1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Unstable computer...can't get antivirus to scan

Discussion in 'Virus & Other Malware Removal' started by snafu777, Jan 9, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. snafu777

    snafu777 Thread Starter

    Joined:
    Jun 5, 2006
    Messages:
    47
    Please help....my computer has been very slow and unstable lately. I was using Bitdefender but I thought that this was slowing up the computer so I tried to uninstall it. Parts of it are still on my computer with annoying popups out of nowhere that I can't seem to stop. I tried installing AVG first but it wouldn't scan my computer. I then tried installing Avast and it also can't scan. I get an error message that state "unable to start scan....no more endpoint from endpoint mapper" I tried to reboot the computer yesterday and it went into diskcheck and got hung up on one fix for about two hours before it went to a black screen. I tried to start in safe mode with no luck and then tried to start with "last working start" and that worked but now I'm afraid to reboot the computer. Please help....thanks in advance. I also noticed that the hard drive was working for about an hour after each reboot and saw that the file lsass.exe was using most of the cpu during that time....not sure if thats normal or not.
    Mike

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 12:44:05 PM, on 1/9/2015
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.21376)
    CHROME: 39.0.2171.95

    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\Program Files\Antivirus\AVAST Software\Avast\AvastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe
    C:\Program Files\TeamViewer\Version9\TeamViewer.exe
    C:\Program Files\TeamViewer\Version9\tv_w32.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\Classic PhoneTools\Phontool.exe
    C:\Program Files\Intuit\QuickBooks 2013\qbw32.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Antivirus\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Antivirus\AVAST Software\Avast\AvastUI.exe" /nogui
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [MusicManager] "C:\Documents and Settings\Owner\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe"
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted IP range: 10.1.10.100
    O15 - Trusted IP range: 10.1.10.140
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O16 - DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} (WebClient Control) - http://10.1.10.100/WebClient.exe
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O18 - Protocol: intu-help-qb6 - {6898B29B-BF49-43CB-A0B1-D0B9496AF491} - C:\Program Files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll
    O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe

    --
    End of file - 8969 bytes
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hello and welcome,

    Read the following link before we continue and run Combofix:

    ComboFix usage, Questions, Help? - Look here

    Next,

    Download Combofix from either of the following links :-

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    http://www.infospyware.net/antimalware/combofix/

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  3. snafu777

    snafu777 Thread Starter

    Joined:
    Jun 5, 2006
    Messages:
    47
    Thanks for the quick reply Kevin. Here is the log:

