TechSpot

win32/toolbar.widgi application

Solved
By nibbz
Apr 19, 2012
  1. ran a routine eset online scan and it came up with this, which said was probably a variant of
    win32/toolbar.widgi application.....i ran a full scan 2 daYS AGO WITH COMODO AND IT FOUND NOTHING.....what should i do now to clean this?
     
  2. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    Without knowing what file was involved it's impossible to advice.
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    The Widgi Toolbar is usually a part of a Search Settings from a company named Spigot. It is put on a system without your permission or knowledge. The Spigot home site itself is not even permitted to load on my machine, giving the Warning from my Site Advisor that "this company has a bad reputation."

    The Widgi Toolbar is described by Category: Controlled Applications

    While this may sound innocent, perhaps even a 'good thing', it is neither and should be removed, along with the related search entries.
    ==========================================
    I will be glad to help find and remove the malware.

    If you would like us to check the system for malware, please follow these steps: Preliminary Virus and Malware Removal.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    ==========================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    Threads are closed after 5 days if there is no reply.

    Please leave the logs in your next reply for me to review.
     
  4. nibbz

    nibbz TS Rookie Topic Starter Posts: 81

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.04.20.08
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16443
    nibbz :: NIBBZ-PC [administrator]
    4/20/2012 6:58:44 PM
    mbam-log-2012-04-20 (18-58-44).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 211362
    Time elapsed: 2 minute(s), 47 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Users\nibbz\AppData\Local\Temp\50or.exe (PUP.Adware.Agent) -> Quarantined and deleted successfully.
    (end)
     
  5. nibbz

    nibbz TS Rookie Topic Starter Posts: 81

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16443
    Run by nibbz at 19:22:09 on 2012-04-20
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.5105.3764 [GMT -4:00]
    .
    AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
    FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = <local>
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - C:\Program Files (x86)\WOT\WOT.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - C:\Program Files (x86)\WOT\WOT.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    uRun: [Akamai NetSession Interface] "C:\Users\nibbz\AppData\Local\Akamai\netsession_win.exe"
    uRun: [cdloader] "C:\Users\nibbz\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
    mRun: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
    mRun: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    StartupFolder: C:\Users\nibbz\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CLEANT~1.LNK - C:\Users\nibbz\Documents\cleantemp.bat
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Free YouTube Download - C:\Users\nibbz\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
    DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{07FEE089-0AB3-4836-8C6F-4FD7505E0D95} : DhcpNameServer = 192.168.1.1
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
    AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
    TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    mRun-x64: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
    mRun-x64: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\system32\DRIVERS\cmderd.sys --> C:\Windows\system32\DRIVERS\cmderd.sys [?]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
    R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
    R2 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
    R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2012-4-13 409232]
    R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-3-30 1295416]
    R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-11 116648]
    S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-3-30 681016]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-10 253088]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-11 116648]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-04-20 22:58:03 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-04-20 22:58:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-04-20 16:24:55 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{01154ED9-E4F7-49D8-B88D-5BD976186541}\mpengine.dll
    2012-04-20 01:55:18 -------- d-----w- C:\Program Files (x86)\ESET
    2012-04-19 02:19:46 -------- d-----w- C:\Users\nibbz\AppData\Local\Adobe
    2012-04-19 00:48:45 -------- d-----w- C:\Users\nibbz\AppData\Local\magicJack
    2012-04-17 01:11:53 -------- d-----w- C:\ProgramData\magicJack
    2012-04-15 00:38:25 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
    2012-04-15 00:38:16 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2012-04-15 00:37:25 -------- d-----w- C:\Users\nibbz\AppData\Roaming\OpenCandy
    2012-04-15 00:35:33 -------- d-----w- C:\Users\nibbz\AppData\Roaming\DVDVideoSoft
    2012-04-14 16:41:39 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-04-14 16:41:39 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-04-14 13:55:12 8766112 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-13 01:42:15 -------- d-----w- C:\Users\nibbz\AppData\Local\Diagnostics
    2012-04-12 04:23:02 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
    2012-04-12 04:22:55 -------- d-----w- C:\Intel
    2012-04-12 01:28:37 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-04-12 01:28:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-04-12 01:27:17 -------- d-----w- C:\ProgramData\NVIDIA Corporation
    2012-04-12 01:27:11 -------- d-----w- C:\Program Files\NVIDIA Corporation
    2012-04-12 01:22:58 -------- d-----w- C:\Windows\pss
    2012-04-12 01:18:55 -------- d-----w- C:\Users\nibbz\AppData\Local\COMODO
    2012-04-12 01:17:18 -------- d-----w- C:\security software
    2012-04-12 00:50:40 -------- d-----w- C:\Windows\System32\SPReview
    2012-04-12 00:50:33 -------- d-----w- C:\Windows\System32\EventProviders
    2012-04-12 00:50:16 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-04-12 00:50:16 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-04-12 00:50:16 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-04-12 00:48:46 81408 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-04-12 00:48:46 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-04-12 00:48:46 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-04-12 00:48:45 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2012-04-12 00:48:45 5120 ----a-w- C:\Windows\System32\wmi.dll
    2012-04-12 00:48:45 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2012-04-12 00:48:45 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-04-12 00:45:59 94208 ----a-w- C:\Windows\SysWow64\eappgnui.dll
    2012-04-12 00:41:31 -------- d-----w- C:\Windows\SysWow64\C2MP
    2012-04-12 00:28:46 -------- d-----w- C:\Users\nibbz\AppData\Local\Secunia PSI (BETA)
    2012-04-11 23:45:01 -------- d-----w- C:\Users\nibbz\AppData\Local\Google
    2012-04-11 23:44:49 -------- d-----w- C:\Users\nibbz\AppData\Local\Apps
    2012-04-11 23:44:48 -------- d-----w- C:\Users\nibbz\AppData\Local\Deployment
    2012-04-11 23:39:08 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
    2012-04-11 23:39:08 1071088 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
    2012-04-11 23:39:08 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
    2012-04-11 23:35:13 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-04-11 23:02:17 -------- d-----w- C:\ProgramData\CPA_VA
    2012-04-11 02:49:13 -------- d-----w- C:\Program Files\WOT
    2012-04-11 02:49:13 -------- d-----w- C:\Program Files (x86)\WOT
    2012-04-11 02:47:12 -------- d-----w- C:\Users\nibbz\AppData\Roaming\Malwarebytes
    2012-04-11 02:47:07 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-04-11 02:46:30 -------- d-----w- C:\Program Files (x86)\Secunia
    2012-04-11 01:17:29 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2012-04-11 01:17:29 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2012-04-11 01:17:29 1139200 ----a-w- C:\Windows\System32\FntCache.dll
    2012-04-10 22:13:11 -------- d-----w- C:\Windows\SysWow64\Wat
    2012-04-10 22:13:11 -------- d-----w- C:\Windows\System32\Wat
    2012-04-10 21:32:14 -------- d-sh--w- C:\Windows\Installer
    2012-04-10 21:32:01 -------- d-----w- C:\ProgramData\Comodo
    2012-04-10 21:31:45 -------- d-----w- C:\Program Files\COMODO
    2012-04-10 21:31:28 -------- d-----w- C:\Program Files (x86)\Comodo
    2012-04-10 21:31:19 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2012-04-10 21:31:19 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
    2012-04-10 21:31:19 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
    2012-04-10 21:27:11 -------- d-----r- C:\Downloads
    2012-04-10 21:17:57 778752 ----a-w- C:\Windows\System32\mssvp.dll
    2012-04-10 21:16:52 288640 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-04-10 21:16:52 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-04-10 21:16:36 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2012-04-10 21:16:36 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
    2012-04-10 21:16:28 1395712 ----a-w- C:\Windows\System32\mfc42.dll
    2012-04-10 21:16:28 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
    2012-04-10 21:16:28 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
    2012-04-10 21:16:28 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
    2012-04-10 21:16:00 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
    2012-04-10 21:16:00 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-04-10 21:16:00 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-04-10 21:16:00 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-04-10 21:16:00 100864 ----a-w- C:\Windows\System32\fontsub.dll
    2012-04-10 12:41:45 605552 ----a-w- C:\Windows\System32\winload.exe
    2012-04-10 12:40:59 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2012-04-10 12:36:24 77312 ----a-w- C:\Windows\System32\packager.dll
    2012-04-10 12:36:24 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2012-04-10 12:35:14 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2012-04-10 07:47:32 -------- d-sh--w- C:\Boot
    2012-04-10 04:06:10 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-04-10 04:06:09 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-04-10 04:06:09 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-04-10 04:06:09 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-04-10 04:06:09 20992 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
    2012-04-10 04:06:09 162816 ----a-w- C:\Windows\System32\rdpudd.dll
    2012-04-10 04:06:09 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
    2012-04-10 04:06:09 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-04-10 03:57:47 -------- d-sh--we C:\Documents and Settings
    2012-04-10 03:57:47 -------- d-sh--w- C:\Recovery
    .
    ==================== Find3M ====================
    .
    2012-04-12 01:04:17 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2012-04-12 01:04:17 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2012-03-13 18:10:40 4379648 ----a-w- C:\Windows\System32\ffdshow.ax
    2012-03-13 18:09:44 3473408 ----a-w- C:\Windows\SysWow64\ffdshow.ax
    2012-03-13 18:08:28 4477440 ----a-w- C:\Windows\System32\ffmpeg.dll
    2012-03-13 18:06:30 4417024 ----a-w- C:\Windows\SysWow64\ffmpeg.dll
    2012-03-12 01:13:42 577824 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
    2012-03-12 01:13:42 43248 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
    2012-03-12 01:13:40 22696 ----a-w- C:\Windows\System32\drivers\cmderd.sys
    2012-03-12 01:13:22 41200 ----a-w- C:\Windows\System32\cmdcsr.dll
    2012-03-12 01:13:20 301224 ----a-w- C:\Windows\SysWow64\guard32.dll
    2012-03-12 01:13:18 389840 ----a-w- C:\Windows\System32\guard64.dll
    2012-03-10 13:58:00 554496 ----a-w- C:\Windows\System32\LAVSplitter.ax
    2012-03-10 13:57:56 758272 ----a-w- C:\Windows\System32\LAVVideo.ax
    2012-03-10 13:57:52 248320 ----a-w- C:\Windows\System32\LAVAudio.ax
    2012-03-10 13:57:48 202240 ----a-w- C:\Windows\System32\libbluray.dll
    2012-03-10 13:57:42 6627455 ----a-w- C:\Windows\System32\avcodec-lav-54.dll
    2012-03-10 13:57:42 396615 ----a-w- C:\Windows\System32\swscale-lav-2.dll
    2012-03-10 13:57:42 213246 ----a-w- C:\Windows\System32\avutil-lav-51.dll
    2012-03-10 13:57:42 130825 ----a-w- C:\Windows\System32\avfilter-lav-2.dll
    2012-03-10 13:57:42 1161254 ----a-w- C:\Windows\System32\avformat-lav-54.dll
    2012-03-10 13:55:26 462336 ----a-w- C:\Windows\SysWow64\LAVSplitter.ax
    2012-03-10 13:55:22 593920 ----a-w- C:\Windows\SysWow64\LAVVideo.ax
    2012-03-10 13:55:18 216576 ----a-w- C:\Windows\SysWow64\LAVAudio.ax
    2012-03-10 13:55:16 172032 ----a-w- C:\Windows\SysWow64\libbluray.dll
    2012-03-10 13:55:10 6454984 ----a-w- C:\Windows\SysWow64\avcodec-lav-54.dll
    2012-03-10 13:55:10 371592 ----a-w- C:\Windows\SysWow64\swscale-lav-2.dll
    2012-03-10 13:55:10 206473 ----a-w- C:\Windows\SysWow64\avutil-lav-51.dll
    2012-03-10 13:55:10 142473 ----a-w- C:\Windows\SysWow64\avfilter-lav-2.dll
    2012-03-10 13:55:10 1146161 ----a-w- C:\Windows\SysWow64\avformat-lav-54.dll
    2012-03-10 13:53:50 179200 ----a-w- C:\Windows\System32\IntelQuickSyncDecoder.dll
    2012-03-10 13:53:34 144384 ----a-w- C:\Windows\SysWow64\IntelQuickSyncDecoder.dll
    2012-02-26 16:52:52 474624 ----a-w- C:\Windows\System32\ff_kernelDeint.dll
    2012-02-26 16:52:36 92160 ----a-w- C:\Windows\System32\ff_vfw.dll
    2012-02-26 16:52:30 114688 ----a-w- C:\Windows\System32\ff_wmv9.dll
    2012-02-26 16:52:04 631296 ----a-w- C:\Windows\System32\TomsMoComp_ff.dll
    2012-02-26 16:51:32 156672 ----a-w- C:\Windows\System32\ff_libmad.dll
    2012-02-26 16:51:30 359424 ----a-w- C:\Windows\System32\ff_libfaad2.dll
    2012-02-26 16:51:30 183808 ----a-w- C:\Windows\System32\ff_unrar.dll
    2012-02-26 16:51:28 222720 ----a-w- C:\Windows\System32\ff_libdts.dll
    2012-02-26 16:51:28 1532928 ----a-w- C:\Windows\System32\ff_samplerate.dll
    2012-02-26 16:51:28 116224 ----a-w- C:\Windows\System32\ff_liba52.dll
    2012-02-26 16:51:26 190464 ----a-w- C:\Windows\System32\libmpeg2_ff.dll
    2012-02-26 16:47:02 79360 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
    2012-02-26 16:46:18 260608 ----a-w- C:\Windows\SysWow64\TomsMoComp_ff.dll
    2012-02-26 16:46:00 99840 ----a-w- C:\Windows\SysWow64\ff_wmv9.dll
    2012-02-26 16:46:00 158720 ----a-w- C:\Windows\SysWow64\ff_unrar.dll
    2012-02-26 16:45:58 1525248 ----a-w- C:\Windows\SysWow64\ff_samplerate.dll
    2012-02-26 16:45:58 146944 ----a-w- C:\Windows\SysWow64\ff_libmad.dll
    2012-02-26 16:45:56 212480 ----a-w- C:\Windows\SysWow64\ff_libdts.dll
    2012-02-26 16:45:56 115200 ----a-w- C:\Windows\SysWow64\ff_liba52.dll
    2012-02-26 16:45:54 328704 ----a-w- C:\Windows\SysWow64\ff_libfaad2.dll
    2012-02-26 16:45:54 137728 ----a-w- C:\Windows\SysWow64\libmpeg2_ff.dll
    2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-02-15 12:09:40 1576448 ----a-w- C:\Windows\System32\VSFilter.dll
    2012-02-15 12:08:52 1288192 ----a-w- C:\Windows\SysWow64\VSFilter.dll
    2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
    2012-01-30 22:30:22 424960 ----a-w- C:\Windows\System32\cdxareader.ax
    2012-01-30 22:30:08 500224 ----a-w- C:\Windows\System32\FLVSplitter.ax
    2012-01-30 22:29:24 381440 ----a-w- C:\Windows\SysWow64\cdxareader.ax
    2012-01-30 22:29:08 445440 ----a-w- C:\Windows\SysWow64\FLVSplitter.ax
    .
    ============= FINISH: 19:22:38.93 ===============
     
  6. nibbz

    nibbz TS Rookie Topic Starter Posts: 81

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/10/2012 2:51:35 AM
    System Uptime: 4/20/2012 7:08:06 PM (0 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P6T SE
    Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | LGA1366 | 1574/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 932 GiB total, 891.795 GiB free.
    D: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1: 4/10/2012 12:06:10 AM - Windows Update
    RP2: 4/10/2012 8:34:50 AM - Windows Update
    RP3: 4/10/2012 5:35:20 PM - Device Driver Package Install: COMODO Network Service
    RP4: 4/10/2012 5:37:44 PM - Windows Update
    RP5: 4/10/2012 9:18:03 PM - Windows Update
    RP6: 4/10/2012 10:48:57 PM - Installed WOT for Internet Explorer
    RP7: 4/11/2012 7:34:46 PM - Installed Java(TM) 6 Update 31
    RP8: 4/11/2012 8:48:10 PM - Windows Update
    RP9: 4/11/2012 9:24:40 PM - Windows Update
    RP10: 4/11/2012 9:29:36 PM - Windows Update
    RP11: 4/11/2012 9:38:14 PM - Windows Update
    RP12: 4/17/2012 1:20:15 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.3)
    Comodo Dragon
    COMODO GeekBuddy
    ESET Online Scanner v3
    Google Update Helper
    Java Auto Updater
    Java(TM) 6 Update 31
    Malwarebytes Anti-Malware version 1.61.0.1400
    Media Player Codec Pack 4.1.9
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Secunia PSI (3.0.0.0006)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    SpywareBlaster 4.6
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/20/2012 6:50:10 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147014847
    4/20/2012 4:30:07 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user nibbz-PC\Guest SID (S-1-5-21-1243112257-1756932303-4238688702-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    .
    ==== End Of File ===========================
     
  7. nibbz

    nibbz TS Rookie Topic Starter Posts: 81

    gmer produced no log....
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Brand new system> Install Date: 4/10/2012 2:51:35 AM?

    I don't see the Spigot Search Settings but do see Open Candy. You most likely got the Widgi from the same download you got Open Candy:

    Adware:Win32/OpenCandy is an adware program that may be bundled with certain third-party software installation programs. Some versions of this program may send user-specific information, including a unique machine code, operating system information, locale (country), and certain other information to a remote server without obtaining adequate user consent.

    Find this file and delete it as follows:
    2012-04-15 00:37:25 -------- d-----w- C:\Users\nibbz\AppData\Roaming\OpenCandy

    1. Show Hidden Files and Folders in Windows Vista and Windows 7:
    • Click on the Start button and select Computer
    • Press the Alt key on your keyboard and click on Tools
    • Select Folder Options
    • Click the View tab and make sure that Show hidden files and folders is selected under Hidden files and folders
    • Next, uncheck the box next to Hide protected operating system files (Recommended)
    • Then, uncheck the box next to Hide extensions for known filetypes
    • Click Apply then click OK

    2. Right click on Start> Explore> Navigate to Application Data for nibbz> Click on + sign to expand> Right click on Open Candy> Delete.

    3. Go back to Folder Options and rehide the files.
    ============================================
    Reboot
    ============================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

    Leave the log if there is one.
     
  9. nibbz

    nibbz TS Rookie Topic Starter Posts: 81

    C:\Users\nibbz\Desktop\media.player.codec.pack.v4.1.9.setup.exe probably a variant of Win32/Toolbar.Widgi application
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    There it is!

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :Files 
      C:\Users\nibbz\Desktop\media.player.codec.pack.v4.1.9.setup.exe
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ===============================================
    Run one more scan for me, okay?
    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
    =====================================
     
  11. nibbz

    nibbz TS Rookie Topic Starter Posts: 81

    All processes killed
    ========== FILES ==========
    C:\Users\nibbz\Desktop\media.player.codec.pack.v4.1.9.setup.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 14973943 bytes
    ->Temporary Internet Files folder emptied: 860155892 bytes
    ->Java cache emptied: 233248 bytes
    ->Flash cache emptied: 470 bytes

    User: nibbz
    ->Temp folder emptied: 187853116 bytes
    ->Temporary Internet Files folder emptied: 74687180 bytes
    ->Java cache emptied: 1 bytes
    ->Flash cache emptied: 470 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 113549136 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36338242 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1,228.00 mb


    OTM by OldTimer - Version 3.1.19.0 log created on 04262012_173010
    Files moved on Reboot...
    C:\Users\nibbz\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    Registry entries deleted on Reboot...
     
     
  12. nibbz

    nibbz TS Rookie Topic Starter Posts: 81

    CKScanner - Additional Security Risks - These are not necessarily bad
    scanner sequence 3.MN.11.WJLBCQ
    ----- EOF -----
     
  13. nibbz

    nibbz TS Rookie Topic Starter Posts: 81

    if its clean now thanks !!! you guys here are the best and should ne commended for spending so much time solving other peoples problems with viruses Thanks and let me know if anything else i need to do
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Glad to help. Go ahead with the following:

    Remove all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
      [o] Click START> then RUN
      [o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Download OTCleanIt by OldTimer and save it to your Desktop.
      [o] Double click OTCleanIt.exe.
      [o] Click the CleanUp! button.
      [o] If you are prompted to Reboot during the cleanup, select Yes.
      [o]The tool will delete itself once it finishes.
      Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
      Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    • Set a new, clean Restore Point
      [o] Click on Start> right click on Computer> Properties
      [o] Select System Protection
      [o] Click on the Create button (near bottom)
      [o] Type a name for the Restore Point
      [o] Click on Create again to save the restore point.
    • Deleting all but the most recent System Protection point in Windows 7
      [o] Click Start> Computer> right click the C Drive and choose Properties> enter.
      [o] Click Disk Cleanup from there.
      [​IMG]
      [o] Click Clean up system files
      This restarts Disk Cleanup to run in elevated mode.
      [o] Click the More Options tab
      [​IMG]
      [o] Click the Clean up under System Restore and Shadow Copies.
      [o] Click OK.
      [o] You will get a confirmation screen> Just click Delete.
      [o] Click OK on the Disk Cleanup Screen.
      [o] Click Delete Files on the Confirmation screen.
    [​IMG]
    This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
    Images courtesy lytebyte.

    Empty the Recycle Bin
     
  15. nibbz

    nibbz TS Rookie Topic Starter Posts: 81

    Ok done,new restore point done per ur instructions....
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Stay safe and enjoy computing!

    You may find the following helpful: (Links are Bold Blue)
    Tips for added security and safer browsing:
    1. Browser Security
      [o][url="http://www.bleepingcomputer.com/tutorials/tutorial102.htm]Make Internet Explorer safer][/url]
      [o] Use a Site Advisor..
      Have layered Security:
    2. Antivirus Software(only one):
      [o]Microsoft Security Essentials
      [o]Comodo AV
      [o]Avast! Free Antivirus
      =============================
    3. Firewall (only one)
      [o] Zone Alarm Free
      [o]Comodo Firewall Free
    4. Antispyware/Security: I recommend all of the following:
      [o]Spywareblaster:Protects against bad ActiveX.
      [o]IE/Spyad Restricts bad domains.
      [o]MVPS Hosts files Directs HOSTS file to 127.0.0.1 which is your local computer.
      [o]Google Toolbar Popup Stopper
    5. Stay current on updates:
      [o] Windows Updates. You should get All updates marked Critical and the current SP updates.
      [o] Adobe Reade. Uninstall old.
      [o]Java Uninstall old.
    6. Reset Cookies to prevent Tracking Cookies:
      [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
      [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
      I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
      AdBlock Plus
      Easy List
      [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
      (First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
    7. Do regular Maintenance
      [o]To include Disc Cleanup, Defrag, Error Check/
    8. Remove Temporary Internet Files regularly:
      [o]TFC
    9. System Restore GuideUnderstand Restore Points> why you need to clean and set restore points and what information is in them.
      [*] Practice Safe Email Handling
      [o] Don't open email from anyone you don't know.
      [o] Don't open Attachments in the email. Save to your desktop and scan for viruses using a right click
      [o] Don't leave your personal email address on the internet/ Have a separate email account on free web-based mail.

    Please let me know if you find any bad links.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.