Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Continuation of Vista AntiVirus 2008 infection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Continuation of Vista AntiVirus 2008 infection

Unread postby andrewtnyc » July 15th, 2008, 2:25 am

Sorry for not replying earlier. I didn't realize I had to respond within 24 hours or my topic would get discontinued.

I only added AVG after I got the Malware infection and seemed to clean up most of my problems. I'm not clear from you if there was any difference between my before and after HiJackThis files that I posted earlier. I have now removed AVG and all of the older versions of Java and updated to the most recent version of Java.

I ran DSS and got this Main.txt file:

Deckard's System Scanner v20071014.68
Run by AndrewT on 2008-07-15 02:03:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as AndrewT.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:04:01 AM, on 7/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Elements\PhotoshopElementsFileAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\Iomega\System32\APPSER~1.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Adobe\Elements\PhotoshopElementsDeviceConnect.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\AndrewT\My Documents\Downloads\dss.exe
C:\DOCUME~1\AndrewT\MYDOCU~1\DOWNLO~1\AndrewT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: (no name) - {3BA3028F-FD37-46BF-AD27-733734684F06} - C:\WINDOWS\system32\iifcCrOe.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG Anti-Spyware\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\EasyWebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [FRYMXINS] "C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [PCmover CookieMerge] "C:\Program Files\PCmover\CookieMerge.exe" "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Laplink\PCmover\Cookies" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [PCmover CookieMerge] "C:\Program Files\PCmover\CookieMerge.exe" "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Laplink\PCmover\Cookies" (User 'Default user')
O4 - Startup: AutorunsDisabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - http://www.eversoft.co.kr/vmpinstaller/ ... 4051d.html
O16 - DPF: {BB659027-D633-11D2-A6C2-525400DB7692} (BOOTSTRAP TileStyle Internet Engine) - http://ib2.dancik.com/ib/download/biTileStyle14.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: iifcCrOe - iifcCrOe.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Elements\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\APPSER~1.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Elements\PhotoshopElementsDeviceConnect.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 11071 bytes

-- Files created between 2008-06-15 and 2008-07-15 -----------------------------

2008-07-14 22:58:44 118784 --a------ C:\WINDOWS\system32\chg.exe <Not Verified; SoftThinks; Launch>
2008-07-10 21:38:06 0 d-------- C:\Documents and Settings\AndrewT\Application Data\Winamp
2008-07-10 14:12:05 0 d-------- C:\Program Files\Java
2008-07-10 14:12:04 0 d-------- C:\Program Files\Common Files\Java
2008-07-08 01:32:41 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-08 01:27:15 0 d-------- C:\Program Files\Bonjour
2008-07-08 01:19:13 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-07 23:07:13 0 d-------- C:\Program Files\Registry Defender Platinum
2008-07-07 21:19:15 239520 --ahs---- C:\WINDOWS\system32\qtAdMUtv.ini2
2008-07-07 17:47:05 0 d-------- C:\Documents and Settings\AndrewT\Application Data\Malwarebytes
2008-07-07 17:47:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-07 17:47:00 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-07 16:28:45 0 d--h----- C:\$AVG8.VAULT$
2008-07-07 16:27:33 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-07 16:11:25 0 d-------- C:\Documents and Settings\AndrewT\Application Data\Grisoft
2008-07-07 07:44:13 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-07 07:44:09 0 d-------- C:\Program Files\SpywareBlaster
2008-07-07 07:24:17 88576 -----n--- C:\WINDOWS\system32\mkfpwkus.dll
2008-07-07 06:09:57 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-07 06:09:53 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-07 06:09:53 0 d-------- C:\Documents and Settings\AndrewT\Application Data\SUPERAntiSpyware.com
2008-07-07 05:47:57 1470 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-07 03:11:30 0 d-------- C:\Program Files\Enigma Software Group
2008-07-07 00:34:42 318720 -----n--- C:\WINDOWS\system32\vtUMdAtq.dll
2008-07-07 00:30:41 1723 --a------ C:\WINDOWS\system32\clbinit.dll


-- Find3M Report ---------------------------------------------------------------

2008-07-14 23:12:47 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-07-11 04:11:21 0 d-------- C:\Documents and Settings\AndrewT\Application Data\Skype
2008-07-10 22:09:22 0 d-------- C:\Program Files\PCmover
2008-07-10 22:09:22 0 d-------- C:\Program Files\Common Files
2008-07-10 21:38:29 0 d-------- C:\Program Files\Winamp
2008-07-10 17:02:42 72 --a------ C:\WINDOWS\digi
2008-07-10 14:06:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-08 01:38:26 0 d-------- C:\Documents and Settings\AndrewT\Application Data\Adobe
2008-07-08 01:27:14 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-08 01:14:40 0 d-------- C:\Documents and Settings\AndrewT\Application Data\AdobeUM
2008-07-07 07:44:42 0 d-------- C:\Documents and Settings\AndrewT\Application Data\SiteAdvisor
2008-07-03 20:46:38 0 d-------- C:\Program Files\Audible
2008-06-27 03:28:04 0 d-------- C:\Program Files\Easy CD-DA Extractor 5.1
2008-06-18 00:22:01 0 d-------- C:\Documents and Settings\AndrewT\Application Data\Creative
2008-06-14 02:51:52 1763 --a------ C:\WINDOWS\mozver.dat
2008-06-03 12:50:48 0 d-------- C:\Program Files\Creative
2008-06-03 12:45:58 0 d--h----- C:\Program Files\Creative Installation Information
2008-06-03 12:45:17 0 d-------- C:\Program Files\Creative ZEN
2008-06-03 12:45:10 0 d-------- C:\Program Files\Common Files\Creative
2008-05-28 00:54:16 0 d-------- C:\Program Files\QUICKENW
2008-05-22 16:54:01 0 d-------- C:\Program Files\SiteAdvisor
2008-05-19 19:41:33 0 d-------- C:\Documents and Settings\AndrewT\Application Data\Canon
2008-05-16 19:00:10 0 d-------- C:\Documents and Settings\AndrewT\Application Data\Intuit


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3BA3028F-FD37-46BF-AD27-733734684F06}]
C:\WINDOWS\system32\iifcCrOe.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 04:35 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 11:33 PM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [08/31/2007 01:01 PM]
"FRYMXINS"="C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" []
"DesktopMaestro"="" []
"RTHDCPL"="RTHDCPL.EXE" [06/13/2007 10:49 AM C:\WINDOWS\RTHDCPL.exe]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [07/10/2006 03:53 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/18/2007 11:16 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/27/2006 10:00 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"PCmover CookieMerge"="C:\Program Files\PCmover\CookieMerge.exe" "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Laplink\PCmover\Cookies"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Eudora\EuShlExt.dll [08/17/2006 02:57 PM 86016]
"{3BA3028F-FD37-46BF-AD27-733734684F06}"= C:\WINDOWS\system32\iifcCrOe.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifcCrOe]
iifcCrOe.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]
@="driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TabUserW.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk
backup=C:\WINDOWS\pss\TabUserW.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Versato.lnk]
backup=C:\WINDOWS\pss\Versato.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^AndrewT^Start Menu^Programs^Startup^Billminder.lnk]
backup=C:\WINDOWS\pss\Billminder.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^AndrewT^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
backup=C:\WINDOWS\pss\Microsoft Find Fast.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^AndrewT^Start Menu^Programs^Startup^Office Startup.lnk]
backup=C:\WINDOWS\pss\Office Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^AndrewT^Start Menu^Programs^Startup^Quicken Startup.lnk]
backup=C:\WINDOWS\pss\Quicken Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
"C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
C:\Program Files\Acronis\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADUserMon]
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BUGDOCTOR]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
C:\Program Files\Creative ZEN\ZEN Media Explorer\CTCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Deskup]
C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Drive Icons]
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Matrox Powerdesk]
0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\System32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
"C:\Program Files\PDF Complete\pdfsty.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
"C:\Program Files\WordPerfect11\Programs\QFSCHD110.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\Sminst\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\WINDOWS\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
"C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Program Files\Acronis\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Quick-Drop]
"C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 5\Ulead DVD MovieFactory 5\Quick-Drop.exe" WINDOWCALL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\Winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{1290A33C-85F5-4164-A1BE-7DD299D4986A}]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea1ca2f5-c85d-11dc-b6c2-806d6172696f}]
AutoRun\command- F:\Welcome.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"



-- End of Deckard's System Scanner: finished at 2008-07-15 02:04:22 ------------

I didn't get an Extra.txt file when I ran the program today, but when I ran it on 7/10 (before I had deleted AVG), I got this Extra.txt file:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 CPU 6700 @ 2.66GHz
CPU 1: Intel(R) Core(TM)2 CPU 6700 @ 2.66GHz
Percentage of Memory in Use: 31%
Physical Memory (total/avail): 2047.29 MiB / 1401.78 MiB
Pagefile Memory (total/avail): 3938.53 MiB / 3383.62 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.89 MiB

C: is Fixed (NTFS) - 224.86 GiB total, 160.89 GiB free.
D: is Fixed (NTFS) - 232.88 GiB total, 232.86 GiB free.
E: is Fixed (NTFS) - 8.01 GiB total, 6 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3250620AS - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 224.86 GiB - C:
\PARTITION1 - Installable File System - 8.01 GiB - E:

