lsa shell (export version)

Welcome to Major Geeks!

No!!! C:\Windows\system32\lsass.exe is a valid Windows system file and it is called LSA Shell (Export Version).

You need to run it! And attach all 4 requested logs. Quite frequently slow PCs are not due to malware but the only way to really know is via these logs.

 

While MBAM found and removed a few problems, that is the only malware found. Your logs are clean. You do need to uninstall the below as requested in step 1 of the READ & RUN ME:


Java(TM) 6 Update 3
Java(TM) 6 Update 5
Viewpoint Manager (Remove Only)


And you really need to stop using MSconfig as also requested in step 1 of the READ & RUN ME.


Now we need to cleanup some items from running ComboFix.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significan amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\combofix folder from combofix.
3. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Go to add/remove programs and uninstall HijackThis.
6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
7. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
8. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

It does not appear to be a malware issue, but before I send you off to the Software Forum, let's check for rootkits.

Run this Running GMER to detect rootkits and attach the log.

Once you get your email address on spam lists, you will continue to get more and more spam especially if you ever respond to any of them in any form. Even it is to try and unsubscribe. If you do this, you just confirm that your email address is valid and you will get more spam. Everyone gets spam. If it really bugs you, try out some spam blockers but you may find that they block things you do want.

 

What is the size of the file? If it is too large, you may need to ZIP it to attach it.

 

The GMER log is also clean. The only other suggestion I have for you to try is to uninstall McAfee, reboot, and then run the below

McAfee Consumer Product Removal Tool

Then see how things are working. If still having problems, uninstall ZoneAlarm, reboot and then see how things are working.

If uninstalling the above have no effect on your problem, then reinstall your protection. Then complete my instructions in message # 5. Then post the specific details of your problems in the Software Forum and tell them you already did the malware removal procedures.