TechSpot

Web browser redirect virus

By rakshas
Jul 2, 2011
  1. Hi, I recently acquired a virus that is redirecting me to random websites when I click links in a search browser. Here are the logs from the 7-step Preliminary Removal Instructions. ((GMER ran successfully and performed the scan, but when I saved the log the text document came up empty)).

    -------------------------------------------------------------------------------------------------

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 7001

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    7/2/2011 12:14:42 AM
    mbam-log-2011-07-02 (00-14-42).txt

    Scan type: Quick scan
    Objects scanned: 166459
    Time elapsed: 2 minute(s), 40 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 4
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{2638D8C2-0862-D3B2-45DA-0C90E8A4D503} (Trojan.Agent.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2638D8C2-0862-D3B2-45DA-0C90E8A4D503} (Trojan.Agent.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2638D8C2-0862-D3B2-45DA-0C90E8A4D503} (Trojan.Agent.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent.H) -> Bad: (C:\ProgramData\api-ms-win-core-errorhandling-l1-1-032.dll) Good: () -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\programdata\api-ms-win-core-errorhandling-l1-1-032.dll (Trojan.Agent.H) -> Quarantined and deleted successfully.

    -----------------------------------------------------------------------------------------------------

    GMER - empty log

    ------------------------------------------------------------------------------------------------------

    .
    DDS (Ver_2011-06-23.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22
    Run by Serion at 0:51:27 on 2011-07-02
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.4534 [GMT -4:00]
    .
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\lxdxcoms.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\SysWOW64\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe
    C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
    C:\Program Files\Logitech\Gaming Software\LWEMon.exe
    C:\Users\Serion\Program Files (x86)\DNA\btdna.exe
    C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe
    C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
    C:\Program Files (x86)\Razer\Lachesis\OSD.exe
    C:\Program Files (x86)\Razer\Lachesis\razertra.exe
    C:\Program Files (x86)\Razer\Lachesis\razerofa.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2737658
    uURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll
    mURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: {0ef2d241-29f7-472b-875f-380d32ec35bd} - C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-032.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: 14e05b13: {2a085034-b999-6840-66fd-b392a352d024} - C:\ProgramData\api-ms-win-core-errorhandling-l1-1-032.dll
    BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.3.2.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Serion\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll
    TB: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll
    TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    uRun: [BitTorrent DNA] "C:\Users\Serion\Program Files (x86)\DNA\btdna.exe"
    uRun: [ProxyCap] C:\PROGRA~1\PROXYL~1\ProxyCap\ProxyCap.exe
    uRun: [Google Update] "C:\Users\Serion\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun: [Lachesis] C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
    mRun: [StormCodec_Helper] "C:\Program Files (x86)\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
    mRun: [TunePat] C:\Program Files (x86)\TunePat\TunePat.exe /silence
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PLAYWI~1.LNK - C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
    IE: Download all by FlashGet3 - C:\Users\Serion\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
    IE: Download by FlashGet3 - C:\Users\Serion\AppData\Roaming\FlashGetBHO\GetUrl.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.3.2.dll/206
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    LSP: pcaplsp.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {931C1175-E08E-4ADA-9AED-4A2828AE1011} - hxxp://trinity.dlsite.com/activex/pbebkick.cab
    DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
    TCP: Interfaces\{715F6A19-E702-470B-B120-A2B083D83B0D} : DhcpNameServer = 68.87.68.166 68.87.74.166 192.168.1.1
    TCP: Interfaces\{715F6A19-E702-470B-B120-A2B083D83B0D}\44B62716D65627 : DhcpNameServer = 68.87.68.166 68.87.74.166 192.168.1.1
    TCP: Interfaces\{E163C530-87DC-4100-A9D4-13DF661CF003} : DhcpNameServer = 68.87.68.166 68.87.74.166
    C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-032.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: 14e05b13: {2A085034-B999-6840-66FD-B392A352D024} - C:\ProgramData\api-ms-win-core-errorhandling-l1-1-032.dll
    BHO-X64: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.3.2.dll
    BHO-X64: BitComet ClickCapture - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Serion\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
    BHO-X64: FlashGetBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll
    TB-X64: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll
    TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun-x64: [Lachesis] C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
    mRun-x64: [StormCodec_Helper] "C:\Program Files (x86)\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
    mRun-x64: [TunePat] C:\Program Files (x86)\TunePat\TunePat.exe /silence
    mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
    mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    IE-X64: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.3.2.dll/206
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Serion\AppData\Roaming\Mozilla\Firefox\Profiles\4m52bm5m.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&q=
    FF - component: C:\Users\Serion\AppData\Roaming\Mozilla\Firefox\Profiles\4m52bm5m.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashGetXPI.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Users\Serion\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Serion\Program Files (x86)\DNA\plugins\npbtdna.dll
    FF - plugin: C:\Users\Serion\Program Files (x86)\DNA\plugins\npbtdna.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - %profile%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
    FF - Ext: XUL Cache: {0516d2fd-a840-48b1-afe3-981c3d4c4d19} - %profile%\extensions\{0516d2fd-a840-48b1-afe3-981c3d4c4d19}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-7-1 136360]
    R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-7-1 269480]
    R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
    R2 lxdx_device;lxdx_device;C:\Windows\system32\lxdxcoms.exe -service --> C:\Windows\system32\lxdxcoms.exe -service [?]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-1 366640]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Windows\SysWOW64\nvSCPAPISvr.exe [2009-6-10 232960]
    R2 TSS_FSFILTER;Dynamic ED Controller;C:\Windows\SysWOW64\drivers\TSSFSFD.sys [2010-9-29 70168]
    R2 WLANBelkinService;Belkin WLAN service;C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe [2009-12-28 36864]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 VaneFltr;Lachesis Mouse Driver;C:\Windows\system32\drivers\Lachesis.sys --> C:\Windows\system32\drivers\Lachesis.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxdxserv.exe [2009-5-22 33960]
    S3 BCMH43XX;N+ Wireless USB Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]
    S3 DynamicEDController;Dynamic ED Controller;C:\Windows\SysWOW64\drivers\TSSFSFD.sys [2010-9-29 70168]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TVICHW64;TVICHW64;C:\Windows\SysWOW64\drivers\TVICHW64.SYS [2009-7-4 21200]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== File Associations ===============
    .
    .reg=Regedit.Document
    .
    =============== Created Last 30 ================
    .
    2011-07-02 03:16:48 -------- d-----w- C:\Users\Serion\AppData\Roaming\Malwarebytes
    2011-07-02 03:16:45 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-02 03:16:44 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-07-02 03:16:41 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-07-02 03:16:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-07-01 15:39:44 -------- d-----w- C:\Users\Serion\AppData\Roaming\Avira
    2011-07-01 15:36:41 88288 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2011-07-01 15:36:41 -------- d-----w- C:\ProgramData\Avira
    2011-07-01 15:36:41 -------- d-----w- C:\Program Files (x86)\Avira
    2011-06-29 23:01:27 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B4CE40FE-7B23-4136-AB38-0CF9BB18435B}\mpengine.dll
    2011-06-29 14:37:54 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2100d91e1cc366a2f\InstallManager_WLE_WLE.exe
    2011-06-29 14:37:40 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\194d46861cc366a24\MeshBetaRemover.exe
    2011-06-29 14:37:29 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1253f7a51cc366a1c\DSETUP.dll
    2011-06-29 14:37:29 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1253f7a51cc366a1c\DXSETUP.exe
    2011-06-29 14:37:29 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1253f7a51cc366a1c\dsetup32.dll
    2011-06-29 14:37:28 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\118b19861cc366a1b\DSETUP.dll
    2011-06-29 14:37:28 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\118b19861cc366a1b\DXSETUP.exe
    2011-06-29 14:37:28 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\118b19861cc366a1b\dsetup32.dll
    2011-06-29 14:37:09 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\58628af1cc366a0f\Silverlight.4.0.exe
    2011-06-29 14:36:47 -------- d-----w- C:\Users\Serion\AppData\Local\Windows Live
    2011-06-29 14:32:56 -------- d-----w- C:\Windows\System32\SPReview
    2011-06-29 14:32:33 -------- d-----w- C:\Windows\System32\EventProviders
    2011-06-29 03:24:49 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
    2011-06-29 03:24:49 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
    2011-06-29 03:24:49 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
    2011-06-29 03:24:49 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
    2011-06-29 03:24:49 207872 ----a-w- C:\Windows\System32\cfgmgr32.dll
    2011-06-29 03:24:49 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
    2011-06-20 23:34:59 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
    2011-06-20 23:33:00 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
    2011-06-20 23:33:00 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
    2011-06-20 23:33:00 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
    2011-06-20 23:32:55 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
    2011-06-20 23:32:52 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
    2011-06-20 23:32:36 422912 ----a-w- C:\Windows\System32\drvstore.dll
    2011-06-20 23:32:36 399872 ----a-w- C:\Windows\System32\dpx.dll
    2011-06-19 21:30:45 -------- d-----w- C:\Users\Serion\AppData\Local\SCE
    2011-06-06 16:55:30 183696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2011-06-06 16:55:30 183696 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
    .
    ==================== Find3M ====================
    .
    2011-06-29 23:35:59 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2011-06-29 23:35:58 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2011-05-28 03:30:09 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-05-28 03:06:58 3135488 ----a-w- C:\Windows\System32\win32k.sys
    2011-05-28 02:53:58 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-05-24 23:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
    2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
    2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
    2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
    2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
    2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
    2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
    2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
    2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
    2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
    2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
    2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
    2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
    2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
    2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
    2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
    2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
    2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
    2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
    2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
    2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
    2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
    2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2011-04-22 22:08:29 1188864 ----a-w- C:\Windows\System32\wininet.dll
    2011-04-22 19:10:01 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
    2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
    .
    ============= FINISH: 0:51:48.59 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/28/2010 3:18:20 PM
    System Uptime: 7/2/2011 12:16:42 AM (0 hours ago)
    .
    Motherboard: EVGA | | 132-BL-E758
    Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | Socket 423 | 2653/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 931 GiB total, 335.566 GiB free.
    D: is CDROM ()
    F: is FIXED (FAT32) - 931 GiB total, 436.876 GiB free.
    G: is FIXED (NTFS) - 0 GiB total, 0.07 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: sptd
    Device ID: ROOT\LEGACY_SPTD\0000
    Manufacturer:
    Name: sptd
    PNP Device ID: ROOT\LEGACY_SPTD\0000
    Service: sptd
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Deskjet F4500 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Deskjet F4500 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP189: 6/29/2011 10:32:49 AM - Windows 7 Service Pack 1
    RP191: 7/1/2011 11:27:26 AM - Windows Defender Checkpoint
    RP192: 7/1/2011 11:04:53 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.1.0)
    Adobe Shockwave Player 11.5
    Advanced Windows Mail Recovery
    Aion
    AllToAVI v4 r5394
    Amazon Kindle For PC v1.1
    Apple Software Update
    AVIcodec (remove only)
    Avira AntiVir Personal - Free Antivirus
    BitComet 1.10
    Cosplay Fetish Academy v1.2
    D3DX10
    Diablo II
    DirectShow .SHN FIlter
    DivX Setup
    DJ_AIO_06_F4500_SW_MIN
    DNA
    DriverAgent by eSupport.com
    E.M. Total Video Player 1.31
    Escape From Monkey Island
    EVE Online (remove only)
    EVEREST Ultimate Edition v5.02
    Everlight
    EverQuest
    EVGA E-LEET
    ffdshow v1.1.3516 [2010-07-25]
    FINAL FANTASY XIV
    FlashGet 3.7
    Free MP3 WMA OGG Converter 8.1.2
    FreeOnlineRadioPlayerRecorder Toolbar
    FreeUndelete
    Google Chrome
    ImgBurn
    Intel(R) Processor ID Utility
    Java Auto Updater
    Java(TM) 6 Update 10
    Java(TM) 6 Update 22
    JMB36X Raid Configurer
    Junk Mail filter update
    K-Lite Mega Codec Pack 1.67
    Lightning Warrior Raidy
    Lightning Warrior Raidy II v1.1s
    Malwarebytes' Anti-Malware version 1.51.0.1200
    MediaFeed
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Home and Student 2007 Trial
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox (3.6.18)
    MpcStar 3.9
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NCsoft Launcher
    NTFS Undelete v0.94
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    Oblivion
    Oblivion mod manager 1.1.12
    Pcsx2 0.9.6
    Pirates Buster for e-Book/Application (Decoder for Eisys)
    PixiePack Codec Pack
    Play Wireless USB Adapter
    Pretty Soldier Wars A.D. 2048
    Proxifier version 2.8
    QuickTime
    RAR Password Cracker 4.12
    Razer Lachesis
    RIFT
    Scan
    ScummVM 0.13.1a
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    SimpleOCR 3.1
    SmoothPING Elite
    Storm Codec
    Tales of Monkey Island - Lair of the Leviathan
    Tales of Monkey Island - Launch of the Screaming Narwhal
    Tales of Monkey Island - Rise of the Pirate God
    Tales of Monkey Island - The Siege of Spinner Cay
    Tales of Monkey Island - The Trial and Execution of Guybrush Threepwood
    The Secret of Monkey Island Special Edition
    Toolbox
    Unofficial Oblivion Patch v3.2.0
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VC80CRTRedist - 8.0.50727.4053
    VLC media player 1.1.4
    Vuze
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Mail Recovery v.3.0.0
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/2/2011 12:17:32 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
    7/2/2011 12:17:21 AM, Error: Service Control Manager [7000] - The TriSecurity System - Filter Driver service failed to start due to the following error: The system cannot find the file specified.
    7/2/2011 12:17:15 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxdxCATSCustConnectService service to connect.
    7/2/2011 12:17:15 AM, Error: Service Control Manager [7000] - The lxdxCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/2/2011 12:17:07 AM, Error: nvlddmkm [14] -
    7/2/2011 12:16:54 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 7 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
    7/2/2011 12:16:54 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 6 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
    7/2/2011 12:16:54 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 5 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
    7/2/2011 12:16:54 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 4 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
    7/2/2011 12:16:54 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 3 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
    7/2/2011 12:16:54 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 2 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
    7/2/2011 12:16:54 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
    7/2/2011 12:16:54 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
    7/2/2011 12:16:44 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    7/2/2011 12:15:35 AM, Error: Service Control Manager [7016] - The NVIDIA Display Driver Service service has reported an invalid current state 32.
    7/1/2011 11:39:00 AM, Error: Service Control Manager [7034] - The Interactive Services Detection service terminated unexpectedly. It has done this 1 time(s).
    7/1/2011 11:37:01 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
    7/1/2011 11:06:38 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Update for Windows Live Essentials 2011 (KB 2520039).
    6/29/2011 7:45:27 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Windows Live Essentials 2011 (KB2434419).
    6/29/2011 7:45:27 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2518867).
    6/29/2011 7:45:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 for x64-based Systems (KB2535512).
    6/29/2011 7:44:12 PM, Error: Microsoft-Windows-WMPNSS-Service [14353] - A media delivery engine with ID '0' was not initialized due to error '0x80070005' when adding the URL 'http://+:10243/WMPNSSv4/3528001172/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
    6/29/2011 7:44:12 PM, Error: Microsoft-Windows-WMPNSS-Service [14349] - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
    6/29/2011 7:01:46 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 9 for Windows 7 for x64-based Systems.
    6/29/2011 7:01:21 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2547666).
    6/29/2011 6:59:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2545698).
    6/26/2011 4:55:07 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer OWNER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E163C530-87DC-4100-A9D4-13DF661CF003}. The master browser is stopping or an election is being forced.
    .
    ==== End Of File ===========================
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! I'll help with the malware- we have several things to do.

    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process.. Bit Comet
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    I noticr you have ProxyCap on the system. ProxyCap enables you to tunnel Internet applications through HTTP, SOCKS v4, and v5 proxy servers. Can you give me some idea of how you're using this protocol?
    ======================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ==========================================
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
     
  3. rakshas

    rakshas TS Rookie Topic Starter

    I appreciate the assistance, here are the log reports you requested.

    ================================================================

    I used ProxyCap about a year ago to reduce my ping for online gaming as at the time my ISP was at a bad location. Currently I do not use the program.

    ================================================================

    ESETSCAN Log

    C:\Users\Serion\AppData\Local\Google\Chrome\User Data\Default\Default\ggoiiilcgdadloajoclcbaemafpgcfij\contentscript.js Win32/TrojanDownloader.Tracur.F trojan
    C:\Users\Serion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Serion\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\ggoiiilcgdadloajoclcbaemafpgcfij\contentscript.js Win32/TrojanDownloader.Tracur.F trojan
    C:\Users\Serion\AppData\Local\Temp\plugtmp-16\plugin-yz_gzy.pdf PDF/Exploit.Pidief.PBK.Gen trojan
    C:\Users\Serion\AppData\Local\Temp\plugtmp-35\plugin-50ccd9ce8ab.php probably a variant of Win32/Agent.KTAETJV trojan
    C:\Users\Serion\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\35d60d30-78d4777e Java/TrojanDownloader.OpenStream.NCA trojan
    C:\Users\Serion\AppData\Roaming\Mozilla\Firefox\Profiles\4m52bm5m.default\extensions\{0516d2fd-a840-48b1-afe3-981c3d4c4d19}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan
    C:\Users\Serion\AppData\Roaming\Mozilla\Firefox\Profiles\4m52bm5m.default\extensions\{0516d2fd-a840-48b1-afe3-981c3d4c4d19}\chrome\xulcache.jar JS/Agent.NDB trojan
    C:\Users\Serion\Downloads\Mp4PlayerSetup4.0.exe probably a variant of Win32/TrojanDownloader.Agent.KXBJNTQ trojan
    F:\Installers\PopularScreensaversSetup2.3.50.22.ZRfox000.exe a variant of Win32/Toolbar.MyWebSearch.O application

    ================================================================

    CombofixScan Log

    ComboFix 11-07-02.03 - Serion 07/03/2011 3:00.1.8 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.3467 [GMT -4:00]
    Running from: c:\users\Serion\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
    c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
    c:\users\Serion\AppData\Roaming\.#
    c:\users\Serion\AppData\Roaming\Mozilla\Firefox\Profiles\4m52bm5m.default\extensions\{0516d2fd-a840-48b1-afe3-981c3d4c4d19}
    c:\users\Serion\AppData\Roaming\Mozilla\Firefox\Profiles\4m52bm5m.default\extensions\{0516d2fd-a840-48b1-afe3-981c3d4c4d19}\chrome.manifest
    c:\users\Serion\AppData\Roaming\Mozilla\Firefox\Profiles\4m52bm5m.default\extensions\{0516d2fd-a840-48b1-afe3-981c3d4c4d19}\chrome\xulcache.jar
    c:\users\Serion\AppData\Roaming\Mozilla\Firefox\Profiles\4m52bm5m.default\extensions\{0516d2fd-a840-48b1-afe3-981c3d4c4d19}\defaults\preferences\xulcache.js
    c:\users\Serion\AppData\Roaming\Mozilla\Firefox\Profiles\4m52bm5m.default\extensions\{0516d2fd-a840-48b1-afe3-981c3d4c4d19}\install.rdf
    c:\windows\SysWow64\Packet.dll
    c:\windows\SysWow64\pthreadVC.dll
    c:\windows\SysWow64\sbcrreag.dll
    c:\windows\SysWow64\wpcap.dll
    F:\Autorun.inf
    F:\install.exe
    .
    ----- BITS: Possible infected sites -----
    .
    hxxp://apnmedia.ask.com
    .
    ((((((((((((((((((((((((( Files Created from 2011-06-03 to 2011-07-03 )))))))))))))))))))))))))))))))
    .
    .
    2011-07-03 07:06 . 2011-07-03 07:06 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-07-03 03:01 . 2011-07-03 03:01 -------- d-----w- c:\program files (x86)\ESET
    2011-07-02 05:01 . 2011-07-02 05:01 -------- d-----w- c:\users\Serion\AppData\Local\Windows Live Writer
    2011-07-02 05:01 . 2011-07-02 05:01 -------- d-----w- c:\users\Serion\AppData\Roaming\Windows Live Writer
    2011-07-02 03:16 . 2011-07-02 03:16 -------- d-----w- c:\users\Serion\AppData\Roaming\Malwarebytes
    2011-07-02 03:16 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-02 03:16 . 2011-07-02 03:16 -------- d-----w- c:\programdata\Malwarebytes
    2011-07-02 03:16 . 2011-07-02 03:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-07-02 03:16 . 2011-05-29 13:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-02 03:06 . 2011-07-02 03:06 -------- d-----w- c:\program files (x86)\Common Files\Adobe
    2011-07-01 15:39 . 2011-07-01 15:39 -------- d-----w- c:\users\Serion\AppData\Roaming\Avira
    2011-07-01 15:36 . 2011-07-02 03:11 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-07-01 15:36 . 2011-07-02 03:11 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-07-01 15:36 . 2011-07-01 15:36 -------- d-----w- c:\programdata\Avira
    2011-07-01 15:36 . 2011-07-01 15:36 -------- d-----w- c:\program files (x86)\Avira
    2011-06-29 23:01 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4CE40FE-7B23-4136-AB38-0CF9BB18435B}\mpengine.dll
    2011-06-29 14:47 . 2011-06-29 14:47 -------- d-----w- c:\program files\Windows Live
    2011-06-29 14:37 . 2011-06-29 14:37 469256 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2100d91e1cc366a2f\InstallManager_WLE_WLE.exe
    2011-06-29 14:37 . 2011-06-29 14:37 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\194d46861cc366a24\MeshBetaRemover.exe
    2011-06-29 14:37 . 2011-06-29 14:37 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1253f7a51cc366a1c\DSETUP.dll
    2011-06-29 14:37 . 2011-06-29 14:37 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1253f7a51cc366a1c\DXSETUP.exe
    2011-06-29 14:37 . 2011-06-29 14:37 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\1253f7a51cc366a1c\dsetup32.dll
    2011-06-29 14:37 . 2011-06-29 14:37 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\118b19861cc366a1b\DSETUP.dll
    2011-06-29 14:37 . 2011-06-29 14:37 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\118b19861cc366a1b\DXSETUP.exe
    2011-06-29 14:37 . 2011-06-29 14:37 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\118b19861cc366a1b\dsetup32.dll
    2011-06-29 14:37 . 2011-06-29 14:37 6260088 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\58628af1cc366a0f\Silverlight.4.0.exe
    2011-06-29 14:36 . 2011-07-02 05:07 -------- d-----w- c:\users\Serion\AppData\Local\Windows Live
    2011-06-29 14:32 . 2011-06-29 14:32 -------- d-----w- c:\windows\system32\SPReview
    2011-06-29 14:32 . 2011-06-29 14:32 -------- d-----w- c:\windows\system32\EventProviders
    2011-06-29 03:24 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
    2011-06-29 03:24 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll
    2011-06-29 03:24 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
    2011-06-29 03:24 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
    2011-06-29 03:24 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
    2011-06-29 03:24 . 2010-11-20 13:25 207872 ----a-w- c:\windows\system32\cfgmgr32.dll
    2011-06-20 23:34 . 2010-11-20 13:34 215936 ----a-w- c:\windows\system32\drivers\vhdmp.sys
    2011-06-20 23:33 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2011-06-20 23:33 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
    2011-06-20 23:33 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
    2011-06-20 23:32 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
    2011-06-20 23:32 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
    2011-06-20 23:32 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
    2011-06-20 23:32 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
    2011-06-19 21:30 . 2011-06-19 21:30 -------- d-----w- c:\users\Serion\AppData\Local\SCE
    2011-06-19 21:30 . 2011-06-19 21:30 -------- d-----w- c:\users\Public\Sony Online Entertainment
    2011-06-06 16:55 . 2011-06-06 16:55 183696 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2011-06-06 16:55 . 2011-06-06 16:55 183696 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-29 23:35 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2011-06-29 23:35 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2011-06-29 14:47 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-05-24 23:14 . 2009-10-02 15:48 270720 ------w- c:\windows\system32\MpSigStub.exe
    2011-04-22 22:15 . 2011-05-24 21:56 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-04-09 07:02 . 2011-05-11 16:32 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-04-09 06:58 . 2011-05-19 05:04 142336 ----a-w- c:\windows\system32\poqexec.exe
    2011-04-09 06:02 . 2011-05-11 16:32 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2011-04-09 06:02 . 2011-05-11 16:32 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2011-04-09 05:56 . 2011-05-19 05:04 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll" [2010-06-13 2734688]
    .
    [HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}]
    2010-06-13 23:10 2734688 ----a-w- c:\program files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll" [2010-06-13 2734688]
    .
    [HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BitTorrent DNA"="c:\users\Serion\Program Files (x86)\DNA\btdna.exe" [2009-11-12 323392]
    "ProxyCap"="c:\progra~1\PROXYL~1\ProxyCap\ProxyCap.exe" [2009-09-04 592384]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
    "Lachesis"="c:\program files (x86)\Razer\Lachesis\razerhid.exe" [2008-10-14 172032]
    "StormCodec_Helper"="c:\program files (x86)\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 97357]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Play Wireless USB Adapter Utility.lnk - c:\program files (x86)\Belkin\F7D4101\V1\PBN.exe [2009-11-25 110592]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdxserv.exe [2008-02-28 33960]
    R2 TSSFLT;TriSecurity System - Filter Driver;c:\windows\system32\DRIVERS\tssflt.sys [x]
    R2 WLANBelkinService;Belkin WLAN service;c:\program files (x86)\Belkin\F7D4101\V1\wlansrv.exe [2009-12-28 36864]
    R3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [x]
    R3 DynamicEDController;Dynamic ED Controller;c:\windows\SysWOW64\drivers\TSSFSFD.SYS [2009-09-24 70168]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 TVICHW64;TVICHW64;c:\windows\SysWOW64\Drivers\TVICHW64.SYS [2009-07-04 21200]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
    S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
    S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2008-02-28 1044648]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\SysWOW64\nvSCPAPISvr.exe [2009-06-10 232960]
    S2 TSS_FSFILTER;Dynamic ED Controller;c:\windows\SysWOW64\DRIVERS\TSSFSFD.SYS [2009-09-24 70168]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-172134962-541061724-3732962536-1001Core.job
    - c:\users\Serion\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-16 04:50]
    .
    2011-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-172134962-541061724-3732962536-1001UA.job
    - c:\users\Serion\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-16 04:50]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EzPrint"="c:\program files (x86)\Lexmark 3600-4600 Series\ezprint.exe" [2008-06-13 107176]
    "lxdxmon.exe"="c:\program files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-06-13 668328]
    "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 190472]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2737658
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: &D&ownload &with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm
    IE: Download all by FlashGet3 - c:\users\Serion\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
    IE: Download by FlashGet3 - c:\users\Serion\AppData\Roaming\FlashGetBHO\GetUrl.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    LSP: pcaplsp.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
    DPF: {931C1175-E08E-4ADA-9AED-4A2828AE1011} - hxxp://trinity.dlsite.com/activex/pbebkick.cab
    FF - ProfilePath - c:\users\Serion\AppData\Roaming\Mozilla\Firefox\Profiles\4m52bm5m.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - %profile%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
    .
    .
    ------- File Associations -------
    .
    .reg=Regedit.Document
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{0EF2D241-29F7-472B-875F-380D32EC35Bd} - c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-032.dll
    BHO-{2A085034-B999-6840-66FD-B392A352D024} - c:\programdata\api-ms-win-core-errorhandling-l1-1-032.dll
    Wow6432Node-HKLM-Run-TunePat - c:\program files (x86)\TunePat\TunePat.exe
    Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre6\bin\jusched.exe
    WebBrowser-{F999A48B-1950-4D81-9971-79018F807B4B} - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-07-03 03:08:14
    ComboFix-quarantined-files.txt 2011-07-03 07:08
    .
    Pre-Run: 358,684,164,096 bytes free
    Post-Run: 359,825,481,728 bytes free
    .
    - - End Of File - - 05DAD8A40FD5C935999F86B19B8FCF09
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    For Eset entries:

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      
      :Files 
      C:\Users\Serion\AppData\Local\Google\Chrome\User Data\Default\Default\ggoiiilcgdadloajoclcbaemafpgcfij\contentscript.js 
      C:\Users\Serion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Serion\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\ggoiiilcgdadloajoclcbaemafpgcfij\contentscript.js 
      C:\Users\Serion\AppData\Local\Temp\plugtmp-16\plugin-yz_gzy.pdf 
      C:\Users\Serion\AppData\Local\Temp\plugtmp-35\plugin-50ccd9ce8ab.php 
      C:\Users\Serion\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\35d60d30-78d4777e 
      C:\Users\Serion\AppData\Roaming\Mozilla\Firefox\Profiles\4m52bm5m.default\e xtensions\{0516d2fd-a840-48b1-afe3-981c3d4c4d19}\chrome.manifest 
      C:\Users\Serion\AppData\Roaming\Mozilla\Firefox\Profiles\4m52bm5m.default\e xtensions\{0516d2fd-a840-48b1-afe3-981c3d4c4d19}\chrome\xulcache.jar 
      C:\Users\Serion\Downloads\Mp4PlayerSetup4.0.exe 
      F:\Installers\PopularScreensaversSetup2.3.50.22.ZRfox000.exe 
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ====================================
    Clear Java Cache:
    1. . Click Start > Control Panel.
    2. . Double-click the Java icon [​IMG] in the cControl Panel.
    3. . Click Settings under Temporary Internet Files.
      http://www.java.com/en/img/download/5000020303.jpg[/b]
      There are three options on this window to clear the cache.(Version dependent)
      [o]. Delete Files
      [o]. View Applications
      [o]. View Applets
      [*]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [*]. Click OK on Temporary Files Settings window. [/list]
      ===================================
      [B]There are 2 deletions in Combofix that indicate you may be using an infected flash drive (Drive F) [/B].It will need to be disinfected as follows:
      [list]
      [*] Please download [url=http://www.pandasecurity.com/homeusers/downloads/usbvaccine/][b][color=blue]Panda USB Vaccine[/b][/color][/url](you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
      [*] Install and run it.
      [*] Plug in USB drive and click on Vaccinate USB and Vaccinate computer.[/list]
      ===================================
      Please handle the bove while I finish reviewing the Combofix log.
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please update Java to current v6u26. Java Updates Uninstall v6u19 and v6u22 in Add/Remove Programs as they are vulnerabilities for the system.

    Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
    ==========================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\program files (x86)\Common Files\Windows Live\.cache\2100d91e1cc366a2f\InstallManager_WLE_WLE.exe
    c:\program files (x86)\Common Files\Windows Live\.cache\194d46861cc366a24\MeshBetaRemover.exe
    c:\program files (x86)\Common Files\Windows Live\.cache\1253f7a51cc366a1c\DSETUP.dll
    c:\program files (x86)\Common Files\Windows Live\.cache\1253f7a51cc366a1c\DXSETUP.exe
    c:\program files (x86)\Common Files\Windows Live\.cache\1253f7a51cc366a1c\dsetup32.dll
    c:\program files (x86)\Common Files\Windows Live\.cache\118b19861cc366a1b\DSETUP.dll
    c:\program files (x86)\Common Files\Windows Live\.cache\118b19861cc366a1b\DXSETUP.exe
    c:\program files (x86)\Common Files\Windows Live\.cache\118b19861cc366a1b\dsetup32.dll
    c:\program files (x86)\Common Files\Windows Live\.cache\58628af1cc366a0f\Silverlight.4.0.exe
    DDS::
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2737658
    uURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll
    mURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll
    BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.3.2.dll
    BHO: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll
    TB: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll
    TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    uRun: [BitTorrent DNA] "C:\Users\Serion\Program Files (x86)\DNA\btdna.exe"
    uRun: [ProxyCap] C:\PROGRA~1\PROXYL~1\ProxyCap\ProxyCap.exe
    IE: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
    IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.3.2.dll/206
    BHO-X64: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.3.2.dll
    BHO-X64: BitComet ClickCapture - No File
    BHO-X64: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll
    TB-X64: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll
    TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    IE-X64: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.3.3.2.dll/206
    Extra::
    File::
    Firefox::
    Firefox-: - Profile-  c:\users\Serion\AppData\Roaming\Mozilla\Firefox\Profiles\4m52bm5m.default\
    Firefox-: - prefs.js- Browser.SearchURL
    Firefox-: - prefs.js- keyword.URL - hxxp://www.google.com
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{f999a48b-1950-4d81-9971-79018f807b4b}"=-
    [HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{f999a48b-1950-4d81-9971-79018f807b4b}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{f999a48b-1950-4d81-9971-79018f807b4b}"=-
    [HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BitTorrent DNA"=-
    "ProxyCap"=-
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {931C1175-E08E-4ADA-9AED-4A2828AE1011} - hxxp://trinity.dlsite.com/activex/pbebkick.cab
    DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Advise remove all from Trusted zone:
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.co,
    ===================
    If ProxyCap remains in Add/Remove Programs uninstall it. Use Windows Explorer to delete the program folder c:\progra~1\PROXYL~1\ProxyCap
    ===================
    Check the Belkin router for firmware update.
    ==================
    Open Firefox> Tools> Addons> Extensions: Remove the following Java entries:
    v6u10, v6u14, v6u20, v6u22.
    Note: You do not need to add a separate Java update to Firefox.
     
  6. rakshas

    rakshas TS Rookie Topic Starter

    Ok, a couple strange things happened when I ran combofix. The first: Combofix attempted to send a malware log to an online server, but failed as it was unavailable after the restart. The second: Some startup processes apparently were prevented when combofix finished up after the restart and I couldn't open any files due to a registry file missing (or something along those lines). Another restart repaired that issue. As I was able to get passed the second issue with a restart I was able to complete the rest of the steps, however I just wanted you to know.

    ======================================================================================

    All processes killed
    ========== FILES ==========
    C:\Users\Serion\AppData\Local\Google\Chrome\User Data\Default\Default\ggoiiilcgdadloajoclcbaemafpgcfij\contentscript.js moved successfully.
    C:\Users\Serion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Serion\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\ggoiiilcgdadloajoclcbaemafpgcfij\contentscript.js moved successfully.
    File/Folder C:\Users\Serion\AppData\Local\Temp\plugtmp-16\plugin-yz_gzy.pdf not found.
    File/Folder C:\Users\Serion\AppData\Local\Temp\plugtmp-35\plugin-50ccd9ce8ab.php not found.
    C:\Users\Serion\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\35d60d30-78d4777e moved successfully.
    File/Folder C:\Users\Serion\AppData\Roaming\Mozilla\Firefox\Profiles\4m52bm5m.default\e xtensions\{0516d2fd-a840-48b1-afe3-981c3d4c4d19}\chrome.manifest not found.
    File/Folder C:\Users\Serion\AppData\Roaming\Mozilla\Firefox\Profiles\4m52bm5m.default\e xtensions\{0516d2fd-a840-48b1-afe3-981c3d4c4d19}\chrome\xulcache.jar not found.
    C:\Users\Serion\Downloads\Mp4PlayerSetup4.0.exe moved successfully.
    F:\Installers\PopularScreensaversSetup2.3.50.22.ZRfox000.exe moved successfully.
    ========== COMMANDS ==========

    OTM

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Serion
    ->Temp folder emptied: 29436 bytes
    ->Temporary Internet Files folder emptied: 30300713 bytes
    ->Java cache emptied: 12465346 bytes
    ->FireFox cache emptied: 115803543 bytes
    ->Google Chrome cache emptied: 22582970 bytes
    ->Flash cache emptied: 289726 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 9308 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
    RecycleBin emptied: 8215 bytes

    Total Files Cleaned = 173.00 mb


    OTM by OldTimer - Version 3.1.18.0 log created on 07032011_210342

    Files moved on Reboot...
    C:\Users\Serion\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...

    ==============================================================================

    Java Cache cleared

    ==============================================================================

    Panda USB Vaccine applied to computer and F drive

    =============================================================================

    Java updated to v6u26. I did not find v6u19 and v6u22 in programs, however I did remove the version 10.

    ===============================================================================

    ComboFix 11-07-03.01 - Serion 07/03/2011 21:35:20.2.8 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.4459 [GMT -4:00]
    Running from: c:\users\Serion\Desktop\ComboFix.exe
    Command switches used :: c:\users\Serion\Desktop\CFScript.txt
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\program files (x86)\Common Files\Windows Live\.cache\118b19861cc366a1b\DSETUP.dll"
    "c:\program files (x86)\Common Files\Windows Live\.cache\118b19861cc366a1b\dsetup32.dll"
    "c:\program files (x86)\Common Files\Windows Live\.cache\118b19861cc366a1b\DXSETUP.exe"
    "c:\program files (x86)\Common Files\Windows Live\.cache\1253f7a51cc366a1c\DSETUP.dll"
    "c:\program files (x86)\Common Files\Windows Live\.cache\1253f7a51cc366a1c\dsetup32.dll"
    "c:\program files (x86)\Common Files\Windows Live\.cache\1253f7a51cc366a1c\DXSETUP.exe"
    "c:\program files (x86)\Common Files\Windows Live\.cache\194d46861cc366a24\MeshBetaRemover.exe"
    "c:\program files (x86)\Common Files\Windows Live\.cache\2100d91e1cc366a2f\InstallManager_WLE_WLE.exe"
    "c:\program files (x86)\Common Files\Windows Live\.cache\58628af1cc366a0f\Silverlight.4.0.exe"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\progra~1\PROXYL~1\ProxyCap\ProxyCap.exe
    c:\program files (x86)\BitComet\tools\BitCometBHO_1.3.3.2.dll
    c:\program files (x86)\Common Files\Windows Live\.cache\118b19861cc366a1b\DSETUP.dll
    c:\program files (x86)\Common Files\Windows Live\.cache\118b19861cc366a1b\dsetup32.dll
    c:\program files (x86)\Common Files\Windows Live\.cache\118b19861cc366a1b\DXSETUP.exe
    c:\program files (x86)\Common Files\Windows Live\.cache\1253f7a51cc366a1c\DSETUP.dll
    c:\program files (x86)\Common Files\Windows Live\.cache\1253f7a51cc366a1c\dsetup32.dll
    c:\program files (x86)\Common Files\Windows Live\.cache\1253f7a51cc366a1c\DXSETUP.exe
    c:\program files (x86)\Common Files\Windows Live\.cache\194d46861cc366a24\MeshBetaRemover.exe
    c:\program files (x86)\Common Files\Windows Live\.cache\2100d91e1cc366a2f\InstallManager_WLE_WLE.exe
    c:\program files (x86)\Common Files\Windows Live\.cache\58628af1cc366a0f\Silverlight.4.0.exe
    c:\program files (x86)\FreeOnlineRadioPlayerRecorder\tbFree.dll
    c:\users\Serion\Program Files (x86)\DNA\btdna.exe
    F:\AUTORUN.INF . . . . Failed to delete
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-06-04 to 2011-07-04 )))))))))))))))))))))))))))))))
    .
    .
    2011-07-04 01:41 . 2011-07-04 01:41 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-07-04 01:25 . 2011-07-04 01:25 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-07-04 01:20 . 2011-07-04 01:20 -------- d-----w- c:\programdata\Panda Security
    2011-07-04 01:20 . 2011-07-04 01:20 -------- d-----w- c:\program files (x86)\Panda USB Vaccine
    2011-07-04 01:03 . 2011-07-04 01:03 -------- d-----w- C:\_OTM
    2011-07-03 03:01 . 2011-07-03 03:01 -------- d-----w- c:\program files (x86)\ESET
    2011-07-02 05:01 . 2011-07-02 05:01 -------- d-----w- c:\users\Serion\AppData\Local\Windows Live Writer
    2011-07-02 05:01 . 2011-07-02 05:01 -------- d-----w- c:\users\Serion\AppData\Roaming\Windows Live Writer
    2011-07-02 03:16 . 2011-07-02 03:16 -------- d-----w- c:\users\Serion\AppData\Roaming\Malwarebytes
    2011-07-02 03:16 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-02 03:16 . 2011-07-02 03:16 -------- d-----w- c:\programdata\Malwarebytes
    2011-07-02 03:16 . 2011-07-02 03:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-07-02 03:16 . 2011-05-29 13:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-02 03:06 . 2011-07-02 03:06 -------- d-----w- c:\program files (x86)\Common Files\Adobe
    2011-07-01 15:39 . 2011-07-01 15:39 -------- d-----w- c:\users\Serion\AppData\Roaming\Avira
    2011-07-01 15:36 . 2011-07-02 03:11 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-07-01 15:36 . 2011-07-02 03:11 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-07-01 15:36 . 2011-07-01 15:36 -------- d-----w- c:\programdata\Avira
    2011-07-01 15:36 . 2011-07-01 15:36 -------- d-----w- c:\program files (x86)\Avira
    2011-06-29 23:01 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4CE40FE-7B23-4136-AB38-0CF9BB18435B}\mpengine.dll
    2011-06-29 14:47 . 2011-06-29 14:47 -------- d-----w- c:\program files\Windows Live
    2011-06-29 14:36 . 2011-07-04 01:19 -------- d-----w- c:\users\Serion\AppData\Local\Windows Live
    2011-06-29 14:32 . 2011-06-29 14:32 -------- d-----w- c:\windows\system32\SPReview
    2011-06-29 14:32 . 2011-06-29 14:32 -------- d-----w- c:\windows\system32\EventProviders
    2011-06-29 03:24 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
    2011-06-29 03:24 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll
    2011-06-29 03:24 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
    2011-06-29 03:24 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
    2011-06-29 03:24 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
    2011-06-29 03:24 . 2010-11-20 13:25 207872 ----a-w- c:\windows\system32\cfgmgr32.dll
    2011-06-20 23:34 . 2010-11-20 13:34 215936 ----a-w- c:\windows\system32\drivers\vhdmp.sys
    2011-06-20 23:33 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2011-06-20 23:33 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
    2011-06-20 23:33 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
    2011-06-20 23:32 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
    2011-06-20 23:32 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
    2011-06-20 23:32 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
    2011-06-20 23:32 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
    2011-06-19 21:30 . 2011-06-19 21:30 -------- d-----w- c:\users\Serion\AppData\Local\SCE
    2011-06-19 21:30 . 2011-06-19 21:30 -------- d-----w- c:\users\Public\Sony Online Entertainment
    2011-06-06 16:55 . 2011-06-06 16:55 183696 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2011-06-06 16:55 . 2011-06-06 16:55 183696 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-29 23:35 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2011-06-29 23:35 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2011-06-29 14:47 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-05-24 23:14 . 2009-10-02 15:48 270720 ------w- c:\windows\system32\MpSigStub.exe
    2011-05-04 08:52 . 2010-06-01 21:15 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-04-22 22:15 . 2011-05-24 21:56 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-04-09 07:02 . 2011-05-11 16:32 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-04-09 06:58 . 2011-05-19 05:04 142336 ----a-w- c:\windows\system32\poqexec.exe
    2011-04-09 06:02 . 2011-05-11 16:32 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2011-04-09 06:02 . 2011-05-11 16:32 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2011-04-09 05:56 . 2011-05-19 05:04 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-07-03_07.06.32 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-02-28 20:31 . 2011-07-04 01:45 19720 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-07-04 01:45 29226 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    - 2010-02-28 19:35 . 2011-07-02 05:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-02-28 19:35 . 2011-07-04 01:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-07-04 01:20 . 2011-07-04 01:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2010-02-28 19:35 . 2011-07-02 05:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-07-02 05:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-07-04 01:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-02-28 20:26 . 2011-07-02 04:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-02-28 20:26 . 2011-07-04 01:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-02-28 20:26 . 2011-07-02 04:17 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-02-28 20:26 . 2011-07-04 01:06 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2010-02-28 20:26 . 2011-07-02 04:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-02-28 20:26 . 2011-07-04 01:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-02-28 20:04 . 2011-07-03 07:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-02-28 20:04 . 2011-07-04 01:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-02-28 20:04 . 2011-07-03 07:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-02-28 20:04 . 2011-07-04 01:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-02-28 20:31 . 2011-07-04 01:45 7578 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-172134962-541061724-3732962536-1001_UserData.bin
    + 2011-07-04 01:43 . 2011-07-04 01:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-07-02 04:17 . 2011-07-02 04:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-07-04 01:43 . 2011-07-04 01:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-07-02 04:17 . 2011-07-02 04:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-07-04 01:25 . 2011-05-04 08:52 157472 c:\windows\SysWOW64\javaws.exe
    - 2010-10-16 03:41 . 2010-09-15 08:50 145184 c:\windows\SysWOW64\javaw.exe
    + 2011-07-04 01:25 . 2011-05-04 08:52 145184 c:\windows\SysWOW64\javaw.exe
    + 2011-07-04 01:25 . 2011-05-04 08:52 145184 c:\windows\SysWOW64\java.exe
    - 2010-10-16 03:41 . 2010-09-15 08:50 145184 c:\windows\SysWOW64\java.exe
    - 2009-07-14 02:36 . 2011-07-02 04:22 623940 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2011-07-04 01:10 623940 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2011-07-04 01:10 106316 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2011-07-02 04:22 106316 c:\windows\system32\perfc009.dat
    + 2009-07-14 05:01 . 2011-07-04 01:41 293524 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2011-07-02 04:15 293524 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-07-04 01:04 . 2011-07-04 01:41 725776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-172134962-541061724-3732962536-1001-8192.dat
    + 2011-07-04 01:25 . 2011-07-04 01:25 207360 c:\windows\Installer\11e5d4.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0EF2D241-29F7-472B-875F-380D32EC35Bd}]
    c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-032.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{2A085034-B999-6840-66FD-B392A352D024}]
    c:\programdata\api-ms-win-core-errorhandling-l1-1-032.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
    "Lachesis"="c:\program files (x86)\Razer\Lachesis\razerhid.exe" [2008-10-14 172032]
    "StormCodec_Helper"="c:\program files (x86)\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 97357]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
    "SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [BU]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Play Wireless USB Adapter Utility.lnk - c:\program files (x86)\Belkin\F7D4101\V1\PBN.exe [2009-11-25 110592]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdxserv.exe [2008-02-28 33960]
    R2 TSSFLT;TriSecurity System - Filter Driver;c:\windows\system32\DRIVERS\tssflt.sys [x]
    R2 WLANBelkinService;Belkin WLAN service;c:\program files (x86)\Belkin\F7D4101\V1\wlansrv.exe [2009-12-28 36864]
    R3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [x]
    R3 DynamicEDController;Dynamic ED Controller;c:\windows\SysWOW64\drivers\TSSFSFD.SYS [2009-09-24 70168]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 TVICHW64;TVICHW64;c:\windows\SysWOW64\Drivers\TVICHW64.SYS [2009-07-04 21200]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
    S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
    S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2008-02-28 1044648]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\windows\SysWOW64\nvSCPAPISvr.exe [2009-06-10 232960]
    S2 TSS_FSFILTER;Dynamic ED Controller;c:\windows\SysWOW64\DRIVERS\TSSFSFD.SYS [2009-09-24 70168]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-172134962-541061724-3732962536-1001Core.job
    - c:\users\Serion\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-16 04:50]
    .
    2011-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-172134962-541061724-3732962536-1001UA.job
    - c:\users\Serion\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-16 04:50]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EzPrint"="c:\program files (x86)\Lexmark 3600-4600 Series\ezprint.exe" [2008-06-13 107176]
    "lxdxmon.exe"="c:\program files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-06-13 668328]
    "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 190472]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Download all by FlashGet3 - c:\users\Serion\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
    IE: Download by FlashGet3 - c:\users\Serion\AppData\Roaming\FlashGetBHO\GetUrl.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    LSP: pcaplsp.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
    DPF: {931C1175-E08E-4ADA-9AED-4A2828AE1011} - hxxp://trinity.dlsite.com/activex/pbebkick.cab
    FF - ProfilePath - c:\users\Serion\AppData\Roaming\Mozilla\Firefox\Profiles\4m52bm5m.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2737658&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - %profile%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
    .
    .
    ------- File Associations -------
    .
    .reg=Regedit.Document
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-BitTorrent DNA - c:\users\Serion\Program Files (x86)\DNA\btdna.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    .
    **************************************************************************
    .
    Completion time: 2011-07-03 21:48:15 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-07-04 01:48
    ComboFix2.txt 2011-07-03 07:08
    .
    Pre-Run: 357,123,203,072 bytes free
    Post-Run: 357,072,277,504 bytes free
    .
    - - End Of File - - 11E45B79C19BE36AF078177D9FDBB594

    ============================================================

    Sites removed from Trusted zone.

    ==========================================================

    ProxyCap had to be manually removed. After it was removed it prompted a restart. I could not find the program folder you directed me to (not by manually typing it in or looking in both program folders).

    ===========================================================

    Hmmmm I'm not using a Belkin router right now, it's a cysco linksys. I think I may have used one in the past, however I don't think I am now....

    ===========================================================

    Removed the java entries except v6u10 which was not present...I assume this is because i already removed it in the previous step with updating Java.
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    My mistake on checking for Belkin update. This entry in the Event Viewer was what I was mistakenly going by:
    7/2/2011 12:16:54 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 7 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
    The same error repeats for processor 0 through 7. Looks like this is one of the many unsolved mysteries as it was noted over a years ago and so far, no solution.

    But here is the Belkin entry:
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Play Wireless USB Adapter Utility.lnk - c:\program files (x86)\Belkin\F7D4101\V1\PBN.exe [2009-11-25 110592]


    When you stop using a program or app, don't just desert it- remove it. This one is still on Startup
    ==========================================
    What is Drive F?

    Please give me an update on how the system is doing.
     
  8. rakshas

    rakshas TS Rookie Topic Starter

    I admit I have a tendency to just let unused applications pile up :blush:. Drive F is an external hard drive, and the redirect issue seems to be resolved. I did some testing in IE and Firefox and no redirects occurred. As for the system itself, it's doing fine. I am beginning to think that, for malware, you are perhaps an angel of death :approve:.
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You should be able to connect the Drive F and run the disinfection. This my be because it wasn't connected at the time you ran the program: F:\AUTORUN.INF . . . . Failed to delete

    These 3 outdated Java versions are still on Firefox. So please follow the path I gave you an removed v6u14, v6u20, v6u22.
    If you did this after you ran Combofix, that's why I still see them.
    ==================================
    The system is clean. But if the external HD is connected and not run through Panda first, it could reinfect the system.
    ==================================
    You can Remove all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
      [o] Click START> then RUN
      [o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Download OTCleanIt by OldTimer and save it to your Desktop.
      [o] Double click OTCleanIt.exe.
      [o] Click the CleanUp! button.
      [o] If you are prompted to Reboot during the cleanup, select Yes.
      [o]The tool will delete itself once it finishes.
      Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
      Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    • Set a new, clean Restore Point
      [o] Click on Start> right click on Computer> Properties
      [o] Select System Protection
      [o] Click on the Create button (near bottom)
      [o] Type a name for the Restore Point
      [o] Click on Create again to save the restore point.
    • Deleting all but the most recent System Protection point in Windows 7
      [o] Click Start> Computer> right click the C Drive and choose Properties> enter.
      [o] Click Disk Cleanup from there.
      [​IMG]
      [o] Click Clean up system files
      This restarts Disk Cleanup to run in elevated mode.
      [o] Click the More Options tab
      [​IMG]
      [o] Click the Clean up under System Restore and Shadow Copies.
      [o] Click OK.
      [o] You will get a confirmation screen> Just click Delete.
      [o] Click OK on the Disk Cleanup Screen.
      [o] Click Delete Files on the Confirmation screen.
    [​IMG]
    This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
    Images courtesy lytebyte.

    Empty the Recycle Bin
    ========================================
    Some tips to help keep you safe: All may not work on Win 7:
    Tips for added security and safer browsing: (Links are in Bold Blue)
    1. Browser Security
      [o] Safe Settings (Please ignore the suggestion to use the Registry Editior in this section "Creating a Custom Security Zone")
      [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
      [o] Replace the Host Files
      [o] Google Toolbar Pop Up Blocker
      [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
    2. Have layered Security:
      [o]Antivirus :(only one):Both of the following programs are free and known to be good:
      [o]Avira-AntiVir-Personal-Free-Antivirus
      [o] [o]Avast-Free Antivirus
      [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
      [o]Comodo
      [o]Zone Alarm
    3. Antimalware: I recommend all of the following:
      [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
      [o]Spybot Search & Destroy
    4. Updates: Stay current:
      [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
      [o]Adobe Reader Install current, uninstall old.
      [o]Java Updates Install current, uninstall old.
    5. Tracking Cookies
      Reset Cookie:
      [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
      [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
      I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
      AdBlock Plus
      Easy List
      [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    6. Do regular Maintenance
      [o] Temporary File Cleaner
    7. Restore Points:
      [o]See System Restore Guide
    8. Safe Email Handling
      [o] Don't open email from anyone you don't know.
      [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
      [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
    Please let me know if you find any bad link.
    [​IMG]Peace
     
  10. rakshas

    rakshas TS Rookie Topic Starter

    I greatly appreciate the assistance :). I did indeed remove those previous versions of java after I ran combofix. The computer has been running great and I haven't had any redirects. Cheers :grinthumb
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're welcome! Stay safe.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...