connected.have downlaoded latest verisions of spybot ( 53 problems fixed) and adware (54 problems fixed) and CWShreadder ( no problems) , and then HijackThis and the log below, any help with log would be gratefully accepted.



    Logfile of HijackThis v1.98.2
    Scan saved at 19:47:46, on 16/09/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\OUTPOST.EXE
    C:\WINDOWS\SYSTEM\R_SERVER.EXE
    C:\PROGRAM FILES\AVG\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\AVG\AVGCC32.EXE
    C:\WINDOWS\SYSTEM\HKCMD.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\RunDLL.exe
    C:\WINDOWS\APPLICATION DATA\BAER.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\OFFICE\OFFICE\OSA.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\TEMP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM/left.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Unison
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\OUTPOST.EXE /waitservice
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\AVG\avgcc32.exe /startup
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
    O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [SH] c:\program files\seti\setihide.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [update32] C:\windows\configs.exe
    O4 - HKLM\..\Run: [cmd32] C:\configs.exe
    O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Outpost Firewall] C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\outpost.exe /service
    O4 - HKLM\..\RunServices: [r_server] C:\WINDOWS\SYSTEM\R_SERVER.EXE /service
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\AVG\Avgserv9.exe
    O4 - HKLM\..\RunServices: [SH] c:\program files\seti\setihide.exe
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [Mtes] C:\WINDOWS\Application Data\baer.exe
    O4 - Startup: Office.lnk = C:\Program Files\Office\Office\OSA.EXE
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: Ulster Bank AnyTime - https://anytime3.ulsterbank.com/asp/AnyTime.cab
    O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs10_x.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/05beabd85dc...xIE601.cab
    O16 - DPF: {10003000-1000-0000-1000-000000000000} - its:mhtml:file://c:\MAIN.MHT!http://213.159.117.237:4000/buka.chm::/x.exe
    O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} -
    O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
    O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://weba.directwebsearch.net/winsearchie32.chm::/winsearchie32.exe
    O18 - Protocol: start - {53B95211-7D77-11D2-9F81-00104B107C96} - C:\WINDOWS\SYSTEM\MSXWORD.DLL (file missing)
    O21 - SSODL: System - {382D1340-BAFD-11D8-ACDD-0080AD00E7B5} - C:\WINDOWS\system32\system32.dll


    Paddyirishman!! :)
     
  2. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi shaz2004- Do you still need help with this problem?

    There are some people who could help with this...
    Don't know why it was overlooked but I do know things have been awful busy lately!

    There is usually a solution for this hijack, which may just solve the Explorer error messages you have. The step by step method must be followed however in one pass, and it may be run from Safe Mode. You cannot open Internet Explorer during the process, and should do it all in one sitting, which may take some time. Plan accordingly, if indeed you still need help...

    You will not be able to view the forum thread with directions- you can choose to print them out using the "Thread Tools> Printable Version" button at the top of this page, which will print all the posts in this thread, unless you tell the printer to print only the last page or two...or, you highlight the text of the post with your directions...and print that. Sometimes that will not work from Internet Explorer but you can try it.

    One other thing to do, is copy the posting with the directions to a blank Notepad file, name it TSGhelp.txt or something...and place it on the desktop or save it to a floppy disk.
     
  3. shaz2004

    shaz2004 Thread Starter

    Joined:
    Sep 17, 2004
    Messages:
    8
    bytneman,
    still need help if u have a solution to the problem. No problemwith printing a solution.
     
  4. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, OK, I will be getting some help for you pretty soon, but I do want to make it plain to you that with the error you are seeing, there is a chance that you will end up in a no-boot situation. You may need a startup floppy disk, make one immediately however you need one that is virus free> If you have another pc to use to read this thread, hold off on using the bad one as much as possible, OK?


    You make a bootdisk by going to Add/Remove Programs> Startup Disk and place a floppy disk in drive A: follow the prompts to make the disk. Better ones are available by download:

    www.bootdisk.com

    Get the file downloaded to your DESKTOP> not the floppy, and run the file, it will prompt you to put in a disk, etc. Use download for win98. You can make the bootdisk on another pc. Write protect it by pulling the lock tab on the back to lock position.

    The type of hijack you have may need some special attention, I am going to ask someone to have a look at the log, hang on and as soon as they reply get to work!
    I would assume you have saved anything important to disk, CD etc....
     
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,860
    Before you proceed with those instructions, please move Hijack This into its own folder in program files or my documents but not in the temporary files or on the desktop, so it can create proper back-ups and restore them if necessary.

