18 replies to this topic

[victusdementis]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:43:36 PM, on 5/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\GE\97769 Dual Scroll Optical Mouse\Amoumain.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
\?\globalroot\C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O1 - Hosts: rch.info
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\GE\97769 Dual Scroll Optical Mouse\Amoumain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\Main\protect.dll,_IWMPEvents@16
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\m0t9i2fim.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\m0t9i2fim.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\2785438620.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SYS32DLL] SYS32DLL (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\m0t9i2fim.exe (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1154225769015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1243000470656
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StumbleUponUpdateService - stumbleupon.com - C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8127 bytes


Hello,iv had this problem going on a month so far and its making my life very miserable.i first noticed that my browser kept coming up with bogus search results in google and yahoo search and so i did a scan withmalwarebytes and got rid of it(assumably).a few days later i started to notice that at random times whenever i would click a link to a site(email checking,myspace,etc)i would get redirected to some spam or bogus site and it has not stopped at all.now im beginning to notice that it seems to delete my adobe flash so i cannot view youtube videos.i then tried to do a spybot search and destroy,but about ten minutes in the scan it froze my computer.then i tried malwarebytes,then it restarted my computer.then the trend micro house call and the same thing happened.the anti walware removal tool from microsoft it did that as well.i have to go into safe mode whenever i boot my computer up to use malwarebytes just so i can function.please help me im in dire straights!i would appreciate any help given.thank you for reading this.

[miekiemoes]

Hi,

Please post the MalwareBytes log in your next reply.
Also, Is there any reason why you don't have an Antivirus installed?

Extra note.. I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.
Then run ResetTeaTimer.exe.
This will only take a few seconds.

Then rerun malwarebytes and post the log.

[victusdementis]

hello,thank you very much for helping me,i do appreciate it.to be honest iv never needed a full antivirus,iv never had these problems before.but iv run trend micros house call scan at least once every two weeks for a little while now just to make sure..and ever since this started,every antivirus program out there has frozen up my computer or has made it restart.

i followed your instructions but when i went to do a malwarebytes full system scan about 5 minutes into the scan it restarted my computer.should i try a quick scan instead?

[miekiemoes]

Quote

to be honest iv never needed a full antivirus,iv never had these problems before.

Ehm, an Antivirus is mainly for PREVENTION. Please see here: http://miekiemoes.blogspot.com/2008/08/i-d...use-i-have.html

Quote

i followed your instructions but when i went to do a malwarebytes full system scan about 5 minutes into the scan it restarted my computer.should i try a quick scan instead?

Yes, because that's also what I instructed.
If it still reboots, try from Windows safe mode.

[victusdementis]

god i feel like an idiot.no one needs surgery until they need a new organ.your absolutely correct.
it looks like quick scan worked and yes the results were rather scary.







Malwarebytes' Anti-Malware 1.37
Database version: 2185
Windows 5.1.2600 Service Pack 2

5/27/2009 10:22:07 AM
mbam-log-2009-05-27 (10-22-07).txt

Scan type: Quick Scan
Objects scanned: 89036
Time elapsed: 3 minute(s), 19 second(s)

Memory Processes Infected: 5
Memory Modules Infected: 1
Registry Keys Infected: 7
Registry Values Infected: 7
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 23

Memory Processes Infected:
C:\WINDOWS\pp10.exe (Worm.Koobface) -> Unloaded process successfully.
C:\WINDOWS\system32\SYSDLL.exe (Trojan.Proxy) -> Unloaded process successfully.
C:\WINDOWS\system32\SYSDLL.exe (Trojan.Proxy) -> Unloaded process successfully.
c:\program Files\ThunMail\testabd.exe (Spyware.OnlineGamer) -> Unloaded process successfully.
C:\WINDOWS\ld08.exe (Worm.Koobface) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\autochk.dll (Spyware.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\ty667.ty667mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{437a43d5-e5c3-4959-bbd0-f2bfb1edc6fd} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{437a43d5-e5c3-4959-bbd0-f2bfb1edc6fd} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{437a43d5-e5c3-4959-bbd0-f2bfb1edc6fd} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ty667.ty667mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Spyware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pp (Worm.Koobface) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Spyware.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Spyware.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svc (Spyware.OnlineGamer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Worm.Koobface) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdll (Worm.Autorun) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux3 (Trojan.JSRedir.H) -> Bad: (C:\WINDOWS\system32\..\tvx.obn) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Spyware.OnlineGamer) -> Data: c:\progra~1\thunmail\testabd.dll -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\ThunMail (Spyware.OnlineGamer) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\autochk.dll (Spyware.Agent) -> Delete on reboot.
C:\WINDOWS\pp10.exe (Worm.Koobface) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SYSDLL.exe (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\protect.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\protect.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysloc\sysloc.dll (Trojan.BHO) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lmn_setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\config\systemprofile\protect.dll (Spyware.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\msb.dll (Spyware.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Main\protect.dll (Spyware.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Main\local settings\temporary internet files\Content.IE5\2USVL5LO\nfr[1].exe (Trojan.Proxy) -> Quarantined and deleted successfully.
c:\documents and settings\Main\local settings\temporary internet files\Content.IE5\LNE8GJNP\6244[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Main\local settings\temporary internet files\Content.IE5\P8X0GHQA\nfr[1].exe (Trojan.Proxy) -> Quarantined and deleted successfully.
c:\documents and settings\Main\start menu\Programs\Startup\ChkDisk.dll (Spyware.Agent) -> Quarantined and deleted successfully.
c:\program files\ThunMail\testabd.dll (Spyware.OnlineGamer) -> Quarantined and deleted successfully.
c:\program files\ThunMail\testabd.exe (Spyware.OnlineGamer) -> Quarantined and deleted successfully.
C:\WINDOWS\ld08.exe (Worm.Koobface) -> Quarantined and deleted successfully.
c:\documents and settings\Main\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\9g2234wesdf3dfgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\documents and settings\Main\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Temp\nsrbgxod.bak (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vp_setup.exe.bat (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\sonce122730.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

[miekiemoes]

I have a bad feeling here though. It smells that you may also be dealing with Virut.
I really hope that's not the case here, because that would be a lost situation then.
It's easy to find out though... If an Antivirus immediately crashes or won't properly install, then you may be indeed dealing with Virut.

* Please install Avira Antivirus: http://www.free-av.com/

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply.

[victusdementis]

:sigh:

i downloaded it and tried a full system scan,same result.computer restarts.

[miekiemoes]

Can you try in Windows safe mode?

[victusdementis]

i was able to do a full system scan in safe mode and this is the report




Avira AntiVir Personal
Report file date: Wednesday, May 27, 2009 21:20

Scanning for 1284893 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Save mode
Username : Main
Computer name : TYR

Version information:
BUILD.DAT : 9.0.0.394 17962 Bytes 4/17/2009 11:20:00
AVSCAN.EXE : 9.0.3.5 466689 Bytes 4/17/2009 14:57:30
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 16:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 17:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 16:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 18:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 02:33:26
ANTIVIR2.VDF : 7.1.2.105 513536 Bytes 3/3/2009 13:41:14
ANTIVIR3.VDF : 7.1.2.127 110592 Bytes 3/5/2009 20:58:20
Engineversion : 8.2.0.100
AEVDF.DLL : 8.1.1.0 106868 Bytes 1/27/2009 23:36:42
AESCRIPT.DLL : 8.1.1.56 352634 Bytes 2/27/2009 02:01:56
AESCN.DLL : 8.1.1.7 127347 Bytes 2/12/2009 17:44:25
AERDL.DLL : 8.1.1.3 438645 Bytes 10/30/2008 00:24:41
AEPACK.DLL : 8.1.3.10 397686 Bytes 3/4/2009 19:06:10
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/27/2009 02:01:56
AEHEUR.DLL : 8.1.0.100 1618295 Bytes 2/25/2009 21:49:16
AEHELP.DLL : 8.1.2.2 119158 Bytes 2/27/2009 02:01:56
AEGEN.DLL : 8.1.1.24 336244 Bytes 3/4/2009 19:06:10
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 20:32:40
AECORE.DLL : 8.1.6.6 176501 Bytes 2/17/2009 20:22:44
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 20:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 14:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 16:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 20:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 16:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 21:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 16:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 21:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 14:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 16:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 2/9/2009 17:45:45
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 16:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Wednesday, May 27, 2009 21:20

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '72' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\Main\.housecall\Quarantine\Keygen for F.E.A.R.exe.bac_a02616
[DETECTION] Is the TR/Agent.aox Trojan
C:\Documents and Settings\Main\.housecall6.6\Quarantine\Keygen for F.E.A.R.exe.bac_a02376
[DETECTION] Is the TR/Agent.aox Trojan
C:\Documents and Settings\Main\.housecall6.6\Quarantine\Keygen for F.E.A.R.exe.bac_a02616
[DETECTION] Is the TR/Agent.aox Trojan
C:\Documents and Settings\Main\My Documents\FantaMorph_mahek.rar
[0] Archive type: RAR
--> FantaMorph_mahek\FantaMorph_HoCuS\keygen\keygen.exe
[DETECTION] Contains recognition pattern of the DIAL/27137.A dialer
C:\Starcraft Broodwar\Files\StarCraft_NOCD_Loader-DD.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0Q1MGLQ4\cd[1].htm
[DETECTION] Contains HEUR/Malware suspicious code
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0Q1MGLQ4\lsp[1].exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7E2AZEI5\lsp[1].exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\EGKTYHQF\cd[1].htm
[DETECTION] Contains HEUR/Malware suspicious code
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PKVCMK2F\6244[1].exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\WINDOWS\system32\drivers\dtscsi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd3869.sys
[WARNING] The file could not be opened!

Beginning disinfection:
C:\Documents and Settings\Main\.housecall\Quarantine\Keygen for F.E.A.R.exe.bac_a02616
[DETECTION] Is the TR/Agent.aox Trojan
[NOTE] The file was moved to '4a970071.qua'!
C:\Documents and Settings\Main\.housecall6.6\Quarantine\Keygen for F.E.A.R.exe.bac_a02376
[DETECTION] Is the TR/Agent.aox Trojan
[NOTE] The file was moved to '49fd26aa.qua'!
C:\Documents and Settings\Main\.housecall6.6\Quarantine\Keygen for F.E.A.R.exe.bac_a02616
[DETECTION] Is the TR/Agent.aox Trojan
[NOTE] The file was moved to '4a970072.qua'!
C:\Documents and Settings\Main\My Documents\FantaMorph_mahek.rar
[NOTE] The file was moved to '4a8c006e.qua'!
C:\Starcraft Broodwar\Files\StarCraft_NOCD_Loader-DD.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4a7f0081.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0Q1MGLQ4\cd[1].htm
[DETECTION] Contains HEUR/Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4a790071.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0Q1MGLQ4\lsp[1].exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4a8e0080.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\7E2AZEI5\lsp[1].exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4fbdaf21.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\EGKTYHQF\cd[1].htm
[DETECTION] Contains HEUR/Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4f4db71a.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PKVCMK2F\6244[1].exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4a52003f.qua'!


End of the scan: Wednesday, May 27, 2009 22:07
Used time: 37:42 Minute(s)

The scan has been done completely.

9862 Scanned directories
216637 Files were scanned
8 Viruses and/or unwanted programs were found
2 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
10 Files were moved to quarantine
0 Files were renamed
4 Files cannot be scanned
216623 Files not concerned
1519 Archives were scanned
4 Warnings
11 Notes

[miekiemoes]

Hi,

No wonder your computer is infected with all those keygens and other illegal software. 80% of them is malware.

Anyway, we're not finished yet... * Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingc...to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

[victusdementis]

wow really?i got this computer from a friend a mine awhile ago and he didnt tell me this.

well anyway here is the report from combofix


ComboFix 09-05-26.05 - Main 05/28/2009 11:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1703 [GMT -5:00]
Running from: c:\documents and settings\Main\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Main\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Main\Local Settings\Temporary Internet Files\Cpvff.stt
c:\documents and settings\Main\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\ovfsthmepxuirfloypqwwqkxauufwxsbijxfmf.sys
c:\windows\system32\hetuyevo.exe
c:\windows\system32\ovfstheqorpwswulhraoqaklnnstiqoqxwpkrv.dll
c:\windows\system32\ovfsthkclwfsnkyaurqjodbhnsdltgmneeyhiu.dat
c:\windows\system32\ovfsthkioetlpmyvngvqxjxkuuqwgdwyfrmpqa.dat
c:\windows\system32\ovfsthoitlmvvmlpxckhonltdhstjuvvkxgptv.dll
c:\windows\system32\ovfsthwymtasitldtnrmvewlwulmybliyoxdny.dll
c:\windows\system32\uniq.tll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthoodapbapqjxtevdlthesrqpstwjrujnv
-------\Legacy_OREANS32


((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-28 )))))))))))))))))))))))))))))))
.

2009-05-27 15:46 . 2009-05-27 15:46 -------- d-----w c:\program files\Avira
2009-05-27 15:46 . 2009-05-27 15:46 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-05-27 15:46 . 2009-03-30 15:33 96104 ----a-w c:\windows\system32\drivers\avipbb.sys
2009-05-27 15:46 . 2009-03-24 21:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-27 15:46 . 2009-02-13 17:29 22360 ----a-w c:\windows\system32\drivers\avgntmgr.sys
2009-05-27 15:46 . 2009-02-13 17:17 45416 ----a-w c:\windows\system32\drivers\avgntdd.sys
2009-05-27 15:12 . 2009-05-26 09:18 105 ----a-w C:\tj.vbs
2009-05-27 15:12 . 2009-05-27 15:12 107155 ----a-w c:\windows\system32\vic_setup.exe
2009-05-27 04:28 . 2009-05-27 04:28 180 ----a-w C:\487656.bat
2009-05-26 14:32 . 2009-05-27 15:22 -------- d-----w c:\windows\system32\sysloc
2009-05-15 14:22 . 2009-05-15 14:22 190 ----a-w C:\43214354.bat
2009-05-10 02:44 . 2009-05-10 02:44 -------- d-----w C:\8108b73ead8f9daa0819
2009-05-07 21:29 . 2009-05-07 21:29 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-05-06 07:41 . 2008-12-04 06:25 120832 ----a-w c:\documents and settings\Main\Application Data\Mozilla\Firefox\Profiles\ii6dqyeu.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-05-06 02:23 . 2009-05-06 02:23 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-05-05 15:42 . 2009-05-27 14:51 3371383 ----a-w c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-27 14:52 . 2009-02-13 02:09 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-27 04:51 . 2009-01-24 17:03 -------- d-----w c:\documents and settings\Main\Application Data\StumbleUpon
2009-05-26 18:20 . 2009-02-13 02:09 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 18:19 . 2009-02-13 02:09 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-06 07:44 . 2008-07-29 22:01 -------- d-----w c:\program files\Windows Live Safety Center
2009-05-06 04:56 . 2007-01-17 05:27 -------- d-----w c:\program files\World of Warcraft
2009-05-01 05:02 . 2009-01-25 04:50 -------- d-----w c:\program files\StumbleUpon
2005-12-07 23:46 . 2006-12-20 06:09 11980772 ----a-w c:\program files\soldat131.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-14 67128]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-18 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-18 217088]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"WheelMouse"="c:\program files\GE\97769 Dual Scroll Optical Mouse\Amoumain.exe" [2007-02-27 184320]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-05 1626112]
"WINDVDPatch"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2007-04-09 19456]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2007-04-09 19456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SYSDLL"="SYSDLL" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-3-14 67128]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0smrgdf c:\program files\iolo\System Mechanic Professional 6\

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1155190149\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1155190149\\ee\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Soldat\\Soldat.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Steam\\steamapps\\victusdementis\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\victusdementis\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Duke3D\\eduke32.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24868:TCP"= 24868:TCP:BitComet 24868 TCP
"24868:UDP"= 24868:UDP:BitComet 24868 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 hptpro;hptpro;c:\windows\system32\drivers\hptpro.sys [7/29/2006 12:29 PM 9809]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/27/2009 10:46 AM 108289]
R2 CachemanXPService;CachemanXP;c:\progra~1\CACHEM~1\CachemanXP.exe [8/3/2006 5:54 PM 208384]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/17/2008 12:16 PM 24652]
S3 cusbohcn;cusbohcn;\??\c:\docume~1\Main\LOCALS~1\Temp\cusbohcn.sys --> c:\docume~1\Main\LOCALS~1\Temp\cusbohcn.sys [?]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [4/12/2009 1:19 PM 120168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 22:57]
.
- - - - ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Main\Application Data\Mozilla\Firefox\Profiles\ii6dqyeu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-28 11:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1844237615-2025429265-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{20640045-EE68-4941-8302-B93A55BA514C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iajiilaoklgafgggdp"=hex:6a,61,66,64,66,69,68,6b,65,6c,6d,66,63,67,6d,6d,67,6e,
6b,6c,00,00
"halhckkflhflaaom"=hex:69,61,65,64,6e,66,6b,6a,6b,6a,6e,6a,65,70,6b,64,6b,63,
00,00
"iafnapcnapnalkeaef"=hex:63,61,69,64,65,6b,00,7c

[HKEY_USERS\S-1-5-21-1844237615-2025429265-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d4,39,9a,e1,82,0c,a8,03,0e,12,3b,0a,e9,2a,c7,59,41,19,76,bb,49,f6,fa,
f3,40,ac,69,b3,13,e2,65,10,cf,cd,dc,f3,c0,aa,ec,42,a0,43,cb,0a,ac,52,e0,2b,\
"??"=hex:cb,72,68,35,76,aa,5a,d4,74,56,99,85,54,23,37,e4

[HKEY_USERS\S-1-5-21-1844237615-2025429265-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:7e,8f,92,9c,7e,76,e5,86,f1,5a,60,65,a1,e6,b3,33,e4,ab,c7,b9,8c,
9c,b5,91,6f,2a,84,46,46,35,92,b2,f4,cd,03,1b,ef,f2,d4,84,82,8e,1a,11,c5,7b,\
"rkeysecu"=hex:cf,fd,36,ed,8f,83,8f,67,d5,d5,68,a4,04,da,e7,c7
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-05-28 11:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-28 16:47

Pre-Run: 13,776,228,352 bytes free
Post-Run: 14,035,898,368 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
220 --- E O F --- 2008-11-07 13:44





also it may or maynot mean anything but elso whenever i log on to my computer an automatic program starts trying to boot something up called"status" its a little hard to explain,i could take a screen for you to see if u think its malicious and worth dealing with.

[miekiemoes]

Hi,

Quote

also it may or maynot mean anything but elso whenever i log on to my computer an automatic program starts trying to boot something up called"status" its a little hard to explain,i could take a screen for you to see if u think its malicious and worth dealing with.

No need for a screenshot. We'll look into that later. It's most probably related with one of those HP startup entries being set here.
Malware removal is still a priority here, so..

I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.co...cle.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

• Viewpoint
  
• Viewpoint Manager
  
• Viewpoint Media Player

Then,

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

Quote

File::
C:\tj.vbs
C:\487656.bat
C:\43214354.bat
Folder::
c:\windows\system32\sysloc
Filelook::
c:\windows\system32\vic_setup.exe
c:\program files\soldat131.exe
Driver::
cusbohcn
DDS::
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
Firefox::
FF - ProfilePath - c:\documents and settings\Main\Application Data\Mozilla\Firefox\Profiles\ii6dqyeu.default\
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 4
REGNULL::
[HKEY_USERS\S-1-5-21-1844237615-2025429265-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{20640045-EE68-4941-8302-B93A55BA514C}*]
Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SYSDLL"=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=-
"NoActiveDesktopChanges"=-

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

[victusdementis]

ComboFix 09-05-26.05 - Main 05/28/2009 12:21.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1659 [GMT -5:00]
Running from: c:\documents and settings\Main\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Main\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"C:\43214354.bat"
"C:\487656.bat"
"C:\tj.vbs"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\43214354.bat
C:\487656.bat
C:\tj.vbs
c:\windows\system32\sysloc

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CUSBOHCN
-------\Service_cusbohcn


((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-28 )))))))))))))))))))))))))))))))
.

2009-05-27 15:46 . 2009-05-27 15:46 -------- d-----w c:\program files\Avira
2009-05-27 15:46 . 2009-05-27 15:46 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-05-27 15:46 . 2009-03-30 15:33 96104 ----a-w c:\windows\system32\drivers\avipbb.sys
2009-05-27 15:46 . 2009-03-24 21:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-27 15:46 . 2009-02-13 17:29 22360 ----a-w c:\windows\system32\drivers\avgntmgr.sys
2009-05-27 15:46 . 2009-02-13 17:17 45416 ----a-w c:\windows\system32\drivers\avgntdd.sys
2009-05-27 15:12 . 2009-05-27 15:12 107155 ----a-w c:\windows\system32\vic_setup.exe
2009-05-10 02:44 . 2009-05-10 02:44 -------- d-----w C:\8108b73ead8f9daa0819
2009-05-07 21:29 . 2009-05-07 21:29 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-05-06 07:41 . 2008-12-04 06:25 120832 ----a-w c:\documents and settings\Main\Application Data\Mozilla\Firefox\Profiles\ii6dqyeu.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-05-06 02:23 . 2009-05-06 02:23 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-05-05 15:42 . 2009-05-27 14:51 3371383 ----a-w c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-28 17:17 . 2008-08-02 21:03 -------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2009-05-28 17:17 . 2006-08-03 22:56 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-28 17:17 . 2006-08-10 06:09 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-27 14:52 . 2009-02-13 02:09 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-27 04:51 . 2009-01-24 17:03 -------- d-----w c:\documents and settings\Main\Application Data\StumbleUpon
2009-05-26 18:20 . 2009-02-13 02:09 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 18:19 . 2009-02-13 02:09 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-06 07:44 . 2008-07-29 22:01 -------- d-----w c:\program files\Windows Live Safety Center
2009-05-06 04:56 . 2007-01-17 05:27 -------- d-----w c:\program files\World of Warcraft
2009-05-01 05:02 . 2009-01-25 04:50 -------- d-----w c:\program files\StumbleUpon
2005-12-07 23:46 . 2006-12-20 06:09 11980772 ----a-w c:\program files\soldat131.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\program files\soldat131.exe ---
Company: !VERINFO: NOT PE FILE!
File Description: !VERINFO: NOT PE FILE!
File Version: !VERINFO: NOT PE FILE!
Product Name: !VERINFO: NOT PE FILE!
Copyright: !VERINFO: NOT PE FILE!
Original Filename: !VERINFO: NOT PE FILE!
File size: 11980772
Created time: 2006-12-20 06:09
Modified time: 2005-12-07 23:46
MD5: EC9566CD6FB5FDACF0C2BFB0C847DC42
SHA1: DB3248E5530B5428670D7BC4CF0070EC2C55F0C1


--- c:\windows\system32\vic_setup.exe ---
Company: !VERINFO: NOT PE FILE!
File Description: !VERINFO: NOT PE FILE!
File Version: !VERINFO: NOT PE FILE!
Product Name: !VERINFO: NOT PE FILE!
Copyright: !VERINFO: NOT PE FILE!
Original Filename: !VERINFO: NOT PE FILE!
File size: 107155
Created time: 2009-05-27 15:12
Modified time: 2009-05-27 15:12
MD5: 544B2209C95C4DD8DC0886EB1591655D
SHA1: 15D29AB225DC998C2256574C36D198409B0DF1FE


((((((((((((((((((((((((((((( SnapShot@2009-05-28_16.43.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-07-29 17:40 . 2009-05-28 17:24 139648 c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-14 67128]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-18 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-18 217088]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"WheelMouse"="c:\program files\GE\97769 Dual Scroll Optical Mouse\Amoumain.exe" [2007-02-27 184320]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-05 1626112]
"WINDVDPatch"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2007-04-09 19456]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2007-04-09 19456]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-3-14 67128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0smrgdf c:\program files\iolo\System Mechanic Professional 6\

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1155190149\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1155190149\\ee\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Soldat\\Soldat.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Steam\\steamapps\\victusdementis\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\victusdementis\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Duke3D\\eduke32.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24868:TCP"= 24868:TCP:BitComet 24868 TCP
"24868:UDP"= 24868:UDP:BitComet 24868 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 hptpro;hptpro;c:\windows\system32\drivers\hptpro.sys [7/29/2006 12:29 PM 9809]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/27/2009 10:46 AM 108289]
R2 CachemanXPService;CachemanXP;c:\progra~1\CACHEM~1\CachemanXP.exe [8/3/2006 5:54 PM 208384]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [4/12/2009 1:19 PM 120168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 22:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Main\Application Data\Mozilla\Firefox\Profiles\ii6dqyeu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-28 12:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1844237615-2025429265-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d4,39,9a,e1,82,0c,a8,03,0e,12,3b,0a,e9,2a,c7,59,41,19,76,bb,49,f6,fa,
f3,40,ac,69,b3,13,e2,65,10,cf,cd,dc,f3,c0,aa,ec,42,a0,43,cb,0a,ac,52,e0,2b,\
"??"=hex:cb,72,68,35,76,aa,5a,d4,74,56,99,85,54,23,37,e4

[HKEY_USERS\S-1-5-21-1844237615-2025429265-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:7e,8f,92,9c,7e,76,e5,86,f1,5a,60,65,a1,e6,b3,33,e4,ab,c7,b9,8c,
9c,b5,91,6f,2a,84,46,46,35,92,b2,f4,cd,03,1b,ef,f2,d4,84,82,8e,1a,11,c5,7b,\
"rkeysecu"=hex:cf,fd,36,ed,8f,83,8f,67,d5,d5,68,a4,04,da,e7,c7
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-05-28 12:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-28 17:28
ComboFix2.txt 2009-05-28 16:47

Pre-Run: 14,112,165,888 bytes free
Post-Run: 14,085,828,608 bytes free

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
208 --- E O F --- 2008-11-07 13:44

[miekiemoes]

Hi,

Please delete the following files:

c:\windows\system32\vic_setup.exe
c:\program files\soldat131.exe

Then, * Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

To find out what program is causing the message at startup, it will be a matter of disabling startup entries.
To do this, go to start > run and type: msconfig
There select the tab startup.

In there, uncheck the following entries:

NvCplDaemon - NvCpl.dll
nwiz
DAEMON Tools - daemon.exe
WINDVDPatch
CTHelper
IPHSend
LVCOMSX
LogitechVideoRepair - ISStart.exe
LogitechVideoTray - LogiTray.exe
Adobe Photo Downloade - apdproxy.exe
NvMediaCenter - NvMcTray.dll
WheelMouse - Amoumain.exe
HP Software Update - HPWuSchd2.exe
LDM - LogitechDesktopMessenger.exe
LogitechSoftwareUpdate - ManifestEngine.exe
HP Digital Imaging Monitor.lnk - hpqtra08.exe
Logitech Desktop Messenger

Then reboot.
After reboot, you'll see that something was modified in your system configuration. Just check in the same window the checkbox not to display this message again.

Let me know if you still get that message after reboot.
Basically above programs I ask you to disable are not required to start up with Windows anyway, so you can leave them disabled, unless you really want them starting up with Windows. In that case, check the ones again.

[victusdementis]

hi!
combofix is uninstalled and i did indeed get that message after the reboot.and so far i have not gotten that startup "status" to come up.
so far there doesnt seem to be any of the mentioned above problems.should i run avira or malwarebytes to make sure im clean?


i just want to tell you thank you very much for helping me and guiding me with these issues iv been having,not just my computer issues but my ignorance in whats on my computer and the appropriate way to try and take care of it.its been a great blessing to me.

[miekiemoes]

Hi,

Yes, run Avira and malwarebytes to get rid of the leftovers if still present

Also,

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

[victusdementis]

both avira and malwarebytes both ran through their respective courses with no restarts at all and with nothing found.again i have to say thank you for your help and your patience with me and my issue.believe it or not you have improved my quality of life,latly iv been extremely hindered because of my dirty infected computer.thank you

[miekiemoes]

You're most welcome

[miekiemoes]

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.