\\.\PHYSICALDRIVE1 - ST3250620AS - 232.88 GiB - 1 partition
\PARTITION0 - Installable File System - 232.88 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
AUState says computer is ready and waiting.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

AV: AVG Internet Security v8.0 (AVG Technologies)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\SMINST\\Scheduler.exe"="C:\\WINDOWS\\SMINST\\Scheduler.exe:*:Enabled:Scheduler "
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\LeechFTP\\Leechftp.exe"="C:\\Program Files\\LeechFTP\\Leechftp.exe:*:Enabled:LeechFTP"
"C:\\Program Files\\TurboTax06\\TurboTax Deluxe 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax06\\TurboTax Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax06\\TurboTax Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax06\\TurboTax Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\TurboTax07\\TurboTax Deluxe 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax07\\TurboTax Deluxe 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax07\\TurboTax Deluxe 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax07\\TurboTax Deluxe 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\AVG Anti-Spyware\\avgupd.exe"="C:\\Program Files\\AVG Anti-Spyware\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG Anti-Spyware\\avgnsx.exe"="C:\\Program Files\\AVG Anti-Spyware\\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Skype\\Skype.exe"="C:\\Program Files\\Skype\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\AndrewT\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ANDREW-HP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\AndrewT
LOGONSERVER=\\ANDREW-HP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\Fire GL 3D Studio Max;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\PROGRA~1\COMMON~1\Odbc\FILEMA~1;C:\Program Files\Common Files\Ulead Systems\MPEG
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\AndrewT\LOCALS~1\Temp
TMP=C:\DOCUME~1\AndrewT\LOCALS~1\Temp
USERDOMAIN=ANDREW-HP
USERNAME=AndrewT
USERPROFILE=C:\Documents and Settings\AndrewT
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

AndrewT (admin)
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

-->
-->
--> "C:\Program Files\Creative Installation Information\CD_RIPPER_UNICODE_2\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\CREATIVE_SYNC_MANAGER_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\CREATIVE_VIDEO_CONVERTER\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\ZEN_MTP_MEDIA_EXPLORER\Setup.exe" /remove /l0x0009
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> MsiExec.exe /I{5B782FFA-6A95-480D-8E0A-0954A14693D6}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee Pro --> MsiExec.exe /I{F99F74B4-972B-4B06-B893-6B3B0DB0128B}
Acronis True Image Home --> MsiExec.exe /X{E5343B27-55DF-40BD-9FCF-A643C1331E8A}
Active Disk --> C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\AutoDisk\uninstal.log
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Photoshop Elements 3.0 --> MsiExec.exe /I{851C67EF-068A-4060-9EF5-2E3DDCD68382}
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
ADS Tech Master Installer V3.5 --> C:\PROGRA~1\ADSTech\UNWISE.EXE C:\PROGRA~1\ADSTech\INSTALL.LOG
ADS Tech V3.5 DVD Xpress CapWiz --> C:\PROGRA~1\ADSTEC~1\UNWISE.EXE C:\PROGRA~1\ADSTEC~1\INSTALL.LOG
AnswerWorks 4.0 Runtime - English --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
ArcSoft PhotoBase --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\PhotoBase\Uninst.isu"
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
Atomic Clock Sync --> C:\PROGRA~1\ATOMIC~1\UNWISE.EXE C:\PROGRA~1\ATOMIC~1\INSTALL.LOG
Auction Wizard 2000 --> C:\Aw2000\UNWISE.EXE C:\Aw2000\INSTALL.LOG
Auction Wizard 2000 Category List --> C:\Aw2000\UNWISE.EXE C:\Aw2000\INSTALL.LOG
Audacity 1.2.3 --> "C:\Program Files\Audacity\unins000.exe"
AVG 8.0 --> C:\Program Files\AVG Anti-Spyware\setup.exe /UNINSTALL
BookSmart™ 1.9.2 1.9.2 --> C:\Program Files\BookSmart\uninstall.exe
boutTime --> C:\WINDOWS\uninst.exe -f"C:\Program Files\boutTime\DeIsL1.isu" -c"C:\Program Files\boutTime\_ISREG32.DLL"
Broadcom Management Programs --> MsiExec.exe /I{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}
Canon CanoScan Toolbox 4.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\CanoScanToolbox\Uninst.isu" -c"C:\Program Files\Canon\CanoScanToolbox\uninst.dll"
Canon CanoScan Toolbox 4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\Setup.exe" -l0x9 anything
Canon i850 --> C:\WINDOWS\system32\CNMCP4b.exe "-PRINTERNAMECanon i850" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i850 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i850 Installer\Inst2\cnmi0409.dll"
Canon Utilities Easy-PhotoPrint --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Canon\EasyPhotoPrint\Uninst.isu" -c"C:\Program Files\Canon\EasyPhotoPrint\EZUNINST.DLL"
Canon Utilities PhotoStitch 3.1 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PhotoStitch\Uninst.isu"
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B2DBF55-05D4-4072-87D8-689141E262BD}\SETUP.EXE" -l0x9 /remove
DAZzle --> C:\PROGRA~1\DAZzle\UNWISE.EXE C:\PROGRA~1\DAZzle\INSTALL.LOG
Desktop Maestro 2.0 --> "C:\Program Files\Desktop Maestro\unins000.exe"
DiskJockey File Viewer version 4 release 1.03 --> "C:\Program Files\File Viewer\unins000.exe"
DVD MovieFactory --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{068502DA-6979-4D9A-BBE1-C3AD0FF11F19}\setup.exe" -l0x9
DvortyBoards, MasterMind Dvorak Touch-Typing Tutor 2.07 --> C:\Program Files\DvorakTypingTutor\Uninstall.exe "C:\Program Files\DvorakTypingTutor\install.log"
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\EasyWebPrint\Uninst.isu"
Easy CD-DA Extractor 5.1 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Easy CD-DA Extractor 5.1\irunin.ini"
Eudora --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FE59D1EA-42B6-45BF-A132-8B3EE04AAD61}\setup.exe" -l0x9
FileMaker Pro 5.5 --> MsiExec.exe /I{4A425F14-0561-11D4-9027-0060089CDAE1}
FireGL driver for 3D Studio MAX/VIZ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5AEBFD6-3AF9-4784-81C2-F442C86AA096}\setup.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\AndrewT\My Documents\Downloads\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Backup and Recovery Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}\setup.exe" -l0x9 -uninst -removeonly
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\SETUP.exe" -l0x9 -removeonly
HP Performance Tuning Framework --> MsiExec.exe /I{2D5F91BD-BB3D-4E8C-B29C-C5BC42E194F1}
HP Workstation User Guides --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{808E5AB1-E98F-4362-AB10-B5B69CB2301C}\SETUP.exe" -l0x9 -removeonly
HTML-Kit --> "C:\Program Files\HTML-Kit\unins000.exe"
IomegaWare 4.0.2 --> C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\uninstal.log
Java(TM) 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LeechFTP --> C:\WINDOWS\eraser.exe KILL "C:\Program Files\LeechFTP\uninstall.uif"
Macromedia Flash Player 8 --> MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 97, Professional Edition --> C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Microsoft Office Converter Pack --> MsiExec.exe /X{6EECB283-E65F-40EF-86D3-D51BF02A8D43}
Microsoft Outlook 97 --> C:\Program Files\Microsoft Office\Office\Setup\AcmeOtlk.exe /w Outlook.stf
Microsoft PowerPoint Viewer 97 --> C:\Program Files\PowerPointViewer\setup\setup.exe
Microsoft SQL Server Native Client --> MsiExec.exe /I{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\AndrewT\Application Data\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (2.0.0.15) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.14) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Multimedia Samples --> MsiExec.exe /I{A918DE8A-98C8-0920-0001-000000000000}
MyIdentityDefender Toolbar (CyberDefender Corporation) --> C:\Documents and Settings\AndrewT\Local Settings\Application Data\CyberDefender\cdinstx.exe /u
Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\setup.exe /uninstall ExtraUninstallID=""
OLYMPUS CAMEDIA Master 2.01 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\OLYMPUS\CAMEDIA\Uninst.isu"
OmniPage Pro 9.0 --> C:\Program Files\OmniPagePro\Deinstall.exe "C:\Program Files\OmniPagePro\uninstall.exe -f'C:\Program Files\OmniPagePro\DeIsL1.isu'"
Opera 9.26 --> MsiExec.exe /X{FB706A00-C234-4716-AB1F-27DCB192C664}
PageBreeze Free HTML Editor --> C:\PROGRA~1\PAGEBR~1\UNWISE.EXE C:\PROGRA~1\PAGEBR~1\INSTALL.LOG
PaperPort 9.0 --> MsiExec.exe /I{FDCE9C15-EB45-11D5-89C7-0050DA162A25}
PCmover --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{DE1C62C5-3D84-4FCE-BC53-BA026BAE885D}
PCmover --> MsiExec.exe /X{169E24D1-2972-4B51-AC47-D5BDEC93F453}
PDF Complete --> C:\Program Files\PDF Complete\pdfiutil.exe /UGUI
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Quick View Plus --> C:\WINDOWS\UNINSQVP.EXE
Quicken 2002 Basic --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\QUICKENW\Uninst.isu"
Rand McNally StreetFinder 1999 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Rand McNally\StreetFinder\Uninst.isu"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.exe" -l0x9 -removeonly
Registry Defender Platinum --> "C:\Program Files\Registry Defender Platinum\Uninstall.exe" "C:\Program Files\Registry Defender Platinum\install.log" -u
RIP Vinyl --> C:\PROGRA~1\RIPVIN~1\UNWISE.EXE C:\PROGRA~1\RIPVIN~1\INSTALL.LOG
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9 --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc --> MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler 3 --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9 --> MsiExec.exe /I{938B1CD7-7C60-491E-AA90-1F1888168240}
Samsung U740(Verizon) USB - Handset Manager V9.5 --> MsiExec.exe /I{A918DE8A-98C8-0950-0000-000000320117}
Scan Manager 5.2 --> MsiExec.exe /I{E0A1559B-9886-11D4-8D06-0050DA284A39}
Silent-Bob pro 1.31 --> "C:\Program Files\Silent-Bob\setup\setup.exe" /u
Skype 3.0 --> "C:\Program Files\Skype\unins000.exe"
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SpywareBlaster 4.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Street Atlas USA 7.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Street Atlas\Sa7Uninst.isu"
Total Commander (Remove or Repair) --> c:\totalcmd\tcuninst.exe
TurboTax Deluxe 2005 --> C:\Program Files\TurboTax05\TurboTax Deluxe 2005\TaxUnst.EXE "C:\Program Files\TurboTax05\TurboTax Deluxe 2005\Uninstall.log" -NoGui
TurboTax Deluxe 2007 --> C:\Program Files\TurboTax07\TurboTax Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax07\TurboTax Deluxe 2007\Uninstall.log" -NoGui
TurboTax Deluxe Deduction Maximizer 2006 --> C:\Program Files\TurboTax06\TurboTax Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax06\TurboTax Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2005 --> MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Ulead DVD MovieFactory 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F6E4272-B797-4523-8A4E-9FF01E1E0B16}\setup.exe" -l0x9
Ulead Straight-to-Disc SDK --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D2C1E44-7685-4D05-8342-B0DC6422FA47}\setup.exe" -l0x9
Unit Converter --> C:\PROGRA~1\UNITCO~1\UNWISE.EXE C:\PROGRA~1\UNITCO~1\INSTALL.LOG
United TravelDesk --> "C:\Program Files\United\unins000.exe"
Versato 1.9.1 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MediaKey\Uninst.isu"
Wave Repair 4.8.5 --> "C:\Program Files\Wave Repair\unins000.exe"
WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
WIDCOMM Bluetooth Software --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WordPerfect Office 11 --> MsiExec.exe /I{54F90B55-BEB3-4F0D-8802-228822FA5921}
Yahoo! Customizations --> C:\Program Files\Yahoo!\Common\unycust.exe /S
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Messenger Explorer Bar --> C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\MESSEN~1\YHEXBM~1.DLL
ZENcast Organizer --> "C:\Program Files\Creative Installation Information\ZENCAST_ORGANIZER\Setup.exe" /remove /l0x0009


