Strange Virus Fixed but I wonder if I did the right thing...

2»

Comments

  • Slider51Slider51 Michigan USA New
    edited April 2009
    OK great, I'll take care of all of this this weekend.

    I am aware that two AV programs can be problematic. This is what I do and why, please tell me if I've got it wrong in your opinion:

    I have relied on Spyware Doctor for all my anti-spyware scanning and repair for at least a couple of years now. The pre-version 6 SD, however, in real-time mode was a real resource hog on my machines, and was prone to locking up regularly. The autoscan feature would begin a scan even before Windows had time to start, causing alot of problems booting my machine. It was however, the best scanner and fixer I have ever used. To combat the problems, I ran with the real-time features shut off and scanned manually only. I also dislike auto update features on any program, so I had it set to prompt only. I did run WinDefender at the same time to handle realtime stuff, it was alot less of a resource hog.

    That being said, although I have upgraded to SD Version 6, I run it like before, with the "Intelliguard" real time protection turned off. Call it force of habit, I actually have never checked to see if PC Tools claims of less overhead are true. I also have the "Immunization" stuff turned off, again in an attempt to minimize background overhead.

    On to AVG - After years of running Norton stuff with its associated huge overhead, horrendous prices, and terrible support issues, a while back I uninstalled everything that had Norton's name on it. My local PC builder recommended that I try AVG, and I am impressed so far with it's capabilites even for a free program.

    I am no expert at all, but this is how I currently handle AV and Spyware - AVG handles the AV, and I scan for spyware with SD in a manual mode. This shoudn't generate a conflict, should it? I'm all ears if my logic is flawed here, so please make a recommendation. I am fine with unistalling AVG IF Spyware Doctor is indeed better than it used to be and if in your opinion its Anti-Virus capabilites are as good as its Spyware capabilities.

    I guess that got long and drawn out, but that's my explanation of why I have two programs running that have AV capability...

    Also - SD has a raft of bells and whistles - Behavior Guard, Browser Guard, Cookie Guard, E-Mail guard, File Guard, Immunizer Guard, Network Guard, Process Guard, and Site Guard. Should I be running any of this? To me it all looks like more overhead and way too much stuff being monitored and controlled...but again, maybe I'm just still thinking of the AOL days.

    Thanks again!

    Slider
  • edited April 2009
    Technically, your theory is correct.
    However, unless you stop the services as well they run in the background and can cause conflicts.

    If you feel that it works for you, then fine :)

    When your SD is due for renewal, I recommend you try the following though.
    Avast for AntiVirus
    MalwareBytes for AntiSpyware.

    I'm not a big fan of SD or AVG, so I may be biased against them :bigggrin:
  • Slider51Slider51 Michigan USA New
    edited April 2009
    A recommendation like that from someone with your expertise is invaluable. I somehow doubt you are biased, I rather think you have the knowledge to know what is best. I can surely say that I don't have that knowledge.

    I'm part of the majority of computer users out there when I say that the technology in our hands is so far beyond what we can understand that we really don't have the tools required to make a logical selection. Consequently once we find something that works for us most if not all of the time, we're uncomfortable changing. The classic "if it ain't broke, don't fix it".

    I have put a note on my calendar though to switch to Malware Bytes when my SD subscription is up for renewal. That change will be easy - even CyberDefender used it instead of their own software! And knowing that AVG Free is a limited solution, then would be a good time to put a full capability paid program back into my arsenal.

    Just before I logged in to this forum, I checked my credit card activity online and noted two credits from CyberDefender - one for $129.99 and yesterday another for $120.00. I have my money back, and I am positive that had I not enlisted Icrontic's help that would never have happened.

    Returning my money does NOT exonerate CyberDefender, however. They need to be investigated - "Sheur2XLC" Trojan doesn't exist, at least not under that name. Their "free" version (not free at all!) is the smoking gun - it contains the "hook" that leads one to believe there is nothing left to do but buy their software and let their technicians "fix" the unwary user's machine, because nobody else's software can identify or fix this threat. Once I bit down on the hook, I changed from a customer to their prey. Once a rogue, always a rogue. They may have given my $250 back, but they cost me many many hours of time and anguish, and consumed a bunch of Icrontic's time and expertise in helping me to weed trough their mess.

    Katana, thank you, thank you, thank you! You and Icrontic are incredible and are the heroes here.

    Slider51
    Michigan, USA

    Here's my final RSIT log:Logfile of random's system information tool 1.06 (written by random/random)
    Run by Administrator at 2009-04-05 14:34:10
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 203 GB (85%) free of 238 GB
    Total RAM: 1023 MB (60% free)
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:34:19 PM, on 4/5/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Administrator\Desktop\RSIT.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HijackThis\Administrator.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.*.attbi.com
    N3 - Netscape 7: # Mozilla User Preferences
    /* Do not edit this file.
    *
    * If you make changes to this file while the browser is running,
    * the changes will be overwritten when the browser exits.
    *
    * To make a manual change to preferences, you can visit the URL about:config
    * For more information, see http://www.mozilla.org/unix/customizing.html#prefs
    */
    user_pref("aim.session.firsttime", false);
    user_pref("browser.activation.checkedNNFlag", true);
    user_pref("browser.bookmarks.added_static_root", true);
    user_pref("browser.cache.disk.parent_directory", "C:\\DOCUMENTS AND SETTINGS\\ADMINISTRATOR\\APPLICATION DATA\\Mozilla\\Profiles\\default\\lxcunvvv.slt");
    user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
    user_pref("browser.startup.homepage_override.mstone", "rv:1.7.2");
    user_pref("dom.disable_open_during_load", true);
    user_pref("intl.charsetmenu.browser.cache", "us-ascii, UTF-8, windows-1252, ISO-8859-1");
    user_pref("mail
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096722207781
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140016650656
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?323
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MANDP.Local
    O17 - HKLM\Software\..\Telephony: DomainName = MANDP.Local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MANDP.Local
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: JavaQuickStarterService - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
    --
    End of file - 7504 bytes
    ======Registry dump======
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-03-27 1078552]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
    Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-02 320920]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-05-21 2403392]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-11 737776]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-02 34816]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-02 73728]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-05-21 2403392]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-03-27 1932568]
    "ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-12-08 1173384]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
    C:\WINDOWS\ALCWZRD.EXE [2004-05-17 2545664]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
    C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-03-17 61952]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWOTOOLBOX]
    C:\Program Files\HP\HP Officejet Pro K850 Series\Toolbox\HPWOTBX.exe [2006-11-03 352256]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
    C:\Program Files\Spyware Doctor\pctsTray.exe [2008-12-08 1173384]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
    C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe [2007-02-22 2209224]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Panasonic Device Manager for Multi-Function Station software]
    C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe [2007-05-21 126976]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Panasonic Device Monitor Wakeup]
    C:\Program Files\Panasonic\Device Monitor\dmwakeup.exe [2006-11-02 303104]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Panasonic PCFAX for Multi-Function Station software]
    C:\Program Files\Panasonic\MFStation\KmPcFax.exe [2007-08-28 757760]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
    C:\PROGRA~1\Ahead\NEROPH~1\data\xtras\mssysmgr.exe [2004-05-12 196608]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-30 68856]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    C:\Program Files\Windows Defender\MSASCui.exe -hide []
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3
    "WinDefend"=2
    "ThreatFire"=3
    "sdCoreService"=2
    "sdAuxService"=2
    "Panasonic Trap Monitor Service"=2
    "Panasonic Local Printer Service"=2
    "ose"=3
    "JavaQuickStarterService"=3
    "gusvc"=3
    "C-DillaCdaC11BA"=2
    "AVGEMS"=2
    "Avg7UpdSvc"=2
    "Avg7Alrt"=2
    "ATI Smart"=2
    "APC UPS Service"=2
    "AcrSch2Svc"=2
    "aawservice"=3
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2004-04-21 86016]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
    C:\WINDOWS\system32\avgrsstx.dll [2009-03-27 10520]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "authentication packages"=msv1_0
    relog_ap
    "notification packages"=
    scecli
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
    "C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    ======File associations======
    .scr - open - "C:\WINDOWS\notepad.exe" "%1"
    .scr - install -
    .scr - config -
    ======List of files/folders created in the last 1 months======
    2009-04-02 20:11:42 ----D---- C:\WINDOWS\ERDNT
    2009-04-02 20:10:47 ----D---- C:\Program Files\ERUNT
    2009-03-29 18:27:47 ----D---- C:\rsit
    2009-03-27 20:52:56 ----HD---- C:\$AVG8.VAULT$
    2009-03-27 20:07:07 ----A---- C:\WINDOWS\system32\avgrsstx.dll
    2009-03-27 20:06:44 ----D---- C:\Program Files\AVG
    2009-03-27 20:06:43 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
    2009-03-27 18:59:58 ----D---- C:\Program Files\Common Files\PC Tools
    2009-03-27 18:59:53 ----D---- C:\Program Files\Spyware Doctor
    2009-03-24 17:34:59 ----A---- C:\WINDOWS\st_affiliate.ini
    2009-03-24 17:25:33 ----D---- C:\Program Files\CyberDefender
    2009-03-24 17:10:39 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-03-24 17:09:27 ----D---- C:\Program Files\SUPERAntiSpyware
    2009-03-24 17:09:27 ----D---- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
    2009-03-24 16:55:31 ----D---- C:\Avenger
    2009-03-24 16:55:31 ----A---- C:\avenger.txt
    2009-03-24 16:37:46 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-03-24 16:37:23 ----D---- C:\WINDOWS\temp
    2009-03-24 16:00:23 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    2009-03-24 16:00:16 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-03-24 14:20:54 ----SHD---- C:\WINDOWS\CSC
    2009-03-12 20:55:40 ----A---- C:\WINDOWS\KmPcFax.INI
    2009-03-12 20:31:03 ----A---- C:\WINDOWS\system32\hpz3l42i.dll
    2009-03-11 15:52:11 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
    2009-03-11 15:52:05 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
    2009-03-11 15:51:03 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
    ======List of files/folders modified in the last 1 months======
    2009-04-05 14:33:37 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2009-04-05 13:12:01 ----D---- C:\WINDOWS\system32\drivers
    2009-04-05 03:21:19 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-04-04 19:38:19 ----SHD---- C:\WINDOWS\Installer
    2009-04-04 19:38:14 ----RD---- C:\Program Files
    2009-04-04 19:38:14 ----HD---- C:\Config.Msi
    2009-04-04 19:38:13 ----SD---- C:\WINDOWS\Tasks
    2009-04-04 19:38:13 ----HD---- C:\WINDOWS\inf
    2009-04-04 19:33:12 ----D---- C:\WINDOWS\Prefetch
    2009-04-04 19:31:12 ----D---- C:\WINDOWS
    2009-04-04 19:31:12 ----D---- C:\Program Files\Common Files
    2009-04-04 19:31:07 ----D---- C:\Program Files\Lavasoft
    2009-04-04 19:31:05 ----D---- C:\WINDOWS\system32
    2009-04-04 02:12:04 ----A---- C:\WINDOWS\NeroDigital.ini
    2009-03-24 20:34:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-03-24 17:35:32 ----D---- C:\WINDOWS\SoftwareDistribution
    2009-03-24 17:35:32 ----D---- C:\WINDOWS\Help
    2009-03-24 17:09:12 ----D---- C:\Program Files\Mozilla Firefox
    2009-03-24 16:54:53 ----D---- C:\WINDOWS\security
    2009-03-24 16:38:22 ----D---- C:\WINDOWS\system32\CatRoot
    2009-03-24 16:11:44 ----D---- C:\Program Files\Trend Micro
    2009-03-24 15:36:37 ----ASH---- C:\boot.ini
    2009-03-24 15:36:37 ----A---- C:\WINDOWS\win.ini
    2009-03-24 15:36:37 ----A---- C:\WINDOWS\system.ini
    2009-03-24 14:21:10 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-03-23 19:48:28 ----D---- C:\WINDOWS\WinSxS
    2009-03-23 19:48:28 ----D---- C:\Program Files\Common Files\Microsoft Shared
    2009-03-12 20:28:49 ----D---- C:\Program Files\HP
    2009-03-11 15:52:08 ----A---- C:\WINDOWS\imsins.BAK
    2009-03-11 15:04:36 ----HD---- C:\WINDOWS\$hf_mig$
    2009-03-08 12:49:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-03-27 325640]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-03-27 27656]
    R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-03-30 108552]
    R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-09-13 28672]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
    R1 pctgntdi;pctgntdi; \??\C:\WINDOWS\system32\drivers\pctgntdi.sys []
    R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-03-31 12032]
    R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
    R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS []
    R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2007-06-20 39712]
    R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
    R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-04-21 729088]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2004-05-17 2161792]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2003-03-02 5755]
    R3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [2004-03-18 13824]
    R3 pctplsg;pctplsg; \??\C:\WINDOWS\system32\drivers\pctplsg.sys []
    R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2006-03-29 9856]
    R3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Controller; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [2004-06-01 178560]
    R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2004-09-13 93440]
    S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
    S3 GAGPDrv;GAGPDrv; C:\WINDOWS\system32\drivers\GAGPDrv.sys []
    S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
    S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664]
    S3 HidBatt;HID UPS Battery Driver; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-13 20352]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-03-27 298264]
    R2 JavaQuickStarterService;JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-02 152984]
    R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
    R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]
    R3 ThreatFire;ThreatFire; C:\Program Files\Spyware Doctor\TFEngine\TFService.exe [2008-06-06 66880]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    S4 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2007-01-31 407072]
    S4 APC UPS Service;APC UPS Service; C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [2002-10-15 155770]
    S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2004-04-21 397312]
    S4 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-04-21 516096]
    S4 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2004-10-09 54784]
    S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-21 138168]
    S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S4 Panasonic Local Printer Service;Panasonic Local Printer Service; C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe [2004-08-03 36864]
    S4 Panasonic Trap Monitor Service;Panasonic Trap Monitor Service; C:\PROGRA~1\PANASO~1\TRAPMO~1\Trapmnnt.exe [2004-02-24 69632]
    S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    EOF
  • edited April 2009
    I'm very pleased that you got your money back, I suspect that they were not very happy with the negative publicity from the blogs :)
    I agree this does not exonerate them, though for slightly different reasons.
    Most security vendors have different names for the same infections, so it is possible that the "Sheur2XLC" Trojan did exist.
    For some strange reason they are reluctant to give the security community a version of CD to test ( I've no idea why :) ) so I can't comment on false positives by CD

    However, regardless of how good or bad the CyberDefender program may be, there is still no excuse whatsoever for using other companies free tools and then charging for a product that doesn't appear to have been used.
    That is the equivalent of hiring a Mini and being charged for a Rolls Royce !!

    To be honest, I can't see how they can recover any credability short of a public apology, not only to you, but also to the other vendors.
    I somehow doubt you are biased
    Honest, I am !!
    Everyone is to a certain extent :)

    Right, just a couple of other points to make and then I will leave you in peace :)


    Registry Cleaners

    Re. RegistryFix v6.2

    I don't personally recommend the use of ANY registry cleaners.
    In a test that I did, I put over 5,000 useless unneeded entries in a registry -- BHO's, startups and toolbars.
    I timed the boot speed (when the registry is used most) and the difference was 2 seconds
    Here is an excerpt from a discussion on regcleaners
    Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
    The point we are trying to make is that the risk of using one far outweighs any benefit.
    If it does work perfectly you will not see any difference
    If it doesn't work properly you may end up with an expensive doorstop.
    http://forums.whatthetech.com/Regcleaner_t42862.html





    Your Java and Adobe is out of date. Older versions have vulnerabilities that malware can use to infect your system.

    Please follow these steps to remove older version Java and Adobe components and update.

    Updating Java:
    • Download the latest version of Java Runtime Environment (JRE) from HERE
    • Scroll down to where it says "Java SE Runtime Environment (JRE)".
    • Click the "Download" button to the right.
      • Platform = Windows
      • Language = Multi Language
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.


    Update Adobe Acrobat Reader
    Adobe Reader is a large program and uses unnecessary space.
    If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

    • Please go to this link Adobe Acrobat Reader Download Link
    • Cllick Download
    • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
    • Click the Continue button
    • Click Run, and click Run again
    • Next click the Install Now button and follow the on screen prompts


    Now close all windows, including your browser.
    Double click on the Java installation that you downloaded and follow the prompts.

    Remove Programs
    Now click Start---Control Panel. Double click Add or Remove Programs. If any of the following programs are listed there,
    click on the program to highlight it, and click on remove.
    • Adobe Acrobat 5.0 << Unless you really need this, I recommend you remove it
    • Adobe Reader 7.0.9
    • Java(TM) 6 Update 10
      Java(TM) 6 Update 3
      Java(TM) 6 Update 7
      Java(TM) SE Runtime Environment 6 Update 1
    Now close the Control Panel.

    Reboot your machine.
Sign In or Register to comment.