Over 1 million tech questions and answers.

Live Safety Center and Other infectious baggage

Q: Live Safety Center and Other infectious baggage

I am having a similar infection to another recent poster, however I am having a lot of other problems with it. Pop-ups, tray icons.

I'm running Windows XP Pro with SP2. It is fully updated.

My AVG scans have also been turning up goldun.nu for months. Anyway, a big thank you for your help. Here is the HijackThis log. I also have the panda report to if needed.

HijackThis log

Deckard's System Scanner v20071014.68
Run by Colin on 2007-10-25 16:18:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2007-10-25 23:18:12 UTC - RP4 - Deckard's System Scanner Restore Point
2: 2007-10-25 01:56:31 UTC - RP3 - System Checkpoint
1: 2007-10-23 2151 UTC - RP2 - Removed Ad-Aware 2007


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 16.89 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-10-25 16:20:56
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.5730.13)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Colin\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {10E75613-99F9-C524-D388-C769368C8692} - C:\WINDOWS\system32\gvjon.dll (file missing)
O2 - BHO: (no name) - {139631AB-3B34-B2C6-8AE8-02CC7E745189} - C:\WINDOWS\system32\oniylfi.dll
O2 - BHO: (no name) - {1C5B5AF7-E991-5881-A971-057E1244BAD0} - C:\WINDOWS\system32\uhixjlm.dll
O2 - BHO: (no name) - {26F47A17-4F8A-48CB-8598-0B3BE469918D} - C:\WINDOWS\system32\fjqcxqf.dll
O2 - BHO: (no name) - {32B1F467-37D6-3005-F63A-6CE33F93AF9E} - C:\WINDOWS\system32\ycuy.dll (file missing)
O2 - BHO: (no name) - {32E6DEBA-CD32-9B1E-89C8-0A3513B549F3} - C:\WINDOWS\system32\nbngiul.dll
O2 - BHO: (no name) - {32E6F566-6BD6-3A50-A73A-6CE33F93FF99} - C:\WINDOWS\system32\cslweew.dll (file missing)
O2 - BHO: (no name) - {33E4A167-308E-3C58-A73A-6CE33F93FC98} - C:\WINDOWS\system32\ueodbj.dll (file missing)
O2 - BHO: (no name) - {34E5A432-628F-6A59-AB3A-6CE33F92F999} - C:\WINDOWS\system32\czc.dll (file missing)
O2 - BHO: (no name) - {34E7A764-638F-3159-F63A-6CE33F92A9CC} - C:\WINDOWS\system32\fqnht.dll (file missing)
O2 - BHO: (no name) - {39B4BA90-BD6A-FFC6-4EDB-06242229975D} - C:\WINDOWS\system32\pbijvec.dll
O2 - BHO: (no name) - {3FDF14E6-8AB8-7FE5-6D21-04FEB1920EAB} - C:\WINDOWS\system32\wisnscf.dll
O2 - BHO: (no name) - {45F3A21F-68FC-6C28-D8D7-6663021DD1BB} - C:\WINDOWS\system32\jjkcvc.dll (file missing)
O2 - BHO: (no name) - {61E1A334-63D6-3107-A13A-6CE33F93AEC9} - C:\WINDOWS\system32\keconeov.dll (file missing)
O2 - BHO: (no name) - {62B6F364-6482-6D54-A33A-6CE33F92FFCC} - C:\WINDOWS\system32\napyznxg.dll (file missing)
O2 - BHO: (no name) - {64B6F13B-6582-3C07-F03A-6CE33F92F89D} - C:\WINDOWS\system32\qeox.dll (file missing)
O2 - BHO: (no name) - {6585721F-D501-46AA-84A7-DC512347B77F} - C:\WINDOWS\system32\pmkhg.dll
O2 - BHO: (no name) - {65EDA461-6683-3F59-F03A-6CE33F93A99E} - C:\WINDOWS\system32\stkdm.dll (file missing)
O2 - BHO: (no name) - {69E7F131-3284-6F03-A63A-6CE33F93FF99} - C:\WINDOWS\system32\mmro.dll (file missing)
O2 - BHO: (no name) - {6D8AFBE0-620F-6C8C-2178-3CB67F61A2EA} - C:\WINDOWS\system32\oqzm.dll (file missing)
O2 - BHO: (no name) - {75A2B4AC-4733-ED1E-CC6D-055171DB6F5F} - C:\WINDOWS\system32\zvrdrei.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - C:\WINDOWS\system32\pmnmkhe.dll
O2 - BHO: (no name) - {860FDF7A-4CC4-1549-E8A1-1184FC931FB4} - C:\WINDOWS\system32\iwru.dll (file missing)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\ovfxecax.dll
O2 - BHO: (no name) - {A1FD958F-0039-5BE6-4708-5EF00BBD3CE1} - C:\WINDOWS\system32\lxzqszia.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\vobinblw.dll
O2 - BHO: (no name) - {B004164D-D5F9-DA2E-8C7D-88ADDBCC7490} - C:\WINDOWS\system32\mwww.dll (file missing)
O2 - BHO: (no name) - {B6C18B73-199A-454A-B314-4F0134C578E0} - C:\WINDOWS\system32\pzr.dll (file missing)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\vobinblw.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [Panda_cleaner] C:\WINDOWS\system32\ACTIVE~1\pavdr.exe C:\WINDOWS\system32\pavdr_actions.sys
O4 - HKCU\..\Policies\Explorer\Run: [{483D52D3-0711-1033-0608-050726050001}] "C:\Program Files\Common Files\{483D52D3-0711-1033-0608-050726050001}\Update.exe" te-110-12-0000213
O4 - HKUS\S-1-5-18\..\Run: [Aeia] "C:\DOCUME~1\Colin\APPLIC~1\MCROSO~1.NET\rundll32.exe" -vt ndrv (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Qjcd] C:\Program Files\??curity\n?tdde.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Aeia] "C:\DOCUME~1\Colin\APPLIC~1\MCROSO~1.NET\rundll32.exe" -vt ndrv (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Qjcd] C:\Program Files\??curity\n?tdde.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O15 - Trusted Zone: *.line6.net (HKCU)
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} () - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{ABCBD5C9-ADF9-4A22-A230-3B571E6460CA}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: C:\WINDOWS\system32\svchost.dll
O20 - Winlogon Notify: crehcjid - C:\WINDOWS\system32\crehcjid.dll
O20 - Winlogon Notify: gatwxkey - C:\WINDOWS\system32\gatwxkey.dll (file missing)
O20 - Winlogon Notify: pmnmkhe - C:\WINDOWS\system32\pmnmkhe.dll
O20 - Winlogon Notify: vobinblw - C:\WINDOWS\system32\vobinblw.dll
O20 - Winlogon Notify: wingdm32 - C:\WINDOWS\system32\wingdm32.dll (file missing)
O20 - Winlogon Notify: winhab32 - C:\WINDOWS\system32\winhab32.dll
O20 - Winlogon Notify: winqio32 - C:\WINDOWS\system32\winqio32.dll (file missing)
O20 - Winlogon Notify: ? - C:\WINDOWS\system32\? (file missing)
O22 - SharedTaskScheduler: hillman - {c3786a8d-6426-4c29-a23f-f36e47b31e0c} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe


--
End of file - 9911 bytes

-- File Associations -----------------------------------------------------------

.js - unable to read key
.js - unable to read key


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R1 DVDVRRdr_xp - c:\windows\system32\drivers\dvdvrrdr_xp.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R1 xpdx (xpdx system driver) - c:\windows\system32\xpdx.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R3 Ip6Fw (IPv6 Windows Firewall Driver) - c:\windows\system32\drivers\ip6fw.sys (file missing)
R3 L6DP - c:\windows\system32\drivers\l6dp.sys <Not Verified; Line 6; Line 6 Device Proxy>
R3 L6TPortA (Service - Line 6 TonePort UX1) - c:\windows\system32\drivers\l6tporta.sys <Not Verified; Line 6; GuitarPort>
R3 MTsensor (ATK0110 ACPI UTILITY) - c:\windows\system32\drivers\asacpi.sys <Not Verified; ; ATK0110 ACPI Utility>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S1 xkeyshd (SECURE SHELL access driver) - c:\windows\system32\xkeyshd.sys (file missing)
S2 NvNdis (NVIDIA NDIS IO Control Driver) - c:\windows\system32\drivers\nvndis.sys (file missing)
S2 poof - c:\windows\system32\poof (file missing)
S3 cel90xbe - c:\docume~1\colin\locals~1\temp\cel90xbe.sys (file missing)
S3 fsbl (F-Secure BlackLight Engine Driver) - c:\docume~1\colin\locals~1\temp\onlinescanner\anti-virus\fsbldrv.sys (file missing)
S3 F-Secure Standalone Minifilter - c:\docume~1\colin\locals~1\temp\onlinescanner\anti-virus\fsgk.sys (file missing)
S3 kprof - c:\windows\system32\kprof (file missing)
S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 nSvcLog (ForceWare user log service) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvclog.exe <Not Verified; NVIDIA; NVIDIA nSvcLog>

S2 Client IP-IPX - "c:\windows\system32\svchosts.exe" -e te-110-12-0000213 (file missing)
S2 ForceWare Intelligent Application Manager (IAM) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe <Not Verified; ; app_filter Module>
S2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
S2 nSvcIp (ForceWare IP service) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcip.exe <Not Verified; NVIDIA; NVIDIA nSvcIp>
S3 iPod Service - "c:\program files\ipod\bin\ipodservice.exe" (file missing)
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-09-25 and 2007-10-25 -----------------------------

2007-10-25 13:46:31 0 d-------- C:\Program Files\SpywareBlaster
2007-10-25 09:12:10 36 --a------ C:\WINDOWS\system32\pavdr_actions.sys
2007-10-25 09:12:09 1874 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys
2007-10-25 09:12:09 8704 --a------ C:\WINDOWS\system32\pfdnnt.exe <Not Verified; Panda Software International; Panda Anti-malware>
2007-10-25 08:59:19 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-10-25 08:59:19 0 d-------- C:\WINDOWS\LastGood
2007-10-24 17:28:30 84544 --a------ C:\WINDOWS\system32\rhqjonib.dll
2007-10-24 17:22:30 77376 --a------ C:\WINDOWS\system32\ovfxecax.dll
2007-10-24 17:20:29 0 d-------- C:\Program Files\mfkpmbuh
2007-10-24 17:13:57 340032 --a------ C:\WINDOWS\system32\vobinblw.dll
2007-10-24 17:13:30 340032 --a------ C:\WINDOWS\system32\pfrculew.dll
2007-10-23 16:09:26 413362 ---hs---- C:\WINDOWS\system32\ghkmp.bak2
2007-10-23 10:12:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-22 10:59:09 6465 ---hs---- C:\WINDOWS\system32\ghkmp.bak1
2007-10-22 10:58:33 309856 --a------ C:\WINDOWS\system32\pmkhg.dll
2007-10-22 10:54:35 341504 --a------ C:\d.exe
2007-10-22 10:54:29 451258 --a------ C:\vont.exe
2007-10-22 10:54:18 54262 --a------ C:\WINDOWS\system32\xpdx.sys
2007-10-22 10:54:17 56832 --a------ C:\jqskcos.exe
2007-10-22 10:54:16 27648 --a------ C:\ewran.exe
2007-10-22 10:54:14 65024 --a------ C:\njbhvvds.exe
2007-10-22 10:54:06 44054 --a------ C:\WINDOWS\system32\fccbxxx.dll
2007-10-22 10:54:04 20480 --a------ C:\WINDOWS\system32\winhab32.dll
2007-10-22 10:53:29 44054 --a------ C:\WINDOWS\system32\pmnmkhe.dll
2007-10-22 10:11:41 0 d-------- C:\Program Files\MagicISO
2007-10-19 22:04:43 0 d--h----- C:\WINDOWS\$hf_mig$
2007-10-18 15:15:48 62800 --a------ C:\WINDOWS\system32\ksl48.bin
2007-10-12 08:39:03 0 d-------- C:\Program Files\Common Files\xing shared
2007-10-03 08:42:24 61440 --a------ C:\WINDOWS\system32\uninstpw.exe
2007-10-03 08:42:24 90112 --a------ C:\WINDOWS\system32\custmon2k.dll
2007-10-03 08:42:23 32768 --a------ C:\WINDOWS\system32\custsave.exe <Not Verified; Acro Software Inc.; CutePDF Application>
2007-10-03 08:42:20 0 d-------- C:\Program Files\PlotSoft
2007-10-03 08:24:36 0 d-------- C:\Documents and Settings\Colin\Application Data\Bullzip
2007-10-03 08:23:21 200704 --a------ C:\WINDOWS\system32\bzpdf.dll <Not Verified; BullZip; BullZip PDF Writer>
2007-10-03 08:23:16 0 d-------- C:\Program Files\Bullzip
2007-10-03 08:22:22 0 d-------- C:\Program Files\gs


-- Find3M Report ---------------------------------------------------------------

2007-10-25 14:30:56 0 d-------- C:\Program Files\Winamp
2007-10-25 14:11:14 0 d-------- C:\Program Files\Common Files\LightScribe
2007-10-23 14:59:34 0 d-------- C:\Documents and Settings\Colin\Application Data\OpenOffice.org2
2007-10-23 1459 0 d-------- C:\Program Files\Lavasoft
2007-10-23 1459 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-22 11:13:33 0 d-------- C:\Program Files\Waves
2007-10-22 11:13:32 0 d-------- C:\Program Files\WAV to MP3 Encoder
2007-10-22 11:11:47 0 d-------- C:\Program Files\QuickTime
2007-10-22 11:11:26 0 d-------- C:\Program Files\PSP Nitro
2007-10-22 11:11:15 0 d-------- C:\Program Files\OpenOffice.org 2.2
2007-10-22 11:10:30 0 d-------- C:\Program Files\MP3 to WAV Decoder
2007-10-22 11:10:18 0 d-------- C:\Program Files\Macromedia
2007-10-22 11:03:04 0 d-------- C:\Documents and Settings\Colin\Application Data\Adobe
2007-10-22 10:59:54 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-22 10:54:35 2 --a------ C:\1211978451
2007-10-20 08:59:32 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-20 08:59:08 0 d-------- C:\Program Files\Doom 3
2007-10-12 08:39:03 0 d-------- C:\Program Files\Common Files
2007-10-12 08:39:02 0 d-------- C:\Program Files\Common Files\Real
2007-09-30 19:05:15 0 d-------- C:\Documents and Settings\Colin\Application Data\dvdcss
2007-09-21 11:22:56 3271 --a------ C:\WINDOWS\mozver.dat
2007-09-21 11:22:55 0 d-------- C:\Program Files\DivX
2007-09-14 10:30:49 0 d-------- C:\Program Files\GRE
2007-09-13 10:10:54 0 d-------- C:\Program Files\NCH Swift Sound
2007-09-13 10:10:52 0 d-------- C:\Documents and Settings\Colin\Application Data\NCH Swift Sound
2007-09-13 10:08:36 0 d-------- C:\Program Files\MP3 WAV Converter
2007-09-12 12:18:05 0 d-------- C:\Documents and Settings\Colin\Application Data\Roxio
2007-08-31 07:19:44 0 d-------- C:\Program Files\PPMate
2007-08-30 21:21:08 0 d-------- C:\Program Files\FLAC
2007-08-13 18:32:30 52224 --a------ C:\WINDOWS\system32\mshta.exe <Not Verified; Microsoft Corporation; Windows? Internet Explorer>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10E75613-99F9-C524-D388-C769368C8692}]
C:\WINDOWS\system32\gvjon.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{139631AB-3B34-B2C6-8AE8-02CC7E745189}]
08/27/2006 08:32 AM 72704 --a------ C:\WINDOWS\system32\oniylfi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C5B5AF7-E991-5881-A971-057E1244BAD0}]
04/16/2007 05:59 PM 63488 --a------ C:\WINDOWS\system32\uhixjlm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26F47A17-4F8A-48CB-8598-0B3BE469918D}]
02/06/2007 10:02 PM 71168 --a------ C:\WINDOWS\system32\fjqcxqf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32B1F467-37D6-3005-F63A-6CE33F93AF9E}]
C:\WINDOWS\system32\ycuy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32E6DEBA-CD32-9B1E-89C8-0A3513B549F3}]
04/02/2007 07:25 AM 63488 --a------ C:\WINDOWS\system32\nbngiul.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32E6F566-6BD6-3A50-A73A-6CE33F93FF99}]
C:\WINDOWS\system32\cslweew.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33E4A167-308E-3C58-A73A-6CE33F93FC98}]
C:\WINDOWS\system32\ueodbj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34E5A432-628F-6A59-AB3A-6CE33F92F999}]
C:\WINDOWS\system32\czc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34E7A764-638F-3159-F63A-6CE33F92A9CC}]
C:\WINDOWS\system32\fqnht.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39B4BA90-BD6A-FFC6-4EDB-06242229975D}]
02/07/2007 10:04 PM 71680 --a------ C:\WINDOWS\system32\pbijvec.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3FDF14E6-8AB8-7FE5-6D21-04FEB1920EAB}]
02/01/2007 04:54 PM 71168 --a------ C:\WINDOWS\system32\wisnscf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45F3A21F-68FC-6C28-D8D7-6663021DD1BB}]
C:\WINDOWS\system32\jjkcvc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61E1A334-63D6-3107-A13A-6CE33F93AEC9}]
C:\WINDOWS\system32\keconeov.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{62B6F364-6482-6D54-A33A-6CE33F92FFCC}]
C:\WINDOWS\system32\napyznxg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64B6F13B-6582-3C07-F03A-6CE33F92F89D}]
C:\WINDOWS\system32\qeox.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6585721F-D501-46AA-84A7-DC512347B77F}]
10/22/2007 10:58 AM 309856 --a------ C:\WINDOWS\system32\pmkhg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65EDA461-6683-3F59-F03A-6CE33F93A99E}]
C:\WINDOWS\system32\stkdm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69E7F131-3284-6F03-A63A-6CE33F93FF99}]
C:\WINDOWS\system32\mmro.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D8AFBE0-620F-6C8C-2178-3CB67F61A2EA}]
C:\WINDOWS\system32\oqzm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{75A2B4AC-4733-ED1E-CC6D-055171DB6F5F}]
01/31/2007 04:54 PM 72192 --a------ C:\WINDOWS\system32\zvrdrei.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{837B45D6-BF85-457D-AABF-6D2E7815F791}]
10/22/2007 10:53 AM 44054 --a------ C:\WINDOWS\system32\pmnmkhe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{860FDF7A-4CC4-1549-E8A1-1184FC931FB4}]
C:\WINDOWS\system32\iwru.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89AD4D75-2429-462e-BD4E-443F233F6033}]
10/24/2007 05:22 PM 77376 --a------ C:\WINDOWS\system32\ovfxecax.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1FD958F-0039-5BE6-4708-5EF00BBD3CE1}]
C:\WINDOWS\system32\lxzqszia.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
10/24/2007 05:13 PM 340032 --a------ C:\WINDOWS\system32\vobinblw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B004164D-D5F9-DA2E-8C7D-88ADDBCC7490}]
C:\WINDOWS\system32\mwww.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B6C18B73-199A-454A-B314-4F0134C578E0}]
C:\WINDOWS\system32\pzr.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\vobinblw.dll [10/24/2007 05:13 PM 340032]

[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/04/2004 12:56 AM]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/04/2004 12:56 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Panda_cleaner"=C:\WINDOWS\system32\ACTIVE~1\pavdr.exe C:\WINDOWS\system32\pavdr_actions.sys

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Aeia"="C:\DOCUME~1\Colin\APPLIC~1\MCROSO~1.NET\rundll32.exe" -vt ndrv
"<NO NAME>"=C:\DOCUME~1\Colin\APPLIC~1\WNSXS~1\SRSS~1.EXE
"Qjcd"=C:\Program Files\??curity\n?tdde.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{483D52D3-0711-1033-0608-050726050001}"="C:\Program Files\Common Files\{483D52D3-0711-1033-0608-050726050001}\Update.exe" te-110-12-0000213

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"{483D52D3-0711-1033-0608-050726050001}"="C:\Program Files\Common Files\{483D52D3-0711-1033-0608-050726050001}\Update.exe" te-110-12-0000213

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{837B45D6-BF85-457D-AABF-6D2E7815F791}"= C:\WINDOWS\system32\pmnmkhe.dll [10/22/2007 10:53 AM 44054]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crehcjid]
crehcjid.dll 10/22/2007 10:54 AM 71680 C:\WINDOWS\system32\crehcjid.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gatwxkey]
gatwxkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmkhe]
pmnmkhe.dll 10/22/2007 10:53 AM 44054 C:\WINDOWS\system32\pmnmkhe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vobinblw]
vobinblw.dll 10/24/2007 05:13 PM 340032 C:\WINDOWS\system32\vobinblw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wingdm32]
wingdm32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhab32]
winhab32.dll 10/22/2007 10:54 AM 20480 C:\WINDOWS\system32\winhab32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winqio32]
winqio32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\svchost.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmkhg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Colin^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Colin\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Colin^Start Menu^Programs^Startup^DING!.lnk]
path=C:\Documents and Settings\Colin\Start Menu\Programs\Startup\DING!.lnk
backup=C:\WINDOWS\pss\DING!.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Colin^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]
path=C:\Documents and Settings\Colin\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\483d527c]
rundll32.exe "C:\WINDOWS\system32\rhqjonib.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bd6bc2d8.exe]
C:\WINDOWS\system32\bd6bc2d8.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ckuetqc.dll]
C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ckuetqc.dll,bealalb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e24effec.exe]
C:\WINDOWS\system32\e24effec.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fgix]
"C:\Documents and Settings\Colin\My Documents\?ystem\s?rvices.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hdtpmen.dll]
C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\hdtpmen.dll,wmnwxrc

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kiaqahc.dll]
C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\kiaqahc.dll,ljjygm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mfkpmbuh]
rundll32.exe "C:\Program Files\mfkpmbuh\wtgzkxad.dll",Init

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mnswhije]
C:\Program Files\Common Files\a?sembly\m?iexec.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rgutybk.dll]
C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rgutybk.dll,xmnvkfd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rnmiyrd.dll]
C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rnmiyrd.dll,ddjxskf

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\userinit.exe]
C:\WINDOWS\userinit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ydeutkn.dll]
C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ydeutkn.dll,zdbzsqf

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yhdxjni.dll]
C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\yhdxjni.dll,aiqxjbf

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zgvit]
C:\DOCUME~1\Colin\APPLIC~1\WNSXS~1\SRSS~1.EXE


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66eaf883-3bee-11da-995c-806d6172696f}]
AutoRun\command- D:\autorun.exe
directx\command- D:\DirectX9\dxsetup.exe
setup\command- D:\setup.exe




-- End of Deckard's System Scanner: finished at 2007-10-25 16:21:36 ------------

Panda Scan


Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\pmnmkhe.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\vobinblw.dll
Virus:trj/torpig.a Disinfected Operating system
Dialer:dialer.avv Not disinfected c:\windows\downloaded program files\gdnUS2339.exe
Adware:adware/yazzle Not disinfected c:\windows\downloaded program files\YazzleActiveX.inf
Dialer:dialer.su Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\uninstall\Switch
Adware:adware/commad Not disinfected Windows Registry
Adware:adware/yazzlesudoku Not disinfected Windows Registry
Adware:adware/ncase Not disinfected Windows Registry
Adware:adware/cws Not disinfected Windows Registry
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\c26hqq7q.default\cookies.txt[.com.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\c26hqq7q.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\c26hqq7q.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\c26hqq7q.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\c26hqq7q.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\c26hqq7q.default\cookies.txt[.go.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\c26hqq7q.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\c26hqq7q.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\c26hqq7q.default\cookies.txt[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Colin\Cookies\[email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Colin\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Colin\Cookies\[email protected][1].txt
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Colin\Cookies\[email protected][2].txt
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Colin\My Documents\??pPatch\chkntfs.exe~
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1275OinUninstaller.exe
Adware:Adware/PurityScan Not disinfected C:\Program Files\??curity\n?tdde.exe
Spyware:Spyware/Virtumonde Not disinfected C:\RECYCLER\S-1-5-21-448539723-343818398-725345543-1003\Dc5576.exe[keygen.exe]
Dialer:Dialer.KST Not disinfected C:\RECYCLER\S-1-5-21-448539723-343818398-725345543-1003\Dc5576.exe[patch.exe]
Virus:Trj/Downloader.MDW Not disinfected C:\RECYCLER\S-1-5-21-448539723-343818398-725345543-1003\Dc5576.exe[crack.exe]
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\e24effec.exe~
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\fccbxxx.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\pfrculew.dll
Virus:Trj/Clicker.WM Disinfected C:\WINDOWS\system32\xpdx.sys
Virus:Generic Malware Disinfected C:\Work HD 2006.06.01\Documents and Settings\colin.LIPAWEB\Local Settings\Temp\comver.dll
Virus:W32/Bagle.J.worm Not disinfected C:\Work HD 2006.06.01\temp\zft\zft.rar[zealfortruth-mail\matt][Attach.pif]
Virus:W32/Netsky.Z.worm Not disinfected C:\Work HD 2006.06.01\temp\zft\zft.rar[zealfortruth-mail\matt][Bill.zip][Bill.txt .exe]
Virus:W32/Netsky.Z.worm Not disinfected C:\Work HD 2006.06.01\temp\zft\zft.rar[zealfortruth-mail\matt][Textfile.zip][Textfile.txt .exe]
Virus:W32/Netsky.Z.worm Not disinfected C:\Work HD 2006.06.01\temp\zft\zft.rar[zealfortruth-mail\matt][Important.zip][Important.txt .exe]
Virus:W32/Netsky.Z.worm Not disinfected C:\Work HD 2006.06.01\temp\zft\zft.rar[zealfortruth-mail\matt][Data.zip][Data.txt .exe]
Virus:W32/Netsky.Z.worm Not disinfected C:\Work HD 2006.06.01\temp\zft\zft.rar[zealfortruth-mail\matt][Notice.zip][Notice.txt .exe]
Virus:W32/Plexus.A.worm Not disinfected C:\Work HD 2006.06.01\temp\zft\zft.rar[zealfortruth-mail\matt][demo.exe]
Virus:W32/Plexus.A.worm Not disinfected C:\Work HD 2006.06.01\temp\zft\zft.rar[zealfortruth-mail\matt][AGen1.03.exe]
Virus:W32/Bagle.CA.worm Not disinfected C:\Work HD 2006.06.01\temp\zft\zft.rar[zealfortruth-mail\sadie][It_about_you.zip][123456.exe]
Virus:W32/Netsky.P.worm Not disinfected C:\Work HD 2006.06.01\temp\zft\zft.rar[zealfortruth-mail\sadie][id04009.doc.exe]
Hacktool:Exploit/iFrame Not disinfected C:\Work HD 2006.06.01\temp\zft\zft.rar[zealfortruth-mail\sadie][~0000317.~]
Virus:W32/Netsky.P.worm Not disinfected C:\Work HD 2006.06.01\temp\zft\zft.rar[zealfortruth-mail\sadie][message.scr]
Virus:W32/Netsky.P.worm Not disinfected C:\Work HD 2006.06.01\temp\zft\zft.rar[zealfortruth-mail\sadie][letter_sadie.pif]
Hacktool:Exploit/iFrame Not disinfected C:\Work HD 2006.06.01\temp\zft\zft.rar[zealfortruth-mail\sadie][~0000324.~]
Virus:W32/Netsky.P.worm Not disinfected C:\Work HD 2006.06.01\temp\zft\zft.rar[zealfortruth-mail\sadie][message.scr]
Virus:W32/Netsky.P.worm Not disinfected C:\Work HD 2006.06.01\temp\zft\zft.rar[zealfortruth-mail\sadie][message.zip][document.txt .exe]
Virus:W32/Bagle.DX.worm Not disinfected C:\Work HD 2006.06.01\temp\zft\zft.rar[zealfortruth-mail\sadie][The_reporting_of_taxes.rar][Taxes.exe]
Virus:W32/Bagle.DZ.worm Not disinfected C:\Work HD 2006.06.01\temp\zft\zft.rar[zealfortruth-mail\sadie][To_reduce_the_tax.zip][Taxes.exe]
Virus:Trj/Mitglieder.FB Not disinfected C:\Work HD 2006.06.01\temp\zft\zft.rar[zealfortruth-mail\sadie][09_price.zip][09_price.exe]
Virus:Trj/Mitglieder.FO Not disinfected C:\Work HD 2006.06.01\temp\zft\zft.rar[zealfortruth-mail\sadie][Business.zip][5.exe]
Virus:Trj/Mitglieder.GK Not disinfected C:\Work HD 2006.06.01\temp\zft\zft.rar[zealfortruth-mail\sadie][Margerie.zip][DSC00017.exe]
Virus:Trj/Mitglieder.GO Not disinfected C:\Work HD 2006.06.01\temp\zft\zft.rar[zealfortruth-webmail\elliotts\mail-trash][Josias.zip][S3700026.exe]
Virus:Trj/Mitglieder.HA Not disinfected C:\Work HD 2006.06.01\temp\zft\zft.rar[zealfortruth-webmail\elliotts\mail-trash][Edward.zip][Foto_2315.exe]
Virus:Trj/Mitglieder.FN Not disinfected C:\Work HD 2006.06.01\temp\zft\zft.rar[zealfortruth-webmail\elliotts\mail-trash][sms_text.zip][1.exe]

RELEVANCY SCORE 200
Preferred Solution: Live Safety Center and Other infectious baggage

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Live Safety Center and Other infectious baggage

72 hour BUMP.

Read other 4 answers
RELEVANCY SCORE 83.6

Help me please!I've had this virus for around a week or so.I'm not really sure if this is a virus or a malware.The symptoms of this virus are:-Two strange icons appear, one blue shield and one green shield, having the names of "Online Security Center" and "Live Safety Center" that "refresh" and reinstall themselves even though I have deleted them.-Irregular Pop-Ups that say I have a virus infection on my computer that come and go at least every ten minutes when I really don't.-A flashing caution sign on the toolbar.-Slowing internet.I have the programs, "Spyware Terminator", "SmitfraudFix" and "AVG Anti-Spyware" but I don't know how to use them respectively in this situation.This all started after I deleted Internet Explorer, yet all these InterNet Explorer Pop-Ups kept on coming, all saying that my "computer had a virus, download this program."I can't even DOWNLOAD anything!Please help, and put step-by-step instruction on how to delete them!

A:Malware? Online Security Center And Live Safety Center?

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A HijackThis LogThanks,Charles

Read other 2 answers
RELEVANCY SCORE 78.8

I received an email today from Microsoft asking me to try their Windows Live Safety Center. When I got to the website, I found out it is a beta version. Have any of you used it??? Is it ok???? I would like to know everyones opinion of it.
Here is the website: http://safety.live.com/site/en-US/default.htm

Please let me know if it is safe to use and if it would be worth using.

Thanks Grandma
 

A:Windows Live Safety Center

Read other 7 answers
RELEVANCY SCORE 78.8

Does anyone trust this free web-based utility? I've found it from Microsoft. So does anyone know anything about this? Should I delete these two files that it detected as a Trojan? Since it is in the System Restore part I assume that it's safe to delete, but I'm not real sure.
 

A:Windows Live Safety Center

hi, welcome to TSG.

Download hijack this from the link below.Please do this. Click here:

http://www.thespykiller.co.uk/files/hijackthis_sfx.exe

to download HijackThis. Click scan and save a logfile, then post it here so
we can take a look at it for you. Don't click fix on anything in hijack this
as most of the files are legitimate.

what's the name of this web based utility?

what are the names of the files, if they are in system restore they are harmless as they are tapped in there?
 

Read other 1 answers
RELEVANCY SCORE 78

If this was posted elsewhere I did not see it.Windows Live Safety Center BetaGet full service for your PCWindows Live Safety Center is a new, free service designed to help ensure the health of your PC. * Check for and remove viruses * Learn about threats * Improve your PC's performance * Get rid of junk on your hard diskUse the full service scan to check everything, or turn to the scanners and information in the service centers to meet your specific needs.safety.live.comMore info at Welcome to Windows Live IdeaThey also created a new blog staffed by Microsoft's Anti-Malware Team.

A:Windows Live Safety Center Beta

Microsoft's Free Web-based Virus Scanner Sends Data Back To Microsoft

Read other 1 answers
RELEVANCY SCORE 77.2

I have a trojan that has put the Online Security Guide and Live Safety Center on my desktop. It is also popping up error messages saying that I have a virus, or spyware (multiple messages). I need some help!!

A:Online Security Guide and Live Safety Center

I decided to go ahead and run VundoFix, since the Online Security Guide and Live Safety Center are commonly associated with Vundo. It got rid of two DLL's that I had been trying to remove manually (both my AVG and ClamWin detected them as virus-related but didn't remove them). A log wasn't made of the VundoFix.

I then ran ComboFix, just to be sure. THAT removed the links from the desktop. However, I'm not entirely sure that it's COMPLETELY gone. So, here's the ComboFix log.

ComboFix 07-11-01.1 - Sean Gaston 2007-11-04 18:18:07.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.94 [GMT -6:00]
Running from: C:\Documents and Settings\Sean Gaston\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Administrator\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Administrator\Favorites\Online Security Guide.lnk
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Sean Gaston\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Sean Gaston\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Sean Gaston\Favorites\Online Security Guide.lnk
C:\Program Files\SecCenter
C:\Program Files\SecCen... Read more

Read other 1 answers
RELEVANCY SCORE 76.4

i keep getting these above icons poping up on my desktop and system alerts, etc.. telling me i have a virus and need to download their software(official security software). also i have an added security toolbar on my homepage and additional adds that keep poping us including porn sites. i've tried a ad-aware program and the avg anti-spyware programs and can't seem to get rid of it. it actually went away for awhile when i used the avg program(came up with a trojan-Small virus) but now it's back. here's a hijack this log and a smitfraud log:

Logfile of HijackThis v1.99.1
Scan saved at 6:10:34 PM, on 11/13/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
... Read more

A:online security guide/live safety center virus

ad-aware log:
ArchiveData(auto-quarantine- 2007-11-13 19-36-07.bckp)
Referencefile : SE1R202 12.11.2007
======================================================

MRU LIST

obj[0]=MRU FileReference : C:\Documents and Settings\Debra Ritzema\recent\smitfraud.wps.lnk
obj[2]=MRU RegReference : software\microsoft\directdraw\mostrecentapplication name
obj[3]=MRU RegReference : S-1-5-21-105441914-3170374919-175278027-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru\*
obj[4]=MRU RegReference : S-1-5-21-105441914-3170374919-175278027-1005\software\microsoft\windows\currentversion\explorer\recentdocs\.wps
obj[6]=MRU RegReference : S-1-5-21-105441914-3170374919-175278027-1005\software\microsoft\windows media\wmsdk\general computername

WIN32.TROJANDOWNLOADER.ZLOB

obj[6]=Regkey : clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}
obj[7]=Regkey : clsid\{a95b2816-1d7e-4561-a202-68c0de02353a}
obj[8]=Regkey : software\microsoft\windows\currentversion\explorer\browser helper objects\{a95b2816-1d7e-4561-a202-68c0de02353a}
obj[9]=RegValue : S-1-5-21-105441914-3170374919-175278027-1005\software\microsoft\internet explorer\toolbar\webbrowser "{11a69ae4-fbed-4832-a2bf-45af82825583}"
obj[10]=RegValue : software\microsoft\internet explorer\toolbar "{11a69ae4-fbed-4832-a2bf-45af82825583}"
obj[16]=File : c:\docum... Read more

Read other 3 answers
RELEVANCY SCORE 76.4

I am having trouble with a PC that has the following symptoms, and would really appreciate your assistance: 1. Explorer.exe often doesn't run on startup/login; this differs a bit among user profiles, but generally it won't run. 2. Internet Explorer often gets hijacked and sent to Netster.com Hornymatches.com Leading4.com Levelclick.com 3. Two icons appeared on the desktop Live Safety Center Online Security Guide Ad-Aware, Spybot S&D, and SAV CE 10.2 scans/repairs have NOT resolved the problem. Do you have any ideas or helpful hints? The HijackThis log is included below. Thanks you, in advance, for any assistance you can provide. Please let me know if you need any additional details. -Tiger226 HijackThis log file------------------------------- Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:08:35 PM, on 11/20/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\Explorer.EXEC:\Program Files\Microsoft IntelliPoint\point32.exeC:\Program Files\Microsoft IntelliType Pro\type32.exeC:\Program Files\DIGStream\digstream.exeC:\Program Files\ESPNRunTime\DIGServices.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\SYMANT~1\VPTray.exeC:\Program File... Read more

A:Kukkakreck / Live Safety Center / Netster Infection-hijack

Hi,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.

Also, The current formatting of your log makes it difficult to read, so in notepad:
On top, click Format >uncheck Word Wrap

Read other 2 answers
RELEVANCY SCORE 76.4

I have been workng on this based on previous posts but I am still gettingpop-ups and my sytem is very slow. I have pasted HijackThis and DSS below. I have installed AVG, SmitFraudfix, Vundofix,Combofix and Adaware.

Logfile of HijackThis v1.99.1
Scan saved at 10:24:23 PM, on 11/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\TEMP\SXC521.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Pr... Read more

A:Online Security Guide & Live safety Center and IE popups

Hi, welcome to TSF

Sorry for the delay. if you still need help,

Please click Here to download HijackThis to your desktop.

Click the Download button. When the Trend Micro HJT install box appears, double click on the HJTInstall.exe. Click on Install.

It will be installed by default here: C:\Program Files\Trend Micro\HijackThis

A shortcut to the application will also be placed on your Desktop.

The program will open automatically after installation.

You can double-click the icon that was placed on the Desktop to run subsequent HijackThis scans or you can use the icon inside the folder. The folder HijackThis is where you will find the HJT logs that you save. When you use the application to remove anything, you will also find the backup copies made by HJT inside this folder.

Click on "Do a system scan and save logfile" When the log pops up in Notepad, copy and paste that file back here.

Read other 1 answers
RELEVANCY SCORE 75.6

hi

recenltly caught sumthing i think a trojan. I have windows xp and am using mcafee whaich found the problem and i thought it had sorted it out. it had not and now messages saying you have a back door trojan and click here to download the official software keep poping up. need big help please.

i have a hijackthis logfile below

any help realy apriciated

thanks
luke

--------------------------------------------------
hijack this log file
---------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 19:48:24, on 16/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\... Read more

A:[SOLVED] help geting rid of 'Live safety center' and 'Online security guide'

Hello and welcome to TSF

You have an outdated version of Hijackthis installed,please uninstall that version as then next part will install the latest version

======================================================

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.
What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

==================... Read more

Read other 3 answers
RELEVANCY SCORE 75.6

Please help. Have a trojan I cannot fully remove. The symptoms are setting off avast virus detector, 2 icons on the desktop one called Safety Center and one called Online Security Guide. Also constant redirection to an spyware removal website.

Have already run vundofix.exe and combofix.exe, which seems to have temporarily fixed the problem. From the hijack this log can you tell if the problem is completely resolved?

Hijack This log below

Logfile of HijackThis v1.99.1
Scan saved at 14:21:26, on 23/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:... Read more

A:Live Safety Center and Online Security Guide icons Trojan

Hi frenchfry and welcome to TSF

Sorry for the delay getting to you, the forum has been really busy and all our helpers are volunteers.

Please post the logs from vundofix and combofix

------------------
Required Logs

c:\vundofix.txt
c:\combofix.txt

Read other 7 answers
RELEVANCY SCORE 69.2

Hey guys, recently my computer started behaving strangely and I believe I have some sort of a virus. Two icons, with the names of "Live Safety Center" and "Online Security Guide," downloaded themselves onto my desktop. Also I would receive random pop-ups in IE imploring me to "find true love," among other things. Also I would receive a flashing exclamation point on my desktop toolbar stating that I had some sort of a virus and that I should go to a certain site to download software to remove it. There were a few other notifications that would pop up that would say other things, but at the moment I can't remember exactly what they said (although I think it also had to do with a virus on the computer and asking me to click on something to get rid of it). Any ideas on what's happening here? Thank you in advance for taking a look for me.

Here's my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:06 AM, on 11/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system... Read more

A:Malware/Virus Problem ("Live Safety Center/Online Security Guide")

Please do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your thread in the HijackThis Log Help Forum.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.

What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------

Read other 9 answers
RELEVANCY SCORE 65.2

Ok where do I begin?! I have been dealing with viruses, spyware/malware for the past week. It all started with Norton advising me that I had been infected with Trojan. Vundo and Trojan.Zonebac. After that I started receiving many different pop ups warning me about critical system alerts. I also had an annoying yellow triangle at the bottom of my screen warning me about different trojans and worms. More evil friends included 2 new icons that had made their home on my desktop one named "Live Safety Center" and the other "Online Security Guide", also installed was a new toolbar named "Security Toolbar 7.1". I have scanned my computer with many different programs and have somehow finally managed to get rid of the pop ups and toolbar, although I know I'm probably still infected somewhere. I'm sorry this is so long but, I wanted to explain EVERYTHING! I'm running Windows XP SP2, and have followed all steps to post. I downloaded DSS, but after many attempts to run, it just wouldn't let me. I do have a fresh hijackthis log and my Panda report, I hope this is good enough.
Many thanks in advance to whomever helps me, I am desperate!
Monica

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:58:35 PM, on 11/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe... Read more

A:2 evil friends on desktop "Live Safety Center" and "Online Security Guide" Help?

Hi, thanks for trying to perform all the steps.


Quote:




I downloaded DSS, but after many attempts to run, it just wouldn't let me.




At what stage does DSS stop working?

Read other 7 answers
RELEVANCY SCORE 64.4

I don't have a clue where to begin trying to fix this problem. Spybot doesn't seem to fix the problem. I keep getting random icons on my desktop and start menu called "online security guide" and "live saftey center". There are also many fake balloon warnings appearing and a window titled "Critical System Warning!" that wants me to download stuff. What process can I go through to clean my system. Any help would be great...thank you!

A:i need help - "online security guide" & "live safety center" icons!!

Please follow MicroBell's 5 Step process outlined here:

http://www.techsupportforum.com/secu...tml#post342651

After running through all the steps, please post the requested logs.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 64.4

I'm having the same problem that a lot of people are having. These icons have showed up on my desktop and i keep getting pop ups telling me to download them because i have a virus. i would really applicate the help.
thanks!
John

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
91: 2007-11-17 16:39:03 UTC - RP554 - Deckard's System Scanner Restore Point
90: 2007-11-17 15:47:18 UTC - RP553 - System Checkpoint
89: 2007-11-16 15:05:33 UTC - RP552 - System Checkpoint
88: 2007-11-15 01:17:54 UTC - RP551 - Software Distribution Service 3.0
87: 2007-11-13 22:39:57 UTC - RP550 - Removed Banctec Service Agreement


-- First Restore Point --
1: 2007-11-12 23:17:11 UTC - RP464 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 81% (more than 75%).
Total Physical Memory: 510 MiB (512 MiB recommended).
System Drive C: has 2.78 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-17 11:42:27
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\... Read more

A:"online security guide" and "live safety center" deckard log here

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please download VundoFix.exe to your desktop. We'll use this later.

Download SDFix and save it to your Desktop.

Please download & install - ERUNT (This is a utility that'll replicate a copy of your Registry)
Start ERUNT, confirm the Welcome message.

Next, select the backup options:

System registry
Current User Registry
Other open user registry

Click "OK" and wait until the backup process is complete. (Note that depending on your system configuration this may take some time, and that the first bar is NOT a progress bar, just an indicator that the program is still running.)
# Note: To ensure proper operation of ERUNT, you should be logged in a... Read more

Read other 13 answers
RELEVANCY SCORE 63.6

I don't have a clue where to begin trying to fix this problem. I keep getting random icons on my desktop called "online security guide" and "live safety center". There are also many fake balloon warnings appearing and a window titled "Critical System Warning!" that wants me to download stuff. What process can I go through to clean my system. I didn't have this problem until I upgraded to Norton 2008. I am currently running IP tool antivirus and spyware, I also have ran Smitfraudfix, still getting pop ups like crazy. Also my IP tools is finding Trojan.Virtumonde. I use Quicken and it seems to have attacked it because I am no longer able to use it. Any help would be great...thank you!

A:"online security guide" and "live safety center"

Hi and welcome to TSF.

Apologies for any delay in replying, but we have been rather busy lately, and, of course, all our helpers are volunteers.

Since it has been a few days since you first posted, please follow these instructions if you still need assistance.

Download Deckard's System Scanner (DSS) to your Desktop . Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - minimised > extra.txt and maximised > main.txt.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt back in this thread (do not attach it).
Please attach extra.txt to your post.


To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.

I will monitor this thread for your reply.

Thank you for your patience.

Read other 1 answers
RELEVANCY SCORE 63.6

My son uses his computer on the net a lot and of course there is a virus out there waiting to serve its twisted master.

He got the wellknown "Live Safety Center" and "Online Security Guide" and it keeps comming back and hijacks his internet browser to redirect to the same page that promises peace and wellbeing for money ... of course.

Here is the DDS log:
"
Deckard's System Scanner v20071014.68
Run by Emil on 2007-11-10 20:43:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Emil.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44:39, on 10-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\F?lles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\agsdyely.exe
C:\Programmer\F?lles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Progra... Read more

A:Need to get rid of "Live Safety Center" and "Online Security Guide"

I did follow MicroBell's 5 Step process and the Panda scan said that no virus could be found. However, my Avast anti-virus warned me 5-6 times about files while I was running the Panda virus scanning. One of them was named "win.exe" and was in C:\temp\ but has now been deleted. Every time Avast issued a virus alert I chose the option to delete the file in question.

Read other 19 answers
RELEVANCY SCORE 57.6

hello,
I am having trouble installing the AOL Safety & Security Center. I use AOL for a lot of things and I want to try their security suite out. Yet whenever I try to install, it goes to about 75% and then disappears. I've done my research and nothing on AOL's help site is working. What is up and what can I do?

Sincerely,
Jesse

A:Aol Safety & Security Center

Maybe a different download manager than the one you have? I use download accelerator plus, and it works great. You can find it at:http://www.speedbit.com/Hope it works for you (and that you can download it). Good luck.

Read other 1 answers
RELEVANCY SCORE 57.6

Help! I got a virus called Safety Center. It pop-ups alerts such as "Warning Database update failed" and sometimes a Splash screen of a Gay Porn.

Here's my hijack log after I use my ATF Cleaner:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:02:34 AM, on 9/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.ex... Read more

A:Safety Center Virus

bump
 

Read other 1 answers
RELEVANCY SCORE 57.6

ok every few days for the past 2 weeks my aol safety and security center firewall turns off. then i hit turn on and the message appears saying aol firewall is on but its still off

then i reinstall and its good for about 2 days but then i restart computer and its bad again.

heres hjt log WHILE ITS MESSED UP
****NOTE****ill post an hjt log when its running fine l8er

Logfile of HijackThis v1.99.1
Scan saved at 12:00:32 PM, on 4/26/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1120601684\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\1120601684\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\AOL\1120601684\ee\SSCEvtHdlr.exe
C:\Program Files\Common Files\AOL\1120601684\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1120601684\ee\services\safetyCore\ver210_5_4_1\aol... Read more

A:AOL safety and security center

here it is when firewall is fine after i reinstalled
Logfile of HijackThis v1.99.1
Scan saved at 12:42:40 PM, on 4/26/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1120601684\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\1120601684\ee\SSCEvtHdlr.exe
C:\Program Files\Common Files\AOL\1120601684\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\1120601684\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\AOL\1120601684\ee\aolsoftware.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\spcauth.exe
C:\WINDOWS\System3... Read more

Read other 1 answers
RELEVANCY SCORE 57.6

Whats going on Tech Support Guys. It's been a while since I been here but I need your help again. The Safety Center virus creeped up on my computer when I wasn't looking. Every time I tried to boot in safe mode to run malwarebytes, I received the BSOD. When I booted up in normal mode, I couldn't run Malbytes, I couldn't unhide folders to stop malbytes from quiting scanning after 5 seconds. The virus kept trying to install Roxio Media manager or something like that on my computer. eventually I couldn't stop it and it installed. After numerous time shutting down and restarting my computer, I finnaly hit rock bottom. I can't go to safe mode AND NOW in normal mode, I have no icons or anything just a blue empty screen and nothing happens when I press the keyboard buttons. What do you guys think? Thanks for reading!
 

Read other answers
RELEVANCY SCORE 57.6

For those who don't know, this program provides you with antivirus, spyware, and a firewall. I have been using it because my subscription to Norton Antivirus had expired. I have just renewed my subscription, and would like to uninstall AOL Safety and Security Center since it seems to slow my computer down. I was wondering if Lavasoft Ad-Aware SE Personal and Windows Firewall were good alternatives for spyware and firewall programs. I was also wondering if you would suggest that I use Windows Firewall, or if I should download a different one like ZoneAlarm?
 

A:AOL Safety and Security Center

Ad-aware is a great program to use. You may also want to download Spybot as well. So is Zone Alarm as your firewall. I wouldn't use Windoze firewall at all. Dang sure wouldn't use anything AOL has to offer.
 

Read other 12 answers
RELEVANCY SCORE 57.2

I'm having a lot of issues getting rid of what I thought was only a Windows Police Pro infection. My computer was fine until my boyfriend hooked up his eSATA drive last night to put some things on it and suddenly the Windows Police Pro problems popped up. I disconnected the drive and tried to run MBAM immediately, but it would only run for 3 seconds then disappear. I followed the steps from the Remove Windows Police Pro (Removal Guide) , which seemed to be working at the time, but I was still not able to fully run MBAM (or any other spyware tools i tried) after following the guide. I've been looking around and trying different things but nothing has really worked or been able to run. I did FINALLY get just a partial RootRepeal report and a full Win32kDiag report which I have attatched. Right before I was about to post this, some other issues popped up.. Safety Center/Safety Manager?So now I think I may be limited to Safe Mode... but I'm still getting a bubble popping up saying my computer is infected and I actually have a desktop icon for Safety Center. PLEASE HELP![overline]PARTIAL ROOTREPEAL REPORT[/overline]ROOTREPEAL ? AD, 2007-2009==================================================Scan Start Time: 2009/09/18 15:18Program Version: Version 1.3.5.0Windows Version: Windows XP SP3==================================================Drivers-------------------Name: dump_atapi.sysImage Path: C:\WINDOWS\System32\Drivers\dump_atapi.sysAddress: 0xF6D92000 Siz... Read more

A:WINDOWS POLICE PRO/SAFETY CENTER...

Hi, tnscott Welcome.Please follow these steps:Step 1Open a command prompt. (Start->Run, type CMD and click OK) At the prompt copy and paste the following commands and press Enter after each line:Copy C:\WINDOWS\system32\dllcache\eventlog.dll C:\ExitStep 2Click on Start->Run, copy and paste the following command into the "Run" box (including the quotation marks), and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here in your next reply."%userprofile%\desktop\win32kdiag.exe" -f -rStep 31. Please download The Avenger by Swandog46 to your Desktop.Right click on the Avenger.zip folder and select "Extract All..." Follow the prompts and extract the avenger folder to your desktop2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):Begin copying here:
Files to move:
C:\eventlog.dll | C:\WINDOWS\system32\eventlog.dllNote: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.3. Now, open the avenger folder and start The Avenger program by clicking on its icon. Right click on the window under Input script here:, and select Paste. You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard. Click on Execute Answer "Yes" twice when prompted.4. The Avenger will automatically do the following:It will ... Read more

Read other 6 answers
RELEVANCY SCORE 57.2

Thanks so much in advance for your help with this frustrating problem. A strange "Safety Center" pop-up began appearing a few weeks ago. I have been unable to delete it - each time I tried, it caused Windows to restart. It also reconfigured my monitor settings which kept me from viewing the toolbar at the bottom = couldn't expand any folders for viewing. I was unable to get online. System Restore would not run. I was finally able to run CCleaner in safe mode and access some of the folders. I uninstalled unnecessary programs - am now able to access my folders and get online. However, I am still receiving frequent IE error reporting pop-ups. I have been X-ing out of them without reporting the errors. I followed your instructions for preparation before reporting this problem. I did not have any problems performing the steps. The logs: DDS.txt and RootRepeal report are below. The Attach.txt and ark.txt files are attached. Again, I appreciate your time and your help. Lori
DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 1:35:30.18 on 2009-09-19
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.153 [GMT -5:00]

AV: CyberDefender Internet Security *On-access scanning enabled* (Updated) {CCA5F26E-FE83-4163-877B-58BEE385E7F7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\... Read more

A:Safety Center / Frequent IE Errors

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download ComboFix from one of these locations:Link 1Link 2Link 3Important!You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Make sure that you save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow ... Read more

Read other 11 answers
RELEVANCY SCORE 57.2

While I was browsing through the internet yesterday, I caught Antivirus PRO on my labtop somehow. At the time I did not know how to stop the pop ups caused from it so I immediately ran my Webroot spy sweeper. It quarantined some trojans, but did not solve the problem. As I restarted, the Antivirus PRO was there again. At one point I remember seeing Safety Center also which caused my internet to not be connected/ work properly. I'm not very knowledgable with computers so please be patient with me if I do not understand something. Here is the DDS log:
DDS (Ver_09-10-26.01) - NTFSx86
Run by Owner at 18:38:37.96 on Sat 11/07/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.305 [GMT -6:00]

AV: Norton Internet Security 2006 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Trend Micro AntiVirus *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\E... Read more

A:Infected with Antivirus PRO/ Safety Center

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follo... Read more

Read other 50 answers
RELEVANCY SCORE 57.2

Greetings, BleepingComputer!
This computer has at least the "Safety Center" fake security program. Plus it's disabled
all of the control panel options. Keeps saying that it can't locate system32.dll.
I was able to run DDS normally but RootRepeal would only work in Safe Mode.
In normal mode, it would cause the computer to reboot.
Before this computer had a pretty bad infection but it got reinfected by something
else.
The logs are below and attached as required.

Thanks in advanced!
Monkeyb00y

Here is the DDS log:

DDS (Ver_09-07-30.01) - NTFSx86
Run by Compaq_Owner at 13:44:44.06 on Mon 11/09/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.191.33 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Com... Read more

A:Safety Center infecting this computer...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 32 answers
RELEVANCY SCORE 57.2

I made the mistake of downloading the peice of crap security suite. it's really a dumbed down suite of mcafee software there were several problems that prompted me to uninstall it and that is causing more more problems.

first of all, the suite has no way to manually update it, so you must wait for it to update it self. even when it does, for some reason the gui says you have 0 (zero) virus definitions. the front page maintains that spyware detection, virus protection, and firewall are turned off, but when you go to the respective tabs you see that spyware and virus protection are turned on and the firewall is missing so there is no way to turn it on or off. but here's the thing, windows security detects the firewall and aol's sign on screen shows that all the components are active. the suite also was enough of a resource hog to noticably slow my system down, but thats to be expected as my comp is running a pentium III 1ghz with only 384 mb ram.

well with all that, I decided it was best to uninstall the safety & security center and buy my own security. but here is where the next problem is. windows security is still detecting the aol firewall and I have no way of disabling it. I don't even know why it's still being detected. after uninsatlling I deleted all mcafee folders and anything that I could find related to the aol safety & security center.

so what do I have to do to get rid of this? what other info is needed in order to solve my prob... Read more

A:aol safety & security center woes

Read other 8 answers
RELEVANCY SCORE 57.2

Since i downloaded AOL's safety & security center my comp. slowed down considerably. I want to uninstall it but it is not listed in my programs to uninstall. I have windows xp.
 

A:How do i uninstall AOL Safety & Security Center

Open HijackThis and click on the "Open the Misc Tools Section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" botton. Copy and paste that list here please.
 

Read other 1 answers
RELEVANCY SCORE 57.2

I'm having a lot of issues getting rid of what I thought was only a Windows Police Pro infection. My computer was fine until my boyfriend hooked up his eSATA drive last night to put some things on it and suddenly the Windows Police Pro problems popped up. I disconnected the drive and tried to run MBAM immediately, but it would only run for 3 seconds then disappear. I followed the steps from the Remove Windows Police Pro (Removal Guide) , which seemed to be working at the time, but I was still not able to fully run MBAM (or any other spyware tools i tried) after following the guide. I've been looking around and trying different things but nothing has really worked or been able to run. I did FINALLY get just a partial RootRepeal report and a full Win32kDiag report which I have attatched. Right before I was about to post this, some other issues popped up.. Safety Center/Safety Manager?So now I think I may be limited to Safe Mode... but I'm still getting a bubble popping up saying my computer is infected and I actually have a desktop icon for Safety Center. PLEASE HELP![overline]PARTIAL ROOTREPEAL REPORT[/overline]ROOTREPEAL © AD, 2007-2009==================================================Scan Start Time: 2009/09/18 15:18Program Version: Version 1.3.5.0Windows Version: Windows XP SP3==================================================Drivers-------------------Name: dump_atapi.sysImage Path: C:\WINDOWS\System32\Drivers\dump_atapi.sysAddres... Read more

A:HELP! Windows Police Pro/Safety Center

Since you were able to produce those 2 logs you need to post them in our HJT forum:http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/Give a brief description and tell them that these logs was all you could get to run successfully The HJT team is extremely busy, so be patient and good luck

Read other 1 answers
RELEVANCY SCORE 57.2

Hi have recently been infected by these pop ups.

The address bar in the most prominent one is:

http://www.savetheinformation.com/v...135_c0760e36 DFF1692788E64EAAA097460B7E65289B

Here is my hijack log any help will be appreciated:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:56:13, on 29/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WinTouch\WinTouch.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA... Read more

Read other answers
RELEVANCY SCORE 56.4

I am infected with Safety Center. I dl and installed MBAM, it will run for 2 seconds then close. I also tried to run it in safe mode. I was able to locate some of the files in the registry and removed them.

A:Safety Center Virus-Cannot run mbam or spybot

We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Read other 10 answers
RELEVANCY SCORE 56.4

So a friend asked me to look at their computer as it wouldn't even boot up. I'm attempting to do an XP repair (not recovery console) with the XP disk. Everything looks good and it goes through the first 5 mins of the windows reinstall / repair. Then a Security Center bogus 'System Warning' pops-up preventing it going any further (saying 'your computer may be infected with spyware...blah blah). Any ideas on how to get around this without a re-format? Rebooting the computer goes straight back into the start-up / install process and the same thing happens.

Thanks in advance for any assistance!

A:Safety Center preventing XP repair from completing

Sorry, initially logged this in the wrong forum.

Read other 2 answers
RELEVANCY SCORE 56.4

I have spent the last 6 hours messing around with different software to figure out if there's spyware on my computer (Windows XP and always updated).

My computer had been acting very slow lately and I had reason to suspect possible spy software. Sometimes the CPU usage would go to 100% and it wouldn't stop until I would go into the task manager and end the task or process for that software. Other problems with memory and programs running in the background without me recognizing them also occurs. I had AOL safety and security center installed and run constantly... but it doesn't show that I have any problems.

However I tried "SpyWareDoctor" and "HijackThis" and "SpyonThis" today and each gave a different outcome.

"SpyWareDoctor" gave a list of some 290 files. but only 30 or 40 of them were dangerous. the ones that were dangerous had like KLHM or something of that sort. I looked it up online and that wasn't too helpful.

"SpyonThis": I downloaded this software and ran it but it wasn't working I would get an error message every time I would try to open it (even after reinstalling it). the error message would read "This program has been damaged, possibly by a bad sector of the hard drive or a virus. Please reinstall it."

"HijackThis" gave a smaller list but more complicated to read. I have attached the outcome from that log at the end.

So i turned more confused. and thought I wou... Read more

A:Difference between HijackThis and AOL Safety and Security Center

Read other 9 answers
RELEVANCY SCORE 56.4

Hello, I am writing this for my son's computer; all logs and emails are from his computer.

Sept 5, 2009- My son went to a questionable web site and suddenly a sexually orientated pop-up appeared. As I understand it he tried to close it right away but it seems only to have achieved in downloading the rogue malware Windows Safety Center. Of course it came up with an infection warning and in his haste (because we JUST got rid of another one of these) he clicked on a few of the icons and I assume made it worse. Then the computer restarted which as I understand (perhaps incorrectly) just relaunches the trojan and makes it worse. So we followed this course:

--- Ran McAfee full scan. Only found 1 or 2 items, which were removed.
--- Ran MalwareBytes anti-malware (after update) full scan. Nothing found so restarted the computer.
--- Ran MalwareBytes anti-malware quick scan. About 8 items found; had to restart for full removal so did so.
--- Ran MalwareBytes anti-malware full scan AGAIN. 1 or 2 items found but no restart needed.

--- Emptied temporary internet files
--- Through McAfee and Windows itself, upgraded parental options & made them much stronger. Now McAfee will not completely come up. On this issue, I am wondering if this is because we use FireFox as a browser and have Comcast Internet service from whom we get the McAfee. Just a week or so ago when I spoke to someone at Comcast on a completely different issue they told me that Comcast was Internet Explorer based.

Sept... Read more

A:remaining infections from Windows Safety Center

Hi, just an update:I took the computer offline earlier this evening and just now finished running a MalwarBytes full scan. It came up with one item, which I already have read elsewhere is bad:Rootkit.TDSSThe location I could see was:HKEY.LOCAL_MACHINE\System\CurrentCon..... I couldn't see the rest of it. I did remove it though.This was the notepad log:Malwarebytes' Anti-Malware 1.40Database version: 2748Windows 5.1.2600 Service Pack 39/6/2009 10:10:32 PMmbam-log-2009-09-06 (22-10-11).txtScan type: Full Scan (A:\|C:\|D:\|)Objects scanned: 145240Time elapsed: 1 hour(s), 11 minute(s), 34 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbiwkmpvgoecwt (Rootkit.TDSS) -> No action taken.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)-------------------------------------------------------I will update MalwareBytes and take the computer offline again. Please help, thanks so much. Hello megatron2017,We ask that once you have posted your log and are waiting, please DO N... Read more

Read other 9 answers
RELEVANCY SCORE 56.4

Hello All,I am now posting here at the advice of the "Am I Infected" forum. This is the original thread: http://www.bleepingcomputer.com/forums/t/258634/safety-center-system-antivirus-pro-explorer-not-working/My computer has been acting up for a bit. The latest incarnation of whatever mess I've gotten myself into is Safety Center. Last week it was System Antivirus Pro. I see a folder that has been created on my C:\ for Windows Police Pro.Currently my explorer doesn't seem to be working. I cannot click on anything on the desktop. I cannot access "My Computer" or most of my programs. I was able to run Symantec earlier and it quarantined another dozen or so files. Now that I thought I'd cleared those out, "Security Center" pops up when I restart the computer. I still can't click on anything on the desktop. MalwareBytes still won't run, even after reinstalling I get an "Error 707 (3)"I tried disabling programs on startup through msconfig.The suspicious programs that I've disabled are:17590154A blank one with the command "\Program\"b.exekuhgsysguard.exenet.netas well as some others that I believe I know the origin of.Folders that have appeared in my C:\\ since yesterday..."Safety Center""Movie Joiner""Windows Police Pro""jgfkdm""collin"The only successful log I've been able to run is from Win32kDiag. Thank you all so much for your help. Here is the Win32kDiag log:Beginning of Win32kDiag.txt=====Running from: C:\Documents and Settings\Josh\Desktop\Win32kDiag.exeLog file at ... Read more

A:Safety Center - System Antivirus Pro - Rootkit

Hi, sarcasmic Welcome.Please follow these steps:Step 1Click on Start->Run, copy and paste the following command into the "Run" box (including the quotation marks), and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here in your next reply."%userprofile%\desktop\win32kdiag.exe" -f -rStep 2Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tabSet to "Always ask me where to Save the files".During the download, rename Combofix to Combo-Fix as follows:

It is important you rename Combofix during the download, but not after.Please do not rename Combofix to other names, but only to the one indicated.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be ... Read more

Read other 50 answers
RELEVANCY SCORE 56

about once a month or so I will run the free safety one care scanner and the other day while going through my uninstall program list I noticed that this program was installed on my computer. I never noticed this any other time I ran it. So I uninstalled it and ran the scanner again and checked and it wasnt there but ran it again and it was. I also stopped the scan half way through once and noticed that the sheild logo in the uninstall program list was just blank white sqaure and only about half of the size of the program was there and when I uninstall it I get a message saying it didnt uninstall correctly and gives me to options to choose from Something else I noticed that was funny was one time I highlighted it but didnt uninstall and came back and the program was no longer listed in the list. Could anyone tell me what might be going on here and if anyone else has had this happen?

A:safety live one care help

We need far more details from you.
You say "This program........" What program?

Please list the security programs you are using [apart from the "free safety one care scanner" that you run once a month ] eg firewall, anti virus that may have been preinstalled on your computer, anti malware, defender etc.
Is protected mode on?
It would also help if you filled in your system specs.

Read other 3 answers
RELEVANCY SCORE 56

Hello,

I seem to have gotten myself into quite a mess. Last night my computer started giving me lots of trouble. I'd run across viruses before, including what I think was called "System Antivirus Pro." MalwareBytes had been giving me trouble and not running, but I finally got it to run correctly and quarantine around 18 things. Then I guess I managed to unleash something else.

Currently my explorer doesn't seem to be working. I cannot click on anything on the desktop. I cannot access "My Computer" or most of my programs. I was able to run Symantec earlier and it quarantined another dozen or so files. Now that I thought I'd cleared those out, "Security Center" pops up when I restart the computer. I still can't click on anything on the desktop. MalwareBytes still won't run, even after reinstalling I get an "Error 707 (3)"

I tried disabling programs on startup through msconfig.

The suspicious programs that I've disabled are:

17590154
A blank one with the command "\Program\"
b.exe
kuhgsysguard.exe
net.net

as well as some others that I believe I know the origin of.

Folders that have appeared in my C:\\ since yesterday...

"Safety Center"
"Movie Joiner"
"Windows Police Pro"
"jgfkdm"
"collin"

I am currently not on the infected computer because it's really not working. I downloaded the "dds.scr" and it open... Read more

A:"Safety Center" "System Antivirus Pro" Explorer not working

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Read other 5 answers
RELEVANCY SCORE 56

Earlier tonight I was online and my internet explorer crashed suddenly and then a program claiming to be Safety Center popped up and warned me that my computer is infected with viruses and urged me to purchase the program. I shut my computer (currently running Windows XP) down to prevent further damage, but it was too late. The entire system has been locked by the virus(es). I am unable to edit the registry, connect to the internet, start task manager, run in safe mode, or access my USB drives. Furthermore, the viruses have disabled access to Malwarebytes and my Antivirus software (Zone Labs).

In addition to having "Safety Center" running out of control on my computer, I also have popup alerts from some program calling its self "Antivirus System Pro alert" which I also cannot get rid of. I have tried starting the computer in safemode, but the computer flashes a blue screen for less than a second and reboots. I have also tried to edit the registry to remove the corrupted keys, but when I typed regedit into the run field the computer came up with an error message that said "registry edit disabled by the administrator". I attempted to run a Malwarebytes scan but the file path "could not be found" and redownloading the program is out of the question because as soon as the internet explorer is opened it disapears. I am also unable to disable the processes running with the taskmanager because the program has blocked access saying th... Read more

A:Safety Center and Antivirus system pro alert virus

You need to somehow get this on your computer and run itAfterwards immediately run mbamPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer or you will have to run it again

Read other 6 answers
RELEVANCY SCORE 56

I have a new Gateway PC running Windows XP that I just got in December 2006. The McAfee software it came with expired after 3 months, so I installed the AOL Safety & Security Center. I can't get the status better than "Fair" on this computer. It shows a message that it needs to update the Spyware definitions, but when I try it says no updates are available (should state that either it is up-to-date or that new definitions need to be downloaded). If I try running a Spyware check it stops after a few seconds stating that the operation was cancelled by the user, which I did not do. I tried uninstalling the software, rebooting as instructed & then reinstalled the software from a fresh download, but still keep getting the same exact problem. I don't think it is completely uninstalling the software & that some file that is bad remains with the typical uninstall, but don't know what to do at this point. AOL does not offer technical support for non-paying AOL members. I recently changed from being a paid AOL member to their free service. Please help!
 

A:AOL Safety & Security Center won't update Spyware definitions

Read other 7 answers
RELEVANCY SCORE 55.2

I didn't know where to post this thread so I posted here.

I installed familysafety.live to my little brother PC.. now I have this problem. Its blocking some programs and games from starting/opening... I haven't blocked any of them..

How can I fix this problem?

A:problem with family safety live. (I need some help)

You need to go into it and set what he can do and not do and then save it, by default there are some restrictions.

Read other 3 answers
RELEVANCY SCORE 55.2

Hello again, all.

I wasn't quite sure where to put this, but I thought here would suffice.

My problem is that I have 2 computers with Windows Live Family Safety enabled, with them set to "Warn on Adult" mode. The problem is that this forces YouTube's "Safety Mode" to be stuck on, whether a user is logged into YouTube or not. Both computers affected only have administrator accounts, so I don't think lack of permission is a problem.

Any help on stopping Windows Live Family Safety forcing YouTube's safety mode to stay on (without disabling WLFS altogether - this is the only way I have managed to turn off Safety Mode), would be appreciated.

Thanks,
Tom.

A:Windows Live Family Safety

I had to disable the web filtering service in the end. It says "When the web filter is on, SafeSearch will be locked on in Bing, Google, Yahoo! and other popular search engines" on the website, and I don't think this option can be altered.

Read other 3 answers
RELEVANCY SCORE 55.2

I got hit with the Antivirus Soft malware today. After rebooting into Safe Mode, I did a System Restore back to january 4, and the computer seemed to be workign normally. As my next step, I'm running a Windows live (Safety.Live.Com) scan. That scan hasn't finished yet, but has detected four issues thus far.Will this be enough to remove this trojan, or do I need to do more?By the way, if you've been hit with this virus and can't access the internet through internet explorer, try usiing Mozilla Firefox. I was able to access the internet and find this board through Firefox will the trojan was blocking Internet Explorer and all other applications, it seemed.Edit: Moved topic from XP to the more appropriate forum. ~ Animal

A:Antivirus Soft - Is Safety.Live.Com enough

Read and follow http://www.bleepingcomputer.com/virus-remo...-antivirus-soft.Louis

Read other 5 answers
RELEVANCY SCORE 55.2

I've been recommending this scan for some time for users of XP. It's now available in beta form for the Vista users out there.It's benefits include:1) Scanning for malware2) Registry cleaning3) Deletion of Temp files4) Defragging your hard drive5) Open port scan6) a bit of System information7) Changing your oil (OK, so I fibbed about this one! You can reach it by navigating to the http://safety.live.com/ page and clicking on the beta link. Also, here's the direct link: http://safety.live.com/site/en-us/center/whatsnew.htmYou'll have to use Internet Explorer (v7 will work), allow pop-ups from the site, and follow the prompts to install the ActiveX control (and the inevitable UAC prompts) in order for it to run. It's running on my system right now. I'll let y'all know the results when it's done.

A:Safety.live.com Vista Beta

The scan worked quite well. It gave 5 errors in trying to fix file type associations in the HKCU registry keys(.wpl, .wms, .cda, .wmz, .wmd) but otherwise it did all that it was expected to do!

Read other 1 answers
RELEVANCY SCORE 54.8

Greetings, everyone.I have a problem about Windows Live. For some reason, when I access this site - Tune Up Center - and clicked the "Tune Up Scan" button, this webpage shows up - We're Sorry.Here is the screenshot:I have all the requirements, my OS is Windows Seven Ultimate and Internet Explorer 8.Edit: Moved topic from Win 7 to the more appropriate forum. ~ Animal

A:Windows Live OneCare Safety Scanner

Is Windows Live OneCare still alive?

http://onecare.live.com/standard/en-us/support/ocfaq.htm
http://onecare.live.com/standard/en-us/default.htm

I thought, it was discontinued...

Read other 4 answers
RELEVANCY SCORE 54.8

Hi all, I recently installed Family Safety on our laptop for the safety of our grandsons. Now when they ask permission to visit a specific site, and I need to allow that site to be visited, the only ID option which comes up is our regular email address not the ID option I entered upon registering for the account. Can anyone advise me on how to resolve this issue? Thanks in advance for any help!

A:Windows Live Family Safety Sign In

Hello rose, a big welcome to you to Sevenforums!

This is the live family saftey website: https://fss.live.com/safety/default.aspx
You will need to enter the same user name and password that you use to log in to hotmail for your email, and it has to be the same one you signed up the live saftey accounts with.



This is what it looks like. You can view the activity of each member you sign up. There are more settings on the left hand side (after you click a family member) that you can change to add more security to your child.

Don't forget the settings you can change in parental controls, including adding children to the list

Read other 1 answers
RELEVANCY SCORE 54.8

My computer has recently stopped working. It's a hardware problem, and I have sent it away to get fixed under warranty. Before I sent it away, I put the hard disc into another computer so that I could back up my files. I was looking through my "Program files" folder, and found a directory entitled "Windows Live Safety Centre". What is this? I have never installed any security software from Microsoft other than SP2 and their constant flow of security-polyfilla. Is this a virus or piece of spyware?

A:Possible Malware: Windows Live Safety Centre

It comes from the Windows Live OneCare scanner...which you more than likely downloaded through windows updates.

Read other 4 answers