-- Application Event Log -------------------------------------------------------

Event Record #/Type4354 / Success
Event Submitted/Written: 07/10/2008 02:09:19 PM
Event ID/Source: 2570 / Adobe Active File Monitor
Event Description:
Adobe Active File Monitor Service has Started.

Event Record #/Type4341 / Success
Event Submitted/Written: 07/10/2008 00:47:05 PM
Event ID/Source: 2570 / Adobe Active File Monitor
Event Description:
Adobe Active File Monitor Service has Started.

Event Record #/Type4339 / Error
Event Submitted/Written: 07/09/2008 06:51:40 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.62306, faulting module firefox.exe, version 1.8.20080.62306, fault address 0x00025246.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type4338 / Error
Event Submitted/Written: 07/09/2008 03:44:24 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.62306, faulting module unknown, version 0.0.0.0, fault address 0x0003fee4.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type4327 / Success
Event Submitted/Written: 07/09/2008 09:32:54 AM
Event ID/Source: 2570 / Adobe Active File Monitor
Event Description:
Adobe Active File Monitor Service has Started.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7435 / Error
Event Submitted/Written: 07/10/2008 02:13:15 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type7418 / Error
Event Submitted/Written: 07/10/2008 02:10:29 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register with DCOM within the required timeout.

Event Record #/Type7414 / Error
Event Submitted/Written: 07/10/2008 02:09:51 PM
Event ID/Source: 23 / Print
Event Description:
Printer PaperPort Color Image failed to initialize because a suitable PaperPort Color Printer Driver driver could not be found.

Event Record #/Type7413 / Error
Event Submitted/Written: 07/10/2008 02:09:51 PM
Event ID/Source: 23 / Print
Event Description:
Printer PaperPort Black & White Image failed to initialize because a suitable PaperPort Mono Printer Driver driver could not be found.

Event Record #/Type7412 / Error
Event Submitted/Written: 07/10/2008 02:09:51 PM
Event ID/Source: 23 / Print
Event Description:
Printer Fax failed to initialize because a suitable Microsoft Shared Fax Driver driver could not be found.



-- End of Deckard's System Scanner: finished at 2008-07-10 14:46:22 ------------

I also got this Moved.txt on 7/10:

Directories/Files moved to C:\Deckard\System Scanner\backup

2008-07-07 16:27:55 0 d-------- C:\DOCUME~1\AndrewT\LOCALS~1\Temp\7zS14.tmp
2008-07-08 01:38:48 0 d-------- C:\DOCUME~1\AndrewT\LOCALS~1\Temp\Adobe
2008-07-08 19:11:03 0 d-------- C:\DOCUME~1\AndrewT\LOCALS~1\Temp\Adobe Stock Photos CS3
2008-07-08 19:11:03 8996 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\alm.log
2008-07-08 19:11:03 17686 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\amt.log
2008-07-07 05:58:26 20972 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\Arabic.bin
2008-07-08 01:33:27 152 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\aul.log
2008-05-08 09:20:48 48476 -----n--- C:\DOCUME~1\AndrewT\LOCALS~1\Temp\autoruns.chm
2008-07-07 16:27:53 63903 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\avg8inst.log
2008-07-08 01:38:24 0 d-------- C:\DOCUME~1\AndrewT\LOCALS~1\Temp\BTN%Copy%1
2008-07-07 05:58:26 24312 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\Czech.bin
2008-07-07 22:57:17 222 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\d16b_appcompat.txt
2008-07-07 05:58:26 22783 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\Danish.bin
2008-07-07 05:58:26 25747 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\Dutch.bin
2008-07-08 05:10:45 79 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\dw.log
2008-07-07 05:58:26 21914 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\English.bin
2008-07-07 05:58:26 22857 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\Finnish.bin
2008-07-07 05:58:26 27235 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\French.bin
2008-07-07 05:58:26 25753 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\German.bin
2008-07-07 00:21:29 0 d-------- C:\DOCUME~1\AndrewT\LOCALS~1\Temp\Google Toolbar
2008-07-07 05:58:26 25082 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\Greek.bin
2008-07-07 05:58:26 19553 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\Hebrew.bin
2008-07-10 14:04:08 0 d-------- C:\DOCUME~1\AndrewT\LOCALS~1\Temp\hsperfdata_AndrewT
2008-07-07 05:58:26 26080 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\Hungarian.bin
2008-07-07 05:58:26 27410 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\Italian.bin
2008-07-07 05:58:26 24297 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\Japanese.bin
2008-07-10 14:12:06 0 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\java_install.log
2008-07-10 14:16:40 4001 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\java_install_reg.log
2008-06-10 08:53:46 382352 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\jre-6u7-windows-i586-p-iftw_bdb28397.exe <Verified; Sun Microsystems, Inc.; Java(TM) Platform SE 6 U7>
2008-07-10 14:12:28 1542 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\jusched.log
2008-07-07 05:58:26 20135 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\Korean.bin
2008-07-07 05:58:26 21964 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\Norwegian.bin
2003-08-16 22:11:52 146107 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\nsuB3.exe
2008-07-10 14:05:46 0 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\nsuB3.tmp
2003-08-16 22:11:52 146107 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\nsuB5.exe
2008-07-10 14:06:53 0 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\nsuB5.tmp
2008-07-07 03:11:28 0 d-------- C:\DOCUME~1\AndrewT\LOCALS~1\Temp\PDFC
2008-07-07 21:57:54 0 d-------- C:\DOCUME~1\AndrewT\LOCALS~1\Temp\plugtmp
2008-07-09 15:43:25 0 d-------- C:\DOCUME~1\AndrewT\LOCALS~1\Temp\plugtmp-1
2008-07-07 05:58:26 24221 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\Polish.bin
2008-07-07 05:58:26 25071 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\Portuguese(Brazil).bin
2008-07-07 05:58:26 26260 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\Portuguese.bin
2008-07-07 22:57:41 12364 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\RootkitReveal.txt
2008-07-07 05:58:26 26126 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\Russian.bin
2001-04-11 19:07:58 166912 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\SetA5.tmp <Not Verified; InstallShield Software Corporation; InstallShield (R)>
2001-04-11 11:07:58 166912 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\setA6.tmp <Not Verified; InstallShield Software Corporation; InstallShield (R)>
2001-04-11 12:07:58 166912 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\setB4.tmp <Not Verified; InstallShield Software Corporation; InstallShield (R)>
2008-07-07 05:58:26 16408 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\SimChin.bin
2008-07-07 05:58:26 27753 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\Spanish.bin
2008-05-28 10:33:32 158960 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\SSUPDATE.EXE <Verified; SUPERAntiSpyware.com; SUPERAntiSpyware Update Application>
2008-07-07 05:58:26 24082 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\SWEDISH.bin
2008-07-07 05:58:26 21976 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\Thai.bin
2008-07-07 05:58:26 16949 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\TradChin.bin
2008-07-07 05:58:26 22253 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\Turkish.bin
2008-07-08 01:59:04 893 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\TWAIN.LOG
2008-07-08 01:59:04 2 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\Twain001.Mtx
2008-07-08 01:59:04 156 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\Twunk001.MTX
2008-07-08 01:34:15 0 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\Twunk002.MTX
2008-07-08 18:33:41 0 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\v8zcmcb9.cab
2008-07-10 14:09:20 0 d-------- C:\DOCUME~1\AndrewT\LOCALS~1\Temp\WPDNSE
2008-07-08 01:13:27 0 d-------- C:\DOCUME~1\AndrewT\LOCALS~1\Temp\_PASFX186
2008-07-08 18:49:14 0 d-------- C:\DOCUME~1\AndrewT\LOCALS~1\Temp\_PASFX27
2008-07-08 01:13:46 93314 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\{193F8A7B-1853-48D5-88AC-19446C2C1D13}estk_ribs_bgd.png
2008-07-08 01:13:45 57708 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\{30C4B843-28DA-466F-AFCA-CB0ED153C826}background.png
2008-07-08 01:13:45 41582 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\{30C4B843-28DA-466F-AFCA-CB0ED153C826}PS_AppIcon.ico
2008-07-08 01:13:46 42014 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\{61D23D99-3398-414E-974E-EBAE498BB298}bridge.ico
2008-07-09 09:45:41 753664 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\~DF3C5E.tmp
2008-07-09 09:45:41 409600 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\~DF4103.tmp
2008-07-09 09:45:41 819200 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\~DF819E.tmp
2008-07-09 09:45:41 65536 --a------ C:\DOCUME~1\AndrewT\LOCALS~1\Temp\~DFDA1E.tmp
2008-07-07 17:15:23 0 d-------- C:\DOCUME~1\AndrewT\LOCALS~1\Temp\~nsu.tmp
2008-07-07 16:29:34 54 --a------ C:\WINDOWS\temp\avg8info.id
2008-03-14 02:14:13 0 d-------- C:\WINDOWS\temp\BTN%Copy%1
2008-02-24 15:28:23 0 d-------- C:\WINDOWS\temp\MCE00000
2008-02-24 18:33:05 0 d-------- C:\WINDOWS\temp\MCE00001
2008-02-24 22:44:23 0 d-------- C:\WINDOWS\temp\MCE00002
2008-02-25 14:18:16 0 d-------- C:\WINDOWS\temp\MCE00003
2008-02-26 19:48:10 0 d-------- C:\WINDOWS\temp\MCE00004
2008-02-27 18:33:12 0 d-------- C:\WINDOWS\temp\MCE00005
2008-02-28 16:34:33 0 d-------- C:\WINDOWS\temp\MCE00006
2008-02-29 06:04:09 0 d-------- C:\WINDOWS\temp\MCE00007
2008-02-29 06:21:12 0 d-------- C:\WINDOWS\temp\MCE00008
2008-02-29 17:23:07 0 d-------- C:\WINDOWS\temp\MCE00009
2008-03-01 14:59:13 0 d-------- C:\WINDOWS\temp\MCE0000a
2008-03-02 14:55:08 0 d-------- C:\WINDOWS\temp\MCE0000b
2008-03-03 13:52:33 0 d-------- C:\WINDOWS\temp\MCE0000c
2008-03-04 17:25:32 0 d-------- C:\WINDOWS\temp\MCE0000d
2008-03-05 11:32:48 0 d-------- C:\WINDOWS\temp\MCE0000e
2008-03-05 14:37:59 0 d-------- C:\WINDOWS\temp\MCE0000f
2008-03-05 23:27:11 0 d-------- C:\WINDOWS\temp\MCE00010
2008-03-05 23:34:02 0 d-------- C:\WINDOWS\temp\MCE00011
2008-03-06 00:18:37 0 d-------- C:\WINDOWS\temp\MCE00012
2008-03-06 12:55:53 0 d-------- C:\WINDOWS\temp\MCE00013
2008-03-14 02:08:51 0 d-------- C:\WINDOWS\temp\MCE00014
2008-03-14 14:49:59 0 d-------- C:\WINDOWS\temp\MCE00015
2008-03-15 14:16:42 0 d-------- C:\WINDOWS\temp\MCE00016
2008-03-16 13:52:18 0 d-------- C:\WINDOWS\temp\MCE00017
2008-03-17 10:49:16 0 d-------- C:\WINDOWS\temp\MCE00018
2008-03-18 19:41:53 0 d-------- C:\WINDOWS\temp\MCE00019
2008-03-19 13:24:27 0 d-------- C:\WINDOWS\temp\MCE0001a
2008-03-20 14:32:08 0 d-------- C:\WINDOWS\temp\MCE0001b
2008-03-21 15:35:24 0 d-------- C:\WINDOWS\temp\MCE0001c
2008-03-22 11:55:13 0 d-------- C:\WINDOWS\temp\MCE0001d
2008-03-23 14:41:51 0 d-------- C:\WINDOWS\temp\MCE0001e
2008-03-24 11:43:04 0 d-------- C:\WINDOWS\temp\MCE0001f
2008-03-25 14:52:49 0 d-------- C:\WINDOWS\temp\MCE00020
2008-03-26 09:03:47 0 d-------- C:\WINDOWS\temp\MCE00021
2008-03-26 19:35:14 0 d-------- C:\WINDOWS\temp\MCE00022
2008-03-27 12:04:10 0 d-------- C:\WINDOWS\temp\MCE00023
2008-03-28 15:23:56 0 d-------- C:\WINDOWS\temp\MCE00024
2008-03-29 12:23:18 0 d-------- C:\WINDOWS\temp\MCE00025
2008-03-30 16:24:14 0 d-------- C:\WINDOWS\temp\MCE00026
2008-03-31 09:13:15 0 d-------- C:\WINDOWS\temp\MCE00027
2008-04-09 03:44:17 0 d-------- C:\WINDOWS\temp\MCE00028
2008-04-09 12:01:54 0 d-------- C:\WINDOWS\temp\MCE00029
2008-04-10 12:30:37 0 d-------- C:\WINDOWS\temp\MCE0002a
2008-04-11 17:42:04 0 d-------- C:\WINDOWS\temp\MCE0002b
2008-04-12 16:41:39 0 d-------- C:\WINDOWS\temp\MCE0002c
2008-04-13 13:10:28 0 d-------- C:\WINDOWS\temp\MCE0002d
2008-04-14 11:27:58 0 d-------- C:\WINDOWS\temp\MCE0002e
2008-04-14 17:49:35 0 d-------- C:\WINDOWS\temp\MCE0002f
2008-04-15 02:55:21 0 d-------- C:\WINDOWS\temp\MCE00030
2008-04-15 13:17:28 0 d-------- C:\WINDOWS\temp\MCE00031
2008-04-16 12:05:29 0 d-------- C:\WINDOWS\temp\MCE00032
2008-04-23 14:03:50 0 d-------- C:\WINDOWS\temp\MCE00033
2008-04-24 15:08:18 0 d-------- C:\WINDOWS\temp\MCE00034
2008-04-25 15:43:35 0 d-------- C:\WINDOWS\temp\MCE00035
2008-04-26 16:52:59 0 d-------- C:\WINDOWS\temp\MCE00036
2008-04-27 13:02:34 0 d-------- C:\WINDOWS\temp\MCE00037
2008-04-28 14:26:47 0 d-------- C:\WINDOWS\temp\MCE00038
2008-04-29 21:53:58 0 d-------- C:\WINDOWS\temp\MCE00039
2008-04-30 21:02:27 0 d-------- C:\WINDOWS\temp\MCE0003a
2008-05-01 13:29:55 0 d-------- C:\WINDOWS\temp\MCE0003b
2008-05-02 16:42:54 0 d-------- C:\WINDOWS\temp\MCE0003c
2008-05-03 14:22:36 0 d-------- C:\WINDOWS\temp\MCE0003d
2008-05-03 17:52:48 0 d-------- C:\WINDOWS\temp\MCE0003e
2008-05-03 17:56:57 0 d-------- C:\WINDOWS\temp\MCE0003f
2008-05-04 17:27:36 0 d-------- C:\WINDOWS\temp\MCE00040
2008-05-05 14:08:21 0 d-------- C:\WINDOWS\temp\MCE00041
2008-05-06 12:40:59 0 d-------- C:\WINDOWS\temp\MCE00042
2008-05-07 16:09:32 0 d-------- C:\WINDOWS\temp\MCE00043
2008-05-08 12:40:08 0 d-------- C:\WINDOWS\temp\MCE00044
2008-05-09 16:43:27 0 d-------- C:\WINDOWS\temp\MCE00045
2008-05-10 13:35:30 0 d-------- C:\WINDOWS\temp\MCE00046
2008-05-10 23:28:03 0 d-------- C:\WINDOWS\temp\MCE00047
2008-05-11 17:47:48 0 d-------- C:\WINDOWS\temp\MCE00048
2008-05-12 15:25:33 0 d-------- C:\WINDOWS\temp\MCE00049
2008-05-13 04:01:48 0 d-------- C:\WINDOWS\temp\MCE0004a
2008-05-13 16:26:35 0 d-------- C:\WINDOWS\temp\MCE0004b
2008-05-14 19:12:05 0 d-------- C:\WINDOWS\temp\MCE0004c
2008-05-15 14:59:20 0 d-------- C:\WINDOWS\temp\MCE0004d
2008-05-16 16:57:22 0 d-------- C:\WINDOWS\temp\MCE0004e
2008-05-17 18:27:42 0 d-------- C:\WINDOWS\temp\MCE0004f
2008-05-18 19:21:30 0 d-------- C:\WINDOWS\temp\MCE00050
2008-05-19 14:53:56 0 d-------- C:\WINDOWS\temp\MCE00051
2008-05-20 14:11:29 0 d-------- C:\WINDOWS\temp\MCE00052
2008-05-21 00:40:20 0 d-------- C:\WINDOWS\temp\MCE00053
2008-05-21 15:34:39 0 d-------- C:\WINDOWS\temp\MCE00054
2008-05-22 16:53:34 0 d-------- C:\WINDOWS\temp\MCE00055
2008-05-23 14:00:39 0 d-------- C:\WINDOWS\temp\MCE00056
2008-05-24 22:09:04 0 d-------- C:\WINDOWS\temp\MCE00057
2008-05-25 17:51:51 0 d-------- C:\WINDOWS\temp\MCE00058
2008-05-26 15:18:43 0 d-------- C:\WINDOWS\temp\MCE00059
2008-05-27 15:11:25 0 d-------- C:\WINDOWS\temp\MCE0005a
2008-05-27 23:30:59 0 d-------- C:\WINDOWS\temp\MCE0005b
2008-05-28 12:11:58 0 d-------- C:\WINDOWS\temp\MCE0005c
2008-05-29 15:09:08 0 d-------- C:\WINDOWS\temp\MCE0005d
2008-05-30 11:59:47 0 d-------- C:\WINDOWS\temp\MCE0005e
2008-05-31 13:03:00 0 d-------- C:\WINDOWS\temp\MCE0005f
2008-06-01 13:08:30 0 d-------- C:\WINDOWS\temp\MCE00060
2008-06-01 18:34:24 0 d-------- C:\WINDOWS\temp\MCE00061
2008-06-02 17:13:38 0 d-------- C:\WINDOWS\temp\MCE00062
2008-06-03 12:06:20 0 d-------- C:\WINDOWS\temp\MCE00063
2008-06-03 12:53:56 0 d-------- C:\WINDOWS\temp\MCE00064
2008-06-03 17:51:46 0 d-------- C:\WINDOWS\temp\MCE00065
2008-06-03 17:56:12 0 d-------- C:\WINDOWS\temp\MCE00066
2008-06-03 18:09:31 0 d-------- C:\WINDOWS\temp\MCE00067
2008-06-04 16:10:37 0 d-------- C:\WINDOWS\temp\MCE00068
2008-06-05 14:30:36 0 d-------- C:\WINDOWS\temp\MCE00069
2008-06-06 15:08:23 0 d-------- C:\WINDOWS\temp\MCE0006a
2008-06-07 17:09:05 0 d-------- C:\WINDOWS\temp\MCE0006b
2008-06-08 14:06:07 0 d-------- C:\WINDOWS\temp\MCE0006c
2008-06-09 13:27:17 0 d-------- C:\WINDOWS\temp\MCE0006d
2008-06-10 14:35:41 0 d-------- C:\WINDOWS\temp\MCE0006e
2008-06-10 23:26:45 0 d-------- C:\WINDOWS\temp\MCE0006f
2008-06-11 03:09:11 0 d-------- C:\WINDOWS\temp\MCE00070
2008-06-11 17:49:23 0 d-------- C:\WINDOWS\temp\MCE00071
2008-06-12 18:06:03 0 d-------- C:\WINDOWS\temp\MCE00072
2008-06-13 10:29:43 0 d-------- C:\WINDOWS\temp\MCE00073
2008-06-14 02:43:29 0 d-------- C:\WINDOWS\temp\MCE00074
2008-06-14 22:04:02 0 d-------- C:\WINDOWS\temp\MCE00075
2008-06-15 18:54:07 0 d-------- C:\WINDOWS\temp\MCE00076
2008-06-16 12:46:26 0 d-------- C:\WINDOWS\temp\MCE00077
2008-06-17 13:15:27 0 d-------- C:\WINDOWS\temp\MCE00078
2008-06-23 22:01:02 0 d-------- C:\WINDOWS\temp\MCE00079
2008-06-24 12:37:41 0 d-------- C:\WINDOWS\temp\MCE0007a
2008-06-25 14:36:03 0 d-------- C:\WINDOWS\temp\MCE0007b
2008-06-26 12:25:01 0 d-------- C:\WINDOWS\temp\MCE0007c
2008-06-27 14:59:49 0 d-------- C:\WINDOWS\temp\MCE0007d
2008-06-28 19:43:45 0 d-------- C:\WINDOWS\temp\MCE0007e
2008-06-30 01:35:12 0 d-------- C:\WINDOWS\temp\MCE0007f
2008-06-30 16:26:11 0 d-------- C:\WINDOWS\temp\MCE00080
2008-07-01 11:15:32 0 d-------- C:\WINDOWS\temp\MCE00081
2008-07-02 12:39:02 0 d-------- C:\WINDOWS\temp\MCE00082
2008-07-03 11:19:56 0 d-------- C:\WINDOWS\temp\MCE00083
2008-07-04 15:29:31 0 d-------- C:\WINDOWS\temp\MCE00084
2008-07-05 20:40:57 0 d-------- C:\WINDOWS\temp\MCE00085
2008-07-06 17:45:34 0 d-------- C:\WINDOWS\temp\MCE00086
2008-07-07 00:30:09 0 d-------- C:\WINDOWS\temp\MCE00087
2008-07-07 00:58:07 0 d-------- C:\WINDOWS\temp\MCE00088
2008-07-07 01:33:51 0 d-------- C:\WINDOWS\temp\MCE00089
2008-07-07 01:42:18 0 d-------- C:\WINDOWS\temp\MCE0008a
2008-07-07 03:01:23 0 d-------- C:\WINDOWS\temp\MCE0008b
2008-07-07 04:54:49 0 d-------- C:\WINDOWS\temp\MCE0008c
2008-07-07 04:59:12 0 d-------- C:\WINDOWS\temp\MCE0008d
2008-07-07 05:14:50 0 d-------- C:\WINDOWS\temp\MCE0008e
2008-07-07 05:22:07 0 d-------- C:\WINDOWS\temp\MCE0008f
2008-07-07 05:58:37 0 d-------- C:\WINDOWS\temp\MCE00090
2008-07-07 06:15:46 0 d-------- C:\WINDOWS\temp\MCE00091
2008-07-07 06:19:17 0 d-------- C:\WINDOWS\temp\MCE00092
2008-07-07 14:19:08 0 d-------- C:\WINDOWS\temp\MCE00093
2008-07-07 15:38:34 0 d-------- C:\WINDOWS\temp\MCE00094
2008-07-07 15:44:29 0 d-------- C:\WINDOWS\temp\MCE00095
2008-07-07 15:48:24 0 d-------- C:\WINDOWS\temp\MCE00096
2008-07-07 17:16:35 0 d-------- C:\WINDOWS\temp\MCE00097
2008-07-07 21:21:30 0 d-------- C:\WINDOWS\temp\MCE00098
2008-07-07 23:59:18 0 d-------- C:\WINDOWS\temp\MCE00099
2008-07-08 14:58:01 0 d-------- C:\WINDOWS\temp\MCE0009a
2008-07-09 09:33:33 0 d-------- C:\WINDOWS\temp\MCE0009b
2008-07-10 12:47:48 0 d-------- C:\WINDOWS\temp\MCE0009c
2008-07-10 14:09:59 0 d-------- C:\WINDOWS\temp\MCE0009d
2008-07-07 00:34:42 1024 --a-----t C:\WINDOWS\temp\mcmsc_0N42WHXO4rhThea
2008-03-05 23:56:53 1024 --a-----t C:\WINDOWS\temp\mcmsc_6YwzkgVuT9Az4nT
2008-07-07 03:01:10 0 --a-----t C:\WINDOWS\temp\mcmsc_7kL0e0nnqsea7cK
2008-07-07 05:58:26 0 --a-----t C:\WINDOWS\temp\mcmsc_aaxDatDipXd7XJi
2008-07-07 06:10:08 0 --a-----t C:\WINDOWS\temp\mcmsc_AnIDWyxkumg4QPR
2008-03-05 23:33:51 0 --a-----t C:\WINDOWS\temp\mcmsc_B1h81SXCoT5k3Zo
2008-04-27 06:01:32 0 --a-----t C:\WINDOWS\temp\mcmsc_bBvdcYG6HWWsAdL
2008-07-07 06:15:38 0 --a-----t C:\WINDOWS\temp\mcmsc_dzt2Vtuc73pbwW0
2008-05-03 14:22:20 0 --a-----t C:\WINDOWS\temp\mcmsc_e31KgxZMXrdQbsY
2008-07-07 00:29:43 0 --a-----t C:\WINDOWS\temp\mcmsc_emjEeeEyticaSO2
2008-07-02 12:38:34 0 --a-----t C:\WINDOWS\temp\mcmsc_GLnVxZNpveweLXd
2008-05-13 03:55:14 1024 --a-----t C:\WINDOWS\temp\mcmsc_HskrxTSlyYZqwAo
2008-07-06 17:45:07 0 --a-----t C:\WINDOWS\temp\mcmsc_iWg0Pkv3ZdRCUDN
2008-07-07 03:11:34 1024 --a-----t C:\WINDOWS\temp\mcmsc_l0q10teYbfMT8TC
2008-07-07 00:17:16 0 --a-----t C:\WINDOWS\temp\mcmsc_L5WoIpfrIH4AaH8
2008-03-05 23:56:53 1024 --a-----t C:\WINDOWS\temp\mcmsc_mkvFX3mmu1zYlDy
2008-05-13 03:55:14 0 --a-----t C:\WINDOWS\temp\mcmsc_NEBKPKnpm2QouEa
2008-07-07 00:17:16 0 --a-----t C:\WINDOWS\temp\mcmsc_ovasnu6RWN6wXTq
2008-07-07 00:34:42 1024 --a-----t C:\WINDOWS\temp\mcmsc_PjlgNhnv5hDLOWC
2008-07-07 04:54:24 0 --a-----t C:\WINDOWS\temp\mcmsc_rU3yqPBo55HuXNN
2008-07-07 17:16:21 0 --a-----t C:\WINDOWS\temp\mcmsc_TT048YJmv9hMk8t
2008-04-27 06:01:32 1024 --a-----t C:\WINDOWS\temp\mcmsc_wpnHx8UebBeyJ7i
2008-07-07 03:11:35 1024 --a-----t C:\WINDOWS\temp\mcmsc_XfiQ7WgIk2xNWoI
2008-07-07 00:17:18 0 --a-----t C:\WINDOWS\temp\mcmsc_XvodObwmhrOxYKL
2008-07-07 06:10:08 0 --a-----t C:\WINDOWS\temp\mcmsc_YHCRvyQ3klxbqXP
2008-05-03 17:52:33 0 --a-----t C:\WINDOWS\temp\mcmsc_YRvOqtcorvoMpV3
2008-02-24 15:28:25 0 d-------- C:\WINDOWS\temp\PDFC
2008-05-20 05:22:37 669 --a------ C:\WINDOWS\temp\TWAIN.LOG
2008-05-20 05:22:37 4 --a------ C:\WINDOWS\temp\Twain001.Mtx
2008-05-20 05:22:37 156 --a------ C:\WINDOWS\temp\Twunk001.MTX
2008-03-21 00:20:39 0 --a------ C:\WINDOWS\temp\Twunk002.MTX
2007-11-20 17:04:32 1523536 --a------ C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe <Verified; Adobe Systems Incorporated; Adobe® Flash® Player ActiveX>
2003-04-29 17:41:50 32768 --a------ C:\WINDOWS\Downloaded Program Files\clearadjust.dll <Not Verified; ; Microsoft ClearAdjust Module>
2003-07-01 10:40:14 115936 --a------ C:\WINDOWS\Downloaded Program Files\rufsi.dll <Verified; Symantec Corporation; Norton Internet Security>
2004-01-26 19:40:04 133120 --a------ C:\WINDOWS\Downloaded Program Files\yinsthelper.dll <Not Verified; Yahoo! Inc.; YInstHelper Module>

-*- End of Logfile -*-

This was the Main.txt file that was generated on 7/10:

Deckard's System Scanner v20071014.68
Run by AndrewT on 2008-07-10 14:44:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
12: 2008-07-10 18:44:33 UTC - RP12 - Deckard's System Scanner Restore Point
11: 2008-07-10 18:12:01 UTC - RP11 - Installed Java(TM) 6 Update 7
10: 2008-07-10 18:06:02 UTC - RP10 - Removed Java 2 Runtime Environment, SE v1.4.1_01
9: 2008-07-10 18:05:33 UTC - RP9 - Removed Java 2 Runtime Environment, SE v1.4.2_04
8: 2008-07-10 18:05:08 UTC - RP8 - Removed Java 2 Runtime Environment, SE v1.4.1_02


-- First Restore Point --
1: 2008-07-07 07:02:38 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as AndrewT.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:46:03 PM, on 7/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Elements\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\AVGANT~1\avgwdsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Iomega\System32\APPSER~1.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\PROGRA~1\AVGANT~1\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\AVGANT~1\avgam.exe
C:\PROGRA~1\AVGANT~1\avgrsx.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\AVGANT~1\avgnsx.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Adobe\Elements\PhotoshopElementsDeviceConnect.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Documents and Settings\AndrewT\My Documents\Downloads\dss.exe
C:\DOCUME~1\AndrewT\MYDOCU~1\DOWNLO~1\AndrewT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: (no name) - {3BA3028F-FD37-46BF-AD27-733734684F06} - C:\WINDOWS\system32\iifcCrOe.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG Anti-Spyware\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\EasyWebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [FRYMXINS] "C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVGANT~1\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [PCmover CookieMerge] "C:\Program Files\PCmover\CookieMerge.exe" "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Laplink\PCmover\Cookies" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [PCmover CookieMerge] "C:\Program Files\PCmover\CookieMerge.exe" "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Laplink\PCmover\Cookies" (User 'Default user')
O4 - Startup: AutorunsDisabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - http://www.eversoft.co.kr/vmpinstaller/ ... 4051d.html
O16 - DPF: {BB659027-D633-11D2-A6C2-525400DB7692} (BOOTSTRAP TileStyle Internet Engine) - http://ib2.dancik.com/ib/download/biTileStyle14.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG Anti-Spyware\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: iifcCrOe - iifcCrOe.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Elements\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVGANT~1\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\APPSER~1.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Elements\PhotoshopElementsDeviceConnect.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 11551 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MaVctrl - c:\windows\system32\drivers\mavc2k.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
R3 btwhid - c:\windows\system32\drivers\btwhid.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.1.0.1700>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 maa950c - c:\windows\system32\drivers\maa950c.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 maa950m - c:\windows\system32\drivers\maa950m.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 maa950u - c:\windows\system32\drivers\maa950u.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
S3 MaRdPnp - c:\windows\system32\drivers\mardp2k.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 _IOMEGA_ACTIVE_DISK_SERVICE_ (Iomega Active Disk) - "c:\program files\iomega\autodisk\adservice.exe" <Not Verified; Iomega Corporation; Iomega Active Disk>
R2 AdobeActiveFileMonitor (Adobe Active File Monitor) - c:\program files\adobe\elements\photoshopelementsfileagent.exe
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 Iomega App Services - "c:\progra~1\iomega\system32\appser~1.exe" <Not Verified; Iomega Corporation; Iomega App Services>
R2 PhotoshopElementsDeviceConnect (Photoshop Elements Device Connect) - c:\program files\adobe\elements\photoshopelementsdeviceconnect.exe

S2 PCA (PC Angel) - c:\windows\sminst\pcangel.exe <Not Verified; SoftThinks; PCAngel Application>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-01 01:30:35 360 --a------ C:\WINDOWS\Tasks\McQcTask.job
2008-06-15 01:18:59 268 --a------ C:\WINDOWS\Tasks\McDefragTask.job


-- Files created between 2008-06-10 and 2008-07-10 -----------------------------

2008-07-10 14:12:05 0 d-------- C:\Program Files\Java
2008-07-10 14:12:04 0 d-------- C:\Program Files\Common Files\Java
2008-07-08 01:32:41 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-08 01:27:15 0 d-------- C:\Program Files\Bonjour
2008-07-08 01:19:13 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-07 23:07:13 0 d-------- C:\Program Files\Registry Defender Platinum
2008-07-07 21:19:15 239520 --ahs---- C:\WINDOWS\system32\qtAdMUtv.ini2
2008-07-07 17:47:05 0 d-------- C:\Documents and Settings\AndrewT\Application Data\Malwarebytes
2008-07-07 17:47:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-07 17:47:00 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-07 16:28:45 0 d--h----- C:\$AVG8.VAULT$
2008-07-07 16:27:40 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-07 16:27:34 0 d-------- C:\Program Files\AVG
2008-07-07 16:27:33 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-07 16:11:25 0 d-------- C:\Documents and Settings\AndrewT\Application Data\Grisoft
2008-07-07 16:11:15 0 d-------- C:\Program Files\AVG Anti-Spyware
2008-07-07 07:44:13 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-07 07:44:09 0 d-------- C:\Program Files\SpywareBlaster
2008-07-07 07:24:17 88576 -----n--- C:\WINDOWS\system32\mkfpwkus.dll
2008-07-07 06:09:57 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-07 06:09:53 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-07 06:09:53 0 d-------- C:\Documents and Settings\AndrewT\Application Data\SUPERAntiSpyware.com
2008-07-07 05:47:57 1470 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-07 03:11:30 0 d-------- C:\Program Files\Enigma Software Group
2008-07-07 00:34:42 318720 -----n--- C:\WINDOWS\system32\vtUMdAtq.dll
2008-07-07 00:30:41 1723 --a------ C:\WINDOWS\system32\clbinit.dll