    Rescan with Hijack This, close all browser windows except Hijack This, put a check mark beside these entries and click “fix checked”.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM/left.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>

    O4 - HKLM\..\Run: [SH] c:\program files\seti\setihide.exe

    O4 - HKLM\..\Run: [update32] C:\windows\configs.exe

    O4 - HKLM\..\Run: [cmd32] C:\configs.exe

    O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe

    O4 - HKLM\..\RunServices: [SH] c:\program files\seti\setihide.exe

    O4 - HKCU\..\Run: [Mtes] C:\WINDOWS\Application Data\baer.exe

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/05beabd85dc...xIE601.cab

    O16 - DPF: {10003000-1000-0000-1000-000000000000} - its:mhtml:file://c:\MAIN.MHT!http://213.159.117.237:4000/buka.chm::/x.exe

    O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} -

    O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://weba.directwebsearch.net/win...nsearchie32.exe

    O18 - Protocol: start - {53B95211-7D77-11D2-9F81-00104B107C96} - C:\WINDOWS\SYSTEM\MSXWORD.DLL (file missing)

    O21 - SSODL: System - {382D1340-BAFD-11D8-ACDD-0080AD00E7B5} - C:\WINDOWS\system32\system32.dll


    Then boot to safe mode (see how below), locate and delete these files and/or folders:

    c:\program files\seti - folder
    C:\windows\configs.exe - file
    C:\WINDOWS\realtime.exe - file
    C:\WINDOWS\Application Data\baer.exe - file
    C:\WINDOWS\SYSTEM\MSXWORD.DLL - file
    C:\WINDOWS\system32\system32.dll - file

    How to restart to safe mode:
    http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam

    These files may be hidden so please do this:

    Open My Computer.
    Select the View menu and click Folder Options.
    Select the View Tab.
    In the Hidden files section select “show all files”
    Click OK

    Then reboot and post another log please.
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,860
    This hijack is known to alter the hosts files as well.

    Navigate to the C:\Windows\System32\drivers\etc folder. Locate the HOSTS file. Open the HOSTS file in notepad by clicking on it to open it. It will ask you what program you want to use to open it. Tick "Select the program from a list" and click OK. In the menu of programs that opens find and select notepad and click OK. The HOSTS file will open in notepad. Look for a list like this:

    127.0.0.1 www.symantec.com
    127.0.0.1 securityresponse.symantec.com
    127.0.0.1 symantec.com
    127.0.0.1 www.sophos.com
    127.0.0.1 sophos.com
    127.0.0.1 sophos.com
    127.0.0.1 www.mcafee.com
    127.0.0.1 mcafee.com
    127.0.0.1 liveupdate.symantecliveupdate.com
    127.0.0.1 www.viruslist.com
    127.0.0.1 viruslist.com
    127.0.0.1 viruslist.com
    127.0.0.1 f-secure.com
    127.0.0.1 www.f-secure.com
    127.0.0.1 kaspersky.com
    127.0.0.1 www.avp.com
    127.0.0.1 www.kaspersky.com
    127.0.0.1 avp.com
    127.0.0.1 www.networkassociates.com
    127.0.0.1 networkassociates.com
    127.0.0.1 www.ca.com
    127.0.0.1 ca.com
    127.0.0.1 mast.mcafee.com
    127.0.0.1 my-etrust.com
    127.0.0.1 www.my-etrust.com
    127.0.0.1 download.mcafee.com
    127.0.0.1 dispatch.mcafee.com
    127.0.0.1 secure.nai.com
    127.0.0.1 nai.com
    127.0.0.1 www.nai.com
    127.0.0.1 update.symantec.com
    127.0.0.1 updates.symantec.com
    127.0.0.1 us.mcafee.com
    127.0.0.1 liveupdate.symantec.com
    127.0.0.1 customer.symantec.com
    127.0.0.1 rads.mcafee.com
    127.0.0.1 trendmicro.com
    127.0.0.1 www.trendmicro.com

    Delete all those lines leaving only this one:

    127.0.0.1 localhost

    Now close the file and answer Yes to confirm the changes.
     
