TechSpot

[Closed] Web redirect any browser and weird viruses

By sabino
Nov 28, 2011
  1. Hi!

    I'm having some problem here.

    I tried running MS Security Essentials and found a lot of viruses, but it keeps finding it from time to time.

    Connected to this (I think) I'm getting some page redirect randomly, but goes always to this page (related to what you are trying to access)

    But when I click Refresh, the page opens normally.

    I've tried running Malwarebytes Anti-Malware but it is still running and I don't know if I am doing this right.

    Expecting help.
    Thanks!
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I am going to try to delete the large images.

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
    =====================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
     
  3. sabino

    sabino TS Rookie Topic Starter

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8256

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    28/11/2011 14:18:03
    mbam-log-2011-11-28 (14-18-02).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 235997
    Time elapsed: 1 hour(s), 6 minute(s), 41 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-11-28 14:19:36
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST340016A rev.3.19
    Running: 952gk6vn.exe; Driver: C:\Users\suporte\AppData\Local\Temp\kgddypog.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 PE file @ sector 78140199

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84A811F8
    Device \Driver\atapi \Device\Ide\IdePort0 84A811F8
    Device \Driver\atapi \Device\Ide\IdePort1 84A811F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 84A811F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-2 84A811F8
    Device \FileSystem\Ntfs \Ntfs 84A831F8
    Device \FileSystem\fastfat \Fat 86B431F8

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \Driver\tdx \Device\Ip [88F88FAA] \SystemRoot\system32\DRIVERS\tdx.sys[.data]
    Device \Driver\tdx \Device\Tcp [88F88FAA] \SystemRoot\system32\DRIVERS\tdx.sys[.data]
    Device \Driver\tdx \Device\Udp [88F88FAA] \SystemRoot\system32\DRIVERS\tdx.sys[.data]
    Device \Driver\tdx \Device\RawIp [88F88FAA] \SystemRoot\system32\DRIVERS\tdx.sys[.data]

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:276] 88FC63E0
    Thread System [4:280] 88FC63E0
    Thread System [4:284] 85A5A330
    Thread System [4:288] 85A5A330

    ---- EOF - GMER 1.0.15 ----



    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
    Run by suporte at 14:20:58 on 2011-11-28
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2037.377 [GMT -2:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Cobian Backup 10\cbService.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\Explorer.EXE
    C:\Program Files\S.O.S. Backup\SOSService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Spiceworks\bin\spicetray.exe
    C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Cobian Backup 10\cbInterface.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
    C:\Program Files\Spiceworks\bin\spiceworks.exe
    C:\Windows\system32\conhost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
    C:\Users\suporte\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wuauclt.exe
    C:\TOTVS\smartclient_Prd\TotvsSmartClient.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\suporte\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\suporte\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\suporte\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\suporte\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\suporte\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\suporte\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\suporte\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\suporte\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\suporte\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\suporte\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\suporte\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\suporte\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Windows\system32\notepad.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\SmartCode Solutions\VNC Manager (Enterprise Edition)\VNCManager.exe
    C:\Program Files\TeamViewer\Version6\TeamViewer.exe
    C:\Users\suporte\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Users\suporte\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\suporte\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Notepad++\notepad++.exe
    C:\Users\suporte\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com.br/
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [com.apple.dav.bookmarks.daemon] c:\program files\common files\apple\internet services\BookmarkDAV_client.exe
    uRun: [RockMelt Update] "c:\users\suporte\appdata\local\rockmelt\update\RockMeltUpdate.exe" /c
    uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [<NO NAME>]
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [Spiceworks] "c:\program files\spiceworks\bin\spicetray_silent.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
    mRun: [Cobian Backup 10 Interface] "c:\program files\cobian backup 10\cbInterface.exe" -service
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\users\suporte\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\suporte\appdata\roaming\dropbox\bin\Dropbox.exe
    uPolicies-explorer: NoResolveTrack = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: &Enviar para o OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
    IE: Anexar a PDF existente - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Anexar destino do link a PDF existente - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Converter destino do link em Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Converter em Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: Interfaces\{C178BC8A-A2DA-4A7F-8498-BA7607971E7E} : NameServer = 192.168.2.250
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\suporte\appdata\roaming\mozilla\firefox\profiles\4q1iyeb3.default\
    FF - prefs.js: network.proxy.ftp - 192.168.2.240
    FF - prefs.js: network.proxy.ftp_port - 3128
    FF - prefs.js: network.proxy.http - 192.168.2.240
    FF - prefs.js: network.proxy.http_port - 3128
    FF - prefs.js: network.proxy.socks - 192.168.2.240
    FF - prefs.js: network.proxy.socks_port - 3128
    FF - prefs.js: network.proxy.ssl - 192.168.2.240
    FF - prefs.js: network.proxy.ssl_port - 3128
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\suporte\appdata\local\rockmelt\update\1.2.189.1\npRockMeltOneClick8.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
    R1 MpKsl078a74c1;MpKsl078a74c1;c:\programdata\microsoft\microsoft antimalware\definition updates\{7f026084-5733-484e-86b7-709e9973b10f}\MpKsl078a74c1.sys [2011-11-28 28752]
    R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C60x86.sys [2011-11-11 49152]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-28 22216]
    R3 MonitorFunction;Driver for Monitor;c:\windows\system32\drivers\TVMonitor.sys [2011-1-12 13304]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
    R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2011-11-21 25088]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2012\TuneUpUtilitiesDriver32.sys [2011-10-20 10064]
    S1 ryiyklku;ryiyklku;c:\windows\system32\drivers\ryiyklku.sys [2011-11-28 41680]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-12 62464]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
    .
    =============== Created Last 30 ================
    .
    2011-11-28 13:17:27 54016 ----a-w- c:\windows\system32\drivers\wvytr.sys
    2011-11-28 10:46:22 41680 ----a-w- c:\windows\system32\drivers\ryiyklku.sys
    2011-11-28 10:42:33 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-11-28 10:42:17 -------- d-----w- c:\users\suporte\appdata\roaming\Malwarebytes
    2011-11-28 10:41:54 -------- d-----w- c:\programdata\Malwarebytes
    2011-11-28 10:41:49 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-28 10:41:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-28 10:17:09 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7f026084-5733-484e-86b7-709e9973b10f}\MpKsl078a74c1.sys
    2011-11-28 10:16:54 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7f026084-5733-484e-86b7-709e9973b10f}\offreg.dll
    2011-11-28 10:16:46 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7f026084-5733-484e-86b7-709e9973b10f}\mpengine.dll
    2011-11-25 16:31:54 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2011-11-25 16:27:44 -------- d-sh--w- c:\users\suporte\appdata\local\f01fa9c0
    2011-11-25 12:44:49 -------- d-----w- c:\users\suporte\appdata\local\LogMeIn Rescue Applet
    2011-11-22 15:33:38 -------- d-----w- c:\users\suporte\appdata\local\{F3F347EF-DC8B-47DE-9725-6D9D2E5D824C}
    2011-11-22 15:32:53 -------- d-----w- c:\users\suporte\appdata\local\{3F0A4A21-9B4D-42A5-BC88-AD4FA1476565}
    2011-11-21 17:35:43 25088 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
    2011-11-21 17:35:40 -------- d-----w- c:\program files\TeamViewer
    2011-11-21 16:48:10 -------- d-----w- c:\users\suporte\appdata\local\{52914921-AB13-4718-B8AC-61CF7B631A90}
    2011-11-21 16:47:56 -------- d-----w- c:\users\suporte\appdata\local\{8B379123-56F9-44F1-923B-6748D30B34D2}
    2011-11-21 16:47:56 -------- d-----w- c:\users\suporte\appdata\local\{5628937E-81A2-4A39-BAC9-C47EC9D43E71}
    2011-11-21 10:56:00 -------- d-----w- c:\users\suporte\appdata\local\Safe mirror
    2011-11-21 10:52:00 -------- d-----w- c:\program files\Cobian Backup 10
    2011-11-21 10:12:02 -------- d-----w- c:\users\suporte\appdata\roaming\UltraVNC
    2011-11-17 12:39:49 19456 ----a-w- c:\windows\system32\ping.exe
    2011-11-17 12:07:06 19968 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\spd__pc.dll
    2011-11-17 12:06:50 -------- d-----w- c:\program files\Samsung Printers
    2011-11-17 12:06:16 218112 ----a-w- c:\windows\system32\SIPDUtil.dll
    2011-11-17 12:06:16 141104 ----a-w- c:\windows\system32\SUPDSvcA.dll
    2011-11-17 12:06:14 26624 ----a-w- c:\windows\system32\spd__l.dll
    2011-11-17 12:06:13 65536 ----a-w- c:\windows\system32\spd__ci.dll
    2011-11-17 12:06:13 283136 ----a-w- c:\windows\system32\DscPnt.dll
    2011-11-17 12:06:13 259888 ----a-w- c:\windows\SUPDRun.exe
    2011-11-17 12:06:13 131888 ----a-w- c:\windows\system32\SUPDSvc.exe
    2011-11-17 12:06:12 151552 ----a-w- c:\windows\system32\spd__ci.exe
    2011-11-17 11:29:52 -------- d-----w- c:\users\suporte\appdata\roaming\TeamViewer
    2011-11-16 12:43:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-16 11:04:39 -------- d-----w- c:\users\suporte\appdata\local\RockMelt
    2011-11-14 11:05:33 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    2011-11-14 11:05:04 -------- d-----w- c:\program files\LSoft Technologies
    2011-11-11 19:33:24 -------- d-----w- c:\program files\VMware
    2011-11-11 19:26:53 -------- d-----w- c:\users\suporte\Tracing
    2011-11-11 19:17:18 -------- d-----w- c:\users\suporte\appdata\roaming\Thinstall
    2011-11-11 19:17:18 -------- d-----w- c:\users\suporte\appdata\local\Thinstall
    2011-11-11 19:12:38 -------- d-----w- c:\program files\common files\Wise Installation Wizard
    2011-11-11 18:57:54 -------- d-----w- c:\windows\pt-br
    2011-11-11 18:50:26 -------- d-----w- c:\windows\en
    2011-11-11 18:29:13 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2011-11-11 18:29:13 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
    2011-11-11 18:29:13 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2011-11-11 18:28:54 15712 ----a-w- c:\program files\common files\windows live\.cache\c42d34081cca09f07\MeshBetaRemover.exe
    2011-11-11 18:28:50 94040 ----a-w- c:\program files\common files\windows live\.cache\c1383e711cca09f06\DSETUP.dll
    2011-11-11 18:28:50 525656 ----a-w- c:\program files\common files\windows live\.cache\c1383e711cca09f06\DXSETUP.exe
    2011-11-11 18:28:50 1691480 ----a-w- c:\program files\common files\windows live\.cache\c1383e711cca09f06\dsetup32.dll
    2011-11-11 18:28:43 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
    2011-11-11 18:28:30 94040 ----a-w- c:\program files\common files\windows live\.cache\b5692ad51cca09f05\DSETUP.dll
    2011-11-11 18:28:30 525656 ----a-w- c:\program files\common files\windows live\.cache\b5692ad51cca09f05\DXSETUP.exe
    2011-11-11 18:28:30 1691480 ----a-w- c:\program files\common files\windows live\.cache\b5692ad51cca09f05\dsetup32.dll
    2011-11-11 18:26:33 -------- d-----w- c:\users\suporte\appdata\local\Windows Live
    2011-11-11 18:26:31 -------- d-----w- c:\program files\common files\Windows Live
    2011-11-11 17:59:53 -------- d-----w- c:\program files\S.O.S. Backup
    2011-11-11 17:00:08 31552 ----a-w- c:\windows\system32\TURegOpt.exe
    2011-11-11 17:00:07 21312 ----a-w- c:\windows\system32\authuitu.dll
    2011-11-11 16:59:50 -------- d-----w- c:\users\suporte\appdata\roaming\TuneUp Software
    2011-11-11 16:59:31 -------- d-----w- c:\program files\TuneUp Utilities 2012
    2011-11-11 16:59:03 -------- d-----w- c:\programdata\TuneUp Software
    2011-11-11 16:58:36 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
    2011-11-11 16:35:53 6668624 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2011-11-11 16:29:03 2616320 ----a-w- c:\windows\explorer.exe
    2011-11-11 16:28:43 161792 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-11-11 16:21:03 -------- d-----w- c:\windows\system32\migration
    2011-11-11 16:13:02 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
    2011-11-11 16:10:16 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-11-11 16:10:16 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-11-11 16:10:16 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-11-11 16:10:15 70656 ----a-w- c:\windows\system32\fontsub.dll
    2011-11-11 16:10:15 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-11-11 16:10:15 294912 ----a-w- c:\windows\system32\atmfd.dll
    2011-11-11 16:10:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-11-11 16:10:01 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-11-11 16:10:00 311808 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-11-11 16:10:00 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-11-11 16:10:00 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-11-11 16:08:24 123904 ----a-w- c:\windows\system32\poqexec.exe
    2011-11-11 16:08:16 94208 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll
    2011-11-11 16:08:16 86016 ----a-w- c:\windows\system32\odbccu32.dll
    2011-11-11 16:08:16 81920 ----a-w- c:\windows\system32\odbccr32.dll
    2011-11-11 16:08:16 319488 ----a-w- c:\windows\system32\odbcjt32.dll
    2011-11-11 16:08:16 163840 ----a-w- c:\windows\system32\odbctrac.dll
    2011-11-11 16:08:16 122880 ----a-w- c:\windows\system32\odbccp32.dll
    2011-11-11 16:08:14 850944 ----a-w- c:\windows\system32\sbe.dll
    2011-11-11 16:08:14 642048 ----a-w- c:\windows\system32\CPFilters.dll
    2011-11-11 16:08:14 534528 ----a-w- c:\windows\system32\EncDec.dll
    2011-11-11 16:08:14 199680 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-11-11 16:08:04 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
    2011-11-11 16:08:02 741376 ----a-w- c:\windows\system32\inetcomm.dll
    2011-11-11 16:04:58 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
    2011-11-11 15:52:48 -------- d-----w- c:\users\suporte\appdata\local\Apple
    2011-11-11 15:52:37 -------- d-----w- c:\program files\Bonjour
    2011-11-11 15:42:12 -------- d-----w- c:\program files\Spiceworks
    2011-11-11 15:38:05 -------- d-----w- c:\users\suporte\appdata\roaming\Dropbox
    2011-11-11 15:33:42 -------- d-----w- c:\users\suporte\appdata\local\Adobe
    2011-11-11 15:19:38 -------- d-----w- c:\users\suporte\appdata\roaming\SmartCode Solutions
    2011-11-11 15:18:48 -------- d-----w- c:\program files\SmartCode Solutions
    2011-11-11 13:59:56 -------- d-----w- c:\users\suporte\appdata\roaming\Thunderbirdtreste
    2011-11-11 13:57:58 -------- d-----w- c:\program files\MozBackup
    2011-11-11 13:53:04 -------- d-----w- c:\users\suporte\appdata\local\Thunderbird
    2011-11-11 13:52:27 -------- d-----w- C:\Thunderbird
    2011-11-11 13:48:15 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{da9d58aa-e866-473c-a0ec-21d5076a3e8f}\gapaengine.dll
    2011-11-11 13:42:04 -------- d-----w- c:\program files\Microsoft Synchronization Services
    2011-11-11 13:41:50 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1b9716aa-3678-4e19-866d-5a5fc6f6e026}\mpengine.dll
    2011-11-11 13:41:49 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-11-11 13:40:56 -------- d-----w- c:\windows\PCHEALTH
    2011-11-11 13:40:55 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2011-11-11 13:39:13 -------- d-----w- c:\program files\Microsoft Visual Studio 8
    2011-11-11 13:37:28 -------- d-----w- c:\windows\SHELLNEW
    2011-11-11 13:37:28 -------- d-----w- c:\program files\Microsoft Analysis Services
    2011-11-11 13:37:14 -------- d-----w- c:\users\suporte\appdata\local\Microsoft Help
    2011-11-11 13:31:32 -------- d-----w- c:\program files\Microsoft Security Client
    2011-11-11 13:10:49 49152 ----a-w- c:\windows\system32\drivers\L1C60x86.sys
    2011-11-11 09:28:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-11 09:28:04 -------- d-----w- C:\TOTVS
    2011-11-11 09:19:15 -------- d-----r- c:\program files\Skype
    2011-11-11 09:16:21 -------- d-----w- c:\windows\system32\Atheros_L1e
    2011-11-11 09:15:39 -------- d-----w- c:\windows\system32\Lang
    2011-11-11 09:15:38 1002008 ----a-w- c:\windows\system32\igxpun.exe
    2011-11-11 09:15:34 -------- d-----w- C:\Intel
    2011-11-11 08:59:35 -------- d-sh--w- c:\windows\Installer
    2011-11-11 08:58:05 494080 ----a-w- c:\windows\system32\ar5211.sys
    2011-11-11 08:58:05 -------- d-----w- c:\windows\Options
    2011-11-11 08:58:05 -------- d-----w- c:\program files\Atheros
    2011-11-11 08:57:47 -------- d-----w- C:\temp
    2011-11-11 08:57:46 749568 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iKernel.dll
    2011-11-11 08:57:46 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\ctor.dll
    2011-11-11 08:57:46 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe
    2011-11-11 08:57:46 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
    2011-11-11 08:57:46 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iscript.dll
    2011-11-11 08:57:46 180224 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iuser.dll
    2011-11-11 08:57:43 323716 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\setup.dll
    2011-11-11 08:57:43 192644 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iGdi.dll
    2011-11-11 08:51:47 37376 ----a-w- c:\windows\system32\themeservice.dll.backup
    2011-11-11 08:51:47 2755072 ----a-w- c:\windows\system32\themeui.dll.backup
    2011-11-11 08:51:47 249856 ----a-w- c:\windows\system32\uxtheme.dll.backup
    .
    ==================== Find3M ====================
    .
    2011-11-11 08:51:47 37376 ----a-w- c:\windows\system32\themeservice.dll
    2011-11-11 08:51:47 2755072 ----a-w- c:\windows\system32\themeui.dll
    2011-11-11 08:51:47 249856 ----a-w- c:\windows\system32\uxtheme.dll
    2011-09-29 16:03:04 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-09-29 03:37:56 2341888 ----a-w- c:\windows\system32\win32k.sys
    2011-09-05 17:05:00 47512 ----a-w- c:\windows\system32\AdobePDF.dll
    2011-09-05 17:04:58 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
    2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
    2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-08-31 01:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-08-31 01:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
    2011-08-31 01:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-08-31 01:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll
    .
    ============= FINISH: 14:21:35,31 ===============



    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/11/2011 06:51:23
    System Uptime: 28/11/2011 08:07:45 (6 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | G31M-ES2L
    Processor: Pentium(R) Dual-Core CPU E5500 @ 2.80GHz | Socket 775 | 2800/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 37 GiB total, 15,932 GiB free.
    D: is FIXED (NTFS) - 146 GiB total, 4,48 GiB free.
    E: is FIXED (NTFS) - 152 GiB total, 25,316 GiB free.
    F: is CDROM (CDFS)
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl0df609fc
    Device ID: ROOT\LEGACY_MPKSL0DF609FC\0000
    Manufacturer:
    Name: MpKsl0df609fc
    PNP Device ID: ROOT\LEGACY_MPKSL0DF609FC\0000
    Service: MpKsl0df609fc
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl806e86eb
    Device ID: ROOT\LEGACY_MPKSL806E86EB\0000
    Manufacturer:
    Name: MpKsl806e86eb
    PNP Device ID: ROOT\LEGACY_MPKSL806E86EB\0000
    Service: MpKsl806e86eb
    .
    ==== System Restore Points ===================
    .
    RP41: 25/11/2011 12:35:40 - Scheduled Checkpoint
    RP42: 28/11/2011 08:16:29 - Windows Update
    .
    ==== Installed Programs ======================
    .
    Active@ ISO Burner
    Adobe Acrobat X Pro - Italiano, Español, Nederlands, Português
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Apple Application Support
    Apple Software Update
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Bonjour
    Cobian Backup 10
    Controle ActiveX do Windows Live Mesh para Conexões Remotas
    D3DX10
    Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dropbox
    FileZilla Client 3.5.2
    iCloud
    Intel(R) Graphics Media Accelerator Driver
    Java Auto Updater
    Java(TM) 6 Update 29
    Malwarebytes' Anti-Malware versão 1.51.2.1300
    Mesh Runtime
    Microsoft Antimalware
    Microsoft Antimalware Service PT-BR Language Pack
    Microsoft Application Error Reporting
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (Portuguese (Brazil)) 2010
    Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
    Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
    Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
    Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
    Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
    Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (Portuguese (Brazil)) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (Portuguese (Brazil)) 2010
    Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
    Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
    Microsoft Office Word MUI (Portuguese (Brazil)) 2010
    Microsoft Security Client
    Microsoft Security Client PT-BR Language Pack
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MozBackup 1.5.1
    Mozilla Firefox 9.0 (x86 pt-BR)
    Mozilla Thunderbird (8.0)
    MSVCRT
    Notepad++
    RockMelt
    S.O.S Backup StandardNet 6.0
    Samsung Universal Print Driver
    Security Update for Microsoft Excel 2010 (KB2553070)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Skype™ 5.5
    SmartCode VNC Manager (Enterprise Edition) 3.6
    Spiceworks
    TeamViewer 6
    TuneUp Utilities 2012
    TuneUp Utilities Language Pack (en-US)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
    Update for Microsoft Outlook Social Connector (KB2583935)
    VMware ThinApp
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Galeria de Fotos
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    WinRAR 4.01 (32-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    28/11/2011 14:13:57, Error: Microsoft-Windows-DistributedCOM [10009] - DCOM was unable to communicate with the computer 192.168.2.115 using any of the configured protocols.
    28/11/2011 11:59:53, Error: Microsoft-Windows-DistributedCOM [10009] - DCOM was unable to communicate with the computer 192.168.2.109 using any of the configured protocols.
    28/11/2011 10:16:06, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
    28/11/2011 10:08:38, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    28/11/2011 10:08:09, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Cobian Backup 10 Volume Shadow Copy service service to connect.
    28/11/2011 10:08:09, Error: Service Control Manager [7000] - The Cobian Backup 10 Volume Shadow Copy service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    28/11/2011 10:08:09, Error: Microsoft-Windows-TaskScheduler [413] - Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.
    28/11/2011 10:06:00, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    28/11/2011 10:05:58, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    28/11/2011 10:05:58, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    28/11/2011 10:05:58, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    28/11/2011 10:05:58, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    28/11/2011 10:05:54, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    28/11/2011 10:05:45, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    28/11/2011 10:05:39, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf
    28/11/2011 10:05:37, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    28/11/2011 10:05:37, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    28/11/2011 10:05:37, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    28/11/2011 10:05:37, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    28/11/2011 10:05:37, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    28/11/2011 10:05:37, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    28/11/2011 10:05:37, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    28/11/2011 10:05:37, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    28/11/2011 10:05:37, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    28/11/2011 10:05:13, Error: sptd [4] - Driver detected an internal error in its data structures for .
    28/11/2011 09:11:21, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
    28/11/2011 08:17:15, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    25/11/2011 14:37:58, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    25/11/2011 14:35:28, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/11/2011 14:32:43, Error: Service Control Manager [7034] - The S.O.S Backup service terminated unexpectedly. It has done this 1 time(s).
    25/11/2011 14:32:41, Error: Service Control Manager [7034] - The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s).
    25/11/2011 14:32:40, Error: Service Control Manager [7034] - The TeamViewer 6 service terminated unexpectedly. It has done this 1 time(s).
    25/11/2011 14:32:39, Error: Service Control Manager [7034] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s).
    25/11/2011 14:32:39, Error: Service Control Manager [7034] - The Serviço do Bonjour service terminated unexpectedly. It has done this 1 time(s).
    25/11/2011 14:31:48, Error: Service Control Manager [7034] - The Cobian Backup 10 Volume Shadow Copy service service terminated unexpectedly. It has done this 1 time(s).
    25/11/2011 12:34:44, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    25/11/2011 08:28:31, Error: Microsoft-Windows-DistributedCOM [10009] - DCOM was unable to communicate with the computer 192.168.2.107 using any of the configured protocols.
    25/11/2011 08:07:47, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    24/11/2011 08:08:03, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    23/11/2011 16:00:46, Error: Microsoft-Windows-DistributedCOM [10006] - DCOM got error "2147944122" from the computer 192.168.2.112 when attempting to activate the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    22/11/2011 14:58:53, Error: Microsoft-Windows-DistributedCOM [10009] - DCOM was unable to communicate with the computer 192.168.2.105 using any of the configured protocols.
    21/11/2011 09:43:25, Error: Microsoft-Windows-DistributedCOM [10006] - DCOM got error "2147944122" from the computer 192.168.2.114 when attempting to activate the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    21/11/2011 08:52:32, Error: Service Control Manager [7041] - The CobianBackup10 service was unable to log on as .\suporte with the currently configured password due to the following error: Logon failure: the user has not been granted the requested logon type at this computer. Service: CobianBackup10 Domain and account: .\suporte This service account does not have the required user right "Log on as a service." User Action Assign "Log on as a service" to the service account on this computer. You can use Local Security Settings (Secpol.msc) to do this. If this computer is a node in a cluster, check that this user right is assigned to the Cluster service account on all nodes in the cluster. If you have already assigned this user right to the service account, and the user right appears to be removed, check with your domain administrator to find out if a Group Policy object associated with this node might be removing the right.
    21/11/2011 08:52:32, Error: Service Control Manager [7000] - The Cobian Backup 10 service failed to start due to the following error: The service did not start due to a logon failure.
    .
    ==== End Of File ===========================
     
  4. sabino

    sabino TS Rookie Topic Starter

    What's next?

    Hi!

    The computer had a BSOD and restarted. I tried turning on and was hoping it was starting correctly but unlucky it didn't. So I turned off the pc. Today I've tried turning on again and it is surprisely working but still with the virus problem.

    What's next?
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Some of the software I see leads me to believe this is a work computer.
    1. Spiceworks: network inventory and help desk software application and online community to better assist IT managers with performing their daily tasks.
    2. TOTVS provides administration, system, procedure, performance, and infrastructure solutions. To provide services that efficiently contribute to the operations of each customer, without disturbing the execution of the core activity.

    It also indicates that remote assistance is being given.
    1. "The SmartClient platform makes it simple to build powerful, high-productivity web applications on pure web standards."
    2. SmartCode Solutions: remote desktop management and monitoring

    You are also using Foxy Proxy. This is a problem because some malware will use a proxy so one of the first things we do is disable the proxy.

    You have three backups running:
    1. SOS Online Backup: remote data backup for Home & Business users worldwide.
    2. Cobian Backup 10 - a multi-threaded backup program which makes backup copies of your file and folders (in compressed or uncompressed form) to another location.
    3. MozBackup - Backup tool for Firefox and Thunderbird

    You are running a Registry Optomizer in Tuneup Utilities..

    I have not worked with this browser: RockMelt: free social media web browser.

    Question: Do you intentionally have the Ping command set to run?
    ======================================
    I will have you run the following 2 scans, but I do not take any responsibility for work-related software.
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ===========================================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    =====================================
    Important: Please do not install any new programs or run any other cleaning

    Please leave the logs in your next reply.scans.
     
  6. sabino

    sabino TS Rookie Topic Starter

    Don't close the thread.

    I'm still trying to run the scan, but takes time and I can't let the computer on.
     
  7. sabino

    sabino TS Rookie Topic Starter

    ESETScan.txt

    D:\Documents and Settings\suporte\Meus documentos\Downloads\cr-pd811.zip probably a variant of Win32/Agent.LUOIRVW trojan
    D:\Documents and Settings\suporte\Meus documentos\Downloads\killcmos.zip KillCMOS.A trojan
    D:\TECNOCELL\Felipe\Dropbox\Dropbox\Tecnocell\06 ZIP\nirsoft_package_1.11.08.zip a variant of Win32/NirSoft.AdapterWatch.A application
    E:\CobianBackups\Adrian\Backup - Adrian 2011-05-02 15;33;09.7z a variant of Win32/TrojanDownloader.Delf.QLQ trojan
    E:\CobianBackups\Bruna\Backup - Bruna - Local 2011-08-18 17;46;44.7z a variant of Win32/Kryptik.RTN trojan
    E:\CobianBackups\Helena\Backup - Helena - Local 2011-06-07 12;02;38.7z Win32/TrojanDownloader.Chepvil.A trojan
    E:\CobianBackups\Helena\Backup - Helena - Local 2011-08-12 09;49;36.7z Win32/TrojanDownloader.Chepvil.A trojan
    E:\CobianBackups\Helena\Backup - Helena - Local 2011-08-16 17;22;55.7z Win32/TrojanDownloader.Chepvil.A trojan
    E:\CobianBackups\Miriam\Backup - Miriam - Local 2011-05-19 12;12;10.7z a variant of Win32/Keygen.AW application
    E:\CobianBackups\Ricardo\Backup - Ricardo - Local 2011-05-17 12;13;17.7z multiple threats
    E:\CobianBackups\Suevilin\Backup - Suevilin - Local 2011-06-02 16;50;25.7z probably a variant of Win32/Agent.LUOIRVW trojan
    E:\Eudora\attach\Foto.jpg.zip a variant of Win32/Packed.Enigma.AAB trojan
    Operating memory a variant of Win32/Sirefef.CH trojan


    Combofix Log.txt

    ComboFix 11-12-06.01 - suporte 06/12/2011 17:14:11.1.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2037.1328 [GMT -2:00]
    Running from: c:\users\suporte\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\$NtUninstallKB42528$\1125133328
    c:\windows\$NtUninstallKB42528$\4028606912\@
    c:\windows\$NtUninstallKB42528$\4028606912\L\xadqgnnk
    c:\windows\$NtUninstallKB42528$\4028606912\loader.tlb
    c:\windows\$NtUninstallKB42528$\4028606912\U\@00000001
    c:\windows\$NtUninstallKB42528$\4028606912\U\@000000c0
    c:\windows\$NtUninstallKB42528$\4028606912\U\@000000cb
    c:\windows\$NtUninstallKB42528$\4028606912\U\@000000cf
    c:\windows\$NtUninstallKB42528$\4028606912\U\@80000000
    c:\windows\$NtUninstallKB42528$\4028606912\U\@800000c0
    c:\windows\$NtUninstallKB42528$\4028606912\U\@800000cb
    c:\windows\$NtUninstallKB42528$\4028606912\U\@800000cf
    c:\windows\system32\c_16994.nls
    .
    c:\windows\system32\DRIVERS\tdx.sys . . . is infected!!
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-06 to 2011-12-06 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-06 19:20 . 2011-12-06 19:20 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-12-06 19:13 . 2011-12-06 19:13 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1B16307C-01E2-4872-A76F-DE7F87257448}\offreg.dll
    2011-12-05 12:52 . 2011-12-05 12:53 -------- d-----w- c:\program files\Synergy
    2011-12-05 10:31 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1B16307C-01E2-4872-A76F-DE7F87257448}\mpengine.dll
    2011-12-02 12:18 . 2011-12-02 12:23 -------- d-----w- C:\Template
    2011-12-02 12:18 . 2011-12-02 12:23 -------- d-----w- C:\CDpply
    2011-12-02 12:18 . 2011-12-02 12:23 -------- d-----w- C:\CadEtiq
    2011-12-02 12:18 . 2011-12-02 12:23 -------- d-----w- C:\Pimaco
    2011-12-02 10:22 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-12-02 10:13 . 2011-12-02 10:13 -------- d-----w- c:\program files\ESET
    2011-12-01 12:40 . 2011-12-01 12:40 103424 ----a-w- c:\windows\system32\NFe_Util_nat.dll
    2011-11-28 18:08 . 2011-11-28 18:08 11936 ----a-w- c:\windows\system32\drivers\inpout32.sys
    2011-11-28 18:08 . 2008-04-23 10:45 393216 ----a-w- c:\windows\system32\GDS32.DLL
    2011-11-28 18:08 . 2011-11-28 18:08 -------- d-----w- c:\program files\Firebird
    2011-11-28 18:08 . 2011-11-28 18:10 -------- d-----w- C:\RegraEmpresarial
    2011-11-28 17:52 . 2011-11-28 17:52 -------- d-----w- c:\programdata\Unimake
    2011-11-28 17:36 . 2011-11-28 17:56 -------- d-----w- c:\program files\danfeview
    2011-11-28 10:41 . 2011-11-28 10:41 -------- d-----w- c:\programdata\Malwarebytes
    2011-11-28 10:41 . 2011-11-28 11:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-28 10:41 . 2011-08-31 19:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-25 16:31 . 2011-11-25 16:31 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2011-11-21 17:35 . 2011-03-30 11:05 25088 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
    2011-11-21 17:35 . 2011-11-21 17:35 -------- d-----w- c:\program files\TeamViewer
    2011-11-21 10:52 . 2011-11-25 16:31 -------- d-----w- c:\program files\Cobian Backup 10
    2011-11-17 15:58 . 2011-11-17 15:58 -------- d--h--r- c:\users\Public\Libraries
    2011-11-17 12:39 . 2008-04-14 12:00 19456 ----a-w- c:\windows\system32\ping.exe
    2011-11-17 12:07 . 2007-06-27 00:56 19968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\spd__pc.dll
    2011-11-17 12:06 . 2011-11-17 12:06 -------- d-----w- c:\program files\Samsung Printers
    2011-11-17 12:06 . 2010-08-09 02:04 141104 ----a-w- c:\windows\system32\SUPDSvcA.dll
    2011-11-17 12:06 . 2009-10-07 02:29 218112 ----a-w- c:\windows\system32\SIPDUtil.dll
    2011-11-17 12:06 . 2008-06-04 06:53 26624 ----a-w- c:\windows\system32\spd__l.dll
    2011-11-17 12:06 . 2010-08-09 02:04 131888 ----a-w- c:\windows\system32\SUPDSvc.exe
    2011-11-17 12:06 . 2010-08-09 02:03 259888 ----a-w- c:\windows\SUPDRun.exe
    2011-11-17 12:06 . 2010-08-09 00:14 283136 ----a-w- c:\windows\system32\DscPnt.dll
    2011-11-17 12:06 . 2009-03-02 23:42 65536 ----a-w- c:\windows\system32\spd__ci.dll
    2011-11-17 12:06 . 2010-05-11 05:28 151552 ----a-w- c:\windows\system32\spd__ci.exe
    2011-11-16 19:21 . 2011-11-16 19:21 -------- d-----w- c:\program files\Notepad++
    2011-11-16 12:43 . 2011-11-16 12:43 -------- d-----w- c:\windows\Sun
    2011-11-16 12:43 . 2011-11-16 12:43 -------- d-----w- c:\program files\Common Files\Java
    2011-11-16 12:43 . 2011-11-16 12:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-16 12:42 . 2011-11-16 12:42 -------- d-----w- c:\program files\Java
    2011-11-14 11:05 . 2011-11-14 11:05 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    2011-11-14 11:05 . 2011-11-14 11:05 -------- d-----w- c:\program files\LSoft Technologies
    2011-11-11 19:33 . 2011-11-11 19:33 -------- d-----w- c:\program files\VMware
    2011-11-11 19:12 . 2011-11-11 19:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2011-11-11 18:57 . 2011-11-11 18:57 -------- d-----w- c:\windows\pt-br
    2011-11-11 18:50 . 2011-11-11 18:50 -------- d-----w- c:\windows\en
    2011-11-11 18:30 . 2011-11-11 18:54 -------- d-----w- c:\program files\Windows Live
    2011-11-11 18:29 . 2009-09-04 19:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2011-11-11 18:29 . 2009-09-04 19:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
    2011-11-11 18:29 . 2009-09-04 19:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2011-11-11 18:28 . 2006-11-29 15:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
    2011-11-11 18:26 . 2011-11-11 18:26 -------- d-----w- c:\program files\Common Files\Windows Live
    2011-11-11 17:59 . 2011-12-06 19:20 -------- d-----w- c:\program files\S.O.S. Backup
    2011-11-11 17:00 . 2011-10-20 17:05 31552 ----a-w- c:\windows\system32\TURegOpt.exe
    2011-11-11 17:00 . 2011-10-20 17:04 21312 ----a-w- c:\windows\system32\authuitu.dll
    2011-11-11 16:59 . 2011-11-25 16:32 -------- d-----w- c:\program files\TuneUp Utilities 2012
    2011-11-11 16:59 . 2011-11-11 17:00 -------- d-----w- c:\programdata\TuneUp Software
    2011-11-11 16:58 . 2011-11-11 16:58 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
    2011-11-11 16:37 . 2011-11-11 16:37 -------- d-----w- c:\program files\Microsoft Silverlight
    2011-11-11 16:29 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe
    2011-11-11 16:28 . 2011-01-17 05:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-11-11 16:21 . 2011-11-11 16:21 -------- d-----w- c:\windows\system32\migration
    2011-11-11 16:13 . 2011-11-11 16:13 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
    2011-11-11 16:11 . 2011-11-11 16:12 -------- d-----w- c:\program files\FileZilla FTP Client
    2011-11-11 16:10 . 2011-07-09 02:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-11-11 16:10 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-11-11 16:10 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-11-11 16:10 . 2011-02-19 06:30 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-11-11 16:10 . 2011-02-19 04:34 294912 ----a-w- c:\windows\system32\atmfd.dll
    2011-11-11 16:10 . 2010-09-30 06:47 70656 ----a-w- c:\windows\system32\fontsub.dll
    2011-11-11 16:10 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-11-11 16:10 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-11-11 16:10 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-11-11 16:10 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-11-11 16:10 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-11-11 16:08 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
    2011-11-11 16:08 . 2011-06-15 08:55 86016 ----a-w- c:\windows\system32\odbccu32.dll
    2011-11-11 16:08 . 2011-06-15 08:55 81920 ----a-w- c:\windows\system32\odbccr32.dll
    2011-11-11 16:08 . 2011-06-15 08:55 319488 ----a-w- c:\windows\system32\odbcjt32.dll
    2011-11-11 16:08 . 2011-06-15 08:55 163840 ----a-w- c:\windows\system32\odbctrac.dll
    2011-11-11 16:08 . 2011-06-15 08:55 122880 ----a-w- c:\windows\system32\odbccp32.dll
    2011-11-11 16:08 . 2011-06-15 08:54 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
    2011-11-11 16:08 . 2010-12-23 05:54 850944 ----a-w- c:\windows\system32\sbe.dll
    2011-11-11 16:08 . 2010-12-23 05:54 642048 ----a-w- c:\windows\system32\CPFilters.dll
    2011-11-11 16:08 . 2010-12-23 05:54 534528 ----a-w- c:\windows\system32\EncDec.dll
    2011-11-11 16:08 . 2010-12-23 05:50 199680 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-11-11 16:08 . 2011-02-12 05:35 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
    2011-11-11 16:08 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll
    2011-11-11 16:04 . 2011-11-11 17:35 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
    2011-11-11 15:52 . 2011-11-11 15:52 -------- d-----w- c:\program files\Apple Software Update
    2011-11-11 15:52 . 2011-11-25 16:32 -------- d-----w- c:\program files\Bonjour
    2011-11-11 15:52 . 2011-11-11 15:53 -------- d-----w- c:\program files\Common Files\Apple
    2011-11-11 15:52 . 2011-11-11 15:52 -------- d-----w- c:\programdata\Apple
    2011-11-11 15:42 . 2011-11-11 15:43 -------- d-----w- c:\program files\Spiceworks
    2011-11-11 15:30 . 2011-11-16 16:16 -------- d-----w- c:\program files\Common Files\Adobe
    2011-11-11 15:18 . 2011-11-11 15:18 -------- d-----w- c:\program files\SmartCode Solutions
    2011-11-11 13:57 . 2011-11-11 13:57 -------- d-----w- c:\program files\MozBackup
    2011-11-11 13:52 . 2011-11-11 13:52 -------- d-----w- C:\Thunderbird
    2011-11-11 13:48 . 2011-11-11 13:48 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA9D58AA-E866-473C-A0EC-21D5076A3E8F}\gapaengine.dll
    2011-11-11 13:42 . 2011-11-11 13:42 -------- d-----w- c:\program files\Microsoft Synchronization Services
    2011-11-11 13:41 . 2011-10-18 03:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B9716AA-3678-4E19-866D-5A5FC6F6E026}\mpengine.dll
    2011-11-11 13:41 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-11-11 13:40 . 2011-11-11 13:40 -------- d-----w- c:\windows\PCHEALTH
    2011-11-11 13:40 . 2011-11-11 18:41 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2011-11-11 13:40 . 2011-11-11 13:40 -------- d-----w- c:\program files\Microsoft.NET
    2011-11-11 13:40 . 2011-11-11 13:40 -------- d-----w- c:\program files\Microsoft Sync Framework
    2011-11-11 13:39 . 2011-11-11 13:39 -------- d-----w- c:\program files\Microsoft Visual Studio 8
    2011-11-11 13:37 . 2011-11-11 13:43 -------- d-----w- c:\windows\SHELLNEW
    2011-11-11 13:37 . 2011-11-11 13:37 -------- d-----w- c:\program files\Microsoft Analysis Services
    2011-11-11 13:36 . 2011-11-11 17:58 -------- d-----w- c:\programdata\Microsoft Help
    2011-11-11 13:36 . 2011-11-11 13:36 -------- d-----r- C:\MSOCache
    2011-11-11 13:31 . 2011-11-11 13:31 -------- d-----w- c:\program files\Microsoft Security Client
    2011-11-11 13:10 . 2008-12-25 16:32 49152 ----a-w- c:\windows\system32\drivers\L1C60x86.sys
    2011-11-11 09:28 . 2011-11-16 11:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-11 09:28 . 2011-11-11 09:28 -------- d-----w- c:\windows\system32\Macromed
    2011-11-11 09:28 . 2011-12-01 12:25 -------- d-----w- C:\TOTVS
    2011-11-11 09:23 . 2011-11-16 12:43 -------- d-----w- c:\users\suporte
    2011-11-11 09:19 . 2011-11-11 09:19 -------- d-----w- c:\programdata\Skype
    2011-11-11 09:19 . 2011-11-11 09:19 -------- d-----r- c:\program files\Skype
    2011-11-11 09:16 . 2011-11-11 09:16 -------- d-----w- c:\windows\system32\Atheros_L1e
    2011-11-11 09:15 . 2011-11-11 09:15 -------- d-----w- c:\windows\system32\Lang
    2011-11-11 09:15 . 2009-10-19 13:57 1002008 ----a-w- c:\windows\system32\igxpun.exe
    2011-11-11 09:15 . 2011-11-11 09:15 -------- d-----w- C:\Intel
    2011-11-11 08:59 . 2011-12-05 12:53 -------- d-sh--w- c:\windows\Installer
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-11 18:29 . 2011-03-28 20:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-11-11 08:51 . 2010-11-20 21:29 2755072 ----a-w- c:\windows\system32\themeui.dll
    2011-11-11 08:51 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll
    2011-11-11 08:51 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
    2011-12-01 16:33 . 2011-11-16 11:54 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-10-31 21:02 94208 ----a-w- c:\users\suporte\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-10-31 21:02 94208 ----a-w- c:\users\suporte\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-10-31 21:02 94208 ----a-w- c:\users\suporte\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-10-31 21:02 94208 ----a-w- c:\users\suporte\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-08-26 19557000]
    "com.apple.dav.bookmarks.daemon"="c:\program files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2011-10-05 59240]
    "RockMelt Update"="c:\users\suporte\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2011-11-16 136336]
    "iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-10-06 59240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "Spiceworks"="c:\program files\Spiceworks\bin\spicetray_silent.exe" [2011-11-01 68664]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
    "Cobian Backup 10 Interface"="c:\program files\Cobian Backup 10\cbInterface.exe" [2010-09-23 3154432]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    "DANFEmon"="c:\program files\danfeview\danfemon.exe" [2011-10-18 3026944]
    .
    c:\users\suporte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\suporte\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApplePhotoStreams]
    2011-09-29 06:31 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudServices]
    2011-10-06 05:34 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2011-05-13 18:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    "S.O.S Backup"=c:\program files\S.O.S. Backup\Starter.exe
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    .
    R1 MpKsl0df609fc;MpKsl0df609fc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7791B2C0-D099-463C-B5AC-9DB029083CAD}\MpKsl0df609fc.sys [x]
    R1 MpKsl6bfa05dc;MpKsl6bfa05dc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{09F3356D-3F17-4260-86EA-E10B586454EA}\MpKsl6bfa05dc.sys [x]
    R1 MpKsl806e86eb;MpKsl806e86eb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5370D4C4-FA00-4815-A401-A61B42724DCA}\MpKsl806e86eb.sys [x]
    R1 MpKslc45dc45a;MpKslc45dc45a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DE9D4E06-84DA-4B98-A20D-B7B9F2A0D820}\MpKslc45dc45a.sys [x]
    R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [2010-09-23 67084]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
    S2 CobianBackup10;Cobian Backup 10;c:\program files\Cobian Backup 10\cbService.exe [2010-09-23 1125376]
    S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe [2008-04-23 80048]
    S2 inpout32;inpout32;c:\windows\system32\Drivers\inpout32.sys [2011-11-28 11936]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 359008]
    S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe [2008-04-23 2013840]
    S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [2008-12-25 49152]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
    S3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys [2011-01-12 13304]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-16 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3533277704-3234472643-4040678536-1000Core.job
    - c:\users\suporte\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2011-11-16 11:04]
    .
    2011-11-16 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3533277704-3234472643-4040678536-1000UA.job
    - c:\users\suporte\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2011-11-16 11:04]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com.br/
    uInternet Settings,ProxyOverride = *.local
    IE: &Enviar para o OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    IE: Anexar a PDF existente - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Anexar destino do link a PDF existente - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Converter destino do link em Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Converter em Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    TCP: Interfaces\{C178BC8A-A2DA-4A7F-8498-BA7607971E7E}: NameServer = 192.168.2.250
    FF - ProfilePath - c:\users\suporte\AppData\Roaming\Mozilla\Firefox\Profiles\4q1iyeb3.default\
    FF - prefs.js: network.proxy.ftp - 192.168.2.240
    FF - prefs.js: network.proxy.ftp_port - 3128
    FF - prefs.js: network.proxy.http - 192.168.2.240
    FF - prefs.js: network.proxy.http_port - 3128
    FF - prefs.js: network.proxy.socks - 192.168.2.240
    FF - prefs.js: network.proxy.socks_port - 3128
    FF - prefs.js: network.proxy.ssl - 192.168.2.240
    FF - prefs.js: network.proxy.ssl_port - 3128
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-12-06 17:22:14
    ComboFix-quarantined-files.txt 2011-12-06 19:22
    .
    Pre-Run: 13.135.241.216 bytes free
    Post-Run: 13.393.264.640 bytes free
    .
    - - End Of File - - AF09F336587C99DF115A7CA74684F0EF
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I do not believe that this system can be effectively cleaned. Here are the reasons:

    1. There are at least 7 users: all of you have infected backups
    2. I don't know what kind of setup all of you have, but I see the use of this program: c:\program files\Synergy >> Synergy lets you share your keyboard and mouse between multiple computers on your desk..
    3. You have much Portuguese content in the processes, including these Directories:
    Directories in Portuguese:
    2011-12-02 12:23 -------- d-----w- C:\Template
    2011-12-02 12:23 -------- d-----w- C:\CDpply
    2011-12-02 12:23 -------- d-----w- C:\CadEtiq
    2011-12-02 12:23 -------- d-----w- C:\Pimaco
    2011-11-28 18:10 -------- d-----w- C:\RegraEmpresarial
    4. You are using the RockMelt browser, based on the Chrome build
    RockMelt's centered around sharing links with your friends. It is considered a "social web browser."
    5. There is evidence of piracy > keygens
    6. A loose translation of suporte > either another user2011-11-16 12:43 -------- d-----w- c:\users\suporte
    Suporte é uma série de tirinhas, que retrata com humor, a vida dos profissionais de TI, mais especificamente, dos suportes técnicos de informática.>>>
    "Support is a series of tirinhas, that it portraies with mood, the life of the professionals of YOU, more specifically, of the supports computer science technician."
    7. There are multiple malware infections including:
    ZeroAccess Rootkit in memory
    KillCMOS.A trojan: NukerClass of Trojan: A program that disables a machine through damage to the registry, key files, the file system, etc.
    Chepvil Trojan horse that downloads other threats on to the compromised computer.

    Bottom line is that it's a waste of time to even attempt to clean this system. Current users and uses will bring malware right back into the system.

    My best advice is to reformat/reinstall the system.
    Stop passing files and folders back and forth
    Get some good security on the system.
    Stop the piracy.
    Stop the file sharing.

    This thread is closed.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...