-- Find3M Report ---------------------------------------------------------------

2008-07-10 14:12:04 0 d-------- C:\Program Files\Common Files
2008-07-10 14:06:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-10 12:59:24 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-07-09 17:52:23 0 d-------- C:\Documents and Settings\AndrewT\Application Data\Skype
2008-07-08 01:38:26 0 d-------- C:\Documents and Settings\AndrewT\Application Data\Adobe
2008-07-08 01:27:14 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-08 01:14:40 0 d-------- C:\Documents and Settings\AndrewT\Application Data\AdobeUM
2008-07-07 07:44:42 0 d-------- C:\Documents and Settings\AndrewT\Application Data\SiteAdvisor
2008-07-03 20:46:38 0 d-------- C:\Program Files\Audible
2008-06-27 03:28:04 0 d-------- C:\Program Files\Easy CD-DA Extractor 5.1
2008-06-18 00:22:01 0 d-------- C:\Documents and Settings\AndrewT\Application Data\Creative
2008-06-14 02:51:52 1763 --a------ C:\WINDOWS\mozver.dat
2008-06-03 12:50:48 0 d-------- C:\Program Files\Creative
2008-06-03 12:45:58 0 d--h----- C:\Program Files\Creative Installation Information
2008-06-03 12:45:17 0 d-------- C:\Program Files\Creative ZEN
2008-06-03 12:45:10 0 d-------- C:\Program Files\Common Files\Creative
2008-05-28 00:54:16 0 d-------- C:\Program Files\QUICKENW
2008-05-22 16:54:01 0 d-------- C:\Program Files\SiteAdvisor
2008-05-19 19:41:33 0 d-------- C:\Documents and Settings\AndrewT\Application Data\Canon
2008-05-16 19:00:10 0 d-------- C:\Documents and Settings\AndrewT\Application Data\Intuit


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3BA3028F-FD37-46BF-AD27-733734684F06}]
C:\WINDOWS\system32\iifcCrOe.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 04:35 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 11:33 PM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [08/31/2007 01:01 PM]
"FRYMXINS"="C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" []
"DesktopMaestro"="" []
"RTHDCPL"="RTHDCPL.EXE" [06/13/2007 10:49 AM C:\WINDOWS\RTHDCPL.exe]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [07/10/2006 03:53 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVGANT~1\avgtray.exe" [07/07/2008 04:27 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/18/2007 11:16 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/27/2006 10:00 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"PCmover CookieMerge"="C:\Program Files\PCmover\CookieMerge.exe" "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Laplink\PCmover\Cookies"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Eudora\EuShlExt.dll [08/17/2006 02:57 PM 86016]
"{3BA3028F-FD37-46BF-AD27-733734684F06}"= C:\WINDOWS\system32\iifcCrOe.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifcCrOe]
iifcCrOe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]
@="driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TabUserW.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk
backup=C:\WINDOWS\pss\TabUserW.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Versato.lnk]
backup=C:\WINDOWS\pss\Versato.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^AndrewT^Start Menu^Programs^Startup^Billminder.lnk]
backup=C:\WINDOWS\pss\Billminder.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^AndrewT^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
backup=C:\WINDOWS\pss\Microsoft Find Fast.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^AndrewT^Start Menu^Programs^Startup^Office Startup.lnk]
backup=C:\WINDOWS\pss\Office Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^AndrewT^Start Menu^Programs^Startup^Quicken Startup.lnk]
backup=C:\WINDOWS\pss\Quicken Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
"C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
C:\Program Files\Acronis\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADUserMon]
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BUGDOCTOR]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
C:\Program Files\Creative ZEN\ZEN Media Explorer\CTCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Deskup]
C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Drive Icons]
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Matrox Powerdesk]
0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mozilla Quick Launch]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\System32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
"C:\Program Files\PDF Complete\pdfsty.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
"C:\Program Files\WordPerfect11\Programs\QFSCHD110.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\Sminst\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\WINDOWS\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
"C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Program Files\Acronis\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Quick-Drop]
"C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 5\Ulead DVD MovieFactory 5\Quick-Drop.exe" WINDOWCALL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\Winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{1290A33C-85F5-4164-A1BE-7DD299D4986A}]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea1ca2f5-c85d-11dc-b6c2-806d6172696f}]
AutoRun\command- F:\Welcome.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"



-- End of Deckard's System Scanner: finished at 2008-07-10 14:46:22 ------------
andrewtnyc
Active Member
 
Posts: 6
Joined: July 7th, 2008, 3:11 pm
Advertisement
Register to Remove

Re: Continuation of Vista AntiVirus 2008 infection

Unread postby silver » July 20th, 2008, 11:19 pm

Hi andrewtnyc,

I didn't realize I had to respond within 24 hours or my topic would get discontinued.
The last helper gave you about 4 days, not 24 hours to respond. There is a great shortage of helpers and it's not uncommon for victims to not post back after the initial posting so we have to close inactive topics and move on to others.


You have a program called MyIdentityDefender Toolbar installed on your computer. This program was until recently classified as a Rogue antispyware program. Typically, rogue programs do not provide any security benefits, and use false positives to goad users into purchasing a full version of the program. Due to it's tainted history, and the availability of more reputable programs for free, I strongly suggest you remove it - it can be uninstalled via Start->Control Panel->Add/Remove Programs

------------------------------------------------------------------------

Then, open HijackThis, choose Do a system scan only and place a checkmark next to the following lines:
O2 - BHO: (no name) - {3BA3028F-FD37-46BF-AD27-733734684F06} - C:\WINDOWS\system32\iifcCrOe.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG Anti-Spyware\avgssie.dll (file missing)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - http://www.eversoft.co.kr/vmpinstaller/ ... 4051d.html
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O20 - Winlogon Notify: iifcCrOe - iifcCrOe.dll (file missing)
Then close all open windows apart from HijackThis, press Fix checked, OK the prompt and close HijackThis.

------------------------------------------------------------------------

Backup Your Registry:
  • Download ERUNT to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)
  • Right-click erunt.zip, choose Extract All... and follow the prompts to unzip the program
  • Open the erunt folder on your Desktop and double-click ERUNT.exe to start the program
  • OK all the prompts to back up your registry to the default location.
Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

------------------------------------------------------------------------

Please download OTMoveIt2 by OldTimer to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)
  • Double-click OTMoveIt2.exe to start the program.
  • Copy the lines in the OTMoveIt file list below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    OTMoveIt File List:
    Code: Select all
    C:\WINDOWS\system32\qtAdMUtv.ini2
    C:\WINDOWS\system32\mkfpwkus.dll
    C:\WINDOWS\system32\vtUMdAtq.dll
    C:\WINDOWS\system32\clbinit.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{3BA3028F-FD37-46BF-AD27-733734684F06}
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
  • Then click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • If OTMoveIt asks to reboot your computer, allow it to do so. The report will appear in Notepad after the reboot.
  • Close OTMoveIt2

------------------------------------------------------------------------

Next press Start->Run, copy/paste the following command (it's one long command) into the box and press OK:
cmd /c dir "C:\Documents and Settings\User\Start Menu\Programs\Startup\autorunsdisabled" /a /s >> "%userprofile%\desktop\look.txt" 2>>&1
A black box will open and a file will appear on your Desktop called look.txt.
Please wait until the black box closes before opening look.txt
Post the contents of look.txt in your next response.

------------------------------------------------------------------------

Open the ESET Online Scanner in Internet Explorer
  • Tick the box next to YES, I accept the Terms of Use. and click Start
  • Allow the ActiveX control to be installed by Internet Explorer
  • Once the ActiveX has finished loading click Start to initialize and update the scanner
  • When the Computer scan screen appears, leave Remove found threats UN-checked, but check the box next to Scan unwanted applications. Then click Scan to begin the scan.
  • Once complete and the summary page appears, press Start->Run, copy/paste the following command into the box and press OK:
    notepad "C:\Program Files\EsetOnlineScanner\log.txt"
  • The log file should now appear in Notepad, copy and paste the contents in your next response.

------------------------------------------------------------------------

Once complete, please post the look.txt output, the Eset scan log and a new HijackThis log.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Continuation of Vista AntiVirus 2008 infection

Unread postby andrewtnyc » July 21st, 2008, 4:55 pm

Thank you for you reply.

Here is the text from the MoveIt Log:

C:\WINDOWS\system32\qtAdMUtv.ini2 moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\mkfpwkus.dll
C:\WINDOWS\system32\mkfpwkus.dll NOT unregistered.
C:\WINDOWS\system32\mkfpwkus.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\vtUMdAtq.dll
C:\WINDOWS\system32\vtUMdAtq.dll NOT unregistered.
C:\WINDOWS\system32\vtUMdAtq.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\clbinit.dll NOT unregistered.
C:\WINDOWS\system32\clbinit.dll moved successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{3BA3028F-FD37-46BF-AD27-733734684F06} >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{3BA3028F-FD37-46BF-AD27-733734684F06} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BA3028F-FD37-46BF-AD27-733734684F06}\ not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07212008_145408

Here is the text from the Look.txt file:

The system cannot find the path specified.


Here is the file from the ESET Online Scanner results:

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3284 (20080721)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=bf4b44d541d77f46975afa0b49f07d7d
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-07-21 08:40:26
# local_time=2008-07-21 04:40:26 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=747904
# found=0
# scan_time=5984

Here is my recent HijackThis log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:45:13 PM, on 7/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Adobe\Elements\PhotoshopElementsFileAgent.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\AVG\avgwdsvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\avgtray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\Iomega\System32\APPSER~1.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\PROGRA~1\AVG\avgam.exe
C:\PROGRA~1\AVG\avgrsx.exe
C:\PROGRA~1\AVG\avgnsx.exe
C:\Program Files\Adobe\Elements\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\QuickView\PROGRAM\QVP32.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\AndrewT\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [FRYMXINS] "C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\avgtray.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [PCmover CookieMerge] "C:\Program Files\PCmover\CookieMerge.exe" "C:\WINDOWS\system32\config\systemprofile\Local

Settings\Application Data\Laplink\PCmover\Cookies" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [PCmover CookieMerge] "C:\Program Files\PCmover\CookieMerge.exe" "C:\WINDOWS\system32\config\systemprofile\Local

Settings\Application Data\Laplink\PCmover\Cookies" (User 'Default user')
O4 - Startup: AutorunsDisabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {BB659027-D633-11D2-A6C2-525400DB7692} (BOOTSTRAP TileStyle Internet Engine) - http://ib2.dancik.com/ib/download/biTileStyle14.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Elements\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel

32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\APPSER~1.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program

Files\Adobe\Elements\PhotoshopElementsDeviceConnect.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 9658 bytes
andrewtnyc
Active Member
 
Posts: 6
Joined: July 7th, 2008, 3:11 pm

Re: Continuation of Vista AntiVirus 2008 infection

Unread postby silver » July 21st, 2008, 9:38 pm

Hi andrewtnyc,

Please open HijackThis, choose Do a system scan only and place a checkmark next to the following lines:
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
Then close all open windows apart from HijackThis, press Fix checked, OK the prompt and close HijackThis.


When we checked the Autoruns disabled programs previously there was an error in my instruction, please repeat it as follows:
Next press Start->Run, copy/paste the following command (it's one long command) into the box and press OK:
cmd /c dir "C:\Documents and Settings\AndrewT\Start Menu\Programs\Startup\autorunsdisabled" /a /s >> "%userprofile%\desktop\look2.txt" 2>>&1
A black box will open and a file will appear on your Desktop called look2.txt.
Please wait until the black box closes before opening look2.txt
Post the contents of look2.txt in your next response.

Once complete, please post the look2.txt output and a new HijackThis log. Also, let me know how your computer is running now.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Continuation of Vista AntiVirus 2008 infection

Unread postby andrewtnyc » July 21st, 2008, 11:51 pm

This is the Look2.txt file:

Volume in drive C has no label.
Volume Serial Number is 5F7F-7437

Directory of C:\Documents and Settings\AndrewT\Start Menu\Programs\Startup\autorunsdisabled

07/16/2008 11:50 PM <DIR> .
07/16/2008 11:50 PM <DIR> ..
0 File(s) 0 bytes

Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 171,222,573,056 bytes free

This is the most recent HijackThis Log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:52 PM, on 7/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Adobe\Elements\PhotoshopElementsFileAgent.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\AVG\avgwdsvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\avgtray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\Iomega\System32\APPSER~1.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\PROGRA~1\AVG\avgam.exe
C:\PROGRA~1\AVG\avgrsx.exe
C:\PROGRA~1\AVG\avgnsx.exe
C:\Program Files\Adobe\Elements\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\QuickView\PROGRAM\QVP32.EXE
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\AndrewT\My Documents\Downloads\HijackThis.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [FRYMXINS] "C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\avgtray.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [PCmover CookieMerge] "C:\Program Files\PCmover\CookieMerge.exe" "C:\WINDOWS\system32\config\systemprofile\Local

Settings\Application Data\Laplink\PCmover\Cookies" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [PCmover CookieMerge] "C:\Program Files\PCmover\CookieMerge.exe" "C:\WINDOWS\system32\config\systemprofile\Local

Settings\Application Data\Laplink\PCmover\Cookies" (User 'Default user')
O4 - Startup: AutorunsDisabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {BB659027-D633-11D2-A6C2-525400DB7692} (BOOTSTRAP TileStyle Internet Engine) - http://ib2.dancik.com/ib/download/biTileStyle14.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Elements\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel

32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\APPSER~1.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program

Files\Adobe\Elements\PhotoshopElementsDeviceConnect.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 9356 bytes

The system has basically been running pretty well, although I have had several crashes of Firefox over the past week which is unusual. I don't know if it's related to the Malware problems I've had or not. Please let me know if there are any more items that should be removed from startup via HiJack This. (Also, I noticed that I have a version of HijackThis.exe named AndrewT.exe. I don't know how that happened. Can/should it be deleted? HijackThis.exe is in the same folder.)

Is this line necessary?

C:\WINDOWS\SMINST\Scheduler.exe

Or, should I be suspect of it? I noticed that when I run Autoruns.exe that the Publisher space on that line is blank and doesn't say "Microsoft Corporation" as I would think it probably should.

Thank you for your help.
andrewtnyc
Active Member
 
Posts: 6
Joined: July 7th, 2008, 3:11 pm

Re: Continuation of Vista AntiVirus 2008 infection

Unread postby silver » July 22nd, 2008, 12:24 am

Hi andrewtnyc,

Is this line necessary?
C:\WINDOWS\SMINST\Scheduler.exe
Or, should I be suspect of it? I noticed that when I run Autoruns.exe that the Publisher space on that line is blank and doesn't say "Microsoft Corporation" as I would think it probably should.
I believe that file relates to backup and recovery of your HP computer, so it is not a Microsoft file. The startup entry is not necessary for Windows to run, however if you remove it you may lose some associated functionality. I recommend you check with HP support as to whether it is advisable to disable that from running.

Some important final steps:

Please delete dss.exe from your Desktop, also delete this folder:
C:\Deckard


Create a new, clean System Restore point which you can use in case of future system problems:
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

Now remove old, infected System Restore points:
Next click Start->Run and type cleanmgr in the box and press OK
Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
Press OK and Yes to confirm

------------------------------------------------------------------------

At this stage I think your machine is clean of malware. If Firefox is having trouble, I recommend you back up your bookmarks and any other profile data you wish to keep, uninstall the program, reinstall the program, delete your user profile and create a new one - you can find out how to do this here. If the problem recurs, I recommend you try posting at a general troubleshooting forum such as WhatTheTech or PC Pitstop for further assistance.

Here are some tips to help you keep your computer clean:

You have a good antivirus program installed, however I recommend you install antispyware software with real-time capabilities - this means it protects you from system changes and spyware while you are working, not just removing malware after it has been installed. There are a range of paid-for and free packages available, a free one I can recommend is Windows Defender, available here:
http://www.microsoft.com/athome/securit ... fault.mspx

I recommend you install a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
Also: subscribe to the mailing list to get update notifications.

Please take care when downloading programs. One of the easiest ways to be infected is to download freeware/shareware programs which come laden with malware - this includes allowing websites to install browser plug-ins or ActiveX controls. Before downloading, it is crucial to check whether the source is reputable.
One way to check is to use McAfee SiteAdvisor. Copy the domain name into the space provided and SiteAdvisor will give you a report on the website which can help you decide if it is safe. They also have a toolbar for IE and Firefox which adds this functionality to your browser.

Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

Find out more about how to prevent infection in the future
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html

Please post back to let me know that you have read this, and if there are any further issues.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Continuation of Vista AntiVirus 2008 infection

Unread postby andrewtnyc » July 22nd, 2008, 7:27 pm

Thank you for your reply. I completed the final steps you posted. I haven't had time to do all the future prevention tips yet and I'm going to be away for a few days this week so I'll work on it after I return.

Thank you for your help.
andrewtnyc
Active Member
 
Posts: 6
Joined: July 7th, 2008, 3:11 pm

Re: Continuation of Vista AntiVirus 2008 infection

Unread postby silver » July 22nd, 2008, 9:13 pm

You're most welcome :)

We need to close resolved topics to prevent others from posting to them, but if you have any problems with the prevention instructions or any other issues please let us know by posting a new topic.

This topic is now closed
We are pleased to have been of assistance in getting you clean.

If you have been helped and wish to donate with the costs of this volunteer site, you can do so using this link
Donations For Malware Removal
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 53 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware