ABOUT;BLANK HELP!!!

Discussion in 'adware, spyware & hijack cleaning' started by jj2303, May 8, 2004.

Thread Status:
Not open for further replies.
  1. jj2303

    jj2303 Registered Member

    Joined:
    May 8, 2004
    Posts:
    17
    Can someone pleeeeeeeeeeeeeeease help me! I"ve hit my limit of computer knowledge. I keep getting the about: blank homepage!!!
    Here's my Hijack this log !!! pLlllllease someone help :)

    Logfile of HijackThis v1.97.7
    Scan saved at 12:14:27 PM, on 5/8/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\System32\gearsec.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
    C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
    C:\Program Files\Enigma Software Group\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\J\Local Settings\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\m.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\m.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\m.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\m.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\m.dll/sp.html (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\m.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {1C4DA27D-4D52-4465-A089-98E01BB725CA} - C:\WINDOWS\System32\inetdctr.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {AF2F5D41-6C9C-48DB-9D40-C6B6AD18FA2F} - C:\WINDOWS\m.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Program Files\Enigma Software Group\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Power Search - res://C:\PROGRA~1\COMMON~1\MSIETS\msielink.dll//iemenu
    O9 - Extra button: Microsoft® JavaScript® Console (HKLM)
    O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Microsoft® JavaScript® Console (HKCU)
    O9 - Extra 'Tools' menuitem: JavaScript Console (HKCU)
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.support.fastaccess.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos.msn.com/r/neutral/controls/MsnPUpld.cab?5,0,1730,0
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi jj2303,

    Before you start please unzip hijackthis.exe to a folder of it´s own. The program creates backups in the folder it is in. In a Temp folder they easily disappear.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\m.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\m.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\m.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\m.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\m.dll/sp.html (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\m.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

    O2 - BHO: (no name) - {1C4DA27D-4D52-4465-A089-98E01BB725CA} - C:\WINDOWS\System32\inetdctr.dll

    O2 - BHO: (no name) - {AF2F5D41-6C9C-48DB-9D40-C6B6AD18FA2F} - C:\WINDOWS\m.dll

    O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Program Files\Enigma Software Group\SpyHunter\PopupBlocker\EnigmaPopupStop.exe

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Power Search - res://C:\PROGRA~1\COMMON~1\MSIETS\msielink.dll//iemenu

    Download and run CWShredder
    Use the Fix button and follow the instructions provided by the program.

    Download Ad-Aware at lavasoft.usa.com
    After installing AAW, and before running the program, update by using the Globe icon.
    Shut down and restart your computer into safe mode
    Start AdAware again.
    Now press "Scan Now", "Select drives\folders to scan" and select the active partition (usually C: ), then 'next', and let Ad-Aware scan your drives.
    It will find a number of "bad" files and registry keys. Click 'Next' again.
    Rightclick in that panel and choose "select all" and click 'next'.
    It will ask you whether you'd like to remove all checked items. Click OK.
    Finally, close Ad-Aware, and reboot.

    Surf to http://www10.brinkster.com/expl0iter/freeatlast/PVtool.htm
    And download and unzip Find-All.zip
    Inside the unzipped folder find the file Find All.bat and doubleclick it.

    When it is done it will produce a file output.txt in that same folder.
    Post the content of that one.

    Regards,

    Pieter
     
  3. jj2303

    jj2303 Registered Member

    Joined:
    May 8, 2004
    Posts:
    17
    Thank you so much for your hlep

    --===**'FIND-ALL' VERSION 2, 5/04**===--

    System Info:

    Microsoft Windows XP [Version 5.1.2600]
    C: "" (30A4:CC0B) - FS:NTFS clusters:4k
    Total: 15 002 877 952 [14G] - Free: 4 531 630 080 [4.2G]


    Locked or 'Suspect' file(s) found...
    The system cannot execute the specified program.
    The system cannot execute the specified program.


