[Resolved] 'Bot not crypted' message

[guitarebasse]

By the way, I have a couple of queries.

Firstly, during the ComboFix scan, the following words appeared in the window several times: "Access denied. Administrator permissions are needed to use the selected options. Use an administrator command prompt to complete these tasks." This message appeared, I think, twice at the start of the scan, once during it and twice as the utility was about to reboot Windows. Is it anything to worry about?

Secondly, when ComboFix was preparing the log report, the following error message came up, before disappearing after several seconds: "Can't Execute 'CEC_Main.exe' Please reinstall the program!" Again, is this any cause for concern?

Thanks for all your help so far.

[1972vet]

By the way, I have a couple of queries...Firstly, during the ComboFix scan, the following words appeared in the window several times: "Access denied. Administrator permissions are needed to use the selected options. Use an administrator command prompt to complete these tasks."
This message appeared, I think, twice at the start of the scan, once during it and twice as the utility was about to reboot Windows. Is it anything to worry about?
No. The utility performed and removed it's intended target.
 
Secondly, when ComboFix was preparing the log report, the following error message came up, before disappearing after several seconds: "Can't Execute 'CEC_Main.exe' Please reinstall the program!" Again, is this any cause for concern? Thanks for all your help so far.
That message relates to your camera assistant for your integrated camera. It evidently was arrested during combofix's construction of the log. On your next reboot, you should not see the message again. Furthermore, you don't need that program running on startup but that's your call.

We need to perform another run since your last scan. In previous logs, your system had two locked registry keys. Both were successfully unlocked during the last scan. However, you now have more locked keys than you did at the start.

Let's disable windows defender:

• Open Microsoft Windows Defender. Click Start, Programs, Windows Defender
• Click on Tools, General Settings
• Under Real-time protection options, unselect the Turn on real-time protection check box
• Click Save

Please remember to turn Windows Defender back on when we finish with the cleanup.

Please open a blank Notepad by clicking start-->run
Then, in the run box type Notepad.exe and click "OK".
Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

Combofix will run again automatically. Please post back the new log that will be generated. Thanks!
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


KILLALL::

Reglock::
[HKEY_USERS\S-1-5-21-1921956558-1538204406-2500925312-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts]

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

[guitarebasse]

Once again, pardon me for the hiatus since my last post. Now that my Romanian brothers-in-law have gone home I can concentrate on this stuff.

Here is the log from the latest ComboFix run:

ComboFix 10-08-19.02 - Administrator 24/08/2010  18:32:37.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.1915.1052 [GMT 1:00]
Running from: c:\users\Dave_2\Desktop\ComboFix.exe
Command switches used :: c:\users\Dave_2\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Dave_2\AppData\Local\temp\D29A.tmp

.
(((((((((((((((((((((((((   Files Created from 2010-07-24 to 2010-08-24  )))))))))))))))))))))))))))))))
.

2010-08-24 17:39 . 2010-08-24 17:43   --------   d-----w-   c:\users\Administrator\AppData\Local\temp
2010-08-24 17:39 . 2010-08-24 17:39   --------   d-----w-   c:\users\Public\AppData\Local\temp
2010-08-24 17:39 . 2010-08-24 17:39   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-08-24 17:39 . 2010-08-24 17:39   --------   d-----w-   c:\users\Dave_2\AppData\Local\temp
2010-08-24 17:39 . 2010-08-24 17:39   --------   d-----w-   c:\users\Dave\AppData\Local\temp
2010-08-15 21:46 . 2010-08-15 21:51   --------   d-----w-   c:\users\Administrator\AppData\Local\Adobe
2010-08-15 21:46 . 2010-08-15 22:34   --------   d-----w-   c:\programdata\NOS
2010-08-14 11:01 . 2010-08-14 11:01   --------   d-----w-   c:\users\Administrator\AppData\Local\SupportSoft
2010-08-14 11:01 . 2010-08-14 11:02   89160   ----a-w-   c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-08-14 11:01 . 2010-08-14 11:01   --------   d-----w-   c:\users\Administrator\AppData\Local\Google
2010-08-14 11:01 . 2010-08-14 11:01   --------   d-----w-   c:\users\Administrator\AppData\Local\Toshiba
2010-08-14 11:01 . 2010-08-14 11:01   8224   ----a-w-   c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-11 22:18 . 2010-05-27 20:08   81920   ----a-w-   c:\windows\system32\iccvid.dll
2010-08-11 22:17 . 2010-06-21 13:37   2037760   ----a-w-   c:\windows\system32\win32k.sys
2010-08-11 22:17 . 2010-06-18 17:31   36864   ----a-w-   c:\windows\system32\rtutils.dll
2010-08-11 22:17 . 2010-06-08 17:35   3548040   ----a-w-   c:\windows\system32\ntoskrnl.exe
2010-08-11 22:17 . 2010-06-08 17:35   3600768   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2010-08-11 22:17 . 2010-06-11 16:15   1248768   ----a-w-   c:\windows\system32\msxml3.dll
2010-08-11 22:17 . 2010-06-18 15:04   302080   ----a-w-   c:\windows\system32\drivers\srv.sys
2010-08-11 22:17 . 2010-06-18 15:04   144896   ----a-w-   c:\windows\system32\drivers\srv2.sys
2010-08-11 22:17 . 2010-06-16 16:04   905088   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2010-08-01 08:54 . 2010-08-01 08:54   --------   d-----w-   c:\program files\Trend Micro

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-23 20:48 . 2009-05-25 22:40   --------   d-----w-   c:\users\Dave\AppData\Roaming\Spotify
2010-08-23 20:37 . 2009-10-30 18:03   1   ----a-w-   c:\users\Dave\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-15 21:50 . 2008-08-07 16:47   --------   d-----w-   c:\program files\Common Files\Adobe
2010-08-15 21:46 . 2010-08-15 21:46   77184   ----a-w-   c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-08-15 11:28 . 2009-12-31 19:35   --------   d-----w-   c:\program files\Common Files\Adobe AIR
2010-08-15 11:26 . 2009-12-31 19:35   53632   ----a-w-   c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-11 22:33 . 2008-08-07 17:00   --------   d-----w-   c:\program files\Microsoft Works
2010-08-11 22:29 . 2008-08-07 16:58   --------   d-----w-   c:\programdata\Microsoft Help
2010-08-11 22:28 . 2006-11-02 11:18   --------   d-----w-   c:\program files\Windows Mail
2010-08-11 19:59 . 2008-08-07 16:06   --------   d-----w-   c:\program files\Java
2010-08-11 19:59 . 2008-08-07 16:06   --------   d-----w-   c:\program files\Common Files\Java
2010-08-01 08:54 . 2010-08-01 08:54   388096   ----a-r-   c:\users\Dave_2\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-24 20:25 . 2009-10-02 21:39   --------   d-----w-   c:\program files\McAfee
2010-07-15 14:18 . 2009-10-02 21:39   130424   ----a-w-   c:\windows\system32\drivers\Mpfp.sys
2010-07-06 20:47 . 2010-08-14 11:00   53632   ----a-w-   c:\users\Administrator\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-06 20:47 . 2010-07-06 20:49   53632   ----a-w-   c:\users\Dave\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-26 06:35 . 2008-08-07 17:00   --------   d-----w-   c:\program files\Microsoft.NET
2010-06-26 06:05 . 2010-08-11 22:18   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 22:18   71680   ----a-w-   c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 22:18   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 22:18   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
2010-06-23 19:53 . 2010-06-23 19:53   784136   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-06-11 16:16 . 2010-08-11 22:18   274944   ----a-w-   c:\windows\system32\schannel.dll
2010-05-28 23:49 . 2010-05-28 23:49   411368   ----a-w-   c:\windows\system32\deployJava1.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-19 30192]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2009-04-21 1045904]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\users\Dave_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):85,85,ac,ad,a1,12,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-19 30192]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-03-26 93320]
S2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [2007-06-07 202280]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2009-04-21 116104]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-02-06 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-24 73728]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-10-02 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-20 11:22]

2010-07-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-20 11:22]

2010-08-24 c:\windows\Tasks\User_Feed_Synchronization-{285C7679-DB70-4619-AFF2-B990A28D9E7F}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home
Trusted Zone: o2.co.uk\*.broadband
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-24 18:43
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i????5`?u??P?#?x?#???#???#?? 

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1921956558-1538204406-2500925312-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,25,d2,42,36,22,bf,4d,87,53,4b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,52,25,d2,42,36,22,bf,4d,87,53,4b,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5544)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\agrsmsvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\windows\system32\rundll32.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
c:\windows\system32\igfxext.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-08-24  18:49:24 - machine was rebooted
ComboFix-quarantined-files.txt  2010-08-24 17:49
ComboFix2.txt  2010-08-20 20:46
ComboFix3.txt  2010-08-18 20:47
ComboFix4.txt  2010-08-15 09:26

Pre-Run: 35,264,188,416 bytes free
Post-Run: 35,258,945,536 bytes free

- - End Of File - - FC8FCDEBE2AF3D5B069044999BFC480E

[1972vet]

Your log shows more issues each time you post. Please don't use the computer for anything else while this cleanup session is underway.

The following program showed up on 8/23:
c:\users\Dave\AppData\Roaming\Spotify
...and is not necessarily malicious, but it is ad supported. All that means is that yous system will be plagued with ads, some of which you don't want. Please uninstall this program.

Along with this, your log shows another locked registry key, evidently due to the program mentioned above...more reason to uninstall it.

Please open a blank Notepad by clicking start-->run
Then, in the run box type Notepad.exe and click "OK".
Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

Combofix will run again automatically. Please post back the new log that will be generated. Thanks!
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


KILLALL::

Folder::
c:\users\Dave\AppData\Roaming\Spotify

Reglock::
[HKEY_USERS\S-1-5-21-1921956558-1538204406-2500925312-500\Software\Microsoft\Internet Explorer\User Preferences]

[guitarebasse]

Please could you clarify a few things for me before I go ahead and run your latest ComboFix script?

You say that Spotify "showed up on 8/23" and is "not necessarily malicious, but it is ad supported" meaning that my system "will be plagued with ads". In fact, this program showed up in the previous ComboFix scans as well.

Spotify is a legitimate music streaming service, founded in Sweden and based in Britain, which is available in free (ad-supported) and subscription versions. I have the free version. I am unclear what you mean when you say that my system "will be plagued with ads". Obviously, the music tracks on Spotify are interspersed with occasional advertisements, but having to listen to them is obviously the price I pay for getting the music free. Do you mean that Spotify, or the advertisements it carries, could be providing a conduit for malware to get on to my computer?

The Wikipedia entry on Spotify (which I looked at using another computer) says that, earlier this year, Symantec identified Spotify as a trojan, but the Symantec website appears to indicate that this was a false positive. One contributor speculated that  Spotify had not been recognised as legitimate as it is not yet available is the US.

You also say that Spotify is "evidently" to blame for my latest locked registry key. Is there really evidence for this?

I'm sorry if I appear to question your advice, but I am reluctant to ditch Spotify since I get a lot of pleasure out of listening to music from its very extensive catalogue.

[1972vet]

Spotify "showed up on 8/23

I've misspoken. Spotify, according to the log, was modified on that date. I only noted it since with that log, the newest "locked" key showed up. Nothing else evident in the log would have done this.

Spotify is a legitimate music streaming service, founded in Sweden and based in Britain, which is available in free (ad-supported) and subscription versions.

I know what "Spotify" is and very glad to see now that you also know now that it is indeed ad supported.

I have the free version. I am unclear what you mean when you say that my system "will be plagued with ads".

What I mean is, your system will be plagued with advertisements.

Obviously, the music tracks on Spotify are interspersed with occasional advertisements, but having to listen to them is obviously the price I pay for getting the music free.

Ok then, you've obviously given this some thought. If you are willing to pay the price, then leave things as they are.

Do you mean that Spotify, or the advertisements it carries, could be providing a conduit for malware to get on to my computer?

You've understood correctly.

So...are you happy with the system's performance now?

[guitarebasse]

Yes, I am happy with the system's current performance. In fact it wasn't performing badly before, when the "bot not crypted" message was appearing, but I was concerned that there could be hidden problems, such as spyware compromising my online security.

As for Spotify, I have uninstalled it. If I find I can't live without it, I will sign up to one of its subscription services, since getting rid of the ads would presumably reduce, if not eliminate, my potential exposure to malware intrusions.

Here's the latest ComboFix log:

ComboFix 10-08-27.03 - Administrator 28/08/2010  13:07:38.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.1915.822 [GMT 1:00]
Running from: c:\users\Dave_2\Desktop\ComboFix.exe
Command switches used :: c:\users\Dave_2\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((   Files Created from 2010-07-28 to 2010-08-28  )))))))))))))))))))))))))))))))
.

2010-08-28 12:14 . 2010-08-28 12:18   --------   d-----w-   c:\users\Administrator\AppData\Local\temp
2010-08-28 12:14 . 2010-08-28 12:14   --------   d-----w-   c:\users\Public\AppData\Local\temp
2010-08-28 12:14 . 2010-08-28 12:14   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-08-28 12:14 . 2010-08-28 12:14   --------   d-----w-   c:\users\Dave_2\AppData\Local\temp
2010-08-28 12:14 . 2010-08-28 12:14   --------   d-----w-   c:\users\Dave\AppData\Local\temp
2010-08-15 21:46 . 2010-08-15 21:51   --------   d-----w-   c:\users\Administrator\AppData\Local\Adobe
2010-08-15 21:46 . 2010-08-15 22:34   --------   d-----w-   c:\programdata\NOS
2010-08-14 11:01 . 2010-08-14 11:01   --------   d-----w-   c:\users\Administrator\AppData\Local\SupportSoft
2010-08-14 11:01 . 2010-08-14 11:02   89160   ----a-w-   c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-08-14 11:01 . 2010-08-14 11:01   --------   d-----w-   c:\users\Administrator\AppData\Local\Google
2010-08-14 11:01 . 2010-08-14 11:01   --------   d-----w-   c:\users\Administrator\AppData\Local\Toshiba
2010-08-14 11:01 . 2010-08-14 11:01   8224   ----a-w-   c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-11 22:18 . 2010-05-27 20:08   81920   ----a-w-   c:\windows\system32\iccvid.dll
2010-08-11 22:17 . 2010-06-21 13:37   2037760   ----a-w-   c:\windows\system32\win32k.sys
2010-08-11 22:17 . 2010-06-18 17:31   36864   ----a-w-   c:\windows\system32\rtutils.dll
2010-08-11 22:17 . 2010-06-08 17:35   3548040   ----a-w-   c:\windows\system32\ntoskrnl.exe
2010-08-11 22:17 . 2010-06-08 17:35   3600768   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2010-08-11 22:17 . 2010-06-11 16:15   1248768   ----a-w-   c:\windows\system32\msxml3.dll
2010-08-11 22:17 . 2010-06-18 15:04   302080   ----a-w-   c:\windows\system32\drivers\srv.sys
2010-08-11 22:17 . 2010-06-18 15:04   144896   ----a-w-   c:\windows\system32\drivers\srv2.sys
2010-08-11 22:17 . 2010-06-16 16:04   905088   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2010-08-01 08:54 . 2010-08-01 08:54   --------   d-----w-   c:\program files\Trend Micro

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-23 20:37 . 2009-10-30 18:03   1   ----a-w-   c:\users\Dave\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-15 21:50 . 2008-08-07 16:47   --------   d-----w-   c:\program files\Common Files\Adobe
2010-08-15 21:46 . 2010-08-15 21:46   77184   ----a-w-   c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-08-15 11:28 . 2009-12-31 19:35   --------   d-----w-   c:\program files\Common Files\Adobe AIR
2010-08-15 11:26 . 2009-12-31 19:35   53632   ----a-w-   c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-11 22:33 . 2008-08-07 17:00   --------   d-----w-   c:\program files\Microsoft Works
2010-08-11 22:29 . 2008-08-07 16:58   --------   d-----w-   c:\programdata\Microsoft Help
2010-08-11 22:28 . 2006-11-02 11:18   --------   d-----w-   c:\program files\Windows Mail
2010-08-11 19:59 . 2008-08-07 16:06   --------   d-----w-   c:\program files\Java
2010-08-11 19:59 . 2008-08-07 16:06   --------   d-----w-   c:\program files\Common Files\Java
2010-08-01 08:54 . 2010-08-01 08:54   388096   ----a-r-   c:\users\Dave_2\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-24 20:25 . 2009-10-02 21:39   --------   d-----w-   c:\program files\McAfee
2010-07-15 14:18 . 2009-10-02 21:39   130424   ----a-w-   c:\windows\system32\drivers\Mpfp.sys
2010-07-06 20:47 . 2010-08-14 11:00   53632   ----a-w-   c:\users\Administrator\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-06 20:47 . 2010-07-06 20:49   53632   ----a-w-   c:\users\Dave\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-26 06:05 . 2010-08-11 22:18   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 22:18   71680   ----a-w-   c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 22:18   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 22:18   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
2010-06-23 19:53 . 2010-06-23 19:53   784136   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-06-11 16:16 . 2010-08-11 22:18   274944   ----a-w-   c:\windows\system32\schannel.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-19 30192]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2009-04-21 1045904]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

c:\users\Dave_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):85,85,ac,ad,a1,12,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-19 30192]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-03-26 93320]
S2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [2007-06-07 202280]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2009-04-21 116104]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-02-06 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-24 73728]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-10-02 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-20 11:22]

2010-07-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-20 11:22]

2010-08-28 c:\windows\Tasks\User_Feed_Synchronization-{285C7679-DB70-4619-AFF2-B990A28D9E7F}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home
Trusted Zone: o2.co.uk\*.broadband
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-28 13:17
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i????5`?u??P?#?x?#???#???#?? 

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5732)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\agrsmsvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\windows\system32\rundll32.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
c:\windows\system32\igfxext.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-08-28  13:23:58 - machine was rebooted
ComboFix-quarantined-files.txt  2010-08-28 12:23
ComboFix2.txt  2010-08-24 17:49
ComboFix3.txt  2010-08-20 20:46
ComboFix4.txt  2010-08-18 20:47
ComboFix5.txt  2010-08-28 12:05

Pre-Run: 39,386,058,752 bytes free
Post-Run: 39,265,546,240 bytes free

- - End Of File - - FD372550CA1640738BD33302AAFDEF53

[1972vet]

The log looks clean. Congratulations! You can delete these now:
DDS.scr
DDS.txt
Attach.txt
GMER.zip
GMER.exe
Ark.txt
TDSSKiller
C:\TDSSKiller_log


Next, please click start-->run...then copy and paste the Bold text below into the run box and click "OK":

ComboFix /Uninstall

Performing this function will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again for you automatically.

Now that your system is clean and running the way you expect, let's create a new restore point you can refer to should the need arise at some point in the future.

Please click "Start->Programs->Accessories->System Tools->System Restore". In the new window, check the 'Create a restore point' in the right pane and click "Next". In the "Restore point description" textbox, name your restore point to something you will easily recognize. I recommend something like yyyymmdd_Clean (ex. 20090101_Clean) Click "Create" and reboot your computer.

To assist in the prevention of malicious software intrusion and infections:

Please remember to keep antivirus software on board and always use it's real time protection feature. Run a complete system scan at least once a week...preferably in Safe mode.

If your antivirus program is a licensed version that is about to expire, you can consider using one of these available free on the public domain:

Microsoft Security Essentials
AntiVir Personal Edition Classic
Avast! 4 Home Edition

Those of us in the online safety/security community have tried and tested these programs to determine their abilities. Having in mind, nothing is ever a guarantee regarding computer security, these programs nevertheless, combined with the rest of these recommendations are certain to have an impact in helping to keep your system running free and clear. I personally have been completely satisfied from having tested and used each one of those at one time or another.

Although my personal preference is Avira Antivir, one should not rely just on one person's anecdotal account of the effectivness or efficiency of any one in particular but should determine which best suits their own needs.

Immunize your browser by installing Spywareblaster. What does it do?

• Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
• Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
• Restricts the actions of potentially unwanted sites in Internet Explorer.

Keep your anti-virus and spyware definitions up to date. Be sure to scan often.

Web of Trust, (WOT,) warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

• Green to go
• Yellow for caution
• Red to stop

WOT has an add-on available for both Firefox and IE.

Install the Winpatrol security monitor utility. WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. What I hear most from users is how much they like the startup control feature and it's ease of use. Need help understanding something about Winpatol? Here it is.

Below you can choose from several of the freeware Firewalls available on the public domain. Even though you may have a Firewall already installed, keep this list handy should you choose not to renew your subscription for whatever reason.

You should always have at least (but not more than ) one of these types of third party firewalls running on board:
Sunbelt Personal Firewall

Zone Alarm Beware This download includes the Ask Toolbar...The ZoneAlarm Spy Blocker toolbar is powered by "Ask.com". The "Ask" search engine will cause "targeted" ads to be presented to you based upon the content of the web pages you visit, any personally identifiable information you have provided to "Ask.com", or keywords appearing in your search queries. Many security experts consider this type of behavior offensive...Windows 2k/XP/Vista

Outpost Free

Comodo...I highly recommend this firewall, but it may just be best suited for advanced users.

Keep your software updated...make it easier on yourself and install the free security tool "Secunia PSI"

It helps in the background to protect your system against software vulnerabilities. The free utility scans your system's software applications and offers a one button "Download "Solution" feature that updates the exploited software that it finds AND provides other related information/patching if warranted.

Stay updated with the most recent Windows patches as well...using Microsoft's Windows Update. Make it easy on yourself, and set this feature to Automatic.

Using an alternate browser can reduce your chance of certain infections installing themselves. I recommend installing Mozilla Firefox. If you don't already have "Firefox", please consider installing and using this browser for surfing.

If you still wish to use Internet Explorer, please make sure you install SpywareBlaster (from above) to protect you from most ActiveX infections.

Run CCleaner often. The Yahoo Toolbar is included by default during the installation...if you DO NOT WANT IT, be sure to remove the check from the "Add CCleaner Yahoo! Toolbar and use CCleaner from  your browser" option during installation setup or else just download the Slim version (no toolbar...last download link at the bottom of that page)...

Or if you just want to run your on board Disk Cleanup:
("Start--> Programs-->Accessories-->System Tools-->Disk Cleanup" ), just open the utility and check off the following:
Downloaded Program Files, Temporary Internet Files, Recycle Bin, and Temporary Files. Don't forget to defrag the system.

So how did I get infected in the first place?
Regards, and Happy Surfing!

This thread is now closed as the issue appears to be resolved.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.