Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spysherrif Got Me!


  • This topic is locked This topic is locked
4 replies to this topic

#1 Senior Rubia

Senior Rubia

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 04 August 2008 - 07:05 PM

My background recently told me that I had a virus and needed to be innoculated. (How sweet of this virus to announce itself!) I could not change the background or screen saver, which of course looked strangely like a BSOD. I did a couple of online disinfections in "Safe Mode with Networking" and even started Avast! and AVG during the same mode, and they all found and deleted a few "trojan horses". When I restarted, I did not have the same background (yay), but I also didn't have the option of changing it to anything else (boo). I found a couple of registry fixes online and now I can change the background, screen saver, and everything! I want to know if I am completely virus- and malware-free.

Thanks ahead of time for any help and/or advice. Here are my two reports:


Deckard's System Scanner v20071014.68
Run by Michael on 2008-08-04 19:46:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
8: 2008-08-04 23:46:25 UTC - RP8 - Deckard's System Scanner Restore Point
7: 2008-08-03 17:13:52 UTC - RP7 - Installed Zune Desktop Theme
6: 2008-08-03 16:43:41 UTC - RP6 - Removed Bonjour
5: 2008-08-03 03:35:13 UTC - RP5 - Installed Ad-Aware
4: 2008-08-03 03:21:14 UTC - RP4 - Installed SoundMAX


-- First Restore Point --
1: 2008-08-03 02:41:16 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Michael.exe) ---------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-04 19:48:41
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Utilities\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\Ad-Aware\aawservice.exe
C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\Avast\aswUpdSv.exe
C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\AVG Free\avgamsvr.exe
C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\AVG Free\avgupsvc.exe
C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\AVG Free\avgemc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\Avast\ashMaiSv.exe
C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\Avast\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\AVG Free\avgcc.exe
C:\Program Files\Utilities\Logitech\MouseWare\system\EM_EXEC.EXE
C:\Program Files\Utilities\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Utilities\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\Avast\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Multimedia\AnyDVD\AnyDVD.exe
C:\Program Files\Utilities\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Internet\Mozilla Firefox\firefox.exe
C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\SpyCatcher\Protector.exe
C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\SpyCatcher\Scheduler daemon.exe
F:\BACKUP (Drivers, Programs & Whatnot)\[NEW]\Deckards-System-Scanner.exe
C:\Program Files\Utilities\HijackThis\Michael.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CodecPlugin Class - {098716A9-0310-4CBE-BD64-B790A9761158} - C:\WINDOWS\system32\RichVideoCodec.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\SpyCatcher\SCActiveBlock.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\Internet\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {FB0E529A-3D2C-473E-83FE-9E56AC6CC0EB} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Internet\ANTI-V~1\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\Utilities\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Utilities\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [lphcjvoj0ecde] C:\WINDOWS\system32\lphcjvoj0ecde.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SpyCatcher Reminder] C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\SpyCatcher\SpyCatcher.exe reminder
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\Avast\ashDisp.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\Multimedia\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Internet\ANTI-V~1\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Internet\ANTI-V~1\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Internet\ANTI-V~1\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Internet\ANTI-V~1\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Scheduler.lnk = C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\Utilities\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\SpyCatcher\Protector.exe
O4 - Global Startup: VersionTrackerPro.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\Internet\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\Internet\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\Internet\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\Internet\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll
O20 - AppInit_DLLs: secuload.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\Avast\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\AVG Free\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\AVG Free\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\AVG Free\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe


--
End of file - 10427 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.5.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.5.0>
R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_2702&SUBSYS_8D881028&REV_01\4&1A671D0C&0&30F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_2702&SUBSYS_8D881028&REV_01\4&1A671D0C&0&30F0
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&1A671D0C&0&48F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&1A671D0C&0&48F0
Service: bcm4sbxp


-- Scheduled Tasks -------------------------------------------------------------

2008-08-04 19:20:23 350 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-07-27 22:00:00 366 --a------ C:\WINDOWS\Tasks\SmartDefrag.job


-- Files created between 2008-07-04 and 2008-08-04 -----------------------------

2008-08-03 17:24:42 0 d-------- C:\WINDOWS\BDOSCAN8
2008-08-03 15:31:34 0 d-------- C:\Documents and Settings\Michael\Application Data\Tenebril
2008-08-03 15:29:29 0 dr-h----- C:\Documents and Settings\Michael\Recent
2008-08-03 14:22:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
2008-08-03 13:12:42 0 d-------- C:\WINDOWS\system32\tenarchlib
2008-08-03 13:12:42 40960 --a-s---- C:\WINDOWS\system32\ProcessKiller.dll
2008-08-03 13:12:41 180224 --a-s---- C:\WINDOWS\system32\archlib.dll <Not Verified; Tenebril Incorporated; Tenebril architecture technology>
2008-08-03 13:02:22 0 d-------- C:\Documents and Settings\Michael\Application Data\Ashampoo
2008-08-03 12:56:03 103424 --a------ C:\WINDOWS\system32\PowerUp3_nat.dll <Not Verified; Ashampoo; PowerUp3>
2008-08-03 12:48:41 3840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-08-03 12:48:41 0 d-------- C:\Program Files\Belarc
2008-08-03 12:45:02 0 d-------- C:\Documents and Settings\Michael\Application Data\Uniblue
2008-08-02 23:44:05 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-08-02 23:35:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-02 23:32:31 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-02 20:42:32 257365 --a------ C:\WINDOWS\system32\lphcjvoj0ecde.exe
2008-08-02 20:37:24 0 d-------- C:\Program Files\RichVideoCodec
2008-08-02 17:05:55 0 dr-h----- C:\$VAULT$.AVG
2008-08-01 10:57:38 167936 --a------ C:\WINDOWS\system32\RichVideoCodec.dll <Not Verified; IRCodecs; IRCodecs>


-- Find3M Report ---------------------------------------------------------------

2008-08-04 19:39:03 0 d-------- C:\Program Files\Utilities
2008-08-04 19:18:44 0 d-------- C:\Documents and Settings\Michael\Application Data\AVG7
2008-08-03 13:18:20 0 d-------- C:\Program Files\Internet
2008-08-03 12:44:02 0 d-------- C:\Program Files\Multimedia
2008-08-02 23:32:31 0 d-------- C:\Program Files\Common Files
2008-08-02 23:18:20 0 d-------- C:\Documents and Settings\Michael\Application Data\VersionTracker Pro
2008-07-28 23:48:54 0 d-------- C:\Documents and Settings\Michael\Application Data\OpenOffice.org2
2008-07-28 19:13:09 0 --a------ C:\Documents and Settings\Michael\Application Data\CopyToGo.dat
2008-07-27 19:05:34 0 d-------- C:\Documents and Settings\Michael\Application Data\Apple Computer
2008-07-23 20:49:41 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-06 14:40:00 0 d-------- C:\Program Files\Java
2008-06-30 20:57:26 256 --a------ C:\WINDOWS\system32\pool.bin
2008-06-30 00:46:57 0 d-------- C:\Program Files\Common Files\Research In Motion
2008-06-29 13:42:12 0 d-------- C:\Documents and Settings\Michael\Application Data\Research In Motion


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{098716A9-0310-4CBE-BD64-B790A9761158}]
08/01/2008 10:57 AM 167936 --a------ C:\WINDOWS\system32\RichVideoCodec.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB0E529A-3D2C-473E-83FE-9E56AC6CC0EB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [10/19/2005 08:59 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [06/21/2005 04:44 PM]
"Logitech Utility"="Logi_MwX.Exe" [12/17/2003 09:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"AVG7_CC"="C:\PROGRA~1\Internet\ANTI-V~1\AVGFRE~1\avgcc.exe" [06/27/2008 05:57 PM]
"SmartDefrag"="C:\Program Files\Utilities\IObit SmartDefrag\IObit SmartDefrag.exe" [01/07/2008 11:29 PM]
"Windows Defender"="C:\Program Files\Utilities\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [12/21/2005 10:14 AM]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [04/29/2008 07:56 PM]
"lphcjvoj0ecde"="C:\WINDOWS\system32\lphcjvoj0ecde.exe" [08/02/2008 08:36 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [09/13/2007 10:52 AM]
"SpyCatcher Reminder"="C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\SpyCatcher\SpyCatcher.exe" [10/16/2007 12:05 PM]
"avast!"="C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\Avast\ashDisp.exe" [07/19/2008 10:38 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="C:\Program Files\Multimedia\AnyDVD\AnyDVD.exe" [10/28/2007 09:51 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"=C:\PROGRA~1\Internet\ANTI-V~1\AVGFRE~1\avgw.exe /RUNONCE
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\Michael\Start Menu\Programs\Startup\
Scheduler.lnk - C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\SpyCatcher\Scheduler daemon.exe [8/3/2008 1:12:44 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - C:\Program Files\Utilities\NETGEAR\WG111v2\WG111v2.exe [5/6/2008 10:10:26 PM]
SpyCatcher Protector.lnk - C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\SpyCatcher\Protector.exe [8/3/2008 1:12:44 PM]
VersionTrackerPro.lnk - C:\WINDOWS\Installer\{64A32253-A906-4AEB-B6A7-A90512B68D87}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe [8/2/2008 11:07:38 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=secuload.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bf0e671-0bea-11dd-a149-806d6172696f}]
open\command- %SystemRoot%\Explorer.exe /idlist,%I,%L




-- End of Deckard's System Scanner: finished at 2008-08-04 19:50:30 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.20GHz
Percentage of Memory in Use: 76%
Physical Memory (total/avail): 766.48 MiB / 182.09 MiB
Pagefile Memory (total/avail): 1877.18 MiB / 1294.25 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.21 MiB

C: is Fixed (NTFS) - 37.57 GiB total, 17.76 GiB free.
D: is CDROM (No Media)
E: is CDROM (UDF)
F: is Fixed (NTFS) - 195.32 GiB total, 23.37 GiB free.
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2500AAJB-00WGA0 - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 37.57 GiB - C:
\PARTITION1 - Installable File System - 195.32 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.526 v7.5.526 (Grisoft)
AV: avast! antivirus 4.8.1229 [VPS 080804-0] v4.8.1229 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Internet\\Anti-Virus & Spy-Ware Programs\\AVG Free\\avginet.exe"="C:\\Program Files\\Internet\\Anti-Virus & Spy-Ware Programs\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Internet\\Anti-Virus & Spy-Ware Programs\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Internet\\Anti-Virus & Spy-Ware Programs\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Internet\\Anti-Virus & Spy-Ware Programs\\AVG Free\\avgcc.exe"="C:\\Program Files\\Internet\\Anti-Virus & Spy-Ware Programs\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Internet\\Anti-Virus & Spy-Ware Programs\\AVG Free\\avgemc.exe"="C:\\Program Files\\Internet\\Anti-Virus & Spy-Ware Programs\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Internet\\Trillian\\trillian.exe"="C:\\Program Files\\Internet\\Trillian\\trillian.exe:*:Enabled:Trillian"
"C:\\Program Files\\Internet\\BitComet\\BitComet.exe"="C:\\Program Files\\Internet\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Multimedia\\iTunes\\iTunes.exe"="C:\\Program Files\\Multimedia\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Michael\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MY_TOY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Michael
LOGONSERVER=\\MY_TOY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Multimedia\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Michael\LOCALS~1\Temp
TMP=C:\DOCUME~1\Michael\LOCALS~1\Temp
USERDOMAIN=MY_TOY
USERNAME=Michael
USERPROFILE=C:\Documents and Settings\Michael
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Michael (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Advanced WindowsCare Personal --> "C:\Program Files\Utilities\Advanced WindowsCare V2\unins000.exe"
AnyDVD --> "C:\Program Files\Multimedia\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\Multimedia\AnyDVD"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Ashampoo PowerUp 3.21 --> "C:\Program Files\Utilities\Ashampoo PowerUp 3\unins000.exe"
avast! Antivirus --> C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\Avast\aswRunDll.exe "C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\Avast\Setup\setiface.dll",RunSetup
AVG 7.5 --> C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\AVG Free\setup.exe /UNINSTALL
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
BitComet 1.00 --> C:\Program Files\Internet\BitComet\uninst.exe
BlackBerry Desktop Software 4.3 --> MsiExec.exe /i{C178B38F-613A-4EFE-B718-A675BD27A1E1}
BlackBerry Desktop Software 4.3 --> MsiExec.exe /I{C178B38F-613A-4EFE-B718-A675BD27A1E1}
BlackBerry v4.2.1 for the 7130 Series Wireless Device --> MsiExec.exe /X{C242CC6C-AB27-4F14-AD9D-C1F77A2E6602}
CCleaner (remove only) --> "C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\CCleaner\uninst.exe"
CDisplay 1.8 --> "C:\Program Files\Multimedia\CDisplay\unins000.exe"
Corel DVD Copy 6 --> C:\Program Files\InstallShield Installation Information\{4D44AD63-8061-41A8-BCCD-23B7117E3C14}\setup.exe -runfromtemp -l0x0409 /REMOVEONLY
DVD Copy --> C:\Program Files\InstallShield Installation Information\{4D44AD63-8061-41A8-BCCD-23B7117E3C14}\setup.exe -runfromtemp -l0x0409 /REMOVEONLY
GSplit 2.1 --> C:\Program Files\Utilities\GSplit\Uninst.exe
HijackThis 1.99.1 --> C:\Program Files\Utilities\HijackThis\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
ImTOO DVD Audio Ripper 5 --> C:\Program Files\Multimedia\DVD Audio Ripper 5\Uninstall.exe
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
IObit SmartDefrag Beta4.03 --> "C:\Program Files\Utilities\IObit SmartDefrag\unins000.exe"
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Logitech MouseWare 9.79.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 --> "C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MiniRingtone 1.5 --> "C:\Program Files\Multimedia\MiniRingtone\unins000.exe"
Mozilla Firefox (2.0.0.16) --> C:\PROGRA~1\INTERNET\Mozilla Firefox\uninstall\helper.exe
MP3 Splitter --> "C:\Program Files\Multimedia\mp3split\unins000.exe"
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero OEM --> C:\Program Files\Utilities\Ahead Nero\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
NETGEAR WG111v2 wireless USB 2.0 adapter --> C:\Program Files\InstallShield Installation Information\{4102037D-E8E0-48E0-B203-E521D194FB71}\setup.exe -runfromtemp -l0x0009 -removeonly
OpenOffice.org 2.4 --> MsiExec.exe /I{F87A8E11-02A4-4875-A3A5-5961081B0E4E}
Pinnacle Hollywood FX for Studio --> C:\WINDOWS\unvise32.exe C:\Program Files\Multimedia\Pinnacle\Hollywood FX for Studio\5.5\uninstal.log
Pinnacle Instant DVD Recorder --> "C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\setup.exe" -runfromtemp -l0x0009UNINSTALL -removeonly
Pinnacle USB device drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C0ADF96-20E7-4671-88D2-39B5A307E2A2}\setup.exe" -l0x9
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SpyCatcher Express 2007 --> "C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\SpyCatcher\unins000.exe"
SpywareBlaster 4.1 --> "C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\SpywareBlaster\unins000.exe"
Studio 9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D02FCF71-B9A2-406F-ABE5-8E183526CDDF}\Setup.exe" -l0x9 UNINSTALL
TagScanner 5.0 build 516 --> "C:\Program Files\Multimedia\MP3\TagScanner\unins000.exe"
Trillian --> C:\Program Files\Internet\Trillian\trillian.exe /uninstall
VersionTracker Pro Windows --> MsiExec.exe /X{64A32253-A906-4AEB-B6A7-A90512B68D87}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinRAR archiver --> C:\Program Files\Utilities\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
Zune --> C:\Program Files\Zune\ZuneSetup.exe /x
Zune --> MsiExec.exe /X{FF70513F-E3A7-402F-84FB-B7810A064BE2}
Zune Desktop Theme --> MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}
Zune Language Pack (ES) --> MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR) --> MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}


-- Application Event Log -------------------------------------------------------

Event Record #/Type1307 / Error
Event Submitted/Written: 08/04/2008 07:37:38 PM
Event ID/Source: 11706 / MsiInstaller
Event Description:
Product: VersionTracker Pro Windows -- Error 1706.No valid source could be found for product VersionTracker Pro Windows. The Windows Installer cannot continue.

Event Record #/Type1306 / Warning
Event Submitted/Written: 08/04/2008 07:19:23 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{64A32253-A906-4AEB-B6A7-A90512B68D87}', feature 'AlwaysInstall' failed during request for component '{EB14A883-71D4-41B3-8CEF-41F7179E5A58}'

Event Record #/Type1305 / Warning
Event Submitted/Written: 08/04/2008 07:19:23 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{64A32253-A906-4AEB-B6A7-A90512B68D87}', feature 'AlwaysInstall', component '{303994BA-6487-47AE-AF1D-7AF6088EEBDB}' failed. The resource '' does not exist.

Event Record #/Type1303 / Warning
Event Submitted/Written: 08/04/2008 07:17:34 PM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}. CoGetObject returned HRESULT 8000401A.

Event Record #/Type1297 / Warning
Event Submitted/Written: 08/03/2008 05:21:57 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type19786 / Warning
Event Submitted/Written: 08/04/2008 07:49:17 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%MY_TOY27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %MY_TOY27 can't undo changes that you allow.

For more information please see the following:
%MY_TOY275

Scan ID: {627C108A-7395-4813-9849-372B5AF84450}

User: MY_TOY\Michael

Name: %MY_TOY271

ID: %MY_TOY272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %MY_TOY276

Alert Type: %MY_TOY278

Detection Type: 1.1.1593.02

Event Record #/Type19785 / Warning
Event Submitted/Written: 08/04/2008 07:49:17 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%MY_TOY27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %MY_TOY27 can't undo changes that you allow.

For more information please see the following:
%MY_TOY275

Scan ID: {5F60751B-862C-4537-8024-829B7BB37024}

User: MY_TOY\Michael

Name: %MY_TOY271

ID: %MY_TOY272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %MY_TOY276

Alert Type: %MY_TOY278

Detection Type: 1.1.1593.02

Event Record #/Type19784 / Warning
Event Submitted/Written: 08/04/2008 07:49:17 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%MY_TOY27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %MY_TOY27 can't undo changes that you allow.

For more information please see the following:
%MY_TOY275

Scan ID: {3B5CC688-F71F-4046-A55C-2A1930C80E9A}

User: MY_TOY\Michael

Name: %MY_TOY271

ID: %MY_TOY272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %MY_TOY276

Alert Type: %MY_TOY278

Detection Type: 1.1.1593.02

Event Record #/Type19783 / Warning
Event Submitted/Written: 08/04/2008 07:49:15 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%MY_TOY27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %MY_TOY27 can't undo changes that you allow.

For more information please see the following:
%MY_TOY275

Scan ID: {74E5C8B7-8205-4006-97F5-DDEE369AF899}

User: MY_TOY\Michael

Name: %MY_TOY271

ID: %MY_TOY272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %MY_TOY276

Alert Type: %MY_TOY278

Detection Type: 1.1.1593.02

Event Record #/Type19782 / Warning
Event Submitted/Written: 08/04/2008 07:49:15 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%MY_TOY27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %MY_TOY27 can't undo changes that you allow.

For more information please see the following:
%MY_TOY275

Scan ID: {DC09C1CB-E98A-4EC7-8822-B144197008B0}

User: MY_TOY\Michael

Name: %MY_TOY271

ID: %MY_TOY272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %MY_TOY276

Alert Type: %MY_TOY278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-08-04 19:50:30 ------------

BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:37 PM

Posted 05 August 2008 - 07:12 AM

Hi,

I notice from your log that there's more than 1 Antivirus installed. Avast and AVG.
Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!
The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.
Also because more than one Antivirus and Firewall installed are not compatible with eachother, it can cause system performance problems and a serious system slowdown.

So you have to make a decision here and keep the Antivirus you prefer and uninstall the other one.
Then reboot after uninstalling.

Then, * Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Senior Rubia

Senior Rubia
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 06 August 2008 - 01:28 AM

Thanks again for the help. I did everything you said, including removing one of the antivirus progs (I only installed the extra since the infection, and I've decided to keep Avast instead of AVG since it caught the virus and AVG didn't).

Here's the HijackThis file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:26:46 AM, on 8/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Utilities\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\Ad-Aware\aawservice.exe
C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\Avast\aswUpdSv.exe
C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\Avast\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Utilities\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Utilities\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Utilities\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\Avast\ashMaiSv.exe
C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\Avast\ashWebSv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\Avast\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Multimedia\AnyDVD\AnyDVD.exe
C:\Program Files\Utilities\NETGEAR\WG111v2\WG111v2.exe
C:\PROGRA~1\INTERNET\MOZILL~1\FIREFOX.EXE
C:\Program Files\Utilities\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Utilities\WinRAR\WinRAR.exe
C:\DOCUME~1\Michael\LOCALS~1\Temp\Rar$EX00.266\HijackThis.exe
C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\Avast\setup\avast.setup

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\SpyCatcher\SCActiveBlock.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\Internet\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\Utilities\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Utilities\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SpyCatcher Reminder] C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\SpyCatcher\SpyCatcher.exe reminder
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\Avast\ashDisp.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\Multimedia\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Scheduler.lnk = C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\Utilities\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\SpyCatcher\Protector.exe
O4 - Global Startup: VersionTrackerPro.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\Internet\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\Internet\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\Internet\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\Internet\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - AppInit_DLLs: secuload.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Internet\Anti-Virus & Spy-Ware Programs\Avast\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 8604 bytes










.... and here's the other one:


Malwarebytes' Anti-Malware 1.24
Database version: 1028
Windows 5.1.2600 Service Pack 2

2:18:19 AM 8/6/2008
mbam-log-8-6-2008 (02-18-19).txt

Scan type: Quick Scan
Objects scanned: 41319
Time elapsed: 3 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fb0e529a-3d2c-473e-83fe-9e56ac6cc0eb} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\codecbho.codecplugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{84562fca-ee8b-4585-a1d1-eae97b23370e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{48e92754-2daf-4de4-8385-34f631580e9b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a1c23ba2-8f20-4c01-b663-7ff2b3421194} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{098716a9-0310-4cbe-bd64-b790a9761158} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{098716a9-0310-4cbe-bd64-b790a9761158} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d37d6c1a-7ba4-47f4-9bf2-75031e257df6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\codecbho.codecplugin.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{f4406238-983a-4845-9053-f1d0007fd135} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\codecbho.xmldomdocumenteventssink (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\codecbho.xmldomdocumenteventssink.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcnvoj0ecde (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\CodecBHO.DLL (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RichVideoCodec (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcjvoj0ecde (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\RichVideoCodec (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\RichVideoCodec.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\RichVideoCodec\MultiLoader.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcjvoj0ecde.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:37 PM

Posted 06 August 2008 - 03:16 AM

Hi,

This looks OK again.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7".
  • Click the "Download" button to the right.
  • For Platform, select "Windows"
  • For language, select your language
  • Read the License agreement and then Check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement".
  • Click Continue
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • Java™ 6 Update 5
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.
Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:37 PM

Posted 14 August 2008 - 04:43 PM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users