  7. shaz2004

    shaz2004 Thread Starter

    Joined:
    Sep 17, 2004
    Messages:
    8
    the following happened,these were not on Hijackthis file,
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM/left.html
    O4 - HKLM\..\Run: [update32] C:\windows\configs.exe

    O4 - HKLM\..\Run: [cmd32] C:\configs.exe

    O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
    O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} -

    I delete the rest.
    in safe mode, the following files were not there to delete;

    C:\windows\configs.exe - file
    C:\WINDOWS\realtime.exe - file
    C:\WINDOWS\SYSTEM\MSXWORD.DLL - file
    I had selected show all files.
    could not locate HOSTS file to alter.
    Problesm still are the same. i have included the HIJACKTHIS latest file,
    THNKS FOR THE HELP SOFAR.
    ogfile of HijackThis v1.98.2
    Scan saved at 21:03:14, on 19/09/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\OUTPOST.EXE
    C:\WINDOWS\SYSTEM\R_SERVER.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\AVG\AVGSERV9.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\AVG\AVGCC32.EXE
    C:\WINDOWS\SYSTEM\HKCMD.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\RunDLL.exe
    C:\PROGRAM FILES\OFFICE\OFFICE\OSA.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\TEMP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\GOND.DLL/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\GOND.DLL/sp.html (obfuscated)
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\GOND.DLL/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\GOND.DLL/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\GOND.DLL/sp.html (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\GOND.DLL/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Unison
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {7FB1AA65-0994-11D9-ACDD-0080D656B6C2} - C:\WINDOWS\SYSTEM\GOND.DLL (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\OUTPOST.EXE /waitservice
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\AVG\avgcc32.exe /startup
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
    O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Outpost Firewall] C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\outpost.exe /service
    O4 - HKLM\..\RunServices: [r_server] C:\WINDOWS\SYSTEM\R_SERVER.EXE /service
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\AVG\Avgserv9.exe
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - Startup: Office.lnk = C:\Program Files\Office\Office\OSA.EXE
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: Ulster Bank AnyTime - https://anytime3.ulsterbank.com/asp/AnyTime.cab
    O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs10_x.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {10003000-1000-0000-1000-000000000000} - its:mhtml:file://c:\MAIN.MHT!http://213.159.117.237:4000/buka.chm::/x.exe
    O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
    O18 - Filter: text/html - {7FB1AA64-0994-11D9-ACDD-0080B91A1359} - C:\WINDOWS\SYSTEM\GOND.DLL
    O18 - Filter: text/plain - {7FB1AA64-0994-11D9-ACDD-0080B91A1359} - C:\WINDOWS\SYSTEM\GOND.DLL
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,860
    Download StartDreck from: http://www.niksoft.at/_data/startdreck.zip

    Unzip the startdreck.zip file first. Doubleclick: 'StartDreck.exe'

    First click on the config button.
    Now click the Unmark all button

    Put a check by these boxes only:
    *Registry->run keys
    *Registry->Browser helper objects
    *System/drivers> Running processes
    hit >OK.

    Now click the Save button to save that log.

    Copy and paste the contents of that log back here and await further instructions
     
  9. shaz2004

    shaz2004 Thread Starter

    Joined:
    Sep 17, 2004
    Messages:
    8
    StartDreck (build 2.1.7 public stable) - 2004-09-20 @ 18:54:11 (GMT +01:00)
    Platform: Windows 98 SE (Win 4.10.2222 A)
    Internet Explorer: 6.0.2800.1106
    Logged in as User at SHANAHAN