    ComboFix 15-01-08.01 - Owner 01/09/2015 13:23:05.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1314 [GMT -5:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    AV: AVG AntiVirus Free Edition 2015 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\docume~1\Owner\LOCALS~1\Temp\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_1101_1\dbdata11.dll
    c:\documents and settings\All Users\Application Data\1397145167.bdinstall.bin
    c:\documents and settings\All Users\Application Data\1397145766.176.bin
    c:\documents and settings\All Users\Application Data\1397145766.2572.bin
    c:\documents and settings\All Users\Application Data\1397145766.3248.bin
    c:\documents and settings\All Users\Application Data\1397147353.bdinstall.bin
    c:\documents and settings\All Users\Application Data\1420655633.bdinstall.bin
    c:\documents and settings\All Users\Application Data\1420655641.1944.bin
    c:\documents and settings\All Users\Application Data\1420655641.3432.bin
    c:\documents and settings\All Users\Application Data\1420655641.3444.bin
    c:\documents and settings\All Users\Application Data\1420655641.4024.bin
    c:\documents and settings\All Users\Application Data\1420655724.bdinstall.bin
    c:\documents and settings\All Users\Application Data\1420655729.bdinstall.bin
    c:\documents and settings\All Users\Application Data\1420656733.bdinstall.bin
    c:\documents and settings\All Users\Application Data\1420751364.bdinstall.bin
    c:\documents and settings\All Users\Application Data\1420751371.bdinstall.bin
    c:\documents and settings\Owner\Application Data\FileDrTool.log
    c:\documents and settings\Owner\Local Settings\Temp\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_1101_1\dbdata11.dll
    c:\documents and settings\Owner\My Documents\DGRF9.tmp
    c:\documents and settings\Owner\WINDOWS
    C:\SETUP.EXE
    c:\windows\$msi31uninstall_kb893803v2$
    c:\windows\$msi31uninstall_kb893803v2$\msi.dll
    c:\windows\$msi31uninstall_kb893803v2$\msiexec.exe
    c:\windows\$msi31uninstall_kb893803v2$\msihnd.dll
    c:\windows\$msi31uninstall_kb893803v2$\msimsg.dll
    c:\windows\$msi31uninstall_kb893803v2$\msisip.dll
    c:\windows\$msi31uninstall_kb893803v2$\reg00013
    c:\windows\$msi31uninstall_kb893803v2$\reg00014
    c:\windows\$msi31uninstall_kb893803v2$\reg00015
    c:\windows\$msi31uninstall_kb893803v2$\reg00016
    c:\windows\$msi31uninstall_kb893803v2$\reg00017
    c:\windows\$msi31uninstall_kb893803v2$\reg00018
    c:\windows\$msi31uninstall_kb893803v2$\reg00019
    c:\windows\$msi31uninstall_kb893803v2$\reg00020
    c:\windows\$msi31uninstall_kb893803v2$\reg00021
    c:\windows\$msi31uninstall_kb893803v2$\reg00022
    c:\windows\$msi31uninstall_kb893803v2$\reg00023
    c:\windows\$msi31uninstall_kb893803v2$\reg00024
    c:\windows\$msi31uninstall_kb893803v2$\reg00025
    c:\windows\$msi31uninstall_kb893803v2$\reg00026
    c:\windows\$msi31uninstall_kb893803v2$\reg00027
    c:\windows\$msi31uninstall_kb893803v2$\reg00028
    c:\windows\$msi31uninstall_kb893803v2$\reg00029
    c:\windows\$msi31uninstall_kb893803v2$\reg00030
    c:\windows\$msi31uninstall_kb893803v2$\reg00031
    c:\windows\$msi31uninstall_kb893803v2$\reg00032
    c:\windows\$msi31uninstall_kb893803v2$\reg00033
    c:\windows\$msi31uninstall_kb893803v2$\reg00034
    c:\windows\$msi31uninstall_kb893803v2$\reg00035
    c:\windows\$msi31uninstall_kb893803v2$\reg00036
    c:\windows\$msi31uninstall_kb893803v2$\reg00037
    c:\windows\$msi31uninstall_kb893803v2$\reg00038
    c:\windows\$msi31uninstall_kb893803v2$\reg00039
    c:\windows\$msi31uninstall_kb893803v2$\reg00040
    c:\windows\$msi31uninstall_kb893803v2$\reg00041
    c:\windows\$msi31uninstall_kb893803v2$\reg00042
    c:\windows\$msi31uninstall_kb893803v2$\reg00043
    c:\windows\$msi31uninstall_kb893803v2$\reg00044
    c:\windows\$msi31uninstall_kb893803v2$\reg00045
    c:\windows\$msi31uninstall_kb893803v2$\reg00046
    c:\windows\$msi31uninstall_kb893803v2$\reg00047
    c:\windows\$msi31uninstall_kb893803v2$\reg00048
    c:\windows\$msi31uninstall_kb893803v2$\reg00051
    c:\windows\$msi31uninstall_kb893803v2$\reg00052
    c:\windows\$msi31uninstall_kb893803v2$\reg00053
    c:\windows\$msi31uninstall_kb893803v2$\reg00054
    c:\windows\$msi31uninstall_kb893803v2$\reg00055
    c:\windows\$msi31uninstall_kb893803v2$\reg00056
    c:\windows\$msi31uninstall_kb893803v2$\reg00057
    c:\windows\$msi31uninstall_kb893803v2$\reg00058
    c:\windows\$msi31uninstall_kb893803v2$\reg00059
    c:\windows\$msi31uninstall_kb893803v2$\reg00060
    c:\windows\$msi31uninstall_kb893803v2$\reg00061
    c:\windows\$msi31uninstall_kb893803v2$\reg00062
    c:\windows\$msi31uninstall_kb893803v2$\reg00063
    c:\windows\$msi31uninstall_kb893803v2$\reg00064
    c:\windows\$msi31uninstall_kb893803v2$\reg00065
    c:\windows\$msi31uninstall_kb893803v2$\reg00066
    c:\windows\$msi31uninstall_kb893803v2$\reg00067
    c:\windows\$msi31uninstall_kb893803v2$\reg00068
    c:\windows\$msi31uninstall_kb893803v2$\reg00069
    c:\windows\$msi31uninstall_kb893803v2$\reg00070
    c:\windows\$msi31uninstall_kb893803v2$\reg00071
    c:\windows\$msi31uninstall_kb893803v2$\reg00072
    c:\windows\$msi31uninstall_kb893803v2$\reg00073
    c:\windows\$msi31uninstall_kb893803v2$\reg00074
    c:\windows\$msi31uninstall_kb893803v2$\reg00075
    c:\windows\$msi31uninstall_kb893803v2$\reg00076
    c:\windows\$msi31uninstall_kb893803v2$\reg00077
    c:\windows\$msi31uninstall_kb893803v2$\reg00078
    c:\windows\$msi31uninstall_kb893803v2$\reg00079
    c:\windows\$msi31uninstall_kb893803v2$\reg00080
    c:\windows\$msi31uninstall_kb893803v2$\reg00081
    c:\windows\$msi31uninstall_kb893803v2$\reg00082
    c:\windows\$msi31uninstall_kb893803v2$\reg00083
    c:\windows\$msi31uninstall_kb893803v2$\reg00084
    c:\windows\$msi31uninstall_kb893803v2$\reg00085
    c:\windows\$msi31uninstall_kb893803v2$\reg00086
    c:\windows\$msi31uninstall_kb893803v2$\reg00087
    c:\windows\$msi31uninstall_kb893803v2$\reg00088
    c:\windows\$msi31uninstall_kb893803v2$\reg00089
    c:\windows\$msi31uninstall_kb893803v2$\reg00090
    c:\windows\$msi31uninstall_kb893803v2$\reg00091
    c:\windows\$msi31uninstall_kb893803v2$\reg00092
    c:\windows\$msi31uninstall_kb893803v2$\reg00093
    c:\windows\$msi31uninstall_kb893803v2$\reg00094
    c:\windows\$msi31uninstall_kb893803v2$\reg00095
    c:\windows\$msi31uninstall_kb893803v2$\reg00096
    c:\windows\$msi31uninstall_kb893803v2$\reg00097
    c:\windows\$msi31uninstall_kb893803v2$\reg00098
    c:\windows\$msi31uninstall_kb893803v2$\reg00099
    c:\windows\$msi31uninstall_kb893803v2$\reg00100
    c:\windows\$msi31uninstall_kb893803v2$\reg00101
    c:\windows\$msi31uninstall_kb893803v2$\reg00102
    c:\windows\$msi31uninstall_kb893803v2$\reg00103
    c:\windows\$msi31uninstall_kb893803v2$\reg00104
    c:\windows\$msi31uninstall_kb893803v2$\reg00105
    c:\windows\$msi31uninstall_kb893803v2$\reg00106
    c:\windows\$msi31uninstall_kb893803v2$\reg00107
    c:\windows\$msi31uninstall_kb893803v2$\reg00108
    c:\windows\$msi31uninstall_kb893803v2$\reg00109
    c:\windows\$msi31uninstall_kb893803v2$\reg00110
    c:\windows\$msi31uninstall_kb893803v2$\reg00111
    c:\windows\$msi31uninstall_kb893803v2$\reg00112
    c:\windows\$msi31uninstall_kb893803v2$\reg00113
    c:\windows\$msi31uninstall_kb893803v2$\reg00114
    c:\windows\$msi31uninstall_kb893803v2$\reg00115
    c:\windows\$msi31uninstall_kb893803v2$\reg00116
    c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
    c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
    c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
    c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
    c:\windows\system32\SET4C.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-12-09 to 2015-01-09 )))))))))))))))))))))))))))))))
    .
    .
    2015-01-08 16:54 . 2015-01-08 16:54 -------- d-----w- c:\documents and settings\Owner\Application Data\AVAST Software
    2015-01-08 16:54 . 2015-01-08 16:54 -------- d-----w- c:\windows\jumpshot.com
    2015-01-08 16:52 . 2015-01-08 16:52 43152 ----a-w- c:\windows\avastSS.scr
    2015-01-08 16:50 . 2015-01-08 16:50 -------- d-----w- c:\program files\Antivirus
    2015-01-07 19:48 . 2015-01-07 19:48 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG2015
    2015-01-07 19:47 . 2015-01-07 19:47 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AVG2015
    2015-01-07 19:44 . 2015-01-07 19:44 -------- d-----w- c:\documents and settings\Owner\Application Data\TuneUp Software
    2015-01-07 19:33 . 2015-01-08 21:19 -------- d-----w- C:\$AVG
    2015-01-07 19:33 . 2015-01-08 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2015
    2015-01-07 19:22 . 2015-01-07 21:31 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Avg2015
    2015-01-07 19:22 . 2015-01-08 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2015-01-07 19:22 . 2015-01-07 19:22 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\MFAData
    2015-01-07 18:59 . 2009-07-15 04:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2015-01-07 18:54 . 2015-01-08 21:10 -------- d-----w- c:\program files\Bitdefender
    2014-12-16 20:25 . 2014-12-16 20:25 -------- d-----w- c:\program files\Microsoft Silverlight
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-12-09 21:54 . 2012-10-24 15:42 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-12-09 21:54 . 2012-10-24 15:42 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-12-09 02:25 . 2014-12-09 02:25 192792 ----a-w- c:\windows\system32\drivers\avgidsdriverlx.sys
    2014-11-19 09:31 . 2014-11-19 09:31 1217192 ----a-w- c:\windows\system32\FM20.DLL
    2014-11-19 02:41 . 2014-11-19 02:41 154904 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MusicManager"="c:\documents and settings\Owner\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe" [2014-11-13 7475200]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
    "ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2009-01-09 114688]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2014-01-16 3774776]
    "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1122304]
    "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
    "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-30 177448]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-1-17 113664]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-6 83360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Intuit Data Protect.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
    backup=c:\windows\pss\Intuit Data Protect.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
    backup=c:\windows\pss\QuickBooks_Standard_21.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2011-09-27 11:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 10:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvLsnr]
    2003-05-08 16:34 69632 ----a-w- c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    2005-09-20 15:32 77824 ----a-w- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    2005-09-20 15:35 94208 ----a-w- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
    2005-03-17 19:45 40960 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
    2014-01-16 14:59 3774776 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    2001-07-09 11:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
    2005-03-17 19:25 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 18:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh]
    2003-11-20 23:01 525824 ----a-w- c:\program files\COMPAQ\SetRefresh\SetRefresh.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2008-06-10 09:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
    "c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
    "c:\\Program Files\\Brother\\Brmfl08i\\FAXRX.exe"=
    "c:\\Program Files\\Brother\\BRAdmin Light\\BRAdmLight.exe"=
    "c:\\Program Files\\TeamViewer\\Version9\\TeamViewer.exe"=
    "c:\\Program Files\\TeamViewer\\Version9\\TeamViewer_Service.exe"=
    "c:\\Program Files\\Intuit\\QuickBooks 2013\\QBDBMgrN.exe"=
    "c:\\Program Files\\Intuit\\QuickBooks 2013\\QBW32.EXE"=
    "c:\\Program Files\\Intuit\\QuickBooks 2013\\DBManagerExe.exe"=
    "c:\\Program Files\\Intuit\\QuickBooks 2013\\FileManagement.exe"=
    "c:\\Program Files\\Common Files\\Intuit\\QuickBooks\\QBCFMonitorService.exe"=
    "c:\\Program Files\\Common Files\\Intuit\\QuickBooks\\QBLaunch.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "54925:UDP"= 54925:UDP:Brother Network Scanner
    .
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [7/30/2008 2:23 PM 161064]
    R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [11/26/2012 10:22 AM 1248256]
    R2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [6/5/2014 3:25 PM 4799760]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-24 21:54]
    .
    2015-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-04-30 16:53]
    .
    2015-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-04-30 16:53]
    .
    2015-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-2052111302-839522115-1003Core.job
    - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-16 12:43]
    .
    2015-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-2052111302-839522115-1003UA.job
    - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-16 12:43]
    .
    2015-01-09 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    - c:\windows\system32\xp_eos.exe [2014-03-26 01:59]
    .
    2014-12-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    - c:\windows\system32\xp_eos.exe [2014-03-26 01:59]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - c:\program files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll
    DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} - hxxp://10.1.10.100/WebClient.exe
    .
    - - - - ORPHANS REMOVED - - - -
    .
    ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
    ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    MSConfigStartUp-VERIZONDM - c:\program files\VERIZONDM\bin\sprtcmd.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2015-01-09 13:35
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3668)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    c:\program files\Analog Devices\SoundMAX\SMAgent.exe
    c:\program files\TeamViewer\Version9\TeamViewer.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Brother\ControlCenter3\brccMCtl.exe
    c:\program files\TeamViewer\Version9\tv_w32.exe
    .
    **************************************************************************
    .
    Completion time: 2015-01-09 13:43:45 - machine was rebooted
    ComboFix-quarantined-files.txt 2015-01-09 18:43
    .
    Pre-Run: 115,526,987,776 bytes free
    Post-Run: 116,204,167,168 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 4BC35EEDE19DA3327A5CED56018E3F3A
    5F8B5082F3482CC06B72EC5806598AE9
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    ClearJavaCache::
    
    Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Next,

    Download Malwarebytes Anti-Malware to your desktop.
    • Double-click mbam-setup and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes Select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
    • Now select > Scan > Threat scan > Scan now
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    When the scan is completed from the main GUI click on History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"
    Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to your reply.

    Or select "Export" you are given the option to export as a Text file (*.txt) or XML file (*.xml) Choose text file, save the exported file to a place of your choice. That file can be attached to your reply...

    Next,

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on Adwcleaner.exe to run the tool.
    • Click on Scan
    • Once the scan is done, click on the Clean button.
    • You will get a prompt asking to close all programs. Click OK.
    • Click OK again to reboot your computer.
    • A text file will open after the restart. Please post the content of that logfile in your reply.
    • You can also find the logfile at C:\AdwCleaner[Sn].txt. Where n in the scan reference number

    Next,

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    Next,

    Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop
    Ensure to get the correct version for your system....
    32 Bit version:
    https://www.microsoft.com/downloads...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
    64 Bit version:
    https://www.microsoft.com/downloads...DE-367F-495E-94E7-6349F4EFFC74&displaylang=en

    Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
    In the "Scan Type" window, select Quick Scan
    Perform a scan and Click Finish when the scan is done.
    Retrieve the MSRT log as follows, and post it in your next reply:

    1) Select the Windows key and R key together to open the "Run" function
    2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

    notepad c:\windows\debug\mrt.log

    Let me see those logs, also give an update on any remaining issues or concerns....

    Thanks,

    Kevin...
     
  5. snafu777

    snafu777 Thread Starter

    Joined:
    Jun 5, 2006
    Messages:
    47
    Kevin,
    Ran all programs as requested. Here are the logs:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 1/9/2015
    Scan Time: 3:43:54 PM
    Logfile:
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.01.09.16
    Rootkit Database: v2015.01.07.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: Owner

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 310446
    Time Elapsed: 14 min, 7 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 1
    PUP.Optional.InstallIQ.A, C:\Documents and Settings\Owner\My Documents\Downloads\mediaplayer_d222790.exe, Quarantined, [b6e227cd870274c2c1b554e39d6405fb],

    Physical Sectors: 0
    (No malicious items detected)


    (end)


    # AdwCleaner v4.107 - Report created 12/01/2015 at 11:54:45
    # Updated 07/01/2015 by Xplode
    # Database : 2015-01-11.2 [Live]
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Owner - HP-D530
    # Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner_4.107.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.zabasearch.com_0.localstorage
    File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.zabasearch.com_0.localstorage-journal
    File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
    File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\YahooPartnerToolbar

    ***** [ Browsers ] *****

    -\\ Internet Explorer v7.0.6000.21376


    -\\ Google Chrome v

    [C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.foxnews.com/search-results/search?q={searchTerms}&submit=Search
    [C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.therestaurantstore.com/search-results.html?searchval={searchTerms}
    [C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
    [C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.grainger.com/search?searchQuery={searchTerms}

    *************************

    AdwCleaner[R0].txt - [1584 octets] - [09/01/2015 17:20:41]
    AdwCleaner[R1].txt - [338 octets] - [09/01/2015 18:15:54]
    AdwCleaner[R2].txt - [339 octets] - [09/01/2015 18:27:23]
    AdwCleaner[R3].txt - [2915 octets] - [12/01/2015 11:50:23]
    AdwCleaner[S0].txt - [2860 octets] - [12/01/2015 11:54:45]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2920 octets] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.1 (12.28.2014:1)
    OS: Microsoft Windows XP x86
    Ran by Owner on Mon 01/12/2015 at 12:11:36.29
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ammyy"





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 01/12/2015 at 12:30:27.09
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v1.38, February 2008
    Started On Thu Feb 28 12:09:19 2008

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 28 12:09:36 2008


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v1.42, June 2008
    Started On Mon Jun 30 17:11:51 2008

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Mon Jun 30 17:12:28 2008


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v2.4, November 2008
    Started On Thu Nov 27 14:54:37 2008

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 27 14:55:25 2008


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v2.4, November 2008
    Started On Fri Nov 28 09:56:09 2008

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Fri Nov 28 09:57:10 2008


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v2.12, July 2009
    Started On Tue Oct 19 14:33:14 2010
    WARNING: Security policy doesn't allow for all actions MSRT may require.->Scan ERROR: resource process://pid:208 (code 0x00000057 (87))

    Results Summary:
    ----------------
    No infection found.

    Return code: 0
    Microsoft Windows Malicious Software Removal Tool Finished On Tue Oct 19 14:33:51 2010


    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.4, January 2012
    Started On Thu Jan 26 15:34:36 2012
    ->Scan ERROR: resource process://pid:3252 (code 0x00000490 (1168))

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 26 15:35:50 2012


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.12, September 2012
    Started On Wed Sep 26 03:09:28 2012
    ->Scan ERROR: resource file://Intel(R) 537EP V9x DF PCI Modem (code 0x00000020 (32))
    ->Scan ERROR: resource file://Intel(R) 537EP V9x DF PCI Modem (code 0x0000054F (1359))

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 26 03:10:55 2012


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.13, October 2012
    Started On Wed Oct 10 03:01:48 2012

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 10 03:03:03 2012


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.14, November 2012
    Started On Thu Nov 15 03:06:52 2012
    ->Scan ERROR: resource file://Intel(R) 537EP V9x DF PCI Modem (code 0x00000020 (32))
    ->Scan ERROR: resource file://Intel(R) 537EP V9x DF PCI Modem (code 0x0000054F (1359))

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 15 03:08:19 2012


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.15, December 2012
    Started On Thu Dec 13 03:00:33 2012
    ->Scan ERROR: resource file://Intel(R) 537EP V9x DF PCI Modem (code 0x00000020 (32))
    ->Scan ERROR: resource file://Intel(R) 537EP V9x DF PCI Modem (code 0x0000054F (1359))

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 13 03:02:01 2012


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.16, January 2013
    Started On Wed Jan 09 03:00:30 2013
    ->Scan ERROR: resource file://Intel(R) 537EP V9x DF PCI Modem (code 0x00000020 (32))
    ->Scan ERROR: resource file://Intel(R) 537EP V9x DF PCI Modem (code 0x0000054F (1359))

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 09 03:01:51 2013


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.16, January 2013
    Started On Thu Feb 07 13:56:26 2013
    ->Scan ERROR: resource process://pid:2240 (code 0x00000490 (1168))
    ->Scan ERROR: resource process://pid:2592 (code 0x00000490 (1168))
    ->Scan ERROR: resource file://Intel(R) 537EP V9x DF PCI Modem (code 0x00000020 (32))
    ->Scan ERROR: resource file://Intel(R) 537EP V9x DF PCI Modem (code 0x0000054F (1359))

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 07 14:04:09 2013


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.17, February 2013
    Started On Wed Feb 13 03:08:22 2013

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 13 03:10:27 2013


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.18, March 2013
    Started On Thu Mar 14 03:00:37 2013
    ->Scan ERROR: resource file://Intel(R) 537EP V9x DF PCI Modem (code 0x00000020 (32))
    ->Scan ERROR: resource file://Intel(R) 537EP V9x DF PCI Modem (code 0x0000054F (1359))

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Mar 14 03:02:25 2013


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.19, April 2013
    Started On Thu Apr 11 03:01:48 2013
    ->Scan ERROR: resource file://Intel(R) 537EP V9x DF PCI Modem (code 0x00000020 (32))
    ->Scan ERROR: resource file://Intel(R) 537EP V9x DF PCI Modem (code 0x0000054F (1359))

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 11 03:03:36 2013


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.20, May 2013
    Started On Thu May 16 03:01:45 2013
    ->Scan ERROR: resource file://Intel(R) 537EP V9x DF PCI Modem (code 0x00000020 (32))
    ->Scan ERROR: resource file://Intel(R) 537EP V9x DF PCI Modem (code 0x0000054F (1359))

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu May 16 03:03:55 2013


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.21, June 2013
    Started On Wed Jun 12 03:00:34 2013
    ->Scan ERROR: resource file://Intel(R) 537EP V9x DF PCI Modem (code 0x00000020 (32))
    ->Scan ERROR: resource file://Intel(R) 537EP V9x DF PCI Modem (code 0x0000054F (1359))

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 12 03:02:44 2013


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------

    Microsoft Windows Malicious Software Removal Tool v4.22, July 2013
    Started On Wed Jul 10 03:22:55 2013
    ->Scan ERROR: resource process://pid:3064 (code 0x00000490 (1168))
    ->Scan ERROR: resource process://pid:5768 (code 0x00000490 (1168))
    ->Scan ERROR: resource file://Intel(R) 537EP V9x DF PCI Modem (code 0x00000020 (32))
    ->Scan ERROR: resource file://Intel(R) 537EP V9x DF PCI Modem (code 0x0000054F (1359))

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 10 03:26:02 2013


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.3, August 2013 (build 5.3.9301.0)
    Started On Wed Aug 14 03:17:39 2013


    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 14 03:20:40 2013


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.4, September 2013 (build 5.4.9400.0)
    Started On Thu Sep 12 03:00:56 2013

    Engine: 1.1.9800.0
    Signatures: 1.157.932.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 12 03:03:30 2013


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.5, October 2013 (build 5.5.9502.0)
    Started On Fri Oct 11 03:15:01 2013

    Engine: 1.1.9901.0
    Signatures: 1.159.530.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Fri Oct 11 03:18:01 2013


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.6, November 2013 (build 5.6.9603.0)
    Started On Wed Nov 13 03:00:37 2013

    Engine: 1.1.10003.0
    Signatures: 1.161.1618.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 13 03:02:55 2013


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.7, December 2013 (build 5.7.9701.0)
    Started On Thu Dec 12 03:04:51 2013

    Engine: 1.1.10100.0
    Signatures: 1.163.1013.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 12 03:07:13 2013


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.8, January 2014 (build 5.8.9803.0)
    Started On Thu Jan 16 03:01:44 2014

    Engine: 1.1.10201.0
    Signatures: 1.165.1273.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 16 03:04:06 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.9, February 2014 (build 5.9.9902.0)
    Started On Fri Feb 14 03:14:48 2014

    Engine: 1.1.10201.0
    Signatures: 1.165.3163.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Fri Feb 14 03:17:37 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.10, March 2014 (build 5.10.10001.0)
    Started On Wed Mar 19 03:00:36 2014

    Engine: 1.1.10302.0
    Signatures: 1.167.1001.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Mar 19 03:03:13 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.11, April 2014 (build 5.11.10100.0)
    Started On Wed Apr 09 03:01:50 2014

    Engine: 1.1.10401.0
    Signatures: 1.169.1258.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 09 03:04:22 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.12, May 2014 (build 5.12.10200.0)
    Started On Thu May 15 03:03:51 2014

    Engine: 1.1.10502.0
    Signatures: 1.173.1305.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu May 15 03:07:00 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.13, June 2014 (build 5.13.10300.0)
    Started On Thu Jun 12 03:06:11 2014

    Engine: 1.1.10600.0
    Signatures: 1.175.1113.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 12 03:08:31 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.14, July 2014 (build 5.14.10402.0)
    Started On Thu Jul 10 03:01:03 2014

    Engine: 1.1.10701.0
    Signatures: 1.177.949.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Jul 10 03:03:13 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.15, August 2014 (build 5.15.10500.0)
    Started On Thu Aug 14 03:03:13 2014

    Engine: 1.1.10802.0
    Signatures: 1.179.1796.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Thu Aug 14 03:09:38 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
    Started On Fri Sep 12 03:01:37 2014

    Engine: 1.1.10904.0
    Signatures: 1.183.882.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Fri Sep 12 03:13:32 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)
    Started On Wed Oct 15 03:02:16 2014

    Engine: 1.1.11005.0
    Signatures: 1.185.2035.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 15 03:18:03 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)
    Started On Wed Nov 12 03:00:55 2014

    Engine: 1.1.11104.0
    Signatures: 1.187.1116.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 12 03:10:08 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
    Started On Wed Dec 10 03:01:02 2014

    Engine: 1.1.11202.0
    Signatures: 1.189.872.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 10 03:09:27 2014


    Return code: 0 (0x0)

    ---------------------------------------------------------------------------------------
    Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
    Started On Mon Jan 12 12:42:55 2015

    Engine: 1.1.11202.0
    Signatures: 1.189.872.0

    Results Summary:
    ----------------
    No infection found.
    Microsoft Windows Malicious Software Removal Tool Finished On Mon Jan 12 13:50:29 2015


    Return code: 0 (0x0)

    The only issue I still seem to have is the lsass.exe using the cpu nearly at 100% for about an hour after reboot making the computer extremely slow during that time. I tried doing a clean boot and only had any success when I unchecked the "Load System Services" box. Do you have any suggestions on this? Also what antivirus software do you recommend that I use? Thanks for all your help. You have been a life saver.
    Mike
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    What about the log from Combofix, can I see that. also run the following:

    Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

    http://jpshortstuff.247fixes.com/SystemLook_x64.exe <<- 64 bit….

    http://images.malwareremoval.com/jpshortstuff/SystemLook.exe <<- 32 bit

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:

      Code:
      :filefind
      Lsass.exe
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt

    Next,

    Download Security Check by screen317 from either of the following:

    http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

    Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
    Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...

    Read the following link to fully understand PC security and best practices, you may find it useful....

    http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry2316629

    Kevin
     
  7. snafu777

    snafu777 Thread Starter

    Joined:
    Jun 5, 2006
    Messages:
    47
    Sorry, I thought I attached the ComboFix log in last reply. Here are the logs as requested:

    ComboFix 15-01-08.01 - Owner 01/09/2015 15:23:39.2.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1243 [GMT -5:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
    AV: AVG AntiVirus Free Edition 2015 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-12-09 to 2015-01-09 )))))))))))))))))))))))))))))))
    .
    .
    2015-01-08 16:54 . 2015-01-08 16:54 -------- d-----w- c:\documents and settings\Owner\Application Data\AVAST Software
    2015-01-08 16:54 . 2015-01-08 16:54 -------- d-----w- c:\windows\jumpshot.com
    2015-01-08 16:52 . 2015-01-08 16:52 43152 ----a-w- c:\windows\avastSS.scr
    2015-01-08 16:50 . 2015-01-08 16:50 -------- d-----w- c:\program files\Antivirus
    2015-01-07 19:48 . 2015-01-07 19:48 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG2015
    2015-01-07 19:47 . 2015-01-07 19:47 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AVG2015
    2015-01-07 19:44 . 2015-01-07 19:44 -------- d-----w- c:\documents and settings\Owner\Application Data\TuneUp Software
    2015-01-07 19:33 . 2015-01-08 21:19 -------- d-----w- C:\$AVG
    2015-01-07 19:33 . 2015-01-08 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2015
    2015-01-07 19:22 . 2015-01-07 21:31 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Avg2015
    2015-01-07 19:22 . 2015-01-08 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2015-01-07 19:22 . 2015-01-07 19:22 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\MFAData
    2015-01-07 18:59 . 2009-07-15 04:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
    2015-01-07 18:54 . 2015-01-08 21:10 -------- d-----w- c:\program files\Bitdefender
    2014-12-16 20:25 . 2014-12-16 20:25 -------- d-----w- c:\program files\Microsoft Silverlight
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-12-09 21:54 . 2012-10-24 15:42 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-12-09 21:54 . 2012-10-24 15:42 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-12-09 02:25 . 2014-12-09 02:25 192792 ----a-w- c:\windows\system32\drivers\avgidsdriverlx.sys
    2014-11-19 09:31 . 2014-11-19 09:31 1217192 ----a-w- c:\windows\system32\FM20.DLL
    2014-11-19 02:41 . 2014-11-19 02:41 154904 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MusicManager"="c:\documents and settings\Owner\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe" [2014-11-13 7475200]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
    "ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2009-01-09 114688]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2014-01-16 3774776]
    "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1122304]
    "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
    "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-30 177448]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-1-17 113664]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-6 83360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Intuit Data Protect.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
    backup=c:\windows\pss\Intuit Data Protect.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
    backup=c:\windows\pss\QuickBooks_Standard_21.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2011-09-27 11:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 10:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvLsnr]
    2003-05-08 16:34 69632 ----a-w- c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    2005-09-20 15:32 77824 ----a-w- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    2005-09-20 15:35 94208 ----a-w- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
    2005-03-17 19:45 40960 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
    2014-01-16 14:59 3774776 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    2001-07-09 11:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
    2005-03-17 19:25 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 18:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh]
    2003-11-20 23:01 525824 ----a-w- c:\program files\COMPAQ\SetRefresh\SetRefresh.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2008-06-10 09:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
    "c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
    "c:\\Program Files\\Brother\\Brmfl08i\\FAXRX.exe"=
    "c:\\Program Files\\Brother\\BRAdmin Light\\BRAdmLight.exe"=
    "c:\\Program Files\\TeamViewer\\Version9\\TeamViewer.exe"=
    "c:\\Program Files\\TeamViewer\\Version9\\TeamViewer_Service.exe"=
    "c:\\Program Files\\Intuit\\QuickBooks 2013\\QBDBMgrN.exe"=
    "c:\\Program Files\\Intuit\\QuickBooks 2013\\QBW32.EXE"=
    "c:\\Program Files\\Intuit\\QuickBooks 2013\\DBManagerExe.exe"=
    "c:\\Program Files\\Intuit\\QuickBooks 2013\\FileManagement.exe"=
    "c:\\Program Files\\Common Files\\Intuit\\QuickBooks\\QBCFMonitorService.exe"=
    "c:\\Program Files\\Common Files\\Intuit\\QuickBooks\\QBLaunch.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "54925:UDP"= 54925:UDP:Brother Network Scanner
    .
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [7/30/2008 2:23 PM 161064]
    R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [11/26/2012 10:22 AM 1248256]
    R2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [6/5/2014 3:25 PM 4799760]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-24 21:54]
    .
    2015-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-04-30 16:53]
    .
    2015-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-04-30 16:53]
    .
    2015-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-2052111302-839522115-1003Core.job
    - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-16 12:43]
    .
    2015-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-2052111302-839522115-1003UA.job
    - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-16 12:43]
    .
    2015-01-09 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    - c:\windows\system32\xp_eos.exe [2014-03-26 01:59]
    .
    2014-12-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    - c:\windows\system32\xp_eos.exe [2014-03-26 01:59]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - c:\program files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll
    DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} - hxxp://10.1.10.100/WebClient.exe
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2015-01-09 15:33
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(464)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2015-01-09 15:36:03
    ComboFix-quarantined-files.txt 2015-01-09 20:36
    ComboFix2.txt 2015-01-09 18:43
    .
    Pre-Run: 116,216,279,040 bytes free
    Post-Run: 116,202,500,096 bytes free
    .
    - - End Of File - - C99918803C91FDC1D12E7074BB678D3A
    5F8B5082F3482CC06B72EC5806598AE9

    SystemLook 30.07.11 by jpshortstuff
    Log created at 11:02 on 13/01/2015 by Owner
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "Lsass.exe"
    C:\WINDOWS\erdnt\cache\lsass.exe --a---- 13312 bytes [18:41 09/01/2015] [10:42 14/04/2008] BF2466B3E18E970D8A976FB95FC1CA85
    C:\WINDOWS\ServicePackFiles\i386\lsass.exe ------- 13312 bytes [15:58 27/11/2008] [10:42 14/04/2008] BF2466B3E18E970D8A976FB95FC1CA85
    C:\WINDOWS\system32\lsass.exe --a---- 13312 bytes [17:00 04/08/2004] [10:42 14/04/2008] BF2466B3E18E970D8A976FB95FC1CA85

    -= EOF =-

    Results of screen317's Security Check version 0.99.93
    Windows XP Service Pack 3 x86
    Internet Explorer 7 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    AVG AntiVirus Free Edition 2015
    avast! Antivirus
    Antivirus out of date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    Java(TM) 6 Update 3
    Java(TM) 6 Update 4
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java version 32-bit out of Date!
    Adobe Flash Player 15.0.0.246 Flash Player out of Date!
    Adobe Reader XI
    ````````Process Check: objlist.exe by Laurent````````
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast avastUi.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 3%
    ````````````````````End of Log``````````````````````
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    There does not seem to be any lingering malware/infection in the logs... Continue please:

    Update IE 7 to IE 8 if preferred: http://www.microsoft.com/en-gb/download/internet-explorer-8-details.aspx

    Go here http://www.adobe.com/shockwave/welcome/ and have Adobe Flashplayer checked. Accept new version if required.
    There maybe an offer of Google Chrome etc, untick those options if offered...

    Next,

    Your Java [​IMG] is out of date. Older versions have vulnerabilities that malware can use to infect your system.
    Please follow these steps to remove older version of Java components and upgrade the application.

    Upgrading Java:

    Go to http://java.com/en/ and click on "Do I have Java"
    It will check your current version and then offer to update to the latest version
    Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

    ***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. <<-- Very Important

    Next,

    AVG appears to be your preferred security, if that is the case it is very worthwhile removing Avast, even if it is not active. Use the removal tool available here: http://www.avast.com/uninstall-utility

    Let me know if there is any improvement, or if the high CPU usage remains...

    Thanks,

    Kevin...
     
  9. snafu777

    snafu777 Thread Starter

    Joined:
    Jun 5, 2006
    Messages:
    47
    I am actually using Avast for an antivirus. As in my orginal post I tried AVG but thought it might be causing the problems so I uninstalled it. I was surprised to see it showed up on the Security Check log. I updated all the other programs as instructed except for IE since I don't really use it. I'm still having the issue of the lsass.exe file using up the cpu for about an hour after I reboot. The rest of the system seems stable and I thank you again for all your help on that matter.
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Thanks for the update, if AVG is not required will be beneficial to run there own clean up tool, even though you`ve already run the uninstaller. Tool available here: http://www.avg.com/us-en/utilities

    Next,

    I`d like you to run your system in a "Clean Boot" mode. Basically all none Microsoft services are disabled at boot, it may well be a 3rd party service that is causing the issue.
    Full instructions at the following link: http://support.microsoft.com/kb/310353 Let me know if the system responds any better in that mode.....

    Thanks,

    Kevin...
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1140856

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice