Tech Support Forum banner
Cancel

Need to get rid of "Live Safety Center" and "Online Security Guide"

Jump to Latest Follow
Status
Not open for further replies.
1 - 20 of 20 Posts
Y

· Registered
Joined
·
14 Posts
Discussion Starter · #1 ·
Need to get rid of "Live Safety Center" and "Online Security Guide"

My son uses his computer on the net a lot and of course there is a virus out there waiting to serve its twisted master.

He got the wellknown "Live Safety Center" and "Online Security Guide" and it keeps comming back and hijacks his internet browser to redirect to the same page that promises peace and wellbeing for money ... of course.

Here is the DDS log:
"
Deckard's System Scanner v20071014.68
Run by Emil on 2007-11-10 20:43:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Emil.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44:39, on 10-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\agsdyely.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\limewire\limewire.exe
C:\HBA\Virus\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Emil.exe
C:\WINDOWS\system32\mspaint.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Programmer\ContextTool\ContextTool-2.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmer\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {64F7A424-5613-4885-A1B2-4A3CC56D5F08} - C:\WINDOWS\system32\mljge.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {86A2673A-1B5F-4E5A-B8D8-099D446F4616} - C:\Programmer\Windows NT\hosecuC:\WINDOWS\system32\e1\caws83122.exe.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\zpsfvoli.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O2 - BHO: {4569e5e9-4e67-bfe9-f914-4fd129c98feb} - {bef89c92-1df4-419f-9efb-76e49e5e9654} - C:\WINDOWS\system32\ntwsbkjy.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\zpsfvoli.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD325762EA4EBF968951185EFC412806867680AEDE604D64C2661373F819EBDCD66A47
O4 - HKLM\..\Run: [cc429608] rundll32.exe "C:\WINDOWS\system32\jmpenofk.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WinAble] C:\Programmer\WinAble\winable.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Programmer\IMVU\IMVUClient.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/229?ad0ecc5bcbe84099a7ef653c4a4aa47a
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/230?ad0ecc5bcbe84099a7ef653c4a4aa47a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmer\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Emil\Menuen Start\Programmer\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169665996593
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c004A02A.dat
O20 - Winlogon Notify: zpsfvoli - C:\WINDOWS\SYSTEM32\zpsfvoli.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\agsdyely.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 9746 bytes

-- Files created between 2007-10-10 and 2007-11-10 -----------------------------

2007-11-10 19:44:43 0 d-------- C:\Programmer\Trend Micro
2007-11-10 19:05:35 0 d-------- C:\Programmer\SpywareBlaster
2007-11-10 17:33:11 41724 ---hs---- C:\Programmer\Fælles filer\Yazzle1560OinUninstaller.exe
2007-11-10 17:25:00 0 d-------- C:\Programmer\Insider
2007-11-10 17:24:58 0 d-------- C:\Programmer\InetGet2
2007-11-10 16:40:12 85056 --a------ C:\WINDOWS\system32\jmpenofk.dll
2007-11-10 16:37:12 81472 --a------ C:\WINDOWS\system32\ntwsbkjy.dll
2007-11-10 16:35:16 0 d-------- C:\Documents and Settings\Henrik\Application Data\LimeWire
2007-11-10 16:34:12 71232 --a------ C:\WINDOWS\system32\emkmtixx.exe <Not Verified; ; DDC>
2007-11-10 16:31:13 10816 --a------ C:\WINDOWS\system32\__c004A02A.dat
2007-11-10 16:31:12 10816 --a------ C:\WINDOWS\system32\pwyhayjy.dll
2007-11-10 16:30:08 36352 --a------ C:\WINDOWS\system32\rqrqppo.dll
2007-11-10 16:29:54 7713 --a------ C:\WINDOWS\system32\ldcore.dll
2007-11-10 16:28:48 10816 --a------ C:\WINDOWS\system32\mbhjrblp.dll
2007-11-09 16:20:37 0 d-------- C:\Documents and Settings\Miki\Application Data\LimeWire
2007-11-09 13:04:35 77888 --a------ C:\WINDOWS\system32\nckvbyeb.dll
2007-11-09 13:04:31 88128 --a------ C:\WINDOWS\system32\mjickogw.dll
2007-11-09 13:01:33 10816 --a------ C:\WINDOWS\system32\__c00F6D1B.dat
2007-11-09 13:01:32 10816 --a------ C:\WINDOWS\system32\tdxbarra.dll
2007-11-09 13:01:31 71232 --a------ C:\WINDOWS\system32\agsdyely.exe <Not Verified; ; DDC>
2007-11-09 13:00:51 134 --a------ C:\n.bat
2007-11-09 13:00:32 35328 --a------ C:\WINDOWS\system32\pmnnnop.dll
2007-11-09 13:00:31 0 --a------ C:\x.dat
2007-11-09 13:00:29 0 --a------ C:\Documents and Settings\Emil\x.dat
2007-11-09 13:00:16 0 --a------ C:\z.dat
2007-11-09 13:00:13 264 --a------ C:\Documents and Settings\Emil\z.dat
2007-11-09 13:00:09 172032 --a------ C:\winlogon.exe
2007-11-09 12:59:34 145984 --a------ C:\WINDOWS\system32\zpsfvoli.dll
2007-11-09 12:59:13 145984 --a------ C:\WINDOWS\system32\xuxpjeuh.dll
2007-11-09 12:59:11 101726 ---hs---- C:\WINDOWS\system32\egjlm.bak2
2007-11-08 16:51:38 6465 ---hs---- C:\WINDOWS\system32\egjlm.bak1
2007-11-08 16:51:00 316000 --a------ C:\WINDOWS\system32\mljge.dll
2007-11-08 16:49:29 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-11-08 16:49:09 0 d-------- C:\Programmer\WinAble
2007-11-08 16:49:08 0 d-------- C:\Programmer\Temporary
2007-11-08 16:46:01 35840 --a------ C:\WINDOWS\mrofinu1000106.exe
2007-11-08 16:46:00 35840 -ra------ C:\WINDOWS\mrofinu1188.exe
2007-11-08 16:45:57 35328 --a------ C:\WINDOWS\system32\gebcdbc.dll
2007-11-08 16:45:48 0 d-------- C:\WINDOWS\system32\u4
2007-11-08 16:45:48 0 d-------- C:\WINDOWS\system32\e1
2007-11-08 16:45:39 0 d-------- C:\WINDOWS\system32\b3
2007-11-08 16:45:37 0 d-------- C:\WINDOWS\system32\Mz18r
2007-11-08 16:45:35 111727 --a------ C:\a.exe
2007-11-08 16:29:59 0 dr-h----- C:\Documents and Settings\Emil\Application Data\SecuROM
2007-11-06 18:45:25 0 d-------- C:\Programmer\iPod
2007-11-01 12:24:00 229376 --a------ C:\WINDOWS\b128.exe
2007-10-30 19:53:32 97280 --a------ C:\WINDOWS\b147.exe
2007-10-29 21:21:52 145920 ---hs---- C:\Programmer\Fælles filer\Yazzle1560OinAdmin.exe
2007-10-29 17:12:21 0 d-------- C:\Documents and Settings\Iku\Application Data\Apple Computer
2007-10-27 21:14:36 0 d-------- C:\Documents and Settings\Henrik\cbt
2007-10-26 22:10:59 0 d-------- C:\Documents and Settings\Iku\Application Data\Google
2007-10-25 16:24:20 53760 --a------ C:\WINDOWS\b122.exe


-- Find3M Report ---------------------------------------------------------------

2007-11-10 20:01:00 0 d-------- C:\Documents and Settings\Emil\Application Data\LimeWire
2007-11-10 18:44:26 0 d-------- C:\Programmer\Windows Live Toolbar
2007-11-10 18:40:57 0 d-------- C:\Programmer\LimeWire
2007-11-10 18:40:43 0 d-------- C:\Programmer\iTunes
2007-11-10 18:40:15 0 d-------- C:\Programmer\Google
2007-11-10 18:37:26 0 d-------- C:\Programmer\ContextTool
2007-11-10 17:33:11 0 d-------- C:\Programmer\Fælles filer
2007-11-06 18:43:14 0 d-------- C:\Programmer\QuickTime
2007-10-31 16:52:14 0 d--h----- C:\Programmer\InstallShield Installation Information
2007-10-28 11:34:47 410000 --a------ C:\WINDOWS\system32\perfh006.dat
2007-10-28 11:34:47 69974 --a------ C:\WINDOWS\system32\perfc006.dat
2007-10-23 23:21:44 0 d-------- C:\Programmer\MSN Messenger
2007-10-12 18:28:35 0 d-------- C:\Programmer\Bethesda Softworks
2007-10-10 16:33:10 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-10-03 19:34:44 0 d-------- C:\Programmer\Ground Control II
2007-10-03 15:50:50 0 d-------- C:\Programmer\Illusion Softworks
2007-09-18 18:10:57 0 d-------- C:\Programmer\Rockstar Games
2007-09-18 16:22:17 0 d-------- C:\Programmer\Apple Software Update
2007-09-18 15:38:54 0 d-------- C:\Programmer\Sierra


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
27-06-2007 21:27 1044480 --a------ C:\Programmer\ContextTool\ContextTool-2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64F7A424-5613-4885-A1B2-4A3CC56D5F08}]
08-11-2007 16:51 316000 --a------ C:\WINDOWS\system32\mljge.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86A2673A-1B5F-4E5A-B8D8-099D446F4616}]
C:\Programmer\Windows NT\hosecuC:\WINDOWS\system32\e1\caws83122.exe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
09-11-2007 12:59 145984 --a------ C:\WINDOWS\system32\zpsfvoli.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bef89c92-1df4-419f-9efb-76e49e5e9654}]
10-11-2007 16:37 81472 --a------ C:\WINDOWS\system32\ntwsbkjy.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\zpsfvoli.dll [09-11-2007 12:59 145984]

[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04-08-2004 06:31]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [04-08-2004 06:32]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [04-08-2004 06:32]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [22-10-2006 12:22]
"nwiz"="nwiz.exe" [22-10-2006 12:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [22-10-2006 12:22]
"SoundMan"="SOUNDMAN.EXE" [21-06-2006 05:42 C:\WINDOWS\soundman.exe]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [19-07-2005 17:32]
"LogitechVideoRepair"="C:\Programmer\Logitech\Video\ISStart.exe" [08-06-2005 15:24]
"LogitechVideoTray"="C:\Programmer\Logitech\Video\LogiTray.exe" [08-06-2005 15:14]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [27-07-2007 23:03]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [12-07-2007 03:00]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-05-2007 02:06]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [19-10-2007 20:16]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [02-11-2007 18:36]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" [01-10-2007 12:15]
"runner1"="C:\WINDOWS\mrofinu1188.exe" [08-11-2007 21:50]
"cc429608"="C:\WINDOWS\system32\jmpenofk.dll" [10-11-2007 16:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [27-08-2004 01:53]
"LogitechSoftwareUpdate"="C:\Programmer\Logitech\Video\ManifestEngine.exe" [08-06-2005 14:44]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [19-01-2007 11:55]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [13-08-2007 15:01]
"WinAble"="C:\Programmer\WinAble\winable.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zpsfvoli]
zpsfvoli.dll 09-11-2007 12:59 145984 C:\WINDOWS\system32\zpsfvoli.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\__c004A02A.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljge.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


-- End of Deckard's System Scanner: finished at 2007-11-10 20:45:17 ------------
"

If by any chance you should have a a neuclear bomb, a missile to carry it and the GPS-coordinates to that server that send out all this virus crap.....
 

Attachments

Y

· Registered
Joined
·
14 Posts
Discussion Starter · #2 ·
..oh..forgot to say that ...

I did follow MicroBell's 5 Step process and the Panda scan said that no virus could be found. However, my Avast anti-virus warned me 5-6 times about files while I was running the Panda virus scanning. One of them was named "win.exe" and was in C:\temp\ but has now been deleted. Every time Avast issued a virus alert I chose the option to delete the file in question.
 
T

· Registered
Joined
·
5,277 Posts
#3 ·
Re: Need to get rid of "Live Safety Center" and "Online Security Guide"

Hello and welcome to TSF


Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

===============================================================

Please follow all instructions and in which order they come,if you have any questions,please ask before proceeding.

---------------------------------------------------------------

Its important that you follow this through until i give you the all clear,a lack of symptoms does not mean the infection is gone.

-----------------------------------------------------------------

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.


======================================================
Downloads

Please download SmitfraudFix (by S!Ri) to your Desktop.Do not run just yet,we will shortly.

--------------------------------------------------------------

Download this file - http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

* IMPORTANT !!! Place combofix.exe on your DesktopDo not run just yet,we will shortly.

====================================================
Safe Mode

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

=====================================================
Safe Mode Scan

Double-click on SmitfraudFix.exe to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot back into Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
__

Next go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present:
• "Security Info"
• "Warning Message"
• "Security Desktop"
• "Warning Homepage"
• "Desktop Uninstall"

Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK.

=====================================================

Reboot back into normal mode

=====================================================
Run Combofix





Go to
→ Run → paste in the single line command & click OK
"%userprofile%\desktop\combofix.exe" /killall
When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

========================================================

Please post the extra.txt from Deckard System Scanner,it is located at C:\Deckard\System Scanner\extra.txt

========================================================

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

=======================================================
Logs Required
C:rapport.txt
C:\Combofix.txt
C:\Deckard\System Scanner\extra.txt<-----Attached
Hijackthis log

An update on how your system is behaving,thanks.
 
Y

· Registered
Joined
·
14 Posts
Discussion Starter · #4 ·
Re: Need to get rid of "Live Safety Center" and "Online Security Guide"

Hi TheBruce1

I can give you the logs and text files that you need except HiJackThis log. I can guess that HiJackThis is a program that produces the log but I cannot find it. Where is it?

On the top of TechSupportForum there is a link to download Hijackthis.exe but the link does not lead to a download with a program with that name. It is called "1 click PC Fix 2007" in stead.

Can you tell me where to download HiJackThis.

Regards,
Henrik Berg Andersen
 
Y

· Registered
Joined
·
14 Posts
Discussion Starter · #5 ·
Re: Need to get rid of "Live Safety Center" and "Online Security Guide"

Hi TheBruce1.

1. Here is the contents of "rapport.txt":

"SmitFraudFix v2.253

Scan done at 20:29:24,42, 14-11-2007
Run from C:\Documents and Settings\Emil\Skrivebord\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\Emil\MENUEN~1\PROGRA~1\SpyLocked 3.6 Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CS3\Services\Tcpip\..\{1E027A70-E944-4BFA-AF2B-511A7EA20045}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
"

2. Here is the contents of ComboFix.txt:

"
ComboFix 07-11-08.1 - Emil 2007-11-14 20:57:33.1 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\Emil\Skrivebord\combofix.exe
Command switches used :: /killall
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\a.exe
C:\Documents and Settings\All Users\Menuen Start\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menuen Start\Online Security Guide.lnk
C:\Documents and Settings\Emil\Foretrukne\Online Security Guide.lnk
C:\Documents and Settings\Emil\Skrivebord\Live Safety Center.lnk
C:\Documents and Settings\Emil\Skrivebord\Online Security Guide.lnk
C:\Documents and Settings\Miki\Skrivebord\internet.lnk
C:\Programmer\F‘lles filer\Yazzle1560OinAdmin.exe
C:\Programmer\F‘lles filer\Yazzle1560OinUninstaller.exe
C:\Programmer\inetget2
C:\Programmer\Insider
C:\Programmer\Insider\Insider.exe
C:\Programmer\Temporary
C:\Programmer\Temporary\wininstall.exe
C:\Programmer\WinAble
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\b122.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\__c004A02A.dat
C:\WINDOWS\system32\__c00F6D1B.dat
C:\WINDOWS\system32\b3
C:\WINDOWS\system32\e1
C:\WINDOWS\system32\e1\caws83122.exe
C:\WINDOWS\system32\egjlm.bak1
C:\WINDOWS\system32\egjlm.bak2
C:\WINDOWS\system32\egjlm.ini
C:\WINDOWS\system32\ldcore.dll
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\mbhjrblp.dll
C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pwyhayjy.dll
C:\WINDOWS\system32\tdxbarra.dll
C:\WINDOWS\system32\u4
C:\WINDOWS\system32\u4\wr31drs.exe
C:\WINDOWS\system32\zpsfvoli.dllbox

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-10-14 to 2007-11-14 )))))))))))))))))))))))))))))))
.

2007-11-14 20:51 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-10 19:44 <DIR> d-------- C:\Programmer\Trend Micro
2007-11-10 19:42 <DIR> d-------- C:\Deckard
2007-11-10 19:05 <DIR> d-------- C:\Programmer\SpywareBlaster
2007-11-10 16:40 85,056 --a------ C:\WINDOWS\system32\jmpenofk.dll
2007-11-10 16:37 81,472 --a------ C:\WINDOWS\system32\ntwsbkjy.dll
2007-11-10 16:35 <DIR> d-------- C:\Documents and Settings\Henrik\Application Data\LimeWire
2007-11-10 16:34 71,232 --a------ C:\WINDOWS\system32\emkmtixx.exe
2007-11-10 16:30 36,352 --a------ C:\WINDOWS\system32\rqrqppo.dll
2007-11-09 16:20 <DIR> d-------- C:\Documents and Settings\Miki\Application Data\LimeWire
2007-11-09 13:04 88,128 --a------ C:\WINDOWS\system32\mjickogw.dll
2007-11-09 13:04 77,888 --a------ C:\WINDOWS\system32\nckvbyeb.dll
2007-11-09 13:01 71,232 --a------ C:\WINDOWS\system32\agsdyely.exe
2007-11-09 13:00 172,032 --a------ C:\winlogon.exe
2007-11-09 13:00 35,328 --a------ C:\WINDOWS\system32\pmnnnop.dll
2007-11-09 13:00 264 --a------ C:\Documents and Settings\Emil\z.dat
2007-11-09 13:00 134 --a------ C:\n.bat
2007-11-09 13:00 0 --a------ C:\z.dat
2007-11-09 13:00 0 --a------ C:\x.dat
2007-11-09 13:00 0 --a------ C:\Documents and Settings\Emil\x.dat
2007-11-09 12:59 145,984 --a------ C:\WINDOWS\system32\zpsfvoli.dll
2007-11-09 12:59 145,984 --a------ C:\WINDOWS\system32\xuxpjeuh.dll
2007-11-08 16:49 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-08 16:46 35,840 --a------ C:\WINDOWS\mrofinu1000106.exe
2007-11-08 16:45 <DIR> d-------- C:\WINDOWS\system32\Mz18r
2007-11-08 16:45 <DIR> d-------- C:\temp\mZOr
2007-11-08 16:45 35,328 --a------ C:\WINDOWS\system32\gebcdbc.dll
2007-11-08 16:29 <DIR> dr-h----- C:\Documents and Settings\Emil\Application Data\SecuROM
2007-11-06 18:45 <DIR> d-------- C:\Programmer\iPod
2007-10-29 17:12 <DIR> d-------- C:\Documents and Settings\Iku\Application Data\Apple Computer
2007-10-27 21:14 <DIR> d-------- C:\Documents and Settings\Henrik\cbt

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-10 19:01 --------- d-----w C:\Documents and Settings\Emil\Application Data\LimeWire
2007-11-10 18:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-10 17:44 --------- d-----w C:\Programmer\Windows Live Toolbar
2007-11-10 17:40 --------- d-----w C:\Programmer\LimeWire
2007-11-10 17:40 --------- d-----w C:\Programmer\iTunes
2007-11-10 17:40 --------- d-----w C:\Programmer\Google
2007-11-10 17:37 --------- d-----w C:\Programmer\ContextTool
2007-11-06 17:43 --------- d-----w C:\Programmer\QuickTime
2007-10-31 15:52 --------- d--h--w C:\Programmer\InstallShield Installation Information
2007-10-23 22:21 --------- d-----w C:\Programmer\MSN Messenger
2007-10-12 17:28 --------- d-----w C:\Programmer\Bethesda Softworks
2007-10-03 18:34 --------- d-----w C:\Programmer\Ground Control II
2007-10-03 14:50 --------- d-----w C:\Programmer\Illusion Softworks
2007-10-01 11:15 839,696 ----a-w C:\WINDOWS\Fonts\Crack.exe
2007-10-01 11:15 839,695 --sh--w C:\WINDOWS\Fonts\svchost.exe
2007-09-18 17:10 --------- d-----w C:\Programmer\Rockstar Games
2007-09-18 15:22 --------- d-----w C:\Programmer\Apple Software Update
2007-09-18 14:38 --------- d-----w C:\Programmer\Sierra
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
2007-06-27 21:27 1044480 --a------ C:\Programmer\ContextTool\ContextTool-2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86A2673A-1B5F-4E5A-B8D8-099D446F4616}]
C:\Programmer\Windows NT\hosecuC:\WINDOWS\system32\e1\caws83122.exe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-09 12:59 145984 --a------ C:\WINDOWS\system32\zpsfvoli.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bef89c92-1df4-419f-9efb-76e49e5e9654}]
2007-11-10 16:37 81472 --a------ C:\WINDOWS\system32\ntwsbkjy.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\zpsfvoli.dll [2007-11-09 12:59 145984]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:31]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 06:32]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 06:32]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 12:22]
"SoundMan"="SOUNDMAN.EXE" [2006-06-21 05:42 C:\WINDOWS\soundman.exe]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32]
"LogitechVideoRepair"="C:\Programmer\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
"LogitechVideoTray"="C:\Programmer\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 23:03]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-10-01 12:15]
"cc429608"="C:\WINDOWS\system32\jmpenofk.dll" [2007-11-10 16:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 01:53]
"LogitechSoftwareUpdate"="C:\Programmer\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-13 15:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zpsfvoli]
zpsfvoli.dll 2007-11-09 12:59 145984 C:\WINDOWS\system32\zpsfvoli.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljge.dll

R3 mssmbios;Driver til Microsoft System Management BIOS;C:\WINDOWS\system32\DRIVERS\mssmbios.sys
S1 BIOS;BIOS;\??\C:\WINDOWS\System32\drivers\BIOS.sys
S3 iMSPQMn;iMSPQMn;\??\C:\DOCUME~1\Emil\LOKALE~1\Temp\iMSPQMn.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-02 11:58:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2007-11-10 19:34:00 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-14 21:13:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-14 21:16:19 - machine was rebooted
.
--- E O F ---
"

3. Here is the contents of "extra.txt":

"
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Other (0406) - see http://preview.tinyurl.com/mhhp6

CPU 0: Intel(R) Pentium(R) D CPU 3.00GHz
CPU 1: Intel(R) Pentium(R) D CPU 3.00GHz
Percentage of Memory in Use: 58%
Physical Memory (total/avail): 1022.42 MiB / 419.99 MiB
Pagefile Memory (total/avail): 2459.57 MiB / 1969.98 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1911.01 MiB

C: is Fixed (NTFS) - 153.38 GiB total, 104.77 GiB free.
D: is CDROM (No Media)
E: is Removable (FAT)

\\.\PHYSICALDRIVE0 - Hitachi HDS721616PLA380 - 153.38 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 153.38 GiB - C:

\\.\PHYSICALDRIVE1 - Kingston DataTraveler 2.0 USB Device - 243.17 MiB - 1 partition
\PARTITION0 (bootable) - Win95 m. udvidet Int 13 - 244.98 MiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.7.1029 [VPS 071109-0] v4.7.1029 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Programmer\\MSN Messenger\\msncall.exe"="C:\\Programmer\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"="C:\\Programmer\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Programmer\\MSN Messenger\\livecall.exe"="C:\\Programmer\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Programmer\\Messenger\\msmsgs.exe"="C:\\Programmer\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Programmer\\MSN Messenger\\msncall.exe"="C:\\Programmer\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
"C:\\Programmer\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Programmer\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Programmer\\Yahoo!\\Messenger\\YServer.exe"="C:\\Programmer\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Programmer\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"="C:\\Programmer\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat:*:Enabled:game"
"C:\\UT2004\\System\\UT2004.exe"="C:\\UT2004\\System\\UT2004.exe:*:Disabled:UT2004"
"C:\\Programmer\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"="C:\\Programmer\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\\Programmer\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"="C:\\Programmer\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd:*:Enabled:Age of Empires II Expansion"
"C:\\Program Files\\Activision\\Rome - Total War\\RomeTW.exe"="C:\\Program Files\\Activision\\Rome - Total War\\RomeTW.exe:*:Disabled:Rome: Total War"
"C:\\Programmer\\LimeWire\\LimeWire.exe"="C:\\Programmer\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Programmer\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Programmer\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"="C:\\Programmer\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Programmer\\MSN Messenger\\livecall.exe"="C:\\Programmer\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Programmer\\Ground Control II\\gcii.exe"="C:\\Programmer\\Ground Control II\\gcii.exe:*:Enabled:Ground Control II"
"C:\\Programmer\\iTunes\\iTunes.exe"="C:\\Programmer\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\agsdyely.exe"="C:\\WINDOWS\\system32\\ags"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Henrik\Application Data
CLASSPATH=.;C:\Programmer\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Programmer\F‘lles filer
COMPUTERNAME=ANDERSENSPC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Henrik
LOGONSERVER=\\ANDERSENSPC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programmer\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0605
ProgramFiles=C:\Programmer
PROMPT=$P$G
QTJAVA=C:\Programmer\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Henrik\LOKALE~1\Temp
TMP=C:\DOCUME~1\Henrik\LOKALE~1\Temp
USERDOMAIN=ANDERSENSPC
USERNAME=Henrik
USERPROFILE=C:\Documents and Settings\Henrik
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Emil (admin)
Henrik (admin)
Iku
Leona
Miki (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.0 - Dansk --> MsiExec.exe /I{AC76BA86-7AD7-1030-7B44-A81000000003}
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
ContextTool --> C:\Programmer\ContextTool\uninstall.exe
Faneopdelt søgning (Windows Live Toolbar) --> MsiExec.exe /X{94B33FA9-7941-487A-9071-18FE3C395111}
Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{61CC9D2A-C4C3-40CD-BAC2-76AE1ADEAF56}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\programmer\google\googletoolbar2.dll"
Ground Control II --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{21C41BAF-6F62-469D-A43B-DDF01628346E}\setup.exe" -l0x9
GTA San Andreas --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
Heroes of Might and Magic® III --> C:\WINDOWS\IsUninst.exe -fC:\Programmer\3DO\Heroes3\Uninst.isu -c"C:\Programmer\3DO\Heroes3\uninst.dll
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix til Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Insider --> C:\Programmer\Insider\UnInstall.exe
iTunes --> MsiExec.exe /I{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}
J2SE Runtime Environment 5.0 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire 4.14.10 --> "C:\Programmer\LimeWire\uninstall.exe"
Logitech QuickCam-software --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x6
Logitech® Camera-driver --> "C:\Programmer\Fælles filer\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Microsoft Age of Empires II --> "C:\Programmer\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Age of Empires II: The Conquerors Expansion --> "C:\Programmer\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110406-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Morrowind --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programmer\Bethesda Softworks\Morrowind\MWUninstall\Setup.exe" -l0x9
MySQL Connector/ODBC 3.51 --> MsiExec.exe /I{0CB3C535-1171-4A20-B549-E2CB5DEB9723}
Network Play System (Patching) --> C:\WINDOWS\IsUninst.exe -f"C:\Programmer\Electronic Arts\Network Play System\NPSPatch.isu"
NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI
Oblivion --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
Oblivion - Horse Armor Pack --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{3ABEBD00-299D-4DCA-967F-B912163AB5EA}\setup.exe" -l0x9 -removeonly
Oblivion - Knights of the Nine --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{14C87AA7-08E6-419F-A165-998EBE5023D7}\setup.exe" -l0x9 -removeonly
Oblivion - Mehrunes Razor --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{EF295F5C-7B57-47AA-8889-6B3E8E214E89}\setup.exe" -l0x9 -removeonly
Oblivion - Orrery --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{EC425CFC-EE78-4A91-AA25-3BFA65B75364}\setup.exe" -l0x9 -removeonly
Oblivion - Spell Tomes --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{16D919E6-F019-4E15-BFBE-4A85EF19DA57}\setup.exe" -l0x9 -removeonly
Oblivion - Thieves Den --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{FFFFFD17-B460-41EB-93F1-C48ABAD63828}\setup.exe" -l0x9 -removeonly
Oblivion - Vile Lair --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}\setup.exe" -l0x9 -removeonly
Oblivion - Wizard's Tower --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{2F2E3D62-8B8C-448F-8900-451325E50948}\setup.exe" -l0x9 -removeonly
Opdatering til Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Opdatering til Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Outerinfo --> "C:\Programmer\Fælles filer\Yazzle1560OinUninstaller.exe"
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Pixeline - DANSK --> C:\WINDOWS\unvise32.exe C:\Programmer\Pixeline\uninstal.log
PlayMP3z --> C:\Programmer\PlayMP3z\uninstall.exe
QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x6 -removeonly
Rome - Total War(TM) --> C:\PROGRA~1\FLLESF~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A642BB6B-CA1D-4142-8DD4-318C3F3DC834} /l1033
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sid Meier's Civilization 4 --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Sid Meier's Pirates! --> C:\Programmer\Fælles filer\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1632FD86-1BA4-4FC4-8B25-A8C655D63F68} /l1033
Sikkerhedsopdatering til Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Sikkerhedsopdatering til Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Smarte menuer (Windows Live Toolbar) --> MsiExec.exe /X{11683D9E-808C-43D6-8B39-4DDA55D0FAF8}
SpeechRedist --> MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
SpywareBlaster v3.5.1 --> "C:\Programmer\SpywareBlaster\unins000.exe"
The Sims House Party --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{7D268154-7A31-40F2-9779-7A250914BB39}\setup.exe" -l0009
Udvidelser (Windows Live Toolbar) --> MsiExec.exe /X{6494C2C0-69A6-4735-988C-E6298F4BB175}
Unreal Tournament 2004 --> C:\UT2004\System\Setup.exe uninstall "UT2004"
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Windows Live Messenger --> MsiExec.exe /I{F53548BC-B8A8-43E4-85FC-A263640C347F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Live Toolbar --> "C:\Programmer\Windows Live Toolbar\UnInstall.exe" {DB337F35-B00C-4FB0-9594-DD28FE0F7DBB}
Windows Live Toolbar --> MsiExec.exe /X{DB337F35-B00C-4FB0-9594-DD28FE0F7DBB}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
XEd --> RunDll32 C:\PROGRA~1\FLLESF~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programmer\InstallShield Installation Information\{BDF2A175-ED4D-4CE7-BF4E-2725566D64F3}\setup.exe" -l0x9
Xfire (remove only) --> "C:\Programmer\Xfire\uninst.exe"
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2984 / Success
Event Submitted/Written: 11/07/2007 06:17:15 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type2980 / Error
Event Submitted/Written: 11/06/2007 06:47:25 PM
Event ID/Source: 10005 / MsiInstaller
Event Description:
Produkt: Security Update for QuickTime 7.2 -- Denne opdatering kræver QuickTime 7.2

Event Record #/Type2932 / Error
Event Submitted/Written: 11/02/2007 01:44:32 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Stoppet program RomeTW.exe, version 1.0.0.0, stoppet modul hungapp, version 0.0.0.0, stoppet adresse 0x00000000.

Event Record #/Type2929 / Error
Event Submitted/Written: 11/01/2007 01:32:00 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Stoppet program UT2004.exe, version 0.0.0.0, stoppet modul hungapp, version 0.0.0.0, stoppet adresse 0x00000000.

Event Record #/Type2921 / Success
Event Submitted/Written: 10/31/2007 07:05:49 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type21061 / Error
Event Submitted/Written: 11/10/2007 05:02:34 PM
Event ID/Source: 1002 / Dhcp
Event Description:
Rettigheden til IP-adressen 0.0.0.0 for netværkskortet med netværksadressen 00E04D0FC306 blev
nægtet af DHCP-serveren 0.0.0.0 (DHCP-serveren sendte en DHCPNACK-meddelelse).

Event Record #/Type21060 / Error
Event Submitted/Written: 11/10/2007 05:02:31 PM
Event ID/Source: 1002 / Dhcp
Event Description:
Rettigheden til IP-adressen 192.168.1.3 for netværkskortet med netværksadressen 00E04D0FC306 blev
nægtet af DHCP-serveren 0.0.0.0 (DHCP-serveren sendte en DHCPNACK-meddelelse).

Event Record #/Type21057 / Warning
Event Submitted/Written: 11/10/2007 04:54:59 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Computeren kunne ikke forny sin adresse fra netværket (fra
DHCP-serveren) for netværkskortet med netværksadressen 00E04D0FC306. Der opstod
følgende fejl:
%%121.
Computeren vil fortsat forsøge at få tildelt en adresse
fra netværksadresseserveren (DHCP).

Event Record #/Type20901 / Warning
Event Submitted/Written: 11/08/2007 04:50:20 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP har nået sikkerhedsgrænsen, der er pålagt antallet af samtidige forsøg på oprettelse af TCP-forbindelser.

Event Record #/Type20900 / Warning
Event Submitted/Written: 11/08/2007 04:31:32 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP har nået sikkerhedsgrænsen, der er pålagt antallet af samtidige forsøg på oprettelse af TCP-forbindelser.



-- End of Deckard's System Scanner: finished at 2007-11-10 19:47:05 ------------

"

As I wrote I cannot find HiJackThis so I am not able to give you the HiJackThis-log righ now.

Regards,
Henrik Berg Andersen
 
T

· Registered
Joined
·
5,277 Posts
#6 ·
Re: Need to get rid of "Live Safety Center" and "Online Security Guide"

Please download HijackThis to your desktop

Alternate link

This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.

Let me know if you have any problems.
 
T

· Registered
Joined
·
5,277 Posts
#7 ·
Re: Need to get rid of "Live Safety Center" and "Online Security Guide"

Hello again

Please follow all instructions and in which order they come,if you have any questions,please ask before proceeding.

======================================================

P2P

P2P - I see you have P2P software LimeWire 4.14.10 installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

======================================================

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

ContextTool <----Adware bundled with music playing software from playmp3z
PlayMP3z<---See Here
Outerinfo

======================================================

Open notepad and copy/paste the text in the quotebox below into it:

http://www.techsupportforum.com/security-center/hijackthis-log-help/194341-need-get-rid-live-safety-center-online-security-guide.html#post1168214

Collect::
C:\WINDOWS\system32\jmpenofk.dll
C:\WINDOWS\system32\ntwsbkjy.dll
C:\WINDOWS\system32\emkmtixx.exe
C:\WINDOWS\system32\rqrqppo.dll
C:\WINDOWS\system32\mjickogw.dll
C:\WINDOWS\system32\nckvbyeb.dll
C:\WINDOWS\system32\agsdyely.exe
C:\WINDOWS\system32\zpsfvoli.dll
C:\WINDOWS\system32\xuxpjeuh.dll

File::
C:\winlogon.exe
C:\WINDOWS\system32\pmnnnop.dll
C:\Documents and Settings\Emil\z.dat
C:\n.bat
C:\z.dat
C:\x.dat
C:\Documents and Settings\Emil\x.dat
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\system32\gebcdbc.dll
C:\WINDOWS\Fonts\Crack.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\mljge.dll

Folder::
C:\WINDOWS\system32\Mz18r
C:\temp\mZOr

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86A2673A-1B5F-4E5A-B8D8-099D446F4616}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bef89c92-1df4-419f-9efb-76e49e5e9654}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Host Process"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cc429608"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zpsfvoli]
Click to expand...
Save this as CFscript


Refering to the picture above, drag CFscript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file(s).

=====================================================

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

=======================================================
Logs Required
C:\Combofix.txt
Hijackthis log
 
Y

· Registered
Joined
·
14 Posts
Discussion Starter · #8 ·
Re: Need to get rid of "Live Safety Center" and "Online Security Guide"

Hi TheBruce1

I agree with you that LimeWire is probably the main reason (if not the only reason) that my sons PC got infected. I already told him that he is a prime candidate for getting virus when he uses LimeWire.

He confirms that perception himself as he says that almost any film or program on LimeWire is infected and he gets warnings from the Avast anti-virus, which has saved him a great number of times. He has had the PC for 10 months without getting infected until now so all in all I think he is doing ok for a 13 year old kid.

I have adviced him to keep his Avast update whenever it says that updates are available and I have informed him that if he misses to do it then new viruses will pass through unnoticed.

I will run HiJackThis and Combofix and get back to you.

Regards,
Henrik Berg Andersen
 
Y

· Registered
Joined
·
14 Posts
Discussion Starter · #9 ·
Re: Need to get rid of "Live Safety Center" and "Online Security Guide"

Hi TheBruce1.

I have run your CFscript and I hereby give you the Combofix-log and the HJT-log.

For your information I have posted the zip-file "[4][email protected]" to bleepingcomputer.com as I was asked to after running Combofix.

Combofix-log:
ComboFix 07-11-08.1 - Emil 2007-11-16 20:14:17.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.504 [GMT 1:00]
Running from: C:\Documents and Settings\Emil\Skrivebord\ComboFix.exe
Command switches used :: E:\Virus\CFscript.txt
* Created a new restore point

FILE
C:\Documents and Settings\Emil\x.dat
C:\Documents and Settings\Emil\z.dat
C:\n.bat
C:\WINDOWS\Fonts\Crack.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\system32\gebcdbc.dll
C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\pmnnnop.dll
C:\WINDOWS\system32\vbzip10.dll
C:\winlogon.exe
C:\x.dat
C:\z.dat
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menuen Start\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menuen Start\Online Security Guide.lnk
C:\Documents and Settings\Emil\Foretrukne\Online Security Guide.lnk
C:\Documents and Settings\Emil\Skrivebord\Live Safety Center.lnk
C:\Documents and Settings\Emil\Skrivebord\Online Security Guide.lnk
C:\Documents and Settings\Emil\x.dat
C:\Documents and Settings\Emil\z.dat
C:\n.bat
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\mZOr
C:\temp\mZOr\tOasF.log
C:\WINDOWS\Fonts\Crack.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\agsdyely.exe
C:\WINDOWS\system32\b3
C:\WINDOWS\system32\emkmtixx.exe
C:\WINDOWS\system32\f1
C:\WINDOWS\system32\f1\bemwdll3.exe
C:\WINDOWS\system32\gebcdbc.dll
C:\WINDOWS\system32\jkklm.dll
C:\WINDOWS\system32\jmpenofk.dll
C:\WINDOWS\system32\k4\mper83122.exe
C:\WINDOWS\system32\mjickogw.dll
C:\WINDOWS\system32\mlkkj.ini
C:\WINDOWS\system32\mlkkj.ini2
C:\WINDOWS\system32\Mz18r
C:\WINDOWS\system32\Mz18r\Mz18r2328.exe
C:\WINDOWS\system32\nckvbyeb.dll
C:\WINDOWS\system32\ntwsbkjy.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmnnnop.dll
C:\WINDOWS\system32\rqrqppo.dll
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\xuxpjeuh.dll
C:\WINDOWS\system32\zpsfvoli.dll
C:\WINDOWS\system32\zpsfvoli.dllbox
C:\winlogon.exe
C:\x.dat
C:\z.dat

.
((((((((((((((((((((((((( Files Created from 2007-10-16 to 2007-11-16 )))))))))))))))))))))))))))))))
.

2007-11-16 20:10 <DIR> d-------- C:\WINDOWS\system32\rMa05yy
2007-11-16 20:10 <DIR> d-------- C:\temp\abW9
2007-11-16 20:10 225,293 --a------ C:\temp\e002A477.exe
2007-11-16 20:10 36,352 --a------ C:\WINDOWS\system32\efcbxuu.dll
2007-11-14 20:51 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-10 19:44 <DIR> d-------- C:\Programmer\Trend Micro
2007-11-10 19:42 <DIR> d-------- C:\Deckard
2007-11-10 19:05 <DIR> d-------- C:\Programmer\SpywareBlaster
2007-11-10 16:35 <DIR> d-------- C:\Documents and Settings\Henrik\Application Data\LimeWire
2007-11-09 16:20 <DIR> d-------- C:\Documents and Settings\Miki\Application Data\LimeWire
2007-11-08 16:29 <DIR> dr-h----- C:\Documents and Settings\Emil\Application Data\SecuROM
2007-11-06 18:45 <DIR> d-------- C:\Programmer\iPod
2007-10-29 17:12 <DIR> d-------- C:\Documents and Settings\Iku\Application Data\Apple Computer
2007-10-27 21:14 <DIR> d-------- C:\Documents and Settings\Henrik\cbt

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-16 19:14 --------- d-----w C:\Documents and Settings\Emil\Application Data\LimeWire
2007-11-16 19:10 --------- d-----w C:\Programmer\ContextTool
2007-11-16 19:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-10 17:44 --------- d-----w C:\Programmer\Windows Live Toolbar
2007-11-10 17:40 --------- d-----w C:\Programmer\LimeWire
2007-11-10 17:40 --------- d-----w C:\Programmer\iTunes
2007-11-10 17:40 --------- d-----w C:\Programmer\Google
2007-11-06 17:43 --------- d-----w C:\Programmer\QuickTime
2007-10-31 15:52 --------- d--h--w C:\Programmer\InstallShield Installation Information
2007-10-23 22:21 --------- d-----w C:\Programmer\MSN Messenger
2007-10-12 17:28 --------- d-----w C:\Programmer\Bethesda Softworks
2007-10-03 18:34 --------- d-----w C:\Programmer\Ground Control II
2007-10-03 14:50 --------- d-----w C:\Programmer\Illusion Softworks
2007-09-18 17:10 --------- d-----w C:\Programmer\Rockstar Games
2007-09-18 15:22 --------- d-----w C:\Programmer\Apple Software Update
2007-09-18 14:38 --------- d-----w C:\Programmer\Sierra
.

((((((((((((((((((((((((((((( [email protected]_21.15.02.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-13 08:18:04 32,768 ----a-w C:\WINDOWS\system32\rMa05yy\rMa05yy1080.exe
+ 2007-11-16 19:21:52 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_54c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
2007-06-27 21:27 1044480 --a------ C:\Programmer\ContextTool\ContextTool-2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63A611D8-144F-434B-B89C-BE485645DDE8}]
C:\Programmer\Windows NT\hosecuC:\WINDOWS\system32\k4\mper83122.exe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]
2007-11-16 20:10 36352 --a------ C:\WINDOWS\system32\efcbxuu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:31]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 06:32]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 06:32]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 12:22]
"SoundMan"="SOUNDMAN.EXE" [2006-06-21 05:42 C:\WINDOWS\soundman.exe]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32]
"LogitechVideoRepair"="C:\Programmer\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
"LogitechVideoTray"="C:\Programmer\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 23:03]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-11-02 18:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 01:53]
"LogitechSoftwareUpdate"="C:\Programmer\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-13 15:01]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"= C:\WINDOWS\system32\efcbxuu.dll [2007-11-16 20:10 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcbxuu]
efcbxuu.dll 2007-11-16 20:10 36352 C:\WINDOWS\system32\efcbxuu.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkklm.dll

R1 BIOS;BIOS;\??\C:\WINDOWS\System32\drivers\BIOS.sys
R3 mssmbios;Driver til Microsoft System Management BIOS;C:\WINDOWS\system32\DRIVERS\mssmbios.sys
S3 iMSPQMn;iMSPQMn;\??\C:\DOCUME~1\Emil\LOKALE~1\Temp\iMSPQMn.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-02 11:58:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2007-11-10 19:34:00 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-16 20:22:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-16 20:26:03 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-14 21:16
.
--- E O F ---
Click to expand...
HiJackThis-log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:32:43, on 16-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Java\jre1.6.0_02\bin\jucheck.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\Programmer\Logitech\Video\AlbumDB2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Programmer\ContextTool\ContextTool-2.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmer\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {63A611D8-144F-434B-B89C-BE485645DDE8} - C:\Programmer\Windows NT\hosecuC:\WINDOWS\system32\k4\mper83122.exe.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\efcbxuu.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Programmer\IMVU\IMVUClient.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/229?ad0ecc5bcbe84099a7ef653c4a4aa47a
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/230?ad0ecc5bcbe84099a7ef653c4a4aa47a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmer\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Emil\Menuen Start\Programmer\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169665996593
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: efcbxuu - C:\WINDOWS\SYSTEM32\efcbxuu.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 8669 bytes
Click to expand...
Regards,
Henrik Berg Andersen
 
T

· Registered
Joined
·
5,277 Posts
#10 ·
Re: Need to get rid of "Live Safety Center" and "Online Security Guide"

Hello again

Please follow all instructions and in which order they come,if you have any questions,please ask before proceeding.

========================================================

Open notepad and copy/paste the text in the quotebox below into it:

http://www.techsupportforum.com/security-center/hijackthis-log-help/194341-need-get-rid-live-safety-center-online-security-guide.html

Collect::
C:\temp\e002A477.exe
C:\WINDOWS\system32\efcbxuu.dll
C:\Programmer\Windows NT\hosecuC:\WINDOWS\system32\k4\mper83122.exe.dll
C:\WINDOWS\system32\rMa05yy\rMa05yy1080.exe

File::
C:\WINDOWS\system32\jkklm.dll

Folder::
C:\Temp
C:\WINDOWS\system32\rMa05yy
C:\temp\abW9

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63A611D8-144F-434B-B89C-BE485645DDE8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcbxuu]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=hex(7):6d,73,76,31,5f,30,00,00
Click to expand...
Save this as CFscript


Refering to the picture above, drag CFscript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file(s).

=====================================================

Download ATF-Cleaner by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you have Firefox installed:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you have Opera installed:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

========================================================================================

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives[*]Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

=====================================================

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

=======================================================
Logs Required
C:\Combofix.txt
Kaspersky scan report
Hijackthis log

Can you tell me if you or your son have uninstalled ContextTool and PlayMP3z programs?

Please stay off the internet as much as possible as there are new infections showing.
Also i will not be able to check this log until Sunday as i am off to watch the Scotland v Italy Euro 2008 Qualifier.
 
Y

· Registered
Joined
·
14 Posts
Discussion Starter · #11 ·
Re: Need to get rid of "Live Safety Center" and "Online Security Guide"

Hi TheBruce1

Nor me or my son has uninstalled ContextTool and PlayMP3z but I know that ContextTool is there because it sometimes balloons a message.

I have not been able to follow your advice of staying of the internet long enough as the Kapersky on-line scanner requires that I am connected. But you are most certainly right that the virus attacts through usage of an open internet connection.

The CFscript I ran the last time before last cleaned out the unwated "Live Safety Center" and "Online Security Guide" from the desktop and I could run the PC without stupid popups.

This time around the virus came back with a vengeance as soon as the PC started and I had loged in. Internet Explorer starts up with no warning and I have seen at least 5 or 6 different web-pages with different layout offering to buy "anti-virus". In my right-hand corner at the watch it constantly blinks a yellow warning triangle, which clearly is not from the Avast anti-virus. Right now it balloons "System performance monitor: Warning" as a head line and continues with "Summary: System performance slowed down by: 47%. Internet connection speed decreased by 39%...bla bla bla...Click this balloon to download spyware tool to remove spyware/adware applications".

The unwanted ikons I mentioned before is back on the desktop. Warning dialogs appear in the middle of the screen stating "Critical System Warning!" in the title bar and a warning text "Your system is probably infected with latest version of Spyware.CyberLog-X ...bla bla bla..Click OK to download antispyware software". There are a Yes and No button and it is not possible to X-out the mesage box, which of course is just a proof that it itself is a virus.

The logs are too long so I have made 3 extra replies to send them to you.

Regards,
Henrik Berg Andersen
 
Y

· Registered
Joined
·
14 Posts
Discussion Starter · #12 ·
Re: Need to get rid of "Live Safety Center" and "Online Security Guide"

ComboFix 07-11-08.1 - Emil 2007-11-17 17:55:49.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.530 [GMT 1:00]
Running from: C:\Documents and Settings\Emil\Skrivebord\Anti-virus\ComboFix.exe
Command switches used :: C:\Documents and Settings\Emil\Skrivebord\Anti-virus\CFscript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\jkklm.dll
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menuen Start\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menuen Start\Online Security Guide.lnk
C:\Documents and Settings\Emil\Foretrukne\Online Security Guide.lnk
C:\Documents and Settings\Emil\Skrivebord\Live Safety Center.lnk
C:\Documents and Settings\Emil\Skrivebord\Online Security Guide.lnk
C:\Temp
C:\Temp\abW9\tPho.log
C:\Temp\arbjedArbejd.txt
C:\Temp\default.htm
C:\Temp\DSBKøreplanAug2007.pdf
C:\Temp\DSBKøreplanJuli2007.pdf
C:\temp\e002A477.exe
C:\Temp\Emil.jpg
C:\Temp\f-16-l.jpg
C:\Temp\jre-1_5_0_07-online.exe
C:\Temp\Thumbs.db
C:\Temp\totoro.jpg
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\__c0016840.dat
C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.ini2
C:\WINDOWS\system32\clugkocn.dll
C:\WINDOWS\system32\cqxqjcjm.dllbox
C:\WINDOWS\system32\efcbxuu.dll
C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\rMa05yy
C:\WINDOWS\system32\rMa05yy\rMa05yy1080.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 )))))))))))))))))))))))))))))))
.

2007-11-17 17:47 85,056 --a------ C:\WINDOWS\system32\manusalf.dll
2007-11-17 15:38 82,496 --a------ C:\WINDOWS\system32\vmhgjyhp.dll
2007-11-17 14:50 145,984 --a------ C:\WINDOWS\system32\ixtymqbd.dll
2007-11-17 14:50 145,984 --a------ C:\WINDOWS\system32\cqxqjcjm.dll
2007-11-17 14:50 71,232 --a------ C:\WINDOWS\system32\kfsgcohr.exe
2007-11-16 21:23 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-16 21:23 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-16 21:23 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-16 21:23 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-16 21:23 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-14 20:51 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-10 19:44 <DIR> d-------- C:\Programmer\Trend Micro
2007-11-10 19:42 <DIR> d-------- C:\Deckard
2007-11-10 19:05 <DIR> d-------- C:\Programmer\SpywareBlaster
2007-11-10 16:35 <DIR> d-------- C:\Documents and Settings\Henrik\Application Data\LimeWire
2007-11-09 16:20 <DIR> d-------- C:\Documents and Settings\Miki\Application Data\LimeWire
2007-11-08 16:29 <DIR> dr-h----- C:\Documents and Settings\Emil\Application Data\SecuROM
2007-11-06 18:45 <DIR> d-------- C:\Programmer\iPod
2007-10-29 17:12 <DIR> d-------- C:\Documents and Settings\Iku\Application Data\Apple Computer
2007-10-27 21:14 <DIR> d-------- C:\Documents and Settings\Henrik\cbt

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-17 16:53 --------- d-----w C:\Programmer\ContextTool
2007-11-16 20:01 --------- d-----w C:\Programmer\Java
2007-11-16 19:14 --------- d-----w C:\Documents and Settings\Emil\Application Data\LimeWire
2007-11-16 19:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-10 17:44 --------- d-----w C:\Programmer\Windows Live Toolbar
2007-11-10 17:40 --------- d-----w C:\Programmer\LimeWire
2007-11-10 17:40 --------- d-----w C:\Programmer\iTunes
2007-11-10 17:40 --------- d-----w C:\Programmer\Google
2007-11-06 17:43 --------- d-----w C:\Programmer\QuickTime
2007-10-31 15:52 --------- d--h--w C:\Programmer\InstallShield Installation Information
2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-23 22:21 --------- d-----w C:\Programmer\MSN Messenger
2007-10-12 17:28 --------- d-----w C:\Programmer\Bethesda Softworks
2007-10-03 18:34 --------- d-----w C:\Programmer\Ground Control II
2007-10-03 14:50 --------- d-----w C:\Programmer\Illusion Softworks
2007-09-18 17:10 --------- d-----w C:\Programmer\Rockstar Games
2007-09-18 15:22 --------- d-----w C:\Programmer\Apple Software Update
2007-09-18 14:38 --------- d-----w C:\Programmer\Sierra
.

((((((((((((((((((((((((((((( [email protected]_21.15.02.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-09-19 13:01:54 88,776 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2007-11-16 20:43:36 91,488 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
- 2007-09-19 13:01:54 101,064 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
+ 2007-11-16 20:43:34 103,776 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
- 2007-09-19 13:01:52 64,088 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2007-11-16 20:42:36 66,936 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
- 2007-09-19 13:01:52 223,800 ----a-w C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2007-11-16 20:42:29 226,656 ----a-w C:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2003-07-15 05:57:34 38,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL
+ 2003-07-15 05:53:06 94,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\AW.DLL
+ 2003-07-14 21:53:22 46,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\BLNMGRPS.DLL
+ 2003-07-15 05:56:54 14,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\DSITF.DLL
+ 2003-07-15 05:57:14 98,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\DSSM.EXE
+ 2003-07-15 05:41:44 13,368 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\FINDER.EXE
+ 2002-10-07 16:49:36 192,573 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\FORM.DLL
+ 2003-07-15 05:40:12 179,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL
+ 2003-07-15 05:45:14 58,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\INLAUNCH.DLL
+ 2003-06-19 00:31:10 252,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL
+ 2003-07-15 05:57:14 124,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSB1CORE.DLL
+ 2003-07-15 06:12:22 47,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSB1XTOR.DLL
+ 2003-07-15 05:56:14 40,504 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSE7.EXE
+ 2003-07-15 05:51:44 87,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL
+ 2003-07-15 05:52:52 17,464 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSMH.DLL
+ 2003-07-14 21:57:16 120,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL
+ 2003-07-15 05:52:52 27,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL
+ 2003-07-15 05:52:56 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE
+ 2003-07-15 05:56:16 54,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSOMSE.DLL
+ 2003-07-11 09:15:48 1,292,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL
+ 2003-07-15 10:18:52 376,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL
+ 2003-07-14 21:52:54 28,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL
+ 2003-07-15 05:52:52 35,896 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL
+ 2003-07-15 05:53:00 55,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSOSVABW.DLL
+ 2003-07-15 05:53:20 39,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSOSVFBR.DLL
+ 2003-07-15 05:46:16 42,040 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL
+ 2003-07-15 05:45:12 55,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE
+ 2003-07-15 05:45:12 39,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL
+ 2003-06-19 00:31:54 788,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSPFILT.DLL
+ 2003-06-19 00:31:50 16,384 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL
+ 2003-06-19 23:05:52 128,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSPSCAN.EXE
+ 2003-06-19 23:05:50 364,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE
+ 2003-07-15 06:02:42 637,496 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSQRY32.EXE
+ 2003-07-15 05:52:58 41,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSSH.DLL
+ 2003-07-15 06:00:54 145,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL
+ 2003-07-15 05:57:10 56,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\NAME.DLL
+ 2003-07-15 05:56:52 13,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL
+ 2003-06-19 00:31:58 6,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\OCRPS.DLL
+ 2007-09-19 13:01:52 223,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\OFFICE.DLL
+ 2003-07-15 10:14:26 242,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL
+ 2003-07-15 06:05:24 1,054,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\OMFC.DLL
+ 2003-07-15 06:05:24 1,054,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\OMFC.DLL_0002
+ 2003-07-15 05:44:34 102,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\OUTLCTL.DLL
+ 2003-07-15 05:43:16 49,208 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\OUTLWAB.DLL
+ 2003-07-15 10:18:44 93,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL
+ 2002-10-07 17:11:00 167,997 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\PSOM.DLL
+ 2003-07-15 05:40:16 51,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\PUBTRAP.DLL
+ 2003-05-09 04:54:00 77,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL
+ 2003-07-15 05:57:08 40,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL
+ 2002-10-07 16:49:42 81,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\REVERSE.DLL
+ 2003-07-21 18:46:38 390,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\RTFHTML.DLL
+ 2003-07-15 05:57:18 349,248 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\SELFCERT.EXE
+ 2003-07-15 05:44:16 66,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\SENDTO.DLL
+ 2003-07-14 21:57:08 58,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL
+ 2003-07-15 05:53:14 11,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE
+ 2002-10-07 16:53:04 106,561 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\THOCRAPI.DLL
+ 2002-10-07 16:50:44 241,729 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\TWCUTCHR.DLL
+ 2002-10-07 16:51:04 180,289 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\TWCUTLIN.DLL
+ 2002-10-07 16:51:14 147,520 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\TWLAY32.DLL
+ 2002-10-07 16:51:20 102,467 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\TWORIENT.DLL
+ 2002-10-07 16:50:04 118,847 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\TWRECE.DLL
+ 2002-10-07 16:49:56 81,983 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\TWRECS.DLL
+ 2002-10-07 16:51:44 221,252 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\TWSTRUCT.DLL
+ 2003-07-15 05:57:40 59,960 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\UNBIND.EXE
+ 2007-09-19 13:01:52 64,088 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\VBIDEPIA.DLL
+ 2002-10-07 17:03:34 1,794,113 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\XIMAGE3B.DLL
+ 2003-04-30 18:52:32 1,581,120 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\XPAGE3C.DLL
+ 2003-01-17 21:03:34 59,466 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.5614\XSCAN32.DAT
+ 2001-06-05 15:13:22 289,926 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.8173\ENGDIC.DAT
+ 2001-06-05 15:13:22 34,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.8173\ENGIDX.DAT
+ 2001-06-05 15:13:24 18,844 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.8173\JFONT.DAT
+ 2001-06-05 15:13:26 65,536 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.8173\LOOKUP.DAT
+ 2005-02-03 16:59:22 346,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.8173\METCONV.DLL
+ 2005-05-03 23:06:28 465,640 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.8173\MSDMENG.DLL
+ 2005-05-03 23:06:32 1,411,816 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.8173\MSDMINE.DLL
+ 2005-05-03 23:06:26 199,408 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.8173\MSMDUN80.DLL
+ 2001-10-23 07:13:42 53,260 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.8173\OCRHC.DAT
+ 2001-06-05 15:13:26 40,972 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\6040110900063D11C8EF10054038389C\11.0.8173\OCRVC.DAT
- 2007-10-10 21:28:39 593,920 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-11-16 20:47:05 593,920 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2007-10-10 21:28:39 12,288 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-11-16 20:47:05 12,288 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-10-10 21:28:39 86,016 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-11-16 20:47:05 86,016 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-10-10 21:28:39 135,168 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-11-16 20:47:04 135,168 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-10-10 21:28:39 11,264 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-11-16 20:47:05 11,264 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-10-10 21:28:40 27,136 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-11-16 20:47:05 27,136 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-10-10 21:28:40 4,096 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-11-16 20:47:05 4,096 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-10-10 21:28:40 794,624 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-11-16 20:47:05 794,624 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-10-10 21:28:39 249,856 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-11-16 20:47:04 249,856 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-10-10 21:28:39 61,440 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-11-16 20:47:04 61,440 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-10-10 21:28:40 23,040 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-11-16 20:47:05 23,040 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-10-10 21:28:39 286,720 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-11-16 20:47:04 286,720 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-10-10 21:28:39 409,600 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-11-16 20:47:04 409,600 ----a-r C:\WINDOWS\Installer\{90110406-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-07-27 22:07:21 783,224 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2007-10-25 16:24:45 815,480 ----a-w C:\WINDOWS\system32\aswBoot.exe
- 2007-07-27 21:57:49 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
+ 2007-10-25 16:14:25 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
- 2006-12-19 21:50:34 8,465,408 -c----w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-25 16:43:57 8,472,064 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
- 2007-07-27 21:58:36 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2007-10-25 16:58:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
- 2005-03-17 13:39:58 1,146,320 ----a-w C:\WINDOWS\system32\FM20.DLL
+ 2007-06-06 09:53:34 1,195,888 ----a-w C:\WINDOWS\system32\FM20.DLL
- 2003-07-15 05:57:04 32,584 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
+ 2007-03-22 18:17:04 35,440 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
- 2007-07-06 12:39:14 248,696 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-11-16 20:50:01 248,696 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-07-11 23:22:00 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-24 21:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-07-11 23:22:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-24 21:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-07-12 00:22:38 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-09-24 22:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2007-04-24 09:32:06 1,485,696 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2007-10-11 13:12:48 1,468,968 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2007-06-11 12:04:38 190,696 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe
- 2004-03-22 14:17:06 24,816 ----a-w C:\WINDOWS\system32\mdimon.dll
+ 2007-04-09 12:23:54 28,040 ----a-w C:\WINDOWS\system32\mdimon.dll
- 2007-09-28 05:19:39 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
- 2006-12-19 21:50:34 8,465,408 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-25 16:43:57 8,472,064 ----a-w C:\WINDOWS\system32\shell32.dll
- 2006-11-17 14:14:30 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-10-08 13:46:18 14,640 ------w C:\WINDOWS\system32\spmsg.dll
- 2004-03-22 14:17:04 765,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll
+ 2007-04-09 12:24:04 758,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll
- 2004-03-22 14:17:10 42,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2007-04-09 12:23:58 46,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
- 2004-03-22 14:17:04 765,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll
+ 2007-04-09 12:24:04 758,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll
- 2004-03-22 14:17:10 42,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll
+ 2007-04-09 12:23:58 46,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll
- 2004-03-22 14:17:08 25,840 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2007-04-09 12:23:54 28,552 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
- 2006-11-29 16:21:29 370,688 ----a-w C:\WINDOWS\system32\swsc.exe
+ 2006-01-09 08:36:06 40,960 ----a-w C:\WINDOWS\system32\swsc.exe
- 2006-12-01 04:20:32 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe
+ 2006-12-01 04:20:32 79,360 ----a-w C:\WINDOWS\system32\swxcacls.exe
- 2007-06-18 22:24:36 359,936 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-10-29 15:07:10 359,936 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-11-17 17:03:03 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_54c.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0068ea3d-ac5f-4bb0-a75a-b5a0f12d4766}]
2007-11-17 15:38 82496 --a------ C:\WINDOWS\system32\vmhgjyhp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
2007-06-27 21:27 1044480 --a------ C:\Programmer\ContextTool\ContextTool-2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-17 14:50 145984 --a------ C:\WINDOWS\system32\cqxqjcjm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\cqxqjcjm.dll [2007-11-17 14:50 145984]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:31]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 06:32]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 06:32]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 12:22]
"SoundMan"="SOUNDMAN.EXE" [2006-06-21 05:42 C:\WINDOWS\soundman.exe]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32]
"LogitechVideoRepair"="C:\Programmer\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
"LogitechVideoTray"="C:\Programmer\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"cc429608"="C:\WINDOWS\system32\manusalf.dll" [2007-11-17 17:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 01:53]
"LogitechSoftwareUpdate"="C:\Programmer\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-13 15:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cqxqjcjm]
cqxqjcjm.dll 2007-11-17 14:50 145984 C:\WINDOWS\system32\cqxqjcjm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\gebcb.dll

R1 BIOS;BIOS;\??\C:\WINDOWS\System32\drivers\BIOS.sys
R3 mssmbios;Driver til Microsoft System Management BIOS;C:\WINDOWS\system32\DRIVERS\mssmbios.sys
S3 iMSPQMn;iMSPQMn;\??\C:\DOCUME~1\Emil\LOKALE~1\Temp\iMSPQMn.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-02 11:58:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2007-11-16 21:34:00 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 18:05:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-17 18:07:27 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-16 20:26
C:\ComboFix3.txt ... 2007-11-14 21:16
.
--- E O F ---
Click to expand...
-------------------------------------------------------------------------------
 
Y

· Registered
Joined
·
14 Posts
Discussion Starter · #13 ·
Re: Need to get rid of "Live Safety Center" and "Online Security Guide"

The Kaspersky is simply too long, so I have attached it instead.

KASPERSKY ONLINE SCANNER REPORT
Saturday, November 17, 2007 8:01:56 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/11/2007
Kaspersky Anti-Virus database records: 460924
-------------------------------------------------------------------------------
Click to expand...
 

Attachments

Y

· Registered
Joined
·
14 Posts
Discussion Starter · #14 ·
Re: Need to get rid of "Live Safety Center" and "Online Security Guide"

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:07:24, on 17-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: {6674d21f-0a5b-a57a-0bb4-f5cad3ae8600} - {0068ea3d-ac5f-4bb0-a75a-b5a0f12d4766} - C:\WINDOWS\system32\vmhgjyhp.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Programmer\ContextTool\ContextTool-2.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmer\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\cqxqjcjm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\cqxqjcjm.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cc429608] rundll32.exe "C:\WINDOWS\system32\manusalf.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Programmer\IMVU\IMVUClient.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/229?ad0ecc5bcbe84099a7ef653c4a4aa47a
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/230?ad0ecc5bcbe84099a7ef653c4a4aa47a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmer\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Emil\Menuen Start\Programmer\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169665996593
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: cqxqjcjm - C:\WINDOWS\SYSTEM32\cqxqjcjm.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 9183 bytes
Click to expand...
 
T

· Registered
Joined
·
5,277 Posts
#15 ·
Re: Need to get rid of "Live Safety Center" and "Online Security Guide"

Hello again Henrik

Please follow all instructions and in which order they come,if you have any questions,please ask before proceeding.

======================================================

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

=======================================================

Some of the infections you have Steal Passwords and with that in mind i suggest you get to a Non-Infected machine and change
All your password.
If this machine has been used for banking then you need to inform your bank,credit card company..and explain the situation to them.
http://www.dslreports.com/faq/10451

----------------------------------------------------------

Copy the command below>then click start>run>paste the command into the run box.

C:\Qoobox\Quarantine\C\Documents and Settings\Emil

Right click on z.dat.vir then click on rename>rename to z.txt this will allow you to see what passwords were mined.

Double click on z.txt to open the file.

=====================================================

Please uninstall ContextTool and PlayMP3z.

=====================================================
Downloads

Vundofix

Please download VundoFix.exe to your desktop.Do not run just yet,we will shortly

---------------------------

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:SDFix)
Do not run just yet,we will shortly

------------------------------

Download ATF-Cleaner by Atribune to your desktop.Do not run just yet,we will shortly

=====================================================

Disconnect from the internet

=====================================================

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

======================================================

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

======================================================

Reboot back into normal mode

======================================================

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you have Firefox installed:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you have Opera installed:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

======================================================

Reg Fix

Go to Start->Run and type in regedit and hit OK.Go to HKEY_LOCAL_MACHINE and click on it>then right-click on HKEY_LOCAL_MACHINE and select export.
Save the registry somewhere as a backup. Close the Registry Editor now.

Open notepad and copy/paste the text in the quotebox below:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
Click to expand...
Save the file as "Fix.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files"
It should look like this:


Double click on the Fix.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

====================================================

Please run Deckard System Scanner once again.

=====================================================
Logs Required
C:\vundofix.txt
Report.txt(from SDFix)
C:\Deckard\System Scanner\main.txt

Let us know how your system is behaving,thanks.
 
Y

· Registered
Joined
·
14 Posts
Discussion Starter · #16 ·
Re: Need to get rid of "Live Safety Center" and "Online Security Guide"

Hi TheBruce1.

I did these 19 steps:

1: Sick PC is disconnected from the Internet.
2: No passwords were mined according to the z.dat.vir file.
3: ContextTool and PlayMP3z have now been uninstalled
4: VundoFix.exe, SDFix.exe and ATF-cleaner downloaded to a USB-stick on a clean PC
5: VundoFix.exe, SDFix.exe, and ATF-cleaner copied from the USB-stick to sick PC.
6: Ran VundiFix.exe and clicked the Vundo-button
7: Clicked Remove Vundo-button to wipe 3 files
8: After the wipe PC was rebooted as requested by VundoFix. VundoFix.txt saved.
9: PC booted again now in Safe Mode.
10: SDFix extracted
11: Double clicked RunThis.cmd and chose Y
12: After the scan a key pressed to reboot PC as requested. Reboot in normal mode.
13: ...waited for "Finished" and pressed a key to end script. File Report.txt saved.
14: Your guide on Techsupport says to reboot into normal mode but PC has already booted into normal mode (see 12)
15: ATF-Cleaner launched and "Select all" is clicked and "Empty selected" after that.
16: HKEY_LOCAL_MACHINE exported and the export-file has been copied to USB-stick
17: Ran Fix.reg file
18: Ran the Deckard System Scanner and saved main.txt
19: Ran HiJackThis and saved the file
Click to expand...
I saved the 3 files that you requested plus a HiJackThis-file. I notised at the end that you asked me to do HiJackThis in between the steps that you wanted me to do. I am sorry to say that I only did a HiJackThis as the last thing. I hope that is ok dispite of that.

VundoFix:
VundoFix V6.6.2

Checking Java version...

Sun Java not detected
Scan started at 18:47:53 23-11-2007

Listing files found while scanning....

C:\windows\system32\cqxqjcjm.dll
C:\windows\system32\cqxqjcjm.dllbox
C:\windows\system32\ixtymqbd.dll

Beginning removal...

Attempting to delete C:\windows\system32\cqxqjcjm.dll
C:\windows\system32\cqxqjcjm.dll Has been deleted!

Attempting to delete C:\windows\system32\cqxqjcjm.dllbox
C:\windows\system32\cqxqjcjm.dllbox Has been deleted!

Attempting to delete C:\windows\system32\ixtymqbd.dll
C:\windows\system32\ixtymqbd.dll Has been deleted!

Performing Repairs to the registry.
Done!
Click to expand...
Report.txt
SDFix: Version 1.115

Run by Emil on 23-11-2007 at 19:18

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\Emil\SKRIVE~1\ANTI-V~1\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Folder C:\WINDOWS\Fonts\' - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 19:25:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\01\11-{42AA0552-1A30-412F-943C-BEA9C8625780}-v1-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\13\18-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v13-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 38928 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\13\18-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v13-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 2784 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\13\18-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v13-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4360 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\14\19-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v14-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 33582 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\14\19-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v14-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 2406 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\14\19-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v14-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3744 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\15\20-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v15-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 32340 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\15\20-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v15-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 2334 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\15\20-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v15-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3608 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\16\21-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v16-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 27804 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\16\21-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v16-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 1920 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\16\21-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v16-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v21-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3072 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\17\22-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v17-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 28884 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\17\22-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v17-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 2046 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\17\22-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v17-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 3248 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\53\28-{CA5CB9EF-DB62-419F-9E2C-57CCC57A0AB7}-v153-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 38928 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\53\28-{CA5CB9EF-DB62-419F-9E2C-57CCC57A0AB7}-v153-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 2838 bytes hidden from API
C:\Documents and Settings\Emil\Lokale indstillinger\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\[email protected]\DFSR\Staging\CS{42AA0552-1A30-412F-943C-BEA9C8625780}\53\28-{CA5CB9EF-DB62-419F-9E2C-57CCC57A0AB7}-v153-{B8ED58D2-0A8B-4D94-8FA2-D2323F1F0C54}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 4320 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 19


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Programmer\Messenger\msmsgs.exe"
Fri 27 Aug 2004 60,416 A.SH. --- "C:\Programmer\Outlook Express\msimn.exe"
Sun 3 Jun 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 14 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!
Click to expand...

Main.txt
Deckard's System Scanner v20071014.68
Run by Emil on 2007-11-23 19:52:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Emil.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:53:16, on 23-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Documents and Settings\Emil\Skrivebord\Anti-virus\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Emil.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: {6674d21f-0a5b-a57a-0bb4-f5cad3ae8600} - {0068ea3d-ac5f-4bb0-a75a-b5a0f12d4766} - C:\WINDOWS\system32\vmhgjyhp.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Programmer\ContextTool\ContextTool-2.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmer\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cc429608] rundll32.exe "C:\WINDOWS\system32\manusalf.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Programmer\IMVU\IMVUClient.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/229?ad0ecc5bcbe84099a7ef653c4a4aa47a
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/230?ad0ecc5bcbe84099a7ef653c4a4aa47a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmer\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Emil\Menuen Start\Programmer\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169665996593
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 8907 bytes

-- Files created between 2007-10-23 and 2007-11-23 -----------------------------

2007-11-23 19:17:14 0 d-------- C:\WINDOWS\ERUNT
2007-11-23 18:47:52 0 d-------- C:\VundoFix Backups
2007-11-17 18:15:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-17 18:15:01 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-17 17:47:22 85056 --a------ C:\WINDOWS\system32\manusalf.dll
2007-11-17 15:38:15 82496 --a------ C:\WINDOWS\system32\vmhgjyhp.dll
2007-11-17 14:50:30 71232 --a------ C:\WINDOWS\system32\kfsgcohr.exe <Not Verified; ; DDC>
2007-11-10 19:44:43 0 d-------- C:\Programmer\Trend Micro
2007-11-10 19:05:35 0 d-------- C:\Programmer\SpywareBlaster
2007-11-10 16:35:16 0 d-------- C:\Documents and Settings\Henrik\Application Data\LimeWire
2007-11-09 16:20:37 0 d-------- C:\Documents and Settings\Miki\Application Data\LimeWire
2007-11-08 16:29:59 0 dr-h----- C:\Documents and Settings\Emil\Application Data\SecuROM
2007-11-06 18:45:25 0 d-------- C:\Programmer\iPod
2007-10-29 17:12:21 0 d-------- C:\Documents and Settings\Iku\Application Data\Apple Computer
2007-10-27 21:14:36 0 d-------- C:\Documents and Settings\Henrik\cbt
2007-10-26 22:10:59 0 d-------- C:\Documents and Settings\Iku\Application Data\Google


-- Find3M Report ---------------------------------------------------------------

2007-11-16 21:01:58 0 d-------- C:\Programmer\Java
2007-11-16 20:14:04 0 d-------- C:\Documents and Settings\Emil\Application Data\LimeWire
2007-11-14 21:13:27 0 d-------- C:\Programmer\Fælles filer
2007-11-14 20:29:37 3744 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-10 18:44:26 0 d-------- C:\Programmer\Windows Live Toolbar
2007-11-10 18:40:57 0 d-------- C:\Programmer\LimeWire
2007-11-10 18:40:43 0 d-------- C:\Programmer\iTunes
2007-11-10 18:40:15 0 d-------- C:\Programmer\Google
2007-11-06 18:43:14 0 d-------- C:\Programmer\QuickTime
2007-10-31 16:52:14 0 d--h----- C:\Programmer\InstallShield Installation Information
2007-10-28 11:34:47 410000 --a------ C:\WINDOWS\system32\perfh006.dat
2007-10-28 11:34:47 69974 --a------ C:\WINDOWS\system32\perfc006.dat
2007-10-23 23:21:44 0 d-------- C:\Programmer\MSN Messenger
2007-10-12 18:28:35 0 d-------- C:\Programmer\Bethesda Softworks
2007-10-10 16:33:10 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-10-03 19:34:44 0 d-------- C:\Programmer\Ground Control II
2007-10-03 15:50:50 0 d-------- C:\Programmer\Illusion Softworks


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0068ea3d-ac5f-4bb0-a75a-b5a0f12d4766}]
17-11-2007 15:38 82496 --a------ C:\WINDOWS\system32\vmhgjyhp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
C:\Programmer\ContextTool\ContextTool-2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04-08-2004 06:31]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [04-08-2004 06:32]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [04-08-2004 06:32]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [22-10-2006 12:22]
"nwiz"="nwiz.exe" [22-10-2006 12:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [22-10-2006 12:22]
"SoundMan"="SOUNDMAN.EXE" [21-06-2006 05:42 C:\WINDOWS\soundman.exe]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [19-07-2005 17:32]
"LogitechVideoRepair"="C:\Programmer\Logitech\Video\ISStart.exe" [08-06-2005 15:24]
"LogitechVideoTray"="C:\Programmer\Logitech\Video\LogiTray.exe" [08-06-2005 15:14]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [25-10-2007 17:20]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [25-09-2007 01:11]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11-05-2007 02:06]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [19-10-2007 20:16]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [02-11-2007 18:36]
"cc429608"="C:\WINDOWS\system32\manusalf.dll" [17-11-2007 17:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [27-08-2004 01:53]
"LogitechSoftwareUpdate"="C:\Programmer\Logitech\Video\ManifestEngine.exe" [08-06-2005 14:44]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [19-01-2007 11:55]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [13-08-2007 15:01]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2007-11-23 19:53:34 ------------
Click to expand...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:35:42, on 23-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: {6674d21f-0a5b-a57a-0bb4-f5cad3ae8600} - {0068ea3d-ac5f-4bb0-a75a-b5a0f12d4766} - C:\WINDOWS\system32\vmhgjyhp.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Programmer\ContextTool\ContextTool-2.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmer\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [cc429608] rundll32.exe "C:\WINDOWS\system32\manusalf.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Programmer\IMVU\IMVUClient.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/229?ad0ecc5bcbe84099a7ef653c4a4aa47a
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/230?ad0ecc5bcbe84099a7ef653c4a4aa47a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmer\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Emil\Menuen Start\Programmer\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169665996593
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 8858 bytes
Click to expand...
 
Y

· Registered
Joined
·
14 Posts
Discussion Starter · #17 ·
Re: Need to get rid of "Live Safety Center" and "Online Security Guide"

Hi TheBruce1

You asked me how the system is working. I took it step by step. First I closed down the PC after the HiJackThis, which was the last thing I did on the sick PC (the posting to Tech Support is done on a clean PC).

I restarted without the network cable plugged in and therefore no Internet. The boot ran with no problems and the subsequent Windows logon was problem free as well. No stupid ikons and no stupid messages.

Without doing anything else I plugged in the network cable. The MSN Messanger discovered it imideately although I am not logged in and Windows Firewall asks if I want the blocking of MSN Messanger. I chose to remove the blocking. Still nothing unexpected happened. No stupid ikons and no stupid messages.

I decided to start LimeWire as I know that is what my son will do as soon as I give him the "all clear". Right before I get to do this the Avast anti-virus balloons a message about an update, which is ok and normal. I check the Avast update message. Then I start LimeWire (versoin 4.14). I played different pieces of music and play a few minutes from a film. Everything worked normally. No stupid ikons and no stupid messages.

So I think it is time to declare victory ! :smile:

Regards,
Henrik Berg Andersen
 
T

· Registered
Joined
·
5,277 Posts
#18 ·
Re: Need to get rid of "Live Safety Center" and "Online Security Guide"

Good job Henrik

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

J2SE Runtime Environment 5.0 Update 7
Java(TM) SE Runtime Environment 6 Update 1 -
Java(TM) 6 Update 2

Leave Java(TM) 6 Update 3 installed as that is the current version
=====================================================

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Programmer\ContextTool\ContextTool-2.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)

Please remember to close all other windows, including browsers then click Fix checked.

=====================================================

Please delete/remove your existing copy of Combofix,then download this version of Combofix Here

--------------------------------------------------

Open notepad and copy/paste the text in the quotebox below into it:

http://www.techsupportforum.com/security-center/hijackthis-log-help/194341-need-get-rid-live-safety-center-online-security-guide.html

Collect::
C:\WINDOWS\system32\manusalf.dll
C:\WINDOWS\system32\vmhgjyhp.dll
C:\WINDOWS\system32\kfsgcohr.exe

Folder::
C:\VundoFix Backups

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0068ea3d-ac5f-4bb0-a75a-b5a0f12d4766}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cc429608"=-
Click to expand...
Save this as CFscript


Refering to the picture above, drag CFscript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

====================================================

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

=======================================================
Logs Required
C:\Combofix.txt
Hijackthis log
 
Y

· Registered
Joined
·
14 Posts
Discussion Starter · #19 ·
Re: Need to get rid of "Live Safety Center" and "Online Security Guide"

Hi TheBruce1

I ran the HiJackThis and checked the entries that you stated and removed them with the Fix Checked button.

The ComboFix was a problem. The link you supplied does link to a download of ComboFix.exe but it will not download correctly. All I get is a 0 kb file saved with the right name. In stead I looked at some of the other threads and found a recent link to a ComboFix download and got it that way. However, ComboFix freezes at "Deleting files..." and stay frozen. After 15 minutes of waiting I restarted the PC and tried again but the result was the same. So I cannot give you a CombiFix.txt file.

Below is the HiJackThis file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:47, on 2007-12-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: {6674d21f-0a5b-a57a-0bb4-f5cad3ae8600} - {0068ea3d-ac5f-4bb0-a75a-b5a0f12d4766} - C:\WINDOWS\system32\vmhgjyhp.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmer\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programmer\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programmer\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programmer\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Programmer\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/229?636ae23c2d9544bab9ad569ae2f4402a
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/230?636ae23c2d9544bab9ad569ae2f4402a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmer\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Emil\Menuen Start\Programmer\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169665996593
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 8743 bytes
Click to expand...
Regards,
Henrik Berg Andersen
 
T

· Registered
Joined
·
5,277 Posts
#20 ·
Re: Need to get rid of "Live Safety Center" and "Online Security Guide"

Hello again Henrik

Since you had not replied in almost three weeks i was unsubscribed to this thread so i would not have received any notification of your reply.

Since its been almost three weeks we`ll need to take a step backwards before we can continue,please delete all your copies of Combofix.

=============================

Please run Deckard's System Scanner once again, this time using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK

"%userprofile%\desktop\dss.exe" /config

Click on Extra Log and tick all boxes below that.

Click Scan!

When finished, it shall produce two logs for you. Post those logs in your next reply.

===============================
Logs Required
C:\Deckard\System Scanner\main.txt
C:\Deckard\System Scanner\extra.txt<----Attached
 
1 - 20 of 20 Posts
Status
Not open for further replies.
About this Discussion
19 Replies
2 Participants
Last post:
TheBruce1
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top