    »Registry
    »Run Keys
    »Current User
    »Run
    *Taskbar Display Controls=RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    »RunOnce
    »Default User
    »Run
    *Taskbar Display Controls=RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    »RunOnce
    »Local Machine
    »Run
    *ScanRegistry=C:\WINDOWS\scanregw.exe /autorun
    *TaskMonitor=C:\WINDOWS\taskmon.exe
    *SystemTray=SysTray.Exe
    *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    *Outpost Firewall=C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\OUTPOST.EXE /waitservice
    *AVG_CC=C:\PROGRAM FILES\AVG\avgcc32.exe /startup
    *IgfxTray=C:\WINDOWS\SYSTEM\igfxtray.exe
    *HotKeysCmds=C:\WINDOWS\SYSTEM\hkcmd.exe
    *CriticalUpdate=C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
    *StillImageMonitor=C:\WINDOWS\SYSTEM\STIMON.EXE
    *TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    »RunOnce
    »RunServices
    *LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    *SchedulingAgent=mstask.exe
    *Outpost Firewall=C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\outpost.exe /service
    *r_server=C:\WINDOWS\SYSTEM\R_SERVER.EXE /service
    *Avgserv9.exe=C:\PROGRA~1\AVG\Avgserv9.exe
    »RunServicesOnce
    »RunOnceEx
    »RunServicesOnceEx
    »Browser Helper Objects (LM)
    *{53707962-6F74-2D53-2644-206D7942484F}
    `InprocServer32=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    *{7FB1AA65-0994-11D9-ACDD-0080D656B6C2}
    `InprocServer32=C:\WINDOWS\SYSTEM\GOND.DLL
    »Files
    »System/Drivers
    »Running Processes
    +FF0F2979=C:\WINDOWS\SYSTEM\KERNEL32.DLL
    +FFFF6DC5=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    +FFFF65ED=C:\WINDOWS\SYSTEM\SPOOL32.EXE
    +FFFF4A3D=C:\WINDOWS\SYSTEM\MPREXE.EXE
    +FFFFD595=C:\WINDOWS\SYSTEM\MSTASK.EXE
    +FFFFC58D=C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\OUTPOST.EXE
    +FFFE3539=C:\WINDOWS\SYSTEM\R_SERVER.EXE
    +FFFE2F65=C:\PROGRAM FILES\AVG\AVGSERV9.EXE
    +FFFD549D=C:\WINDOWS\SYSTEM\mmtask.tsk
    +FFFD4461=C:\WINDOWS\EXPLORER.EXE
    +FFFDEF71=C:\WINDOWS\TASKMON.EXE
    +FFFDE305=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    +FFFC1491=C:\PROGRAM FILES\AVG\AVGCC32.EXE
    +FFFC4BED=C:\WINDOWS\SYSTEM\HKCMD.EXE
    +FFFC98D5=C:\WINDOWS\SYSTEM\STIMON.EXE
    +FFFCFD59=C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    +FFFCE20D=C:\WINDOWS\SYSTEM\DDHELP.EXE
    +FFFCD50D=C:\WINDOWS\RunDLL.exe
    +FFFB3D45=C:\PROGRAM FILES\OFFICE\OFFICE\OSA.EXE
    +FFFBA341=C:\WINDOWS\SYSTEM\WMIEXE.EXE
    +FFF23359=C:\MY DOCUMENTS\SEAN\STARTDRECK\STARTDRECK.EXE
    »Application specific
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,860
    First restart your computer and then scan again with Hijack This and post the fresh log.

    Please do this. Click here http://forums.techguy.org/attachment.php?attachmentid=38105 to download getservice.zip and unzip it to your desktop. Open the Getservice folder and click on the getservice.bat file. A notepad will open up with a long list of services. Please save that notepad file and attach it to your next reply to this thread. It will be easier to attach it rather than copy and paste because it will be too long to paste in one post.
     
  11. shaz2004

    shaz2004 Thread Starter

    Joined:
    Sep 17, 2004
    Messages:
    8
    Logfile of HijackThis v1.98.2
    Scan saved at 02:24:02, on 21/09/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\OUTPOST.EXE
    C:\WINDOWS\SYSTEM\R_SERVER.EXE
    C:\PROGRAM FILES\AVG\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\AVG\AVGCC32.EXE
    C:\WINDOWS\SYSTEM\HKCMD.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\RunDLL.exe
    C:\PROGRAM FILES\OFFICE\OFFICE\OSA.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\TEMP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\GOND.DLL/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\GOND.DLL/sp.html (obfuscated)
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\GOND.DLL/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\GOND.DLL/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\GOND.DLL/sp.html (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\GOND.DLL/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Unison
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {7FB1AA65-0994-11D9-ACDD-0080D656B6C2} - C:\WINDOWS\SYSTEM\GOND.DLL (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\OUTPOST.EXE /waitservice
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\AVG\avgcc32.exe /startup
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
    O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Outpost Firewall] C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\outpost.exe /service
    O4 - HKLM\..\RunServices: [r_server] C:\WINDOWS\SYSTEM\R_SERVER.EXE /service
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\AVG\Avgserv9.exe
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - Startup: Office.lnk = C:\Program Files\Office\Office\OSA.EXE
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: Ulster Bank AnyTime - https://anytime3.ulsterbank.com/asp/AnyTime.cab
    O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs10_x.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {10003000-1000-0000-1000-000000000000} - its:mhtml:file://c:\MAIN.MHT!http://213.159.117.237:4000/buka.chm::/x.exe
    O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
    O18 - Filter: text/html - {7FB1AA64-0994-11D9-ACDD-0080B91A1359} - C:\WINDOWS\SYSTEM\GOND.DLL
    O18 - Filter: text/plain - {7FB1AA64-0994-11D9-ACDD-0080B91A1359} - C:\WINDOWS\SYSTEM\GOND.DLL

    downloaded getsevice and got error message running it, the PSSERVICE.EXE file is linked to missing export NETAPI32.DLL:NetServerEnum
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,860
    Please download this tool called AboutBuster from:
    http://www.downloads.subratam.org/AboutBuster.zip

    Created by RubberDucky

    Unzip it to your desktop but don't run it yet.

    Now start Hijackthis and tick the boxes next to these items:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\GOND.DLL/sp.html (obfuscated)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\GOND.DLL/sp.html (obfuscated)

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\GOND.DLL/sp.html (obfuscated)

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\GOND.DLL/sp.html (obfuscated)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\GOND.DLL/sp.html (obfuscated)

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\GOND.DLL/sp.html (obfuscated)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

    O2 - BHO: (no name) - {7FB1AA65-0994-11D9-ACDD-0080D656B6C2} - C:\WINDOWS\SYSTEM\GOND.DLL (file missing)

    O16 - DPF: Ulster Bank AnyTime - https://anytime3.ulsterbank.com/asp/AnyTime.cab

    O16 - DPF: {10003000-1000-0000-1000-000000000000} - its:mhtml:file://c:\MAIN.MHT!http://213.159.117.237:4000/buka.chm::/x.exe

    O18 - Filter: text/html - {7FB1AA64-0994-11D9-ACDD-0080B91A1359} - C:\WINDOWS\SYSTEM\GOND.DLL

    O18 - Filter: text/plain - {7FB1AA64-0994-11D9-ACDD-0080B91A1359} - C:\WINDOWS\SYSTEM\GOND.DLL


    Now close ALL Internet Explorer windows and hit fix checked.
    Do not open Internet explorer to come back here until after running the tool.

    Double click aboutbuster.exe, click OK, click Start, then click OK. This will scan your computer for the bad files and delete them.

    Once the tool is done scanning, copy the log and paste it into your thread with a new Hijack this log.
     
  13. shaz2004

    shaz2004 Thread Starter

    Joined:
    Sep 17, 2004
    Messages:
    8
    Scanned at: 03:10:36 on: 21/09/04


    -- Scan 1 ---------------------------
    About:Buster Version 3.0
    Reference List : 15


    ADS not scanned System(FAT)
    Attempted Clean Of Temp folder.
    Pages Reset... Done!

    -- Scan 2 ---------------------------
    About:Buster Version 3.0
    Reference List : 15


    ADS not scanned System(FAT)
    Attempted Clean Of Temp folder.
    Pages Reset... Done!


    Logfile of HijackThis v1.98.2
    Scan saved at 03:12:51, on 21/09/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\OUTPOST.EXE
    C:\WINDOWS\SYSTEM\R_SERVER.EXE
    C:\PROGRAM FILES\AVG\AVGSERV9.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\AVG\AVGCC32.EXE
    C:\WINDOWS\SYSTEM\HKCMD.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
    C:\WINDOWS\RunDLL.exe
    C:\PROGRAM FILES\OFFICE\OFFICE\OSA.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\TEMP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Unison
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\OUTPOST.EXE /waitservice
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\AVG\avgcc32.exe /startup
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
    O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [Outpost Firewall] C:\PROGRAM FILES\AGNITUM\OUTPOST FIREWALL\outpost.exe /service
    O4 - HKLM\..\RunServices: [r_server] C:\WINDOWS\SYSTEM\R_SERVER.EXE /service
    O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\AVG\Avgserv9.exe
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - Startup: Office.lnk = C:\Program Files\Office\Office\OSA.EXE
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs10_x.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    114,860
    The log looks good now. How's everything running?
     
  15. shaz2004

    shaz2004 Thread Starter

    Joined:
    Sep 17, 2004
    Messages:
    8
    explorer message still there,'program performed an illegal operation and will shut down,EXPLORER caused an invalid page fault in
    module EXPLORER.EXE at 0167:0040dcf7.
    Registers:
    EAX=00000000 CS=0167 EIP=0040dcf7 EFLGS=00010246
    EBX=00000000 SS=016f ESP=0093fe90 EBP=0093feb4
    ECX=0093ffbc DS=016f ESI=00000000 FS=304f
    EDX=00435404 ES=016f EDI=00000000 GS=0000
    Bytes at CS:EIP:
    8b 38 85 ff 7e 19 56 ff 35 70 50 41 00 ff 15 00
    Stack dump:
    00000000 00436e7c 0040dd5f 00000000 00436e7c 00436e7c 00000102 0093fec8 6680e03b 0093fef8 0040b5fc 00000344 00437000 00434fbc 00000001 50003f2f

    the start button on the toolbar is also not working, no reaction from it at all, if i close down the explorer message it ends all opened windows and folders and shutsdown my firewall and my antivirus software. thanks for your help so far i have deleted a lot of crap, is there a site where all these explorer messages are explained, thsanks again.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/275069

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice