Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91808 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Internet Explorer


  • Please log in to reply
50 replies to this topic

#1 tcooley

tcooley

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 19 June 2004 - 08:43 AM

Please help, when i try to open internet explorer i get the following message Explorer has caused error in unknown Explorer will now close. i have restarted run spybot and adaware and avg virus nothing helps if anyone has any ideas id certainly try anything Thanks

    Advertisements

Register to Remove


#2 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 19 June 2004 - 08:52 AM

Greetings and welcome to TomCoyote.com!

May your day be blessed by those you love and those you love be blessed by HIM. - Coyote



Sounds like you still may be infected with spyware, virus, trojan, or worm. The only way to tell if you're infected is to post a Hijack This! log.

Please create a folder for Hijack This! (suggest "C:\HJT\") an download it (use the link in my signature) into that folder.

Click "Scan".

DO NOT "FIX" ANYTHING WITH IT YET!!!!
FIXING THE WRONG THING CAN RENDER YOUR MACHINE INOPERABLE!!!

Click "Save log".

Post the ENTIRE contents of the log file in this thread, and someone will check it for you and reply. :)
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#3 tcooley

tcooley

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 19 June 2004 - 09:14 AM

Logfile of HijackThis v1.97.7
Scan saved at 10:09:19 AM, on 6/19/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\RUNSERVICE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\D3OV32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WINPOET BROADBAND CONNECTION\WINPPPOVERETHERNET.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\APPKC.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CenturyTel
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\znmmb2gm.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\znmmb2gm.slt\prefs.js)
O2 - BHO: (no name) - {6B011461-792E-3686-A5E7-F01C6CDF50AA} - C:\WINDOWS\MSQE32.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_3_10_0.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [APPKC.EXE] C:\WINDOWS\APPKC.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [LicCtrl] runservice.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [D3OV32.EXE] C:\WINDOWS\SYSTEM\D3OV32.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WTSS] C:\WINDOWS\SYSTEM\wapitr.exe
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: DigiChat Applet - http://host5.digicha...s/Client_IE.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7922.5772685185
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yaho...mail/ymmapi.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: Video Poker - http://download.game...ts/y/vpt0_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt1_x.cab
O16 - DPF: JT's Blocks - http://download.game...ts/y/blt1_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.game...ts/y/ywt0_x.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v5.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.s...og/y/ks12_x.cab
O16 - DPF: Yahoo! MahJong - http://download.game...nts/y/ot0_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst3_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.s...og/y/fs10_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.game...nts/y/zt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potd_x.cab
O16 - DPF: Yahoo! Canasta - http://download.game...nts/y/yt1_x.cab
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt3_x.cab
O16 - DPF: Tornado 21 - http://download.game...s/y/t21t0_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot7_x.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab
O16 - DPF: Toki Toki Boom - http://download.game...nts/y/vtn_x.cab
O16 - DPF: Yahoo! Dots - http://download.game...ts/y/dtt1_x.cab
O16 - DPF: {869F3BBC-A812-4D13-A93B-7B3FC816DCD5} (McAfee.com Updater) - http://download.mcaf...can/mcasupd.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = centurtel.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 207.230.192.251,209.142.152.253

#4 tcooley

tcooley

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 19 June 2004 - 10:57 AM

her's my log hope you can help thanks

#5 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 19 June 2004 - 12:36 PM

Close all windows (including this one) and programs!!!

Fix these items with Hijack This!:

O2 - BHO: (no name) - {6B011461-792E-3686-A5E7-F01C6CDF50AA} - C:\WINDOWS\MSQE32.DLL

O4 - HKLM\..\Run: [APPKC.EXE] C:\WINDOWS\APPKC.EXE

O4 - HKLM\..\RunServices: [D3OV32.EXE] C:\WINDOWS\SYSTEM\D3OV32.EXE

O4 - HKCU\..\Run: [WTSS] C:\WINDOWS\SYSTEM\wapitr.exe

Reboot.

Find and delete:

C:\WINDOWS\SYSTEM\wapitr.exe <---file

It may be "hidden". Use the link in my signature to tell you how to show "hidden" files if necessary.

Reboot and post a fresh log file.

Hopefully your IE will be much more stable. :)
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#6 tcooley

tcooley

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 19 June 2004 - 01:26 PM

heres the new log file i still cant open internet explorer. The WAPITR.EXE is shown as archived by quick clean

Logfile of HijackThis v1.97.7
Scan saved at 2:19:55 PM, on 6/19/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\RUNSERVICE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WINPOET BROADBAND CONNECTION\WINPPPOVERETHERNET.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\APPKC.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE
C:\WINDOWS\SYSTEM\D3OV32.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\D3HK32.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CenturyTel
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\znmmb2gm.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\znmmb2gm.slt\prefs.js)
O2 - BHO: (no name) - {B4C95C6B-FF0C-7C45-8825-0C18C2CE913F} - C:\WINDOWS\SYSTEM\APIRJ.DLL (file missing)
O2 - BHO: (no name) - {69AC0784-2C01-AF33-36BF-09C7B5BB3543} - C:\WINDOWS\SYSTEM\MFCJL.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_3_10_0.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [APPKC.EXE] C:\WINDOWS\APPKC.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [LicCtrl] runservice.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [D3OV32.EXE] C:\WINDOWS\SYSTEM\D3OV32.EXE
O4 - HKLM\..\RunServices: [D3HK32.EXE] C:\WINDOWS\SYSTEM\D3HK32.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: DigiChat Applet - http://host5.digicha...s/Client_IE.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7922.5772685185
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yaho...mail/ymmapi.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: Video Poker - http://download.game...ts/y/vpt0_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt1_x.cab
O16 - DPF: JT's Blocks - http://download.game...ts/y/blt1_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.game...ts/y/ywt0_x.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v5.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.s...og/y/ks12_x.cab
O16 - DPF: Yahoo! MahJong - http://download.game...nts/y/ot0_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst3_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.s...og/y/fs10_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.game...nts/y/zt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potd_x.cab
O16 - DPF: Yahoo! Canasta - http://download.game...nts/y/yt1_x.cab
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt3_x.cab
O16 - DPF: Tornado 21 - http://download.game...s/y/t21t0_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot7_x.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab
O16 - DPF: Toki Toki Boom - http://download.game...nts/y/vtn_x.cab
O16 - DPF: Yahoo! Dots - http://download.game...ts/y/dtt1_x.cab
O16 - DPF: {869F3BBC-A812-4D13-A93B-7B3FC816DCD5} (McAfee.com Updater) - http://download.mcaf...can/mcasupd.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = centurtel.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 207.230.192.251,209.142.152.253

#7 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 19 June 2004 - 09:39 PM

Well that was an excercise in futility :D (not your fault, tcooley)

There's just as much "junk" in there now as before.

There's obviously more going on in your machine than Hijack This! is picking up.

Time to bring out the BIG GUNS!!!

Before I get the "guns" started, you might think about uninstalling this:

O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART

I've heard those P2P networking programs are a good way to get virii and other malware. And that particular one is purported to be a real resource hog. But, it's your choice. That's just what I've heard.

Here are the "big guns" and how to set them up riight and use them:

Please download and run Spybot-Search&Destroy and Ad-Aware; they are the standard programs for finding and cleaning crapware off your system. Here are links to both programs, and instructions for their use.

Get Spybot - Search & Destroy from http://security.kolla.de (This is the NEW Version 1.3)
Get AdAware 6 from http://www.lavasoft....upport/download

Download and install these programs in their own PERMANENT folders if you don't already have them. If you do have them, make sure they are UPDATED AND CONFIGURED AS DESCRIBED.

To run Spybot S&D:

After installing first press "Online", click on "Search for Updates", then select all updates. Beside the download button is a little down-pointed arrow, which gives you a choice of several download sites; select one of the servers listed (the Australian server usually works well). Now, press "Download Updates." If that site doesn't work or you get an error message, try a different server.

When the updates are finished, close your browser and ALL WINDOWS EXCEPT THE ONE SPYBOT IS RUNNING IN, then press 'Check for Problems'; THE SCAN WILL TAKE SEVERAL MINUTES. Have SpyBot remove all it finds THAT ARE MARKED IN RED. When it's finished, REBOOT your system.

Then, Run ADAWARE:

Before you scan with AdAware, check for updates of the reference file by using the "webupdate" button at the lower right of the panel. The current ref file should read at least 01R312 30.05.2004 or a higher number/later date. Updates for this program come out frequently to keep up with new malware. THIS IS CRITICAL; updating is as important as installing these programs.

Then ........
Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"

then......
click "Use custom scanning options>Customize" and have these options ON: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

then.........
go to settings(the gear icon on top of AdAware)>Tweak>Scanning engine and click "Unload recognized processes during scanning" ...........then........"Cleaning engine" and "Let windows remove files in use at next reboot"

then...... click "proceed" to save your settings.
To scan, click NEXT. This scan will also take several minutes.

When the scan is finished, mark everything for removal and get rid of it. (Right-click the window and choose"select all" from the drop down menu) then press "next" and then say YES to the prompt, "do you want to remove all these entries?" Reboot again.

And because the malware seems to be multiplying as fast as we kill it, please do and online virus scan/removal from Trend-Micro. Use the link in my signature to access it.

Reboot after the scan.

Please post info on anything the scan found, but couldn't remove in your next post.

When you've done all that, reboot and post a fresh log file. :)
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#8 tcooley

tcooley

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 20 June 2004 - 09:58 AM

I have done everything except the virus scan that proram will not run on my computer. I t says cannot find netscape files to install needed software. But internet explorer still will not open. Now the error message says, AVGSE.DLL error.
Thanks for all your help as this is very frustrating.

Also here is the latest log

Logfile of HijackThis v1.97.7
Scan saved at 10:52:40 AM, on 6/20/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\RUNSERVICE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\WINPOET BROADBAND CONNECTION\WINPPPOVERETHERNET.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CenturyTel
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\znmmb2gm.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\znmmb2gm.slt\prefs.js)
O2 - BHO: (no name) - {B4C95C6B-FF0C-7C45-8825-0C18C2CE913F} - C:\WINDOWS\SYSTEM\APIRJ.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_3_10_0.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [LicCtrl] runservice.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [D3OV32.EXE] C:\WINDOWS\SYSTEM\D3OV32.EXE
O4 - HKLM\..\RunServices: [D3HK32.EXE] C:\WINDOWS\SYSTEM\D3HK32.EXE
O4 - HKLM\..\RunServices: [MFCYO.EXE] C:\WINDOWS\SYSTEM\MFCYO.EXE
O4 - HKLM\..\RunServices: [SYSIJ.EXE] C:\WINDOWS\SYSTEM\SYSIJ.EXE
O4 - HKLM\..\RunServices: [IPXY.EXE] C:\WINDOWS\SYSTEM\IPXY.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: DigiChat Applet - http://host5.digicha...s/Client_IE.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7922.5772685185
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yaho...mail/ymmapi.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: Video Poker - http://download.game...ts/y/vpt0_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt1_x.cab
O16 - DPF: JT's Blocks - http://download.game...ts/y/blt1_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.game...ts/y/ywt0_x.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v5.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.s...og/y/ks12_x.cab
O16 - DPF: Yahoo! MahJong - http://download.game...nts/y/ot0_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst3_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.s...og/y/fs10_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.game...nts/y/zt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potd_x.cab
O16 - DPF: Yahoo! Canasta - http://download.game...nts/y/yt1_x.cab
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt3_x.cab
O16 - DPF: Tornado 21 - http://download.game...s/y/t21t0_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot7_x.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab
O16 - DPF: Toki Toki Boom - http://download.game...nts/y/vtn_x.cab
O16 - DPF: Yahoo! Dots - http://download.game...ts/y/dtt1_x.cab
O16 - DPF: {869F3BBC-A812-4D13-A93B-7B3FC816DCD5} (McAfee.com Updater) - http://download.mcaf...can/mcasupd.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = centurtel.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 207.230.192.251,209.142.152.253

#9 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 20 June 2004 - 10:52 AM

Well, at least we're getting somewhere. We have the source of the error :thumbup:

The file "AVGSE.DLL" is part of your antivius software from GRISOFT.

Let's get all the malware off, then see if you still get that error.

If you still get that error after all the junk is off your machine, you'll probably need to find a backup copy of that file, or possibly uninstall, then re-install that software to fix the error.

But, first things first - THE MALWARE!!!

Copy the text in the quote box into Notepad. Save it to your desktop as "delmware.bat".

del C:\WINDOWS\SYSTEM\D3OV32.EXE
del C:\WINDOWS\SYSTEM\D3HK32.EXE
del C:\WINDOWS\SYSTEM\MFCYO.EXE
del C:\WINDOWS\SYSTEM\SYSIJ.EXE
del C:\WINDOWS\SYSTEM\IPXY.EXE
pause


Then push these 3 keys at the same time:

<Ctrl><Alt><Del>

The task manager appears.

Find all instances of these processes and "End" them:

D3OV32.EXE
D3HK32.EXE
MFCYO.EXE
SYSIJ.EXE
IPXY.EXE

Then, close the task manager and double click the "delmware.bat". It should delete those bad files.

Next, boot in "safe" mode. Use the link in my signature to tell you how if necessary.

Fix these things with Hijack This!

O2 - BHO: (no name) - {B4C95C6B-FF0C-7C45-8825-0C18C2CE913F} - C:\WINDOWS\SYSTEM\APIRJ.DLL (file missing)

C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)

O4 - HKLM\..\RunServices: [D3OV32.EXE] C:\WINDOWS\SYSTEM\D3OV32.EXE

O4 - HKLM\..\RunServices: [D3HK32.EXE] C:\WINDOWS\SYSTEM\D3HK32.EXE

O4 - HKLM\..\RunServices: [MFCYO.EXE] C:\WINDOWS\SYSTEM\MFCYO.EXE

O4 - HKLM\..\RunServices: [SYSIJ.EXE] C:\WINDOWS\SYSTEM\SYSIJ.EXE

O4 - HKLM\..\RunServices: [IPXY.EXE] C:\WINDOWS\SYSTEM\IPXY.EXE

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab

Reboot in normal mode, and post a new log file. :)

Edited by Micah_6:8, 20 June 2004 - 10:56 AM.

Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#10 tcooley

tcooley

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 20 June 2004 - 02:21 PM

I did all the things you recommended. Even uninstalled AVG still get the same error message. I did a search for that dll on my system and found it but didnt do anything with it. Here is a new log file.

Logfile of HijackThis v1.97.7
Scan saved at 3:14:30 PM, on 6/20/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\RUNSERVICE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\D3BO.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\WINPOET BROADBAND CONNECTION\WINPPPOVERETHERNET.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\MSLY.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CenturyTel
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\znmmb2gm.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\znmmb2gm.slt\prefs.js)
O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\MSOPT.DLL (file missing)
O2 - BHO: (no name) - {28F4E056-9E3A-8C8C-E895-258990339DFD} - C:\WINDOWS\SYSTEM\IPQS.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_3_10_0.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [MSLY.EXE] C:\WINDOWS\MSLY.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [LicCtrl] runservice.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [D3BO.EXE] C:\WINDOWS\D3BO.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: DigiChat Applet - http://host5.digicha...s/Client_IE.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7922.5772685185
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yaho...mail/ymmapi.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: Video Poker - http://download.game...ts/y/vpt0_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt1_x.cab
O16 - DPF: JT's Blocks - http://download.game...ts/y/blt1_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.game...ts/y/ywt0_x.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v5.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.s...og/y/ks12_x.cab
O16 - DPF: Yahoo! MahJong - http://download.game...nts/y/ot0_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst3_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.s...og/y/fs10_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.game...nts/y/zt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potd_x.cab
O16 - DPF: Yahoo! Canasta - http://download.game...nts/y/yt1_x.cab
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt3_x.cab
O16 - DPF: Tornado 21 - http://download.game...s/y/t21t0_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot7_x.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab
O16 - DPF: Toki Toki Boom - http://download.game...nts/y/vtn_x.cab
O16 - DPF: Yahoo! Dots - http://download.game...ts/y/dtt1_x.cab
O16 - DPF: {869F3BBC-A812-4D13-A93B-7B3FC816DCD5} (McAfee.com Updater) - http://download.mcaf...can/mcasupd.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = centurtel.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 207.230.192.251,209.142.152.253

    Advertisements

Register to Remove


#11 tcooley

tcooley

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 20 June 2004 - 02:24 PM

Sorry forgot to mention the files you wanted me to close do not show up in task manager. :D

#12 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 20 June 2004 - 05:03 PM

OK.. Well, we are making progress in the right direction. :thumbup:

The infection you have sure is being stubborn.

Pull up the task manager again, and end these processes (if they are there):

MSLY.EXE
D3BO.EXE

Click Start Menu
Select Run menu
Type "command<enter>"

A DOS window appears on the screen.

In that DOS window, type these commands:

regsvr32 /u IPQS.DLL
del C:\WINDOWS\SYSTEM\IPQS.DLL
del C:\WINDOWS\D3BO.EXE
del C:\WINDOWS\MSLY.EXE
exit

Search for "system32.dll" in the Windows folder (and all the sub-folders in the Windows folder), and delete it if you find it.

Run Hijack This!, and fix these things:

O2 - BHO: (no name) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:\WINDOWS\MSOPT.DLL (file missing)

O2 - BHO: (no name) - {28F4E056-9E3A-8C8C-E895-258990339DFD} - C:\WINDOWS\SYSTEM\IPQS.DLL

O4 - HKLM\..\Run: [MSLY.EXE] C:\WINDOWS\MSLY.EXE

O4 - HKLM\..\RunServices: [D3BO.EXE] C:\WINDOWS\D3BO.EXE

If you uninstalled the GRISOFT virus software, fix this as well:

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup

It appears their uninstall program leaves an orphaned task behind.

Reboot, and post a fresh log file.

Try to run IE. Hopefully that DLL error won't happen. :)
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#13 tcooley

tcooley

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 20 June 2004 - 05:55 PM

ie still does not run here is the latest log file could not find system32 dll either by a search prompt or manual search

Logfile of HijackThis v1.97.7
Scan saved at 6:48:09 PM, on 6/20/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\RUNSERVICE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WINPOET BROADBAND CONNECTION\WINPPPOVERETHERNET.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\CRBP.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\D3BO.EXE
C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE
C:\WINDOWS\SYSTEM\ATLLX32.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CenturyTel
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\znmmb2gm.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\znmmb2gm.slt\prefs.js)
O2 - BHO: (no name) - {58C94033-D071-41C6-1E7C-1D1E8C934FA8} - C:\WINDOWS\CRBP.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_3_10_0.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CRBP.EXE] C:\WINDOWS\CRBP.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [LicCtrl] runservice.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [D3BO.EXE] C:\WINDOWS\D3BO.EXE
O4 - HKLM\..\RunServices: [ATLLX32.EXE] C:\WINDOWS\SYSTEM\ATLLX32.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: DigiChat Applet - http://host5.digicha...s/Client_IE.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7922.5772685185
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yaho...mail/ymmapi.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: Video Poker - http://download.game...ts/y/vpt0_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt1_x.cab
O16 - DPF: JT's Blocks - http://download.game...ts/y/blt1_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.game...ts/y/ywt0_x.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v5.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.s...og/y/ks12_x.cab
O16 - DPF: Yahoo! MahJong - http://download.game...nts/y/ot0_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst3_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.s...og/y/fs10_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.game...nts/y/zt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potd_x.cab
O16 - DPF: Yahoo! Canasta - http://download.game...nts/y/yt1_x.cab
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt3_x.cab
O16 - DPF: Tornado 21 - http://download.game...s/y/t21t0_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot7_x.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab
O16 - DPF: Toki Toki Boom - http://download.game...nts/y/vtn_x.cab
O16 - DPF: Yahoo! Dots - http://download.game...ts/y/dtt1_x.cab
O16 - DPF: {869F3BBC-A812-4D13-A93B-7B3FC816DCD5} (McAfee.com Updater) - http://download.mcaf...can/mcasupd.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = centurtel.net
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 207.230.192.251,209.142.152.253

#14 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 20 June 2004 - 06:17 PM

I'm soliciting help.

In the mean time, see if you can run either of these online virus scans:

http://www.pandasoft...n_principal.htm

http://www3.ca.com/s...sinfo/scan.aspx

Post back with the results of the scans (if they found/removed anything or not).
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#15 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 20 June 2004 - 08:31 PM

Another thing that will be helpful is a Hijack This! startup log: 1. From HJT main screen, click 'Config' button 2. Click 'Misc Tools' button 3. Under 'Generate StartupList Log' button, check both boxes 4. Click 'Generate StartupList Log' button 5. Click 'Yes' in the next dialog 6. Save the log and post a copy in this thread. If we can find the root cause of these random infections, we can stop it, and kill it.
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users