Malware Bytes unable to install - Blocked by AVXP2010?

[MyNameIsPhil]

Hi all,

It seems that AV XP 2010 has struck me down too. I tried following the other advice from the forum in disabling TDSSserv.sys but it wasn't there as an option in my non-plug and play drivers.

I'm really surprised that my Norton 360 didn't block this virus. Below is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:45:20 AM, on 3/11/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16981)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\bcmwltry.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Razer\DeathAdder\razerhid.exe

C:\Program Files\Razer\Lycosa\razerhid.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe

C:\Program Files\Razer\DeathAdder\razertra.exe

C:\Program Files\Razer\Lycosa\razertra.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Razer\DeathAdder\razerofa.exe

C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\mmc.exe

C:\Documents and Settings\phil\Local Settings\Application Data\av.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/portal/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL

O2 - BHO: (no name) - {7C9ED391-7B94-4B59-94E2-9FB6DB8B6A40} - C:\WINDOWS\system32\xxyaYQHY.dll (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {9fa0484f-6941-4064-9dd2-281f282ff8d0} - C:\WINDOWS\system32\rakedolo.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe

O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe

O4 - HKLM\..\Run: [Lycosa] "C:\Program Files\Razer\Lycosa\razerhid.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-20\..\Run: [homozuyuni] Rundll32.exe "C:\WINDOWS\system32\runijako.dll",s (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Startup: My_AutoWarkey_Script.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.amaena.com

O15 - Trusted Zone: *.antimalwareguard.com

O15 - Trusted Zone: *.antispyexpert.com

O15 - Trusted Zone: *.avsystemcare.com

O15 - Trusted Zone: *.gomyhit.com

O15 - Trusted Zone: *.imageservr.com

O15 - Trusted Zone: *.imagesrvr.com

O15 - Trusted Zone: *.onerateld.com

O15 - Trusted Zone: *.safetydownload.com

O15 - Trusted Zone: *.spyguardpro.com

O15 - Trusted Zone: *.storageguardsoft.com

O15 - Trusted Zone: *.trustedantivirus.com

O15 - Trusted Zone: *.virusremover2008.com

O15 - Trusted Zone: *.virusschlacht.com

O15 - Trusted Zone: *.amaena.com (HKLM)

O15 - Trusted Zone: *.antimalwareguard.com (HKLM)

O15 - Trusted Zone: *.antispyexpert.com (HKLM)

O15 - Trusted Zone: *.avsystemcare.com (HKLM)

O15 - Trusted Zone: *.gomyhit.com (HKLM)

O15 - Trusted Zone: *.imageservr.com (HKLM)

O15 - Trusted Zone: *.imagesrvr.com (HKLM)

O15 - Trusted Zone: *.onerateld.com (HKLM)

O15 - Trusted Zone: *.safetydownload.com (HKLM)

O15 - Trusted Zone: *.spyguardpro.com (HKLM)

O15 - Trusted Zone: *.storageguardsoft.com (HKLM)

O15 - Trusted Zone: *.trustedantivirus.com (HKLM)

O15 - Trusted Zone: *.virusremover2008.com (HKLM)

O15 - Trusted Zone: *.virusschlacht.com (HKLM)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1171487810670

O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll

O20 - AppInit_DLLs: ,C:\WINDOWS\system32\devedowe.dll

O20 - Winlogon Notify: jkkLBspP - jkkLBspP.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--

End of file - 10183 bytes

[miekiemoes]

Hi,

It looks like you are already infected for at least a couple of months...

Please try this version of malwarebytes: Click the link here

Save it on your desktop. You'll see it will have a random name, and will look similar like this:

Doubleclick on it, so it will extract the files and will start Malwarebytes automatically.

In case the installer (random named file) won't run either, rename it to EXPLORER.EXE and try again.

When Malwarebytes opens, click the "Update" tab FIRST and select to check for updates in order to get the latest updates.

In case Malwarebytes doesn't open, search for the folder mbam-installer on your desktop, open it and doubleclick the file winlogon.exe which will be present in there. This should launch Malwarebytes.

Then perform a scan and let it remove what it found. Reboot afterwards (important).

After reboot, post the malwarebytes log together with a new HijackThislog.

In case you're having problems with above instructions, let me know.

[MyNameIsPhil]

I successfully downloaded said file and extracted it, but when I turned on my computer this morning, I noticed that it seemed to be acting differently. Whenever I try to open a file, it asks me:

Choose the program you want to use to open this file. (Effectively preventing me from double clicking anything. When I try finding the actual path name of the file, it'll say something like so and so isn't a valid win32 app or give me runtime errors)

Thus far I've been getting around it by opening files with themselves, ie, using mozilla firefox to open mozilla firefox. However, it is completely preventing me from doing anything at all.

I ran a Norton 360 scan last night and it "eliminated" 2 threats. Any further suggestions?

[miekiemoes]

Hi,

Have you run the scan with malwarebytes already? The modified version I posted in above... Or couldn't you open it? Please let me know first...

Also, in case you could open malwarebytes previously, have you updated first? Because this is extremely important...

[MyNameIsPhil]

I literally can't open malware bytes at all. I managed to extract the file but it simply won't run. When I double click on it, it will give me runtime errors. (Since double clicking on that icon gxpvxvohk didn't work, I opted to extract it manually to my desktop.)

As of now, I don't think I can open HJT either.

Fyi, I haven't been able to open the other versions or scan at all with them.

[MyNameIsPhil]

On a sidenote, I think I should mention that I'm not seeing av.exe in my processes and I'm not getting the popups....

I ran Norton 360 last night and prior to it running, I was able to doubleclick on apps and they would open just fine. It auto removed a "virus" and a "cookie" but isn't giving me any specific filenames.

[miekiemoes]

Hi,

No need to extract it, it's a selfextractor.

Ok, do the following....First of all, make sure extensions are shown, so Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab.

Uncheck Hide extensions for known file types (if not unchecked already)

Then, rename the gxpvxvohk.exe to gxpvxvohk.com

Then doubleclick the gxpvxvohk.com

You'll get another warning how you will open this file. Just ignore that and close that warning.

You'll notice that a new folder will be created on your desktop with the name mbam-installer

Open that folder and find the mbam.exe file in there. Rename that file to firefox.com and doubleclick firefox.com in order to launch malwarebytes.

Once malwarebytes is open, please click the updates tab first and select to download/check for the updates.

Once updates are downloaded, go to the first tab (scanner tab) and perform a scan.

[MyNameIsPhil]

I did what you said to the point where I tried double clicking on the renamed file gxpvxvohk.com. It then prompted me to select a program to open winlogon.exe with. This is the problem that I've been having, it literally won't open files.

Following the same premise behind what you said, (since I had already manually extracted the file earlier), I renamed malwarebyte.exe to firefox.com and it avoided the prompt to select a program, but it instead gave me run-time errors.

"VbAccelerator SgridII Control: Runtime error '0"

then

"Malwarebytes' Anti-Malware: Run-time error '440': Automation Error"

I'm not quite sure how to explain myself but double clicking simply doesn't work. It asks me to select a program to open files with.

[MyNameIsPhil]

Hold on... it seems to be working now! (The extracting part of it)

[MyNameIsPhil]

I take that back. I don't know what's going on anymore.

I finally managed to pull up my Norton 360 log, it says that it quarantined "Trojan.FakeAv" and a tracking cookie last night, but in the security history log, it shows that av.exe tries to access the internet shortly after it has been quarantined.

I searched the pathname to see if I could find av.exe in my folder (following the exact path name from the scan), but I couldn't find it.

[miekiemoes]

Following the same premise behind what you said, (since I had already manually extracted the file earlier)

No, that "manual extracted version" won't work, because you don't need to extract at all.

So delete everything it "extracted manually" and try again.

Just read my previous post again how to do this step by step... the only thing you have to do is to doubleclick gxpvxvohk.com, ignore the error, navigate the NEWLY created mbam-installer folder (it will be created automatically after you doubleclicked gxpvxvohk.com) on your desktop, rename mbam.exe to firefox.com and doubleclick firefox.com to launch.

Just give it a few seconds to launch - don't click again and again and again on it...

[MyNameIsPhil]

I've deleted the programs that I extracted earlier and have attempted to redo the process step by step as exactly listed.

It still will not open the file. When I first rename the self-extractor to a .com, it will ask me if I want to open the winlogon.exe with anything and create a file called mbam-installer on my desktop. I ignored the winlogon.exe part and renamed mbam to firefox.com.

From there on, it will give me the same mentioned runtime errors.

I simply cannot "open" any files. Even common applications like microsoft word or warcraft 3 (Unless I specify a program to open it with)

[miekiemoes]

Ok, looks like besides the Vundo and exefile association Hijack you're dealing with other malware probably as well.

Let's try a normal malwarebytes install first.. Delete the mbam-installer folder on your desktop and the random named version of malwarebytes.

Then follow the instructions in this post:

http://forums.malwarebytes.org/index.php?s...st&p=193288

This includes redownloading the normal mbam-setup file, then rename that file to mbam-setup.com etc etc (as you'll read there)

If that still doesn't work, just let me know, I still have some other tricks

[MyNameIsPhil]

I think it worked. It removed a bunch of vundo trojans and a exe hijacker. Below is the log from HJT.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:14:53 PM, on 3/11/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16981)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\bcmwltry.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Razer\DeathAdder\razerhid.exe

C:\Program Files\Razer\Lycosa\razerhid.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Steam\Steam.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Razer\DeathAdder\razertra.exe

C:\Program Files\Razer\DeathAdder\razerofa.exe

C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe

C:\Program Files\Razer\Lycosa\razertra.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/portal/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL

O2 - BHO: (no name) - {7C9ED391-7B94-4B59-94E2-9FB6DB8B6A40} - C:\WINDOWS\system32\xxyaYQHY.dll (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe

O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe

O4 - HKLM\..\Run: [Lycosa] "C:\Program Files\Razer\Lycosa\razerhid.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-20\..\Run: [homozuyuni] Rundll32.exe "C:\WINDOWS\system32\runijako.dll",s (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Startup: My_AutoWarkey_Script.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.amaena.com

O15 - Trusted Zone: *.antimalwareguard.com

O15 - Trusted Zone: *.antispyexpert.com

O15 - Trusted Zone: *.avsystemcare.com

O15 - Trusted Zone: *.gomyhit.com

O15 - Trusted Zone: *.imageservr.com

O15 - Trusted Zone: *.imagesrvr.com

O15 - Trusted Zone: *.onerateld.com

O15 - Trusted Zone: *.safetydownload.com

O15 - Trusted Zone: *.spyguardpro.com

O15 - Trusted Zone: *.storageguardsoft.com

O15 - Trusted Zone: *.trustedantivirus.com

O15 - Trusted Zone: *.virusremover2008.com

O15 - Trusted Zone: *.virusschlacht.com

O15 - Trusted Zone: *.amaena.com (HKLM)

O15 - Trusted Zone: *.antimalwareguard.com (HKLM)

O15 - Trusted Zone: *.antispyexpert.com (HKLM)

O15 - Trusted Zone: *.avsystemcare.com (HKLM)

O15 - Trusted Zone: *.gomyhit.com (HKLM)

O15 - Trusted Zone: *.imageservr.com (HKLM)

O15 - Trusted Zone: *.imagesrvr.com (HKLM)

O15 - Trusted Zone: *.onerateld.com (HKLM)

O15 - Trusted Zone: *.safetydownload.com (HKLM)

O15 - Trusted Zone: *.spyguardpro.com (HKLM)

O15 - Trusted Zone: *.storageguardsoft.com (HKLM)

O15 - Trusted Zone: *.trustedantivirus.com (HKLM)

O15 - Trusted Zone: *.virusremover2008.com (HKLM)

O15 - Trusted Zone: *.virusschlacht.com (HKLM)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1171487810670

O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll

O20 - AppInit_DLLs: C:\WINDOWS\system32\devedowe.dll

O20 - Winlogon Notify: jkkLBspP - jkkLBspP.dll (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--

End of file - 10006 bytes

Malware Bytes log after scan:

Malwarebytes' Anti-Malware 1.44

Database version: 3855

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

3/11/2010 8:04:49 PM

mbam-log-2010-03-11 (20-04-49).txt

Scan type: Quick Scan

Objects scanned: 124545

Time elapsed: 12 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 12

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 1

Files Infected: 34

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9fa0484f-6941-4064-9dd2-281f282ff8d0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9fa0484f-6941-4064-9dd2-281f282ff8d0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.

Folders Infected:

C:\Documents and Settings\phil\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\system32\dezozige.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dezuwabi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\fegopaki.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\fusigoka.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\jehaheho.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\lewuseze.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ligalijo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\menukabu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\moyinare.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mugusadi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\napofevi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\natasaza.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\nemupazu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pahezuti.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pasusowi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\podezowu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\rewufufu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\rosutika.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\rozaniga.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sulowile.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\susesari.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tisogilu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tivefize.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\vewigayi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\yejanara.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\yejudogi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\Program Files\outlook\p.zip (Worm.Alcra) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cmd.com (Worm.Alcra) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\netstat.com (Worm.Alcra) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ping.com (Worm.Alcra) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\regedit.com (Worm.Alcra) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\taskkill.com (Worm.P2P) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tasklist.com (Worm.Alcra) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tracert.com (Worm.Alcra) -> Quarantined and deleted successfully.

[miekiemoes]

Hi,

Normally applications should work now again.

Looks like this computer was already infected for a long time, because Malwarebytes even found malware that was active 3 years ago...

Anyway..

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: (no name) - {7C9ED391-7B94-4B59-94E2-9FB6DB8B6A40} - C:\WINDOWS\system32\xxyaYQHY.dll (file missing)

O4 - HKUS\S-1-5-20\..\Run: [homozuyuni] Rundll32.exe "C:\WINDOWS\system32\runijako.dll",s (User 'NETWORK SERVICE')

O15 - Trusted Zone: *.amaena.com

O15 - Trusted Zone: *.antimalwareguard.com

O15 - Trusted Zone: *.antispyexpert.com

O15 - Trusted Zone: *.avsystemcare.com

O15 - Trusted Zone: *.gomyhit.com

O15 - Trusted Zone: *.imageservr.com

O15 - Trusted Zone: *.imagesrvr.com

O15 - Trusted Zone: *.onerateld.com

O15 - Trusted Zone: *.safetydownload.com

O15 - Trusted Zone: *.spyguardpro.com

O15 - Trusted Zone: *.storageguardsoft.com

O15 - Trusted Zone: *.trustedantivirus.com

O15 - Trusted Zone: *.virusremover2008.com

O15 - Trusted Zone: *.virusschlacht.com

O15 - Trusted Zone: *.amaena.com (HKLM)

O15 - Trusted Zone: *.antimalwareguard.com (HKLM)

O15 - Trusted Zone: *.antispyexpert.com (HKLM)

O15 - Trusted Zone: *.avsystemcare.com (HKLM)

O15 - Trusted Zone: *.gomyhit.com (HKLM)

O15 - Trusted Zone: *.imageservr.com (HKLM)

O15 - Trusted Zone: *.imagesrvr.com (HKLM)

O15 - Trusted Zone: *.onerateld.com (HKLM)

O15 - Trusted Zone: *.safetydownload.com (HKLM)

O15 - Trusted Zone: *.spyguardpro.com (HKLM)

O15 - Trusted Zone: *.storageguardsoft.com (HKLM)

O15 - Trusted Zone: *.trustedantivirus.com (HKLM)

O15 - Trusted Zone: *.virusremover2008.com (HKLM)

O15 - Trusted Zone: *.virusschlacht.com (HKLM)

O20 - AppInit_DLLs: C:\WINDOWS\system32\devedowe.dll

O20 - Winlogon Notify: jkkLBspP - jkkLBspP.dll (file missing)

* Click on Fix Checked when finished and exit HijackThis.

Make sure your Internet Explorer is closed when you click Fix Checked!

Then, * Go here to run an online scannner from ESET.

• Note: You will need to use Internet explorer for this scan
  
• Tick the box next to YES, I accept the Terms of Use.
  
• Click Start
  
• When asked, allow the activex control to install
  
• Click Start
  
• Check next options: Remove found threats and Scan unwanted applications.
  
• Click Scan
  
• Wait for the scan to finish
  
• Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log in your next reply and also let me know how things are now.
  

[MyNameIsPhil]

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# IEXPLORE.EXE=7.00.6000.16981 (vista_gdr.091215-2244)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=e0905d1b58317b4e961dc63dd63a1b0a

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-03-12 07:19:59

# local_time=2010-03-12 02:19:59 (-0500, Eastern Standard Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 38086752 38086752 0 0

# compatibility_mode=768 16777215 100 0 38005613 38005613 0 0

# compatibility_mode=3589 16777173 100 100 0 16567084 0 0

# compatibility_mode=6143 16777215 0 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=79324

# found=14

# cleaned=14

# scan_time=4078

C:\Documents and Settings\phil\Local Settings\Temp\hqQB.exe a variant of Win32/Kryptik.CZA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\gixbpwwr.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\hvoglnma.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\ibcemsdh.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\mgihxtyt.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\nmicqxgg.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\ofimasaf.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\swrbijgr.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\uromijuz.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\wlullsqh.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\wvlpcceo.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\xkrgaham.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\YHQYayxx.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\YHQYayxx.ini2 Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

[miekiemoes]

Hi,

Just some harmless malicious leftovers that were found here.

How are things now?

[MyNameIsPhil]

Everything seems to be running pretty smoothly. I heard a rumor from a friend that AV 2010 was coming off of Isohunt. I'm unsure though, but it seems the one common factor in the websites we frequent.

In any event, thanks a bunch for your patience and assistance.

[miekiemoes]

Glad I could help.

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

[miekiemoes]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.