morkie Posted November 15, 2013 ID:754074 Share Posted November 15, 2013 My computer suddenly slowed way to almost unusabel. During shutdown windows displayed a msg. "windows is waiting for "sunkist.notify" to shut down. I started the computer back up and it runs normal. I then did a google search for "sunkist.notify" and it brought me here. I ran the program Malwarebytes Antimalware and it found 5 itmes, but the word Sunkist was not in any of them. How do I know if it found that specific malware or not ? I've included the results of the log Malwarebytes wrote. Thanks,richie------------------------------------------------------------------------ Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.11.15.07Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Owner :: HP [administrator]Protection: Enabled11/15/2013 12:30:22 PMmbam-log-2013-11-15 (12-30-22).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 240566Time elapsed: 18 minute(s), 42 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 5HKCR\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (Adware.Minibug) -> Quarantined and deleted successfully.HKCR\TypeLib\{3C2D2A1E-031F-4397-9614-87C932A848E0} (Adware.Minibug) -> Quarantined and deleted successfully.HKCR\Interface\{04A38F6B-006F-4247-BA4C-02A139D5531C} (Adware.Minibug) -> Quarantined and deleted successfully.HKCR\MiniBugTransporter.MiniBugTransporterX.1 (Adware.Minibug) -> Quarantined and deleted successfully.HKCR\MiniBugTransporter.MiniBugTransporterX (Adware.Minibug) -> Quarantined and deleted successfully.Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 1HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.Folders Detected: 2C:\Documents and Settings\Owner\Local Settings\Temp\Iminent\Log (PUP.Optional.Iminent.A) -> No action taken.C:\Documents and Settings\Owner\Local Settings\Temp\Iminent (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.Files Detected: 1C:\Documents and Settings\Owner\Local Settings\Temp\Iminent\IMBooster.msi (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.(end) Link to post Share on other sites More sharing options...
kevinf80 Posted November 15, 2013 ID:754076 Share Posted November 15, 2013 Hello and P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Next, Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-http://download.bleepingcomputer.com/sUBs/ComboFix.exe Ensure that Combofix is saved directly to the Desktop <--- Very importantDisable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.Close any open browsers and any other programs you might have runningDouble click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.*EXTRA NOTES* If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so. If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)Post the log in next reply please...Kevin Link to post Share on other sites More sharing options...
morkie Posted November 16, 2013 Author ID:754241 Share Posted November 16, 2013 ComboFix 13-11-15.01 - Owner 11/15/2013 23:03:19.1.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.130 [GMT -5:00]Running from: c:\documents and settings\Owner\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\Administrator\WINDOWSc:\documents and settings\Default User\WINDOWSc:\documents and settings\Owner\Application Data\HPc:\documents and settings\Owner\Application Data\HP\Memories Disc\comslog.txtc:\documents and settings\Owner\Application Data\HP\Memories Disc\hpodctr.htmc:\documents and settings\Owner\Application Data\HP\Memories Disc\hpodlog.htmc:\documents and settings\Owner\WINDOWSc:\hp\bin\cloaker.exec:\windows\dasetup.logc:\windows\help\wmplayer.bakc:\windows\system32\~GLH000f.TMPc:\windows\system32\config\systemprofile\WINDOWSc:\windows\system32\dllcache\wmpvis.dllc:\windows\system32\FlashPlayerApp.exec:\windows\system32\ps2.batD:\Autorun.inf..((((((((((((((((((((((((( Files Created from 2013-10-16 to 2013-11-16 )))))))))))))))))))))))))))))))..2013-11-16 00:02 . 2013-11-16 00:02 40392 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{878B48C1-C70B-4D20-9253-427FDB707FC7}\MpKsle021fb46.sys2013-11-15 21:21 . 2013-11-15 21:21 40392 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{878B48C1-C70B-4D20-9253-427FDB707FC7}\MpKsl02fd9011.sys2013-11-15 21:14 . 2013-11-15 21:14 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE2013-11-15 21:13 . 2013-11-15 21:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache2013-11-15 21:02 . 2013-11-15 21:02 40392 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{878B48C1-C70B-4D20-9253-427FDB707FC7}\MpKsla6c660fd.sys2013-11-15 20:47 . 2013-11-15 20:47 40392 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{878B48C1-C70B-4D20-9253-427FDB707FC7}\MpKslf8a772b9.sys2013-11-15 17:19 . 2013-11-15 17:19 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes2013-11-15 17:18 . 2013-11-15 17:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2013-11-15 17:18 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-11-15 17:18 . 2013-11-15 17:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-11-15 15:25 . 2013-11-15 15:25 62576 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{878B48C1-C70B-4D20-9253-427FDB707FC7}\offreg.dll2013-11-15 15:05 . 2013-10-14 06:39 7796464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{878B48C1-C70B-4D20-9253-427FDB707FC7}\mpengine.dll2013-11-14 00:17 . 2013-10-14 06:39 7796464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-11-12 19:15 . 2013-11-12 19:15 -------- d-----w- c:\program files\iPod2013-11-12 19:12 . 2013-11-12 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E12013-11-12 19:12 . 2013-11-12 19:31 -------- d-----w- c:\program files\iTunes...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-10-08 17:32 . 2012-03-02 20:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-10-08 17:32 . 2013-10-08 17:32 17226632 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe2013-09-23 18:33 . 2004-02-06 22:05 920064 ----a-w- c:\windows\system32\wininet.dll2013-09-23 18:33 . 2003-08-08 16:23 43520 ----a-w- c:\windows\system32\licmgr10.dll2013-09-23 18:33 . 2003-08-08 16:18 1469440 ------w- c:\windows\system32\inetcpl.cpl2013-09-23 18:33 . 2003-08-08 16:18 18944 ----a-w- c:\windows\system32\corpol.dll2013-09-23 18:06 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec2013-08-29 01:31 . 2003-08-08 15:35 1878656 ----a-w- c:\windows\system32\win32k.sys2005-02-10 00:53 . 2005-02-10 00:53 25184485 ----a-w- c:\program files\NV11ESD.exe2005-01-21 03:23 . 2005-12-26 19:47 45056 ------r- c:\program files\SetAttrib.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2003-10-29 524288]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-22 39408]"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 139264]"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]"nwiz"="nwiz.exe" [2003-10-06 741376]"Logitech Utility"="Logi_MwX.Exe" [2003-03-04 19968]"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 995176]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-02 152392].c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904].c:\documents and settings\Default User\Start Menu\Programs\Startup\AutoTBar.exe [2003-6-18 53248].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnkbackup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkbackup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnkbackup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnkbackup=c:\windows\pss\Microsoft Find Fast.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnkbackup=c:\windows\pss\Microsoft Office.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnkbackup=c:\windows\pss\Office Startup.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnkbackup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnkbackup=c:\windows\pss\Updates from HP.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^AutoTBar.exe]path=c:\documents and settings\Owner\Start Menu\Programs\Startup\AutoTBar.exebackup=c:\windows\pss\AutoTBar.exeStartup.[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Greetings Workshop Reminders.lnk]path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Greetings Workshop Reminders.lnkbackup=c:\windows\pss\Greetings Workshop Reminders.lnkStartup.[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^HP Organize.lnk]path=c:\documents and settings\Owner\Start Menu\Programs\Startup\HP Organize.lnkbackup=c:\windows\pss\HP Organize.lnkStartup.[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnkbackup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup.[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]path=c:\documents and settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnkbackup=c:\windows\pss\spamsubtract.lnkStartup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG]LTMSG.exe 7 [X].[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]2005-02-03 20:22 159744 ----a-w- c:\progra~1\HPINST~1\Pavilion\XPHNABS3EN\plugin\bin\PCHButton.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIMWDInstallFilename].[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTKit]2003-06-19 02:19 53248 ----a-w- c:\hp\bin\AUTOTKIT.EXE.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]2005-09-29 00:30 24576 ----a-w- c:\program files\Hewlett-Packard\Digital Imaging\bin\BackupNotify.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]2002-10-07 14:23 90112 ----a-w- c:\program files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]2004-02-18 21:55 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]2004-02-24 20:30 483328 ----a-w- c:\windows\system32\hphmon05.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]2003-05-23 10:03 49152 ----a-w- c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]2005-05-10 21:04 11776 ----a-w- c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]2002-07-18 01:00 200767 ----a-w- c:\program files\Microsoft Money\System\mnyexpr.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]2003-10-06 19:16 5058560 ----a-w- c:\windows\system32\nvcpl.dll.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPass]2003-02-21 11:05 1343488 ----a-w- c:\program files\Softex\OmniPass\scureapp.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2013-05-01 07:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]2005-01-04 19:13 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]2003-11-19 15:01 155648 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe.[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="c:\\Program Files\\iTunes\\iTunes.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"24726:TCP"= 24726:TCP:FlipShareServer"24727:TCP"= 24727:TCP:FlipShareServer"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management.R1 MpKsle021fb46;MpKsle021fb46;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{878B48C1-C70B-4D20-9253-427FDB707FC7}\MpKsle021fb46.sys [11/15/2013 7:02 PM 40392]R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [12/15/2010 1:22 PM 1085440]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/15/2013 12:18 PM 22856].--- Other Services/Drivers In Memory ---.*NewlyCreated* - MPKSLE021FB46.Contents of the 'Scheduled Tasks' folder.2013-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-19 17:32].2013-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57].2013-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-22 00:38].2013-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-22 00:38]..------- Supplementary Scan -------.uStart Page = about:blankuInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyOverride = localhost;*.localLSP: SpSubLSP.dllTrusted Zone: aol.com\freeTrusted Zone: musicmatch.com\onlineTCP: DhcpNameServer = 192.168.0.1DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cabDPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab.- - - - ORPHANS REMOVED - - - -.c:\documents and settings\Administrator\Start Menu\Programs\Startup\mod_sm.lnk - c:\hp\bin\cloaker.exe c:\hp\bin\commands /ww /c c:\hp\bin\mod_sm.cmdc:\documents and settings\Default User\Start Menu\Programs\Startup\mod_sm.lnk - c:\hp\bin\cloaker.exe c:\hp\bin\commands /ww /c c:\hp\bin\mod_sm.cmdMSConfigStartUp-mmtask - c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exeMSConfigStartUp-NovaBackup 7 Tray Control - c:\program files\NovaStor\NovaBACKUP 7.1\NbkCtrl.exeMSConfigStartUp-NovaBackup 7 - c:\program files\NovaStor\NovaBackup\7\NbkCtrl.exeMSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exeMSConfigStartUp-Tray Temperature - c:\docume~1\Owner\LOCALS~1\Temp\MiniBug.exeMSConfigStartUp-wcmdmgr - c:\windows\wt\updater\wcmdmgrl.exeMSConfigStartUp-WT GameChannel - c:\program files\WildTangent\Apps\GameChannel.exeAddRemove-1ABC286C-DE10-4590-BEFF-4D0DFF5EA1EC - c:\program files\WildTangent\Apps\GameChannel\Games\1ABC286C-DE10-4590-BEFF-4D0DFF5EA1EC\Uninstall.exeAddRemove-1FEF9671-50F6-4CB0-9E96-304EB14158E0 - c:\program files\WildTangent\Apps\GameChannel\Games\1FEF9671-50F6-4CB0-9E96-304EB14158E0\Uninstall.exeAddRemove-342970EF-F8DF-4E9B-8477-A1A03E3E15E1 - c:\program files\WildTangent\Apps\GameChannel\Games\342970EF-F8DF-4E9B-8477-A1A03E3E15E1\Uninstall.exeAddRemove-357ECB62-CD36-4B63-B57E-769D0CA174F4 - c:\program files\WildTangent\Apps\GameChannel\Games\357ECB62-CD36-4B63-B57E-769D0CA174F4\Uninstall.exeAddRemove-36317AE4-57EC-4F3E-B828-009A3DD96BE8 - c:\program files\WildTangent\Apps\GameChannel\Games\36317AE4-57EC-4F3E-B828-009A3DD96BE8\Uninstall.exeAddRemove-4F0AE1FB-4082-4A27-8363-05D292D92FB0 - c:\program files\WildTangent\Apps\GameChannel\Games\4F0AE1FB-4082-4A27-8363-05D292D92FB0\Uninstall.exeAddRemove-53EF27E9-150C-4063-8343-61C45FC6BB98 - c:\program files\WildTangent\Apps\GameChannel\Games\53EF27E9-150C-4063-8343-61C45FC6BB98\Uninstall.exeAddRemove-5415BC25-6D6C-46C4-B34C-EA8470FE56D5 - c:\program files\WildTangent\Apps\GameChannel\Games\5415BC25-6D6C-46C4-B34C-EA8470FE56D5\Uninstall.exeAddRemove-5F804D2B-A66D-4F0A-B64E-FBDA3F52E3F8 - c:\program files\WildTangent\Apps\GameChannel\Games\5F804D2B-A66D-4F0A-B64E-FBDA3F52E3F8\Uninstall.exeAddRemove-62067F4C-84A9-45B9-8573-B90468B0A3EF - c:\program files\WildTangent\Apps\GameChannel\Games\62067F4C-84A9-45B9-8573-B90468B0A3EF\Uninstall.exeAddRemove-BFBCBAE3-8293-4215-9C4F-C2402C118EDB - c:\program files\WildTangent\Apps\GameChannel\Games\BFBCBAE3-8293-4215-9C4F-C2402C118EDB\Uninstall.exeAddRemove-C99127BE-FDE5-49BD-9621-BFE5DF19AA34 - c:\program files\WildTangent\Apps\GameChannel\Games\C99127BE-FDE5-49BD-9621-BFE5DF19AA34\Uninstall.exeAddRemove-D11F7128-8CBD-408B-8BF8-034604DEDD42 - c:\program files\WildTangent\Apps\GameChannel\Games\D11F7128-8CBD-408B-8BF8-034604DEDD42\Uninstall.exeAddRemove-DA44615A-C243-46A4-8E47-184CFF33CD38 - c:\program files\WildTangent\Apps\GameChannel\Games\DA44615A-C243-46A4-8E47-184CFF33CD38\Uninstall.exeAddRemove-DF479CEA-34C0-460F-9B56-93BCE4CD4086 - c:\program files\WildTangent\Apps\GameChannel\Games\DF479CEA-34C0-460F-9B56-93BCE4CD4086\Uninstall.exeAddRemove-IrfanView - c:\program files\IrfanView\iv_uninstall.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-11-15 23:21Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .? [58412]? [32300]? [32396].scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-2585734044-745892630-1347059676-1003\Software\Microsoft\SystemCertificates\AddressBook*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode).[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(684)c:\program files\Softex\OmniPass\opxpgina.dll.- - - - - - - > 'lsass.exe'(740)c:\windows\system32\SpSubLSP.dll.Completion time: 2013-11-15 23:28:02ComboFix-quarantined-files.txt 2013-11-16 04:27.Pre-Run: 87,525,355,520 bytes freePost-Run: 88,939,769,856 bytes free.- - End Of File - - E9E143EBCE0344136676D1B9729374E8B716B775FCBDABF0E2DDFF76F15C6790 Link to post Share on other sites More sharing options...
kevinf80 Posted November 16, 2013 ID:754281 Share Posted November 16, 2013 You ask about Sunkist, is a multicard reader that you probably installed. As you can see it is set to run at startup (boot) it is really not needed in that mode. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 139264] Select Windows key and R key together, that should open the run box. Type in services.masc the services window will open, scroll to that service, right click on its entry and select "Properties"In the new window change the "Startup" type to Manual select "Apply" then "OK" Close out the services window.... Next, We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete: Run Eset Online Scanner **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scan click on the Run ESET Online Scanner button Tick the box next to YES, I accept the Terms of Use.Click Start When asked, allow the add/on to be installedClick Start Make sure that the option Remove found threats is unticked Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.Click Scan wait for the virus definitions to be downloaded Wait for the scan to finish When the scan is complete If no threats were found put a checkmark in "Uninstall application on close" close program report to me that nothing was found If threats were found click on "list of threats found" click on "export to text file" and save it as ESET SCAN and save to the desktop Click on back put a checkmark in "Uninstall application on close" click on finish close program copy and paste the report here Next, Download Security Check by screen317 from either of the following:http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exeSave it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.A Notepad document should open automatically called checkup.txt; please post the contents of that document. Let me see those logs, also tell me if there are any remaining issues or concerns.. Kevin Link to post Share on other sites More sharing options...
morkie Posted November 16, 2013 Author ID:754371 Share Posted November 16, 2013 Before I proceed further a couple things I need to ask.The original program I started with "Malwarebytes-AnyiMalware" is still on my computer and I believe in the protection mode, is that OK.I ran the command you gave services.masc and windows can't find it. So I tried services.msc and that brought me to the services window and I think it was the right window. However, I could not locate a service running anything like Multimedia Card Reader. Should I continue with the rest of the procedure in your previous email ? Also, can you tell me exactly what Sunkist does to the computer , other than slow it down. I'm concerned because this computer is connected to my home network via WIFI router. Thanks, richie Link to post Share on other sites More sharing options...
kevinf80 Posted November 16, 2013 ID:754401 Share Posted November 16, 2013 Hiya Richie, A big oops, I give wrong address for services from run box, should have been services.msc I must have caught the "a" by mistake when I select the "S" no big worry... The service maybe similar to Sunkist2k.... Yes continue with ESET and Security Check for now.... Kevin Link to post Share on other sites More sharing options...
morkie Posted November 16, 2013 Author ID:754420 Share Posted November 16, 2013 Here are the logs from ESET and Security Check. C:\All Downloads\coveru.exe a variant of Win32/Adware.NavExcel applicationC:\Program Files\AIM95\aim95.exe Win32/Adware.WBug.A application----------------------------------------------------------------------- Results of screen317's Security Check version 0.99.77 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials `````````Anti-malware/Other Utilities Check:````````` Ad-Aware Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 30 Java version out of Date! Adobe Reader 7 Adobe Reader out of Date!````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Ad-Aware AAWService.exe is disabled! Ad-Aware AAWTray.exe is disabled! Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)````````````````````End of Log`````````````````````` Richie Link to post Share on other sites More sharing options...
kevinf80 Posted November 16, 2013 ID:754431 Share Posted November 16, 2013 Adobe and Java Updates...Adobe Reader is outdated...Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader Step 1 - Select your Operating System.Step 2 - Select your Langauge.Step 3 - Select latest version. Untick the option for any security scanner or toolbar if offered. Download and install. Having the latest updates ensures there are no security vulnerabilities in your system. Next, Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older version of Java components and upgrade the application. Upgrading Java: Go to http://java.com/en/ and click on "Do I have Java"It will check your current version and then offer to update to the latest versionWatch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it. ***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. Let me know if those updates complete OK, also tell me the status of the following: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 139264] Did you manage to find the service and change to manual? If that is a program you never use maybe is better to uninstall it altogether..... Link to post Share on other sites More sharing options...
morkie Posted November 16, 2013 Author ID:754436 Share Posted November 16, 2013 Kevin,QUOTE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 139264] Did you manage to find theservice and change to manual? If that is a program you never use maybe is better to uninstall it altogether.. No, I could not find it and I wonder if that is where the problem is. Sunkist is the first word in this virus or whatever it is. I don't think it's a program and I don't know how to find it to uninstall it. Waiting to hear from you. richie Link to post Share on other sites More sharing options...
morkie Posted November 16, 2013 Author ID:754446 Share Posted November 16, 2013 Forget about what I said about that HKEY, did some research, Sunkist just happens to be the name of the vendor for reader cards. richie Link to post Share on other sites More sharing options...
kevinf80 Posted November 16, 2013 ID:754448 Share Posted November 16, 2013 OK, back to ESET scan, Delete this:C:\All Downloads\coveru.exeUninstall this AIM95 Unless you want to keep it... will maybe have unwanted Adware. What is your plan for the card reader, are you going to leave it, or maybe uninstall? Do you have any other remaining issues or concerns? Link to post Share on other sites More sharing options...
morkie Posted November 16, 2013 Author ID:754470 Share Posted November 16, 2013 Kevin,I did everything, including uninstalling the card reader. The virus is still there, what now ? richie Link to post Share on other sites More sharing options...
kevinf80 Posted November 16, 2013 ID:754472 Share Posted November 16, 2013 What virus? Link to post Share on other sites More sharing options...
morkie Posted November 16, 2013 Author ID:754475 Share Posted November 16, 2013 Kevin,I don't know what else to call it, no one has told me what exactly it is. All I know from searching the web it's full name is "Sunkist.notifyicondat.hwnd". Sorry for the confusion. richie Link to post Share on other sites More sharing options...
kevinf80 Posted November 16, 2013 ID:754478 Share Posted November 16, 2013 Run the following: Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Link to post Share on other sites More sharing options...
morkie Posted November 16, 2013 Author ID:754482 Share Posted November 16, 2013 Kevin,Here are the text logs from Farbar. I attached them this time, hope that is OK. richieFRST.txtAddition.txt Link to post Share on other sites More sharing options...
kevinf80 Posted November 16, 2013 ID:754487 Share Posted November 16, 2013 Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply. Next, Run Malwarebytes, Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.Please Update and run a Quick Scan with Malwarebytes Anti-Malware,Make sure that everything is checked, and click Remove Selected on any found items.Post the produced log Let me see those logs.... Also tell me if we see any improvement.. fixlist.txt Link to post Share on other sites More sharing options...
morkie Posted November 17, 2013 Author ID:754509 Share Posted November 17, 2013 mbam-log-2013-11-16 (13-35-43).txt MBAM-log-2013-11-16 (13-48-06).txtKevin, Here are the logs. I don't see any improvement. I'm on another computer right now because the infected one is so slow it's unusable. It shows cpu usage in the performance tab under Task Manager of 100%. It usually stays like that for about 45 mins. after I boot it up.richie Link to post Share on other sites More sharing options...
morkie Posted November 17, 2013 Author ID:754516 Share Posted November 17, 2013 Fixlog.txt I forgot this log , here it is.... richie Link to post Share on other sites More sharing options...
kevinf80 Posted November 17, 2013 ID:754519 Share Posted November 17, 2013 Set the system up for a Clean Boot, see if that makes any difference: Click Start, click Run, type msconfig, and then click OK. The System Configuration Utility dialog box is displayed. We now need to configure selective startup options: In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup. Click to clear the Process SYSTEM.INI File check box. Click to clear the Process WIN.INI File check box. Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked. Click the Services tab. Click to select the Hide All Microsoft Services check box. Click Disable All, and then click OK. this will disable none MS services. When you are prompted, click Restart to restart the computer. When you receive the following message, click to select the Don't show this message or launch the System Configuration Utility when Windows start check box, and then click OK. If that makes no difference return your computer to a Normal startup mode. Follow these steps: Open msconfig... On the General tab, click Normal Startup - load all device drivers and services, and then click OK. When you are prompted, click Restart. If you are back to Normal mode because Clean boot made no difference continue: download aswMBR from here: http://files.avast.com/files/rootkit-scanner/aswmbr.exe ( 4.5MB ) save to your desktop. Double click the aswMBR.exe icon, and click Run.There will be a short delay before the next dialog box comes up. Please just wait a minute or two.When asked if you'd like to “download the latest Avast! virus definitions", click Yes.Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.Click the Scan button to start the scan once the update has finished downloadingOn completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply. Note: There will also be a file on your desktop named MBR.dat zip up that file and attach to your reply... Next, Please download RogueKiller from here: http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe <- 32 bit versionhttp://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe <- 64 bit version Make sure to get the correct version for your system. Quit all running programs Please disconnect any USB or external drives from the computer before you run this scan! For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe Wait until Prescan has finished... The following EULA will appear, please select accept Ensure MBR scan, Check faked and AntiRootkit are checked Select Scan When the scan completes select Report, copy and paste that to your reply. The log should be found in RKreport[?].txt on your Desktop Exit/Close RogueKiller Kevin Link to post Share on other sites More sharing options...
morkie Posted November 17, 2013 Author ID:754525 Share Posted November 17, 2013 Kevin,I have good news and bad news.First the good news. I did not have to do the items in your last post because after the post before it I tried several re-boots and after 2 re-boots the machine loaded and ran normally,with no slow downs after startup.Now the bad news. Somehow during all this at one of the web sites where you had me download a program and run it, one of those sites (my fault) I clicked on the wrong download and it began to download a program called "Browser Safeguard", I tried to stop the download but obviously I didn't. When I saw the icon in my system tray I knew it had installed. I tried to find the program in windows add/remove program folder but it's not listed there. So I unchecked it in the startup folder of MSCONFIG. Problem is, by doing that it won't allow my browser to run on any web sites. Any ideas as to what I can do ? Thanks so much for your patience, it's greatly appreciated. richie Link to post Share on other sites More sharing options...
kevinf80 Posted November 17, 2013 ID:754559 Share Posted November 17, 2013 Did you set the system to run in a Clean boot state? Is that the reason there was an improvement? If the above is true return to a Normal boot mode, also re-enable browser safeguard.... To return your computer to a Normal startup mode when complete, follow these steps: Open msconfig... On the General tab, click Normal Startup - load all device drivers and services, and then click OK. When you are prompted, click Restart. Next, Run FRST one more time and post the produced log "FRST.txt", there will be no second log "addition.txt" Link to post Share on other sites More sharing options...
morkie Posted November 17, 2013 Author ID:754648 Share Posted November 17, 2013 The computer ran just fine in the clean boot state,except I couldn't use my web browser and I suspect that's because it didn't load "Browser Safeguard", I wish I had never accidently downloaded that pgm. yesterday. Anyhow, when I went back to normal startup mode I had the same problem as before, it was at least 45 mins. before I could use the computer. Since clean mode worked I did not do the Rogue Killer procedure or the aswMBR one because clean boot did make a difference. Here is the FRST text file attached. FRST.txt Link to post Share on other sites More sharing options...
kevinf80 Posted November 17, 2013 ID:754662 Share Posted November 17, 2013 Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply. Next, Run Malwarebytes, Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.Please Update and run a Quick Scan with Malwarebytes Anti-Malware,Make sure that everything is checked, and click Remove Selected on any found items.Post the produced log Let me see those logs, tell me if the former issue still remains.... If so we will need to go back into a "Clean Boot" state. If we see an improvement in that state we will need to look for the problem service that gives us the problem... Kevin fixlist.txt Link to post Share on other sites More sharing options...
morkie Posted November 17, 2013 Author ID:754688 Share Posted November 17, 2013 Fixlog.txt MBAM-log-2013-11-17 (14-36-09).txtmbam-log-2013-11-17 (14-24-51).txt Kevin,Here are the logs you requested. Booted the computer and same problem is there, had to wait only 20 mins. this time due to CPU usage at 100%. Oh, the "Browser Safeguard" didn't load this time and the browser is working. richie Link to post Share on other sites More sharing options...
Recommended Posts