    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "DeviceNotSelectedTimeout"="15"
    "GDIProcessHandleQuota"=dword:00002710
    "Spooler"="yes"
    "swapdisk"=""
    "TransmissionRetryTimeout"="90"
    "USERProcessHandleQuota"=dword:00002710

    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    @=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
    @="NAV Helper"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7BCC824-9C32-4A50-8B95-C07A6CE0DA15}]

    REGEDIT4

    [HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

    [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]
    @="AP Class Install Handler filter"
    "CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

    [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]
    @="AP Deflate Encoding/Decoding Filter "
    "CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

    [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]
    @="AP GZIP Encoding/Decoding Filter "
    "CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

    [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]
    @="AP lzdhtml encoding/decoding Filter"
    "CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

    [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]
    @="WebView MIME Filter"
    "CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

    Class Install Handler
    {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}
    C:\WINDOWS\system32\urlmon.dll

    deflate
    {8f6b0360-b80d-11d0-a9b3-006097942311}
    C:\WINDOWS\system32\urlmon.dll

    gzip
    {8f6b0360-b80d-11d0-a9b3-006097942311}
    C:\WINDOWS\system32\urlmon.dll

    lzdhtml
    {8f6b0360-b80d-11d0-a9b3-006097942311}
    C:\WINDOWS\system32\urlmon.dll

    text/webviewhtml
    {733AC4CB-F1A4-11d0-B951-00A0C90312E1}
    %SystemRoot%\system32\SHELL32.dll


    _______________________________

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    {53707962-6F74-2D53-2644-206D7942484F}
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    {BDF3E430-B101-42AD-A544-FADC6B084872}
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

    {C7BCC824-9C32-4A50-8B95-C07A6CE0DA15}
    C:\WINDOWS\m.dll

    --==***Probable "bad" file will be represented as
    C:\WINDOWS...System32...XXXX.dll***==--

    Handle v2.2
    Copyright (C) 1997-2004 Mark Russinovich
    Sysinternals - www.sysinternals.com

    ------------------------------------------------------------------------------
    winlogon.exe pid: 608 NT AUTHORITY\SYSTEM
    b4: File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805
    f0: File C:\WINDOWS\system32\lsd_f3.dll
    14c: Section \BaseNamedObjects\ShimSharedMemory
    190: File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805
    214: File C:\WINDOWS\AppPatch
    218: File C:\WINDOWS\system32\dllcache
    21c: File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\isapi\_vti_adm
    220: File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\_vti_bin\_vti_adm
    224: File C:\WINDOWS\system32
    228: File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\isapi\_vti_aut
    22c: File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\_vti_bin\_vti_aut
    230: File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin
    234: File C:\WINDOWS\Fonts
    238: File C:\WINDOWS\system32\drivers
    23c: File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\servsupp
    240: File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar
    244: File C:\Program Files\microsoft frontpage\version3.0\bin
    248: File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\_vti_bin
    24c: File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin\1033
    250: File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\isapi
    254: File C:\WINDOWS\system32\inetsrv
    258: File C:\WINDOWS
    25c: File C:\Program Files\Common Files\Microsoft Shared\DAO
    260: File C:\Program Files\Windows Media Player
    264: File C:\Program Files\Common Files\System\msadc
    268: File C:\Program Files\Common Files\System\ado
    26c: File C:\Program Files\Common Files\System\Ole DB
    270: File C:\WINDOWS\inf
    274: File C:\WINDOWS\system
    278: File C:\WINDOWS\msagent
    27c: File C:\WINDOWS\msagent\intl
    280: File C:\Program Files\MSN Gaming Zone\Windows
    284: File C:\WINDOWS\Help
    288: File C:\WINDOWS\PCHealth\HelpCtr\Binaries
    28c: File C:\Program Files\NetMeeting
    290: File C:\WINDOWS\system32\drivers\disdn
    294: File C:\WINDOWS\ime\CHTIME\Applets
    298: File C:\WINDOWS\system32\wbem
    29c: File C:\WINDOWS\system32\IME\CINTLGNT
    2a0: File C:\WINDOWS\system32\Com
    2a4: File C:\WINDOWS\system32\Setup
    2a8: File C:\WINDOWS\ime\imjp8_1
    2ac: File C:\Program Files\Common Files\Microsoft Shared\Triedit
    2b0: File C:\Program Files\Windows NT
    2b4: File C:\Program Files\Common Files\System
    2b8: File C:\WINDOWS\system32\1033
    2bc: File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admcgi\scripts
    2c0: File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admisapi\scripts
    2c4: File C:\WINDOWS\system32\usmt
    2c8: File C:\WINDOWS\ime\imkr6_1\dicts
    2cc: File C:\WINDOWS\system32\mui\0009
    2d0: File C:\Program Files\Internet Explorer
    2d4: File C:\WINDOWS\ime\imjp8_1\applets
    2d8: File C:\WINDOWS\ime\imkr6_1\applets
    2dc: File C:\WINDOWS\system32\xircom
    2e0: File C:\Program Files\Internet Explorer\Connection Wizard
    2e4: File C:\Program Files\Common Files\Microsoft Shared\MSInfo
    2e8: File C:\WINDOWS\ime\imkr6_1
    2ec: File C:\WINDOWS\ime\shared
    2f0: File C:\WINDOWS\system32\IME\PINTLGNT
    2f4: File C:\Program Files\Common Files\SpeechEngines\Microsoft\Lexicon\1033
    2f8: File C:\WINDOWS\Resources\Themes\Luna
    2fc: File C:\Program Files\Movie Maker
    300: File C:\WINDOWS\ime
    304: File C:\WINDOWS\srchasst
    308: File C:\Program Files\Outlook Express
    30c: File C:\WINDOWS\system32\oobe
    310: File C:\Program Files\Common Files\MSSoap\Binaries
    314: File C:\Program Files\Common Files\MSSoap\Binaries\Resources\1033
    318: File C:\WINDOWS\system32\npp
    31c: File C:\WINDOWS\ime\shared\res
    320: File C:\Program Files\Windows NT\Pinball
    324: File C:\WINDOWS\ime\chsime\applets
    328: File C:\WINDOWS\system32\Restore
    32c: File C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS\1033
    330: File C:\Program Files\Common Files\Microsoft Shared\Speech
    334: File C:\WINDOWS\Resources\Themes\Luna\Shell\NormalColor
    338: File C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead
    33c: File C:\WINDOWS\Resources\Themes\Luna\Shell\Metallic
    340: File C:\WINDOWS\system32\wbem\snmp
    344: File C:\Program Files\Common Files\SpeechEngines\Microsoft
    348: File C:\Program Files\Common Files\Microsoft Shared\Speech\1033
    34c: File C:\WINDOWS\system32\spool\drivers\color
    350: File C:\WINDOWS\system32\IME\TINTLGNT
    354: File C:\WINDOWS\Help\Tours\mmTour
    358: File C:\WINDOWS\PCHealth\UploadLB\Binaries
    35c: File C:\Program Files\Common Files\Microsoft Shared\VGX
    360: File C:\WINDOWS\system32\wbem\xml
    364: File C:\Program Files\Windows NT\Accessories
    368: File C:\Program Files\xerox\nwwia
    378: File C:\WINDOWS\WinSxS
    584: File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805
    5d8: File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805
    674: File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805
    6e0: Section \BaseNamedObjects\mmGlobalPnpInfo
    6f0: Section \BaseNamedObjects\WDMAUD_Device_Interface_Path
    6f4: Section \BaseNamedObjects\WDMAUD_Path_Size
    700: Section \BaseNamedObjects\WDMAUD_Callbacks
    790: Section \BaseNamedObjects\__R_000000000010_SMem__
    7e4: File C:\WINDOWS\system32
    
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Can you see if there was also a file called windows.txt craeted in that folder.
    If so post the content of that one.

    Regards,

    Pieter
     
  5. jj2303

    jj2303 Registered Member

    Joined:
    May 8, 2004
    Posts:
    17
    Unfortunately there's nothing to copy in the windows.txt file, just a bunch of squares
    any ideas on what I should dO?

    thank you!
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Download and install Registrar Lite

    -Run reglite : type--
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
    into the address bar, or expand the same key.

    -Rename the Folder Windows
    to NotWindows highlighted as a purple folder
    in the left hand pane of reglite.

    -Click "AppInit_DLLs" again and clear the data value:
    C:\WINDOWS\System32\xxxxxxx.dll (random named dll) <- delete this line ,
    'Apply' and 'ok' to set. (Do note down the name of the dll though)

    -Rename the NotWindows folder back to its
    original name Windows

    -Restart computer

    Check in the system32 folder if the culprit dll is visible.

    Let us know.

    Regards,

    Pieter
     
  7. jj2303

    jj2303 Registered Member

    Joined:
    May 8, 2004
    Posts:
    17
    I didn't see that appinit it that location
    however, i did a search and found it in
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
    \IniFileMapping\win.ini\Windows\\AppInit_DLLs

    but i didn't so how i could clear the data value
     
  8. jj2303

    jj2303 Registered Member

    Joined:
    May 8, 2004
    Posts:
    17
    Any idea on how I can find those DLL's?
     
  9. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
    Hi jj2303,

    Please try this

    Download this tool :

    StartDreck

    Unzip to folder of choice

    DoubleClick: 'StartDreck.exe'
    Hit: config
    hit: Unmark all
    Check these boxes only:
    Registry->run keys
    System/drivers> Running processes
    hit >ok.

    Copy the contents of the log here please

    Thnx!

    Cheers,
     
  10. jj2303

    jj2303 Registered Member

    Joined:
    May 8, 2004
    Posts:
    17
    StartDreck (build 2.1.5 public BETA) - 2004-05-13 @ 22:39:38
    Platform: Windows XP (Win NT 5.1.2600 Service Pack 1)

    »Registry
    »Run Keys
    »Current User
    »Run
    *ctfmon.exe=C:\WINDOWS\System32\ctfmon.exe
    *msnmsgr="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    »RunOnce
    »Default User
    »Run
    »RunOnce
    »Local Machine
    »Run
    *NAV Agent=C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
    *ezShieldProtector for Px=C:\WINDOWS\System32\ezSP_Px.exe
    *Installed=1
    *Installed=1
    *NoChange=1
    *Installed=1
    »RunOnce
    »RunServices
    »RunServicesOnce
    »RunOnceEx
    »RunServicesOnceEx
    »Files
    »System/Drivers
    »Running Processes
    *00000000=<unkown>
    *00000004=<unkown>
    *0000020C=\SystemRoot\System32\smss.exe
    *0000024C=<unkown>
    *00000264=\??\C:\WINDOWS\system32\winlogon.exe
    *00000290=C:\WINDOWS\system32\services.exe
    *0000029C=C:\WINDOWS\system32\lsass.exe
    *00000350=C:\WINDOWS\system32\svchost.exe
    *000003A0=C:\WINDOWS\System32\svchost.exe
    *0000048C=<unkown>
    *000004AC=<unkown>
    *00000518=C:\WINDOWS\system32\spoolsv.exe
    *00000578=C:\WINDOWS\System32\Ati2evxx.exe
    *00000590=C:\WINDOWS\System32\gearsec.exe
    *000005A8=C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    *000005C4=C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    *000005DC=C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    *000006D8=C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    *00000740=C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
    *00000788=C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
    *0000079C=C:\WINDOWS\wanmpsvc.exe
    *000007D8=C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
    *00000090=C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
    *000000AC=C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
    *000000C8=C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
    *000002A0=C:\WINDOWS\Explorer.EXE
    *0000058C=C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
    *00000478=C:\WINDOWS\System32\ezSP_Px.exe
    *000002C0=C:\WINDOWS\System32\ctfmon.exe
    *00000600=C:\Program Files\MSN Messenger\msnmsgr.exe
    *0000040C=C:\Program Files\Netscape\Netscape 6\netscp6.exe
    *000004E4=C:\startdreck\StartDreck.exe
    »Application specific
     
  11. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
    Hi again,

    When you open reglite again and you navigate to this location :

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\

    When you then look in the column next to it, don't you see a 'AppInit_DLLs' entry listed?
     
  12. jj2303

    jj2303 Registered Member

    Joined:
    May 8, 2004
    Posts:
    17
    I just checked again, and I don't see that
    i only see
    ab default
    ab device notsel
    123 gdiprocessh
    abspooler
    abswapdisk
    abtransmission
    123userprocess
     
  13. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
    That's weird.

    Hang in there jj2303, I'm asking around to some very qualified people to check this out as well

    Thnx for your patience

    Cheers,
     
  14. jj2303

    jj2303 Registered Member

    Joined:
    May 8, 2004
    Posts:
    17
    okay thank you
     
  15. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
    Ok there is an updated version of findall

    Can you redownload, extract to some folder run findall.bat and post the contents of :

    output.txt
    windows.txt (that one will look a bit strange, but ignore that)

    Also post a new HijackThis log

    Thnx!

    Cheers,
     
  16. jj2303

    jj2303 Registered Member

    Joined:
    May 8, 2004
    Posts:
    17
    Thank you, but where do I download findall from?
     
  17. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
  18. jj2303

    jj2303 Registered Member

    Joined:
    May 8, 2004
    Posts:
    17
    --===**'FIND-ALL' VERSION 2, 5/04**===--

    System Info:

    Microsoft Windows XP [Version 5.1.2600]
    C: "" (30A4:CC0B) - FS:NTFS clusters:4k
    Total: 15 002 877 952 [14G] - Free: 4 751 532 032 [4.4G]


    Locked or 'Suspect' file(s) found...
    The system cannot execute the specified program.
    The system cannot execute the specified program.


    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "DeviceNotSelectedTimeout"="15"
    "GDIProcessHandleQuota"=dword:00002710
    "Spooler"="yes"
    "swapdisk"=""
    "TransmissionRetryTimeout"="90"
    "USERProcessHandleQuota"=dword:00002710

    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    @=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
    @="NAV Helper"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7BCC824-9C32-4A50-8B95-C07A6CE0DA15}]

    REGEDIT4

    [HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

    [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]
    @="AP Class Install Handler filter"
    "CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

    [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]
    @="AP Deflate Encoding/Decoding Filter "
    "CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

    [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]
    @="AP GZIP Encoding/Decoding Filter "
    "CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

    [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]
    @="AP lzdhtml encoding/decoding Filter"
    "CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

    [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]
    @="WebView MIME Filter"
    "CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

    Class Install Handler
    {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}
    C:\WINDOWS\system32\urlmon.dll

    deflate
    {8f6b0360-b80d-11d0-a9b3-006097942311}
    C:\WINDOWS\system32\urlmon.dll

    gzip
    {8f6b0360-b80d-11d0-a9b3-006097942311}
    C:\WINDOWS\system32\urlmon.dll

    lzdhtml
    {8f6b0360-b80d-11d0-a9b3-006097942311}
    C:\WINDOWS\system32\urlmon.dll

    text/webviewhtml
    {733AC4CB-F1A4-11d0-B951-00A0C90312E1}
    %SystemRoot%\system32\SHELL32.dll


    _______________________________

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

    {53707962-6F74-2D53-2644-206D7942484F}
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    {BDF3E430-B101-42AD-A544-FADC6B084872}
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

    {C7BCC824-9C32-4A50-8B95-C07A6CE0DA15}
    C:\WINDOWS\m.dll

    --==***Probable "bad" file will be represented as
    C:\WINDOWS...System32...XXXX.dll***==--

    Handle v2.2
    Copyright (C) 1997-2004 Mark Russinovich
    Sysinternals - www.sysinternals.com

    ------------------------------------------------------------------------------
    winlogon.exe pid: 608 NT AUTHORITY\SYSTEM
    b4: File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805
    f0: File C:\WINDOWS\system32\lsd_f3.dll
    14c: Section \BaseNamedObjects\ShimSharedMemory
    19c: File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805
    214: File C:\WINDOWS\AppPatch
    218: File C:\WINDOWS\system32\dllcache
    21c: File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\isapi\_vti_adm
    220: File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\_vti_bin\_vti_adm
    224: File C:\WINDOWS\system32
    228: File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\isapi\_vti_aut
    22c: File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\_vti_bin\_vti_aut
    230: File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin
    234: File C:\WINDOWS\Fonts
    238: File C:\WINDOWS\system32\drivers
    23c: File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\servsupp
    240: File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bots\vinavbar
    244: File C:\Program Files\microsoft frontpage\version3.0\bin
    248: File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\_vti_bin
    24c: File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin\1033
    250: File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\isapi
    254: File C:\WINDOWS\system32\inetsrv
    258: File C:\WINDOWS
    25c: File C:\Program Files\Common Files\Microsoft Shared\DAO
    260: File C:\Program Files\Windows Media Player
    264: File C:\Program Files\Common Files\System\msadc
    268: File C:\Program Files\Common Files\System\ado
    26c: File C:\Program Files\Common Files\System\Ole DB
    270: File C:\WINDOWS\inf
    274: File C:\WINDOWS\system
    278: File C:\WINDOWS\msagent
    27c: File C:\WINDOWS\msagent\intl
    280: File C:\Program Files\MSN Gaming Zone\Windows
    284: File C:\WINDOWS\Help
    288: File C:\WINDOWS\PCHealth\HelpCtr\Binaries
    28c: File C:\Program Files\NetMeeting
    290: File C:\WINDOWS\system32\drivers\disdn
    294: File C:\WINDOWS\ime\CHTIME\Applets
    298: File C:\WINDOWS\system32\wbem
    29c: File C:\WINDOWS\system32\IME\CINTLGNT
    2a0: File C:\WINDOWS\system32\Com
    2a4: File C:\WINDOWS\system32\Setup
    2a8: File C:\WINDOWS\ime\imjp8_1
    2ac: File C:\Program Files\Common Files\Microsoft Shared\Triedit
    2b0: File C:\Program Files\Windows NT
    2b4: File C:\Program Files\Common Files\System
    2b8: File C:\WINDOWS\system32\1033
    2bc: File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admcgi\scripts
    2c0: File C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\admisapi\scripts
    2c4: File C:\WINDOWS\system32\usmt
    2c8: File C:\WINDOWS\ime\imkr6_1\dicts
    2cc: File C:\WINDOWS\system32\mui\0009
    2d0: File C:\Program Files\Internet Explorer
    2d4: File C:\WINDOWS\ime\imjp8_1\applets
    2d8: File C:\WINDOWS\ime\imkr6_1\applets
    2dc: File C:\WINDOWS\system32\xircom
    2e0: File C:\Program Files\Internet Explorer\Connection Wizard
    2e4: File C:\Program Files\Common Files\Microsoft Shared\MSInfo
    2e8: File C:\WINDOWS\ime\imkr6_1
    2ec: File C:\WINDOWS\ime\shared
    2f0: File C:\WINDOWS\system32\IME\PINTLGNT
    2f4: File C:\Program Files\Common Files\SpeechEngines\Microsoft\Lexicon\1033
    2f8: File C:\WINDOWS\Resources\Themes\Luna
    2fc: File C:\Program Files\Movie Maker
    300: File C:\WINDOWS\ime
    304: File C:\WINDOWS\srchasst
    308: File C:\Program Files\Outlook Express
    30c: File C:\WINDOWS\system32\oobe
    310: File C:\Program Files\Common Files\MSSoap\Binaries
    314: File C:\Program Files\Common Files\MSSoap\Binaries\Resources\1033
    318: File C:\WINDOWS\system32\npp
    31c: File C:\WINDOWS\ime\shared\res
    320: File C:\Program Files\Windows NT\Pinball
    324: File C:\WINDOWS\ime\chsime\applets
    328: File C:\WINDOWS\system32\Restore
    32c: File C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS\1033
    330: File C:\Program Files\Common Files\Microsoft Shared\Speech
    334: File C:\WINDOWS\Resources\Themes\Luna\Shell\NormalColor
    338: File C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead
    33c: File C:\WINDOWS\Resources\Themes\Luna\Shell\Metallic
    340: File C:\WINDOWS\system32\wbem\snmp
    344: File C:\Program Files\Common Files\SpeechEngines\Microsoft
    348: File C:\Program Files\Common Files\Microsoft Shared\Speech\1033
    34c: File C:\WINDOWS\system32\spool\drivers\color
    350: File C:\WINDOWS\system32\IME\TINTLGNT
    354: File C:\WINDOWS\Help\Tours\mmTour
    358: File C:\WINDOWS\PCHealth\UploadLB\Binaries
    35c: File C:\Program Files\Common Files\Microsoft Shared\VGX
    360: File C:\WINDOWS\system32\wbem\xml
    364: File C:\Program Files\Windows NT\Accessories
    368: File C:\Program Files\xerox\nwwia
    378: File C:\WINDOWS\WinSxS
    5a0: File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805
    618: File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805
    674: File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805
    6e0: Section \BaseNamedObjects\mmGlobalPnpInfo
    700: Section \BaseNamedObjects\WDMAUD_Device_Interface_Path
    704: Section \BaseNamedObjects\WDMAUD_Path_Size
    728: Section \BaseNamedObjects\WDMAUD_Callbacks
    790: Section \BaseNamedObjects\__R_000000000010_SMem__
    7e0: File C:\WINDOWS\system32
    
     
  19. jj2303

    jj2303 Registered Member

    Joined:
    May 8, 2004
    Posts:
    17
    regf
     
  20. jj2303

    jj2303 Registered Member

    Joined:
    May 8, 2004
    Posts:
    17
    Logfile of HijackThis v1.97.7
    Scan saved at 8:59:58 AM, on 5/16/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\System32\gearsec.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
    C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Netscape\Netscape 6\netscp6.exe
    C:\Program Files\Common Files\Netscape Shared\Security\psm.exe
    C:\Program Files\Windows NT\Accessories\wordpad.exe
    C:\Program Files\Windows NT\Accessories\wordpad.exe
    C:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\m.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\m.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\m.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\m.dll/sp.html (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\m.dll/sp.html (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\m.dll/sp.html (obfuscated)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {C7BCC824-9C32-4A50-8B95-C07A6CE0DA15} - C:\WINDOWS\m.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O9 - Extra button: Microsoft® JavaScript® Console (HKLM)
    O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Microsoft® JavaScript® Console (HKCU)
    O9 - Extra 'Tools' menuitem: JavaScript Console (HKCU)
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.support.fastaccess.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://photos.msn.com/r/neutral/controls/MsnPUpld.cab?5,0,1730,0
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  21. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi jj2303,

    Could you mail me a copy of C:\WINDOWS\m.dll
    Maybe it will reveal something if we take it apart.
    Send it to the email address in my profile.

    Regards,

    Pieter
     
  22. jj2303

    jj2303 Registered Member

    Joined:
    May 8, 2004
    Posts:
    17
    m.dll does not exist in the folder
    any other ideas?
     
  23. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Before you fix anything please download and unzip The KillBox.zip from here:
    http://download.broadbandmedic.com/

    Run the program and in the dialog Window paste C:\WINDOWS\m.dll and click the "Find and Kill this file" button

    Then reboot and find the copy of m.dll in C:\!Submit\[Date]
    Could you please zip that up and mail it to pieterATwilderssecurity.org (replace AT with @)

    Thanks in advance,

    Pieter
     
  24. jj2303

    jj2303 Registered Member

    Joined:
    May 8, 2004
    Posts:
    17
    i don't see a find and kill button?
     
  25. jj2303

    jj2303 Registered Member

    Joined:
    May 8, 2004
    Posts:
    17
    apparently windows can not find that file
     
Thread Status:
Not open for further replies.