1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

programs aren't running properly

Discussion in 'Virus & Other Malware Removal' started by tflpfshm, Oct 3, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Not a problem, thanks for letting me know.


    Please now run this scan and post the log. When it is complete please tell me how well the PC is running now.

    STEP 1
    NOTE: If you have already used Combofix please delete the icon from your desktop.

    • Please download DeFogger and save it to your desktop.
    • Once downloaded, double-click on the DeFogger icon to start the tool.
    • The application window will appear.
    • You should now click on the Disable button to disable your CD Emulation drivers.
    • When it prompts you whether or not you want to continue, please click on the Yes button to continue.
    • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
    • If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.



    STEP 2
    Please download ComboFix [​IMG] from one of the locations below and save it to your Desktop. <-Important!!!


    Be sure to print out and follow these instructions: A guide and tutorial on using ComboFix

    Vista/Windows 7 users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. XP users need to install the Recovery Console first.

    • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click this link to see a list of such programs and how to disable them.
    • If ComboFix detects an older version of itself, you will be asked to update the program.
    • ComboFix will begin by showing a Disclaimer. Read it and click I Agree if you want to continue.
    • Follow the prompts and click on Yes to continue scanning for malware.
    • If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
    • When finished, please copy and paste the contents of C:\ComboFix.txt (which will open after reboot) in your next reply.
    • Be sure to re-enable your anti-virus and other security programs.

    -- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
    -- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
    -- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.


    If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier. Those instructions only apply to XP, for Vista and Windows 7 go here: Internet connection repair

    NOTE: if you see a message like this when you attempt to open anything after the reboot "Illegal Operation attempted on a registry key that has been marked for deletion" please reboot the system again and the warning should not return.

     
  2. tflpfshm

    tflpfshm Thread Starter

    Joined:
    Jan 21, 2011
    Messages:
    18
    ComboFix 12-10-04.02 - Franklin 5/2012 Fri 11:48:21.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.894.402 [GMT -4:00]
    Running from: c:\documents and settings\Franklin\Desktop\ComboFix.exe
    AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\0tbpw.pad
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Franklin\Local Settings\Application Data\Vid-Saver
    c:\documents and settings\Franklin\Local Settings\Application Data\Vid-Saver\Chrome\Vid-Saver.crx
    c:\program files\Vid-Saver
    c:\program files\Vid-Saver\Vid-Saver.exe
    c:\program files\Vid-Saver\Vid-Saver.ico
    c:\program files\Vid-Saver\Vid-Saver.ini
    c:\program files\Vid-Saver\Vid-SaverInstaller.log
    c:\windows\system32\Cache
    c:\windows\system32\Cache\12b3680b3ac405da.fb
    c:\windows\system32\Cache\272512937d9e61a4.fb
    c:\windows\system32\Cache\287204568329e189.fb
    c:\windows\system32\Cache\28bc8f716fd76a47.fb
    c:\windows\system32\Cache\2c53092c95605355.fb
    c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
    c:\windows\system32\Cache\32c84fe32bb74d60.fb
    c:\windows\system32\Cache\3917078cb68ec657.fb
    c:\windows\system32\Cache\590ba23ce359fd0c.fb
    c:\windows\system32\Cache\610289e025a3ee9a.fb
    c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
    c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
    c:\windows\system32\Cache\6d03dad1035885d3.fb
    c:\windows\system32\Cache\8150be73d6ca6d65.fb
    c:\windows\system32\Cache\a8556537add6dfc5.fb
    c:\windows\system32\Cache\ad10a52aff5e038d.fb
    c:\windows\system32\Cache\c1fa887b03019701.fb
    c:\windows\system32\Cache\c4d28dca2e7648be.fb
    c:\windows\system32\Cache\d201ef9910cd39de.fb
    c:\windows\system32\Cache\d2e94710a5708128.fb
    c:\windows\system32\Cache\d79b9dfe81484ec4.fb
    c:\windows\system32\Cache\f998975c9cc711ee.fb
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\system32\URTTemp\regtlib.exe
    D:\install.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-05 to 2012-10-05 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-04 07:53 . 2012-10-04 07:53 -------- d-----w- c:\program files\ESET
    2012-10-04 01:22 . 2012-10-04 01:22 -------- d-----w- C:\_OTM
    2012-10-03 05:08 . 2012-10-03 05:08 -------- d-----w- c:\documents and settings\Franklin\Option
    2012-10-03 04:01 . 2012-10-03 04:01 -------- d-----w- c:\documents and settings\Franklin\Application Data\Process Hacker 2
    2012-10-03 03:57 . 2012-10-03 03:57 -------- d-----w- c:\program files\Process Hacker 2
    2012-10-03 01:01 . 2012-10-03 01:01 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-10-02 23:47 . 2012-10-02 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\767003CCFBD97CF80085766F7EDAF9F0
    2012-10-02 23:46 . 2012-10-02 23:46 56832 ---ha-w- c:\windows\system32\scimon.dll
    2012-09-28 07:47 . 2012-09-28 07:47 -------- d-----w- c:\documents and settings\Franklin\Application Data\DivX
    2012-09-27 13:09 . 2012-09-27 13:10 -------- d-----w- c:\program files\Common Files\DivX Shared
    2012-09-27 13:08 . 2012-09-27 13:10 -------- d-----w- c:\program files\DivX
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-05 16:04 . 2012-06-24 22:57 11232 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
    2012-09-20 23:42 . 2012-04-03 09:13 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-09-20 23:42 . 2012-02-12 07:38 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-09-07 21:04 . 2012-08-07 05:39 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-30 17:02 . 2012-08-30 17:02 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2012-08-29 00:24 . 2012-07-08 05:09 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-08-29 00:24 . 2012-02-12 07:06 473072 ----a-w- c:\windows\system32\deployJava1.dll
    2012-09-08 17:24 . 2012-09-08 17:24 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Power2GoExpress"="NA" [X]
    "ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2010-07-23 222496]
    "SlimDrivers"="c:\program files\SlimDrivers\SlimDrivers.exe" [2012-06-19 27940736]
    "Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
    "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-18 29744]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
    "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
    "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-07-10 421888]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-23 110696]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-23 13671016]
    "RTHDCPL"="RTHDCPL.EXE" [2000-01-01 18789920]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    BigFix.lnk - c:\program files\BigFix\bigfix.exe [2007-8-16 2342912]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    .
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [8/30/2012 1:02 PM 27496]
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [3/11/2012 8:28 AM 36000]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/11/2012 8:28 AM 86224]
    R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3/3/2008 4:11 PM 16384]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/2/2012 7:53 PM 399432]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/7/2012 1:39 AM 676936]
    R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [4/7/2008 1:42 AM 50424]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [4/4/2008 6:03 AM 131072]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/7/2012 1:39 AM 22856]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2012 3:40 AM 135664]
    S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/3/2012 5:13 AM 250288]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/24/2012 7:16 PM 1691480]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/18/2008 4:56 PM 29744]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2012 3:40 AM 135664]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 7:29 PM 114144]
    S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [6/24/2012 6:57 PM 11232]
    S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [6/25/2012 4:32 AM 14416]
    S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?]
    S3 XDva397;XDva397;\??\c:\windows\system32\XDva397.sys --> c:\windows\system32\XDva397.sys [?]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    *NewlyCreated* - WUAUSERV
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 23:42]
    .
    2012-10-05 c:\windows\Tasks\Game_Booster_AutoUpdate.job
    - c:\program files\IObit\Game Booster 3\AutoUpdate.exe [2012-06-25 21:57]
    .
    2012-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-12 07:40]
    .
    2012-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-12 07:40]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW
    mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0808&m=le1200
    TCP: DhcpNameServer = 192.168.2.1 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Franklin\Application Data\Mozilla\Firefox\Profiles\gcep061y.default-1349230380593\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-LaunchApp - (no file)
    HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
    HKLM-Run-nwiz - nwiz.exe
    HKLM-Run-HF_G_Jul - c:\program files\AVG Secure Search\HF_G_Jul.exe
    HKLM-Run-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe
    AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-10-05 12:03
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(792)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(3800)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\conime.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\windows\RTHDCPL.EXE
    c:\windows\system32\agrsmsvc.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    .
    **************************************************************************
    .
    Completion time: 2012-10-05 12:09:52 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-10-05 16:09
    .
    Pre-Run: 8,398,647,296 bytes free
    Post-Run: 9,524,236,288 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 33384A795A9BD705F0BD0CC68C06717C


    edit: very sorry about that, my pc is running alot smoother now, the low virtual memory thing isn't appearing any more, programs aren't freezing/crashing and the browser isn't crashing much/at all
     
  3. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    You have not answered my question:

    There is a file that needs to be checked.

    Go to one of the following online services that analyzes suspicious files:

    In the "File to Scan" (Upload or Submit) box, click the "browse" button and locate the following file:

    c:\windows\system32\scimon.dll <- this file

    Click "Open", then click the "Submit" button. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.
    -- Post back with the results of the file analysis in your next reply.
     
  4. tflpfshm

    tflpfshm Thread Starter

    Joined:
    Jan 21, 2011
    Messages:
    18
    ah, sorry, it's running faster now, the low virtual memory on startup disappeared, programs can be booted and seem to work normally

    Filename: scimon.dll Status: Scan finished. 12 out of 19 scanners reported malware.
    Scan taken on: Fri 5 Oct 2012 20:20:16 (CET) Permalink

    [​IMG] 2012-10-05 Trojan.Backdoor.Papras.Frt
    [​IMG] 2012-10-05 Gen:Variant.Kazy.67671
    [​IMG] 2012-10-05 Win32:Malware-gen
    [​IMG] 2012-10-05 Gen:Variant.Kazy.67671
    [​IMG] 2012-10-05 Generic29.BYWK
    [​IMG] 2012-10-05 Trojan.Agent
    [​IMG] 2012-10-05 TR/Kazy.67671.26
    [​IMG] 2012-10-05 Backdoor.Win32.Papras.frt
    [​IMG] 2012-10-05 Gen:Variant.Kazy.67671
    [​IMG] 2012-10-05 Found nothing
    [​IMG] 2012-10-05 Found nothing
    [​IMG] 2012-10-05 Found nothing
    [​IMG] 2012-10-05 Found nothing
    [​IMG] 2012-10-05 Mal/Generic-L
    [​IMG] 2012-10-05 Trojan.PWS.Banker1.5732
    [​IMG] 2012-10-04 Found nothing
    [​IMG] 2012-10-05 Win32/Kryptik.ALSU
    [​IMG] 2012-10-05 Found nothing
    [​IMG] 2012-10-05 Found nothing

    File size: 56832 bytes Filetype: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit MD5: 2c99fc188824cdf7f34c0aff8f4866d9 SHA1: c8dbbba05355bd9804cbb33b0bfd9d0486f4e2db
     
  5. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    That is sufficient evidence to prove the file is malicious.

    We will now remove that file along with a couple of other items detected by Eset.

    We are now going to run ComboFix a different way.

    Open Notepad by clicking [​IMG] > Run... and in the open box type: Notepad.exe
    Press Ok, then copy and paste everything in the code box below into it.
    -- Note: Make sure Word Wrap is unchecked in Notepad by clicking on Format in the top menu.

    Code:
    KillAll::
    
    File::
    c:\windows\system32\drivers\avgtpx86.sys
    c:\windows\system32\scimon.dll
    C:\Documents and Settings\Franklin\Local Settings\Application Data\{1EA2EAA4-99AF-11E1-826E-B8AC6F996F26}\chrome\content\browser.xul
    C:\Documents and Settings\Franklin\My Documents\zp800rc2free.exe
    DDS::
    
    ClearJavaCache::
    
    Reboot::
    
    • Save the file as CFScript.txt by choosing Save As... in the File Menu, and save it to your Desktop where the ComboFix icon is also located.
    • Close your browser and disconnect from the Internet.
    • Now use your mouse to drag, then drop the CFScript.txt file on top of ComboFix.exe as seen in the image below.

      [​IMG]
    • This will start ComboFix again and launch the script.
    • ComboFix may reboot your system when it finishes. This is normal.
    • A log will be created just as before and saved to C:\ComboFix.txt. Please copy and paste the contents of ComboFix.txt in your next reply.
    • Be sure to re-enable your anti-virus and other security programs after the scan is complete.
    • NOTE: if you see a message like this when you attempt to open anything after the reboot "Illegal Operation attempted on a registry key that has been marked for deletion" please reboot the system again and the warning should not return.
     
  6. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    As long as everything is running ok after the above, we should be able to start the clean up and reinstall Java.

    Please run this to check for anything else important that needs to be updated.

    Download Security Check by screen317 from Here or Here.
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.
     
  7. tflpfshm

    tflpfshm Thread Starter

    Joined:
    Jan 21, 2011
    Messages:
    18
    ComboFix 12-10-04.02 - Franklin 6/2012 Sat 1:47.2.1 - x86 MINIMAL
    Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.894.720 [GMT -4:00]
    Running from: c:\documents and settings\Franklin\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Franklin\Desktop\CFScript.txt
    AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    FILE ::
    "c:\documents and settings\Franklin\Local Settings\Application Data\{1EA2EAA4-99AF-11E1-826E-B8AC6F996F26}\chrome\content\browser.xul"
    "c:\documents and settings\Franklin\My Documents\zp800rc2free.exe"
    "c:\windows\system32\drivers\avgtpx86.sys"
    "c:\windows\system32\scimon.dll"
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-06 to 2012-10-06 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-04 07:53 . 2012-10-04 07:53 -------- d-----w- c:\program files\ESET
    2012-10-04 01:22 . 2012-10-04 01:22 -------- d-----w- C:\_OTM
    2012-10-03 05:08 . 2012-10-03 05:08 -------- d-----w- c:\documents and settings\Franklin\Option
    2012-10-03 04:01 . 2012-10-03 04:01 -------- d-----w- c:\documents and settings\Franklin\Application Data\Process Hacker 2
    2012-10-03 03:57 . 2012-10-03 03:57 -------- d-----w- c:\program files\Process Hacker 2
    2012-10-03 01:01 . 2012-10-03 01:01 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-10-02 23:47 . 2012-10-02 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\767003CCFBD97CF80085766F7EDAF9F0
    2012-10-02 23:46 . 2012-10-02 23:46 56832 ---ha-w- c:\windows\system32\scimon.dll
    2012-09-28 07:47 . 2012-09-28 07:47 -------- d-----w- c:\documents and settings\Franklin\Application Data\DivX
    2012-09-27 13:09 . 2012-09-27 13:10 -------- d-----w- c:\program files\Common Files\DivX Shared
    2012-09-27 13:08 . 2012-09-27 13:10 -------- d-----w- c:\program files\DivX
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-06 05:59 . 2012-06-24 22:57 11232 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
    2012-09-20 23:42 . 2012-04-03 09:13 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-09-20 23:42 . 2012-02-12 07:38 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-09-07 21:04 . 2012-08-07 05:39 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-30 17:02 . 2012-08-30 17:02 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2012-08-29 00:24 . 2012-07-08 05:09 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-08-29 00:24 . 2012-02-12 07:06 473072 ----a-w- c:\windows\system32\deployJava1.dll
    2012-09-08 17:24 . 2012-09-08 17:24 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Power2GoExpress"="NA" [X]
    "ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2010-07-23 222496]
    "SlimDrivers"="c:\program files\SlimDrivers\SlimDrivers.exe" [2012-06-19 27940736]
    "Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
    "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-18 29744]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
    "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
    "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-07-10 421888]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-23 110696]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-23 13671016]
    "RTHDCPL"="RTHDCPL.EXE" [2000-01-01 18789920]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    BigFix.lnk - c:\program files\BigFix\bigfix.exe [2007-8-16 2342912]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    .
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [8/30/2012 1:02 PM 27496]
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [3/11/2012 8:28 AM 36000]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/11/2012 8:28 AM 86224]
    R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3/3/2008 4:11 PM 16384]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/2/2012 7:53 PM 399432]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/7/2012 1:39 AM 676936]
    R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [4/7/2008 1:42 AM 50424]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [4/4/2008 6:03 AM 131072]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/7/2012 1:39 AM 22856]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2012 3:40 AM 135664]
    S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/3/2012 5:13 AM 250288]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/24/2012 7:16 PM 1691480]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/18/2008 4:56 PM 29744]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2012 3:40 AM 135664]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 7:29 PM 114144]
    S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [6/24/2012 6:57 PM 11232]
    S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [6/25/2012 4:32 AM 14416]
    S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?]
    S3 XDva397;XDva397;\??\c:\windows\system32\XDva397.sys --> c:\windows\system32\XDva397.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 23:42]
    .
    2012-10-06 c:\windows\Tasks\Game_Booster_AutoUpdate.job
    - c:\program files\IObit\Game Booster 3\AutoUpdate.exe [2012-06-25 21:57]
    .
    2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-12 07:40]
    .
    2012-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-12 07:40]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW
    mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0808&m=le1200
    FF - ProfilePath - c:\documents and settings\Franklin\Application Data\Mozilla\Firefox\Profiles\gcep061y.default-1349230380593\
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-10-06 01:58
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(780)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(4012)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\agrsmsvc.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
    c:\windows\system32\conime.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\windows\RTHDCPL.EXE
    .
    **************************************************************************
    .
    Completion time: 2012-10-06 02:03:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-10-06 06:03
    ComboFix2.txt 2012-10-05 16:09
    .
    Pre-Run: 10,283,196,416 bytes free
    Post-Run: 9,333,817,344 bytes free
    .
    - - End Of File - - B3099F21ACD502AF8B352D966CFFC06C


    combofix didn't do anything in normal mode after 4 or so hours.. but i did get this from safe mode.
     
  8. tflpfshm

    tflpfshm Thread Starter

    Joined:
    Jan 21, 2011
    Messages:
    18
    Results of screen317's Security Check version 0.99.51
    Windows XP Service Pack 3 x86
    Internet Explorer 7 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Avira Free Antivirus
    ESET Online Scanner v3
    Sophos Virus Removal Tool
    `````````Anti-malware/Other Utilities Check:`````````
    SUPERAntiSpyware
    Malwarebytes Anti-Malware version 1.65.0.1400
    CCleaner
    Adobe Flash Player 11.4.402.265
    Adobe Reader 8 Adobe Reader out of Date!
    Mozilla Firefox (15.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````
     
  9. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Please run Combofix in Normal and just do a scan with it and post the log. I just need to make quite sure the infected file, scimon.dll, really has gone. Once that is checked and you have completed all the steps below we just have to clean up the tools used.

    Now follow these steps to update a few things:

    STEP 1
    Follow this to defrag the hard drive: How to defragment the hard drive

    STEP 2
    Adobe
    Close any programs you may have running - especially your web browser.
    Click on Start [​IMG] > Control Panel, double-click on Programs and Features and uninstall the following Adobe entries:

    Adobe Reader 8

    NOTE: For XP click on [​IMG] > Control Panel, double-click on Add or Remove Programs and continue as above.

    Then go to this link Adobe Downloads and select the latest version to download and install. You will see this page below, click on the appropriate button for for the Adobe product that was just removed.

    [​IMG]

    You will now see a page similar to this one:

    [​IMG]

    All four Adobe products, Reader, Flash Player, Air and Shockwave Player are set by default to download the version for Windows Operating Systems and for Internet Explorer in English. If you are using a Macintosh, or you want to use the Adobe product with a different Browser or language you must click on the line (as indicated in the above image) to make further selections to meet your requirements.

    As you will see in the above image the Adobe Reader is set for Windows 7, please click (as indicated) if you are using a different version of Windows to make further selections. All the other Adobe products are universal and you will only need to change the selection for different Browsers, Languages or for Macintosh.
    NOTE: In all the downloads look out for the Google Toolbar and uncheck the box if you do not need it.

    Some additional instructions may appear for XP installations. In all cases save the download to your desktop, then close your browser and double click on the Adobe icon on your desktop to install it. If you have any problems installing, disconnect from the internet and disable your Anti Virus and any other security software, instructions for most AV's, etc. can be found here: How to disable security software.

    STEP 3
    How to install the latest version of Java.

    • Open the browser that you normally use and click on this link: Java Download
    • Click on the big red button Free Java Download
    • On the next page click on the big red button Agree and Start Free Download
    • Select Run whenever the option appears. If no Run option appears click on Save and then when the download completes click on Run. If a User Account Control warning appears click on Continue.
    • When the Welcome to Java window appears click on Install.
    • It may takes several minutes to download the installer depending on the speed of your connection, allow it to complete.
    • If any error messages appear click on OK and then click on the Agree and start free download button again.
    • Please wait for the Java Setup window to appear. Uncheck the box to install the Ask Toolbar and then click on Next.
    • NOTE: The Ask Toolbar option may change without notice to something different, please make sure you uncheck the box for anything else that is offered. On some systems this offer may not appear, in which case, continue with the next instruction.
    • You will then see the Java Setup Progress window and another will appear for JavaFX (on some systems the JavaFX will not appear or be installed). Finally the Java Setup Complete window will appear, click on Close.
    • If a Java page then appears with a button to Verify Java Version click on it and it will verify the installation.
    • The Installation is now complete, please reboot the system.
    • NOTE: The JavaFX component is not required unless you are developing Java applications. It is perfectly safe to keep on your system, but if you wish to uninstall it please do so.



    STEP 4
    Internet Explorer
    Your Internet Explorer is out of date, the latest version for XP has a better level of security which helps to stop malicious software from reaching your PC.
    Internet Explorer 8 for Windows XP
     
  10. tflpfshm

    tflpfshm Thread Starter

    Joined:
    Jan 21, 2011
    Messages:
    18
    i'm not sure why, but i can't get combofix to work in normal mode. after the "it may take 20 minutes to run/double for badly infected computers" text it does nothing, i left it running for half a day, no change. i disabled my antivirus while off the internet, but i'm not sure if i really disabled it or if there's some other measure of AV running that i'm not sure about or what.. but CF wouldn't run past the prompt. i did follow through on the steps posted though...
    i mean.... , i couldn't run Combo Fix in normal mode to scan for scimon.dll, but i did get though steps 1-4..


    Results of screen317's Security Check version 0.99.51
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Avira Free Antivirus
    ESET Online Scanner v3
    Sophos Virus Removal Tool
    Avira successfully updated!
    `````````Anti-malware/Other Utilities Check:`````````
    SUPERAntiSpyware
    Malwarebytes Anti-Malware version 1.65.0.1400
    CCleaner
    Java 7 Update 7
    Adobe Flash Player 11.4.402.265
    Adobe Reader X (10.1.4)
    Mozilla Firefox (15.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 3%
    ````````````````````End of Log``````````````````````
     
  11. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    :eek: I guess I must have been half asleep when I looked at the last Combofix log as it clearly shows at the top that the file in question was removed. It is a bit odd that it will not run now, but could be due to your Anti Virus, usually it will warn you if the Anti Virus is still active.

    Please try and run it again and if it won't run then delete the icon on your desktop and download a fresh copy and try again.

    If it still won't run boot into Safe Mode and try again.
     
  12. tflpfshm

    tflpfshm Thread Starter

    Joined:
    Jan 21, 2011
    Messages:
    18
    still wouldn't boot, but i'll try in safe mode now
     
  13. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    If it still won't boot we may be looking at a reinfection, if no joy with Combofix please run RogueKiller again and post the log.
     
  14. tflpfshm

    tflpfshm Thread Starter

    Joined:
    Jan 21, 2011
    Messages:
    18
    ComboFix 12-10-09.01 - Franklin 9/2012 Tue 21:06:35.5.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.894.552 [GMT -4:00]
    Running from: c:\documents and settings\Franklin\Desktop\blah.exe
    AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\FlashPlayerInstaller.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-10 to 2012-10-10 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-09 17:34 . 2012-10-09 17:34 -------- d-----w- c:\documents and settings\Franklin\Local Settings\Application Data\Sun
    2012-10-09 06:30 . 2012-10-09 06:30 -------- d-----w- c:\windows\LastGood
    2012-10-08 19:41 . 2012-10-08 19:41 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2012-10-07 01:38 . 2012-10-07 01:38 -------- d-sh--w- c:\documents and settings\Franklin\IECompatCache
    2012-10-07 01:37 . 2012-10-07 01:37 -------- d-sh--w- c:\documents and settings\Franklin\PrivacIE
    2012-10-07 01:33 . 2012-10-07 01:33 -------- d-sh--w- c:\documents and settings\Franklin\IETldCache
    2012-10-07 01:24 . 2012-10-07 01:26 -------- dc-h--w- c:\windows\ie8
    2012-10-07 01:20 . 2012-08-28 15:14 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
    2012-10-07 01:18 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2012-10-07 01:18 . 2012-08-28 15:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2012-10-07 01:18 . 2012-08-28 15:14 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2012-10-07 01:18 . 2012-08-28 15:14 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2012-10-07 01:13 . 2012-10-07 01:13 -------- d-----w- c:\program files\Common Files\Java
    2012-10-07 01:13 . 2012-10-07 01:12 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2012-10-07 01:13 . 2012-10-07 01:12 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-10-07 01:12 . 2012-10-07 01:12 -------- d-----w- c:\program files\Java
    2012-10-04 07:53 . 2012-10-04 07:53 -------- d-----w- c:\program files\ESET
    2012-10-04 01:22 . 2012-10-04 01:22 -------- d-----w- C:\_OTM
    2012-10-03 05:08 . 2012-10-03 05:08 -------- d-----w- c:\documents and settings\Franklin\Option
    2012-10-03 04:01 . 2012-10-03 04:01 -------- d-----w- c:\documents and settings\Franklin\Application Data\Process Hacker 2
    2012-10-03 03:57 . 2012-10-03 03:57 -------- d-----w- c:\program files\Process Hacker 2
    2012-10-03 01:01 . 2012-10-03 01:01 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-10-02 23:47 . 2012-10-02 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\767003CCFBD97CF80085766F7EDAF9F0
    2012-09-28 07:47 . 2012-09-28 07:47 -------- d-----w- c:\documents and settings\Franklin\Application Data\DivX
    2012-09-27 13:09 . 2012-09-27 13:10 -------- d-----w- c:\program files\Common Files\DivX Shared
    2012-09-27 13:08 . 2012-09-27 13:10 -------- d-----w- c:\program files\DivX
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-09 06:29 . 2012-06-24 22:57 11232 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
    2012-10-08 20:41 . 2012-04-03 09:13 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-10-08 20:41 . 2012-02-12 07:38 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-10-07 01:12 . 2012-02-12 07:06 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-09-07 21:04 . 2012-08-07 05:39 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-29 00:24 . 2012-07-08 05:09 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-08-28 15:14 . 2007-08-14 01:54 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-08-28 15:14 . 2007-08-14 01:44 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-08-28 15:14 . 2007-08-14 01:45 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-08-28 12:07 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
    2012-09-08 17:24 . 2012-09-08 17:24 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Power2GoExpress"="NA" [X]
    "ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2010-07-23 222496]
    "SlimDrivers"="c:\program files\SlimDrivers\SlimDrivers.exe" [2012-06-19 27940736]
    "Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-18 29744]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
    "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
    "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-07-10 421888]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-23 110696]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-23 13671016]
    "RTHDCPL"="RTHDCPL.EXE" [2000-01-01 18789920]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    BigFix.lnk - c:\program files\BigFix\bigfix.exe [2007-8-16 2342912]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    .
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [3/11/2012 8:28 AM 36000]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/11/2012 8:28 AM 86224]
    R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3/3/2008 4:11 PM 16384]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/2/2012 7:53 PM 399432]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/7/2012 1:39 AM 676936]
    R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [4/7/2008 1:42 AM 50424]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/7/2012 1:39 AM 22856]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2012 3:40 AM 135664]
    S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [4/4/2008 6:03 AM 131072]
    S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/3/2012 5:13 AM 250808]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/24/2012 7:16 PM 1691480]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/18/2008 4:56 PM 29744]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2012 3:40 AM 135664]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 7:29 PM 114144]
    S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [6/24/2012 6:57 PM 11232]
    S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [6/25/2012 4:32 AM 14416]
    S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?]
    S3 XDva397;XDva397;\??\c:\windows\system32\XDva397.sys --> c:\windows\system32\XDva397.sys [?]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - TrueSight
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 20:41]
    .
    2012-10-09 c:\windows\Tasks\Game_Booster_AutoUpdate.job
    - c:\program files\IObit\Game Booster 3\AutoUpdate.exe [2012-06-25 21:57]
    .
    2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-12 07:40]
    .
    2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-12 07:40]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW
    TCP: DhcpNameServer = 192.168.2.1 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Franklin\Application Data\Mozilla\Firefox\Profiles\gcep061y.default-1349230380593\
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-10-09 21:17
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Completion time: 2012-10-09 21:20:13
    ComboFix-quarantined-files.txt 2012-10-10 01:20
    ComboFix2.txt 2012-10-08 20:33
    ComboFix3.txt 2012-10-06 08:19
    ComboFix4.txt 2012-10-06 06:03
    ComboFix5.txt 2012-10-10 01:04
    .
    Pre-Run: 22,576,926,720 bytes free
    Post-Run: 22,558,105,600 bytes free
    .
    - - End Of File - - BCAC51F35D75339196997EC991F49161


    wow, combofix ran all the way though this time :)

    sorry, i thought i posted the log last time, but this one is current.
     
  15. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    The log is looking good, as long as you have no further issues then we can start the clean up.


    To re-enable your CD Emulation drivers if you disabled them, double click DeFogger.exe to run the tool again.


    • The application window will appear.
    • Click the Re-enable button to re-enable your CD Emulation drivers.
    • Click Yes to continue.
    • A 'Finished!' message will appear.
    • Click OK.
    • DeFogger will now ask to reboot the machine...click OK.

    To uninstall ComboFix, press the WINKEY + R keys on your keyboard or click [​IMG] > Run... and in the Open dialog box, type: ComboFix /Uninstall

    [​IMG]


    • Press OK.
      -- Vista/Windows 7 users refer to these instructions.
    • If you encounter any problems using the switch from the Run dialog box, just rename ComboFix.exe to Uninstall.exe, then double-click on it to remove.
    • This will delete ComboFix's related folders/files, reset the clock settings, hide file extensions/system files, clear the System Restore cache to prevent possible reinfection and create a new Restore point.
    • When it has finished you will see a dialog box stating that "ComboFix has been uninstalled".
    • After that, you can delete the ComboFix.exe program from your computer (Desktop).


    • Next
    • Download OTC by OldTimer and save it to your desktop.
    • Double click [​IMG] icon to start the program.
      If you are using Vista or Windows 7, please right-click and choose Run as Administrator
    • Then Click the big [​IMG] button.
    • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
    • Restart your computer when prompted.

    -- Doing this will remove any specialized tools downloaded and used. If OTC does not delete itself, then delete the file manually when done.
    -- Any leftover folders/files related to ComboFix or other tools which OTC did not remove can be deleted manually (right-click on it and choose delete).


    Please post back when this is complete and let me know if you have had any problems.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1071214