Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help Forums Windows Startup Programs Database Spyware and Malware Removal Guides Computer Tutorials Uninstall Database File Database Computer Glossary Computer Resources
 

Welcome Guest ( Log In | Click here to Register a free account now! )



Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.
MalwareByte's Anti-Malware Download

> Forum Guidelines

Read this topic before posting a log.


DO NOT post a ComboFix log unless requested to.


Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

3 Pages V   1 2 3 >  
Closed TopicStart new topic
> Klone.t And Basefdrn32.dll, Need help removing this infection, please
capt.frito
post Jun 28 2008, 06:24 PM
Post #1


Member
**

Group: Members
Posts: 24
Joined: 28-June 08
Member No.: 219,148
I have been asked by a friend to look at his Windows machine. When I got it, it was ridden with viruses and trojans and keyloggers and adware of all sorts (including "System Antivirus 2008" and "Vista Antivirus 2008"). Anyway I believe I got rid of most of it, but there is one persistent problem: there is a file in the \windows\system32 directory called "basefdrn32.dll". AVG keeps removing it after boot, reporting that it is infected with the Klone.T virus. Once that happens, a short time later the machine reboots itself (even when idling) and then won't reboot unless I put the "basefdrn32.dll" file back in the \windows\system32 folder.

There are a few other suspicious files in the system32 directory that have the same file date as the original install files (8/4/2004 date) but are not signed by Microsoft (basefdrn32.dll being one example). I have checked a few other Windows XP machines and none have this file. I myself am a Linux guy (Gentoo) so my knowledge here is a bit limited. I do not have this machine hooked up to a network yet; I'd like to be reasonably sure it is no longer "Typhoid Mary" first.

I have Googled for this basefdrn32.dll file but there's nothing written about it (that I can find). So I am posting here the ComboFix log and the HJT log. It took some effort to get ComboFix to complete (in safe mode). I can post the basefdrn32.dll file, if it would be helpful. I am grateful for any advice.

Here is the Deckard's log outputs (main.txt, extra.txt and moved.txt:

Deckard's System Scanner v20071014.68
Run by Compaq_Owner on 2008-06-28 16:01:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
73: 2008-06-28 22:01:38 UTC - RP179 - Deckard's System Scanner Restore Point
72: 2008-06-27 13:30:33 UTC - RP178 - Configured AVG Free 8.0
71: 2008-06-27 04:16:21 UTC - RP177 - Spyware Doctor: Cleaning Threats
70: 2008-06-27 04:13:47 UTC - RP176 - Spyware Doctor: Cleaning Threats
69: 2008-06-26 14:12:22 UTC - RP175 - Spyware Doctor: Cleaning Threats


-- First Restore Point --
1: 2008-05-27 16:43:01 UTC - RP107 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-28 16:06:05
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Program Files\QwestInternetSecurity\ISS\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\IRIS Desktop Search\IRISDesktopSearch.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myidentitydefender.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\QwestInternetSecurity\ISS\app\AuthBHO.dll
O3 - Toolbar: I.R.I.S. Desktop Search - {577EBCA9-8ED3-45FC-A514-55B3817D4BCF} - C:\Program Files\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O3 - Toolbar: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O3 - Toolbar: Qwest Internet Security Services Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\QwestInternetSecurity\ISS\app\AuthBHO.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [I.R.I.S. Desktop Search] "C:\Program Files\IRIS Desktop Search\IRISDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://turbotax.com (HKCU)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shock...director/sw.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1186008886843
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - C:\Program Files\QwestInternetSecurity\ISS\app\CurtainsSysSvcNt.exe
O23 - Service: dvpapi - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe


--
End of file - 8003 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 GRTdiMon (GR TDI Mon) - c:\windows\system32\drivers\grtdimon.sys <Not Verified; Global RISC; NSX>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>

S3 PcdrNdisuio (PCDRNDISUIO Usermode I/O Protocol) - c:\windows\system32\drivers\pcdrndisuio.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CurtainsSysSvc (Curtains for Windows System Service) - c:\program files\qwestinternetsecurity\iss\app\curtainssyssvcnt.exe <Not Verified; Authentium, Inc.; Curtains for Windows>
R2 dvpapi - "c:\program files\common files\command software\dvpapi.exe" <Not Verified; Command Software Systems, Inc.; Command AntiVirus for Windows>
R2 QBCFMonitorService (QuickBooks Database Manager Service) - "c:\program files\common files\intuit\quickbooks\qbcfmonitorservice.exe" <Not Verified; Intuit; QuickBooks for Windows>

S3 gusvc (Google Updater Service) - "c:\program files\google\common\google updater\googleupdaterservice.exe" (file missing)
S3 QBFCService (Intuit QuickBooks FCS) - "c:\program files\common files\intuit\quickbooks\fcs\intuit.quickbooks.fcs.exe" <Not Verified; Intuit Inc.; QuickBooks 2007>
S4 Automatic LiveUpdate Scheduler - "c:\program files\symantec\liveupdate\aluschedulersvc.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-08 22:21:11 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-03-22 12:10:43 386 --a------ C:\WINDOWS\Tasks\rpc.job


-- Files created between 2008-05-28 and 2008-06-28 -----------------------------

2008-06-28 07:18:11 0 d-------- C:\327882R2FWJFW
2008-06-27 06:09:55 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Talkback
2008-06-27 06:09:29 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-27 06:09:22 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla
2008-06-26 21:58:19 0 dr-hs---- C:\cmdcons
2008-06-26 21:58:06 0 d-------- C:\WINDOWS\setup.pss
2008-06-26 10:27:11 68096 --a------ C:\WINDOWS\zip.exe
2008-06-26 10:27:11 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-26 10:27:11 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-26 10:27:11 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-26 10:27:11 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-26 10:27:11 98816 --a------ C:\WINDOWS\sed.exe
2008-06-26 10:27:11 80412 --a------ C:\WINDOWS\grep.exe
2008-06-26 10:27:11 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-26 08:07:07 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Help
2008-06-25 23:24:07 0 d-------- C:\Program Files\Enigma Software Group
2008-06-25 12:26:36 0 d--h----- C:\$AVG8.VAULT$
2008-06-25 12:24:13 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-25 12:24:12 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\AVGTOOLBAR
2008-06-25 12:23:52 0 d-------- C:\Program Files\AVG
2008-06-25 12:23:51 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-15 21:44:21 28672 --a------ C:\a
2008-06-10 22:23:03 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-06-10 22:23:03 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-10 22:23:03 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-10 22:23:03 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-10 22:23:03 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-10 22:23:03 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-10 22:23:03 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-06-10 22:23:03 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-10 22:23:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-06-10 22:23:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-06-10 22:23:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-06-10 22:23:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-06-10 22:22:58 0 d-------- C:\Program Files\NetFilter
2008-06-10 16:56:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-10 16:56:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterMute
2008-06-10 16:56:19 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-10 16:56:19 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-10 16:56:19 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-06-10 16:56:19 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-06-10 16:56:19 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-10 16:56:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-06-10 16:56:19 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-10 16:56:18 733184 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-09 22:38:39 0 d-------- C:\WINDOWS\system32\NtmsData
2008-06-07 22:40:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Authentium
2008-06-07 22:33:30 0 d-------- C:\Program Files\QwestInternetSecurity
2008-06-07 22:31:43 0 d-------- C:\Program Files\Common Files\Command Software
2008-06-07 22:29:23 0 d--h----- C:\Program Files\Common Files\Authentium Shared
2008-06-05 22:37:01 0 dr-h----- C:\Documents and Settings\Compaq_Owner\Recent
2008-06-05 17:34:59 0 d-------- C:\Program Files\History Clean
2008-06-02 20:45:10 0 d-------- C:\Program Files\Panicware


-- Find3M Report ---------------------------------------------------------------

2008-06-26 07:43:25 0 d-------- C:\Program Files\Common Files
2008-06-17 10:27:07 0 d-------- C:\Program Files\Spyware Doctor
2008-04-13 18:12:36 14336 --a------ C:\WINDOWS\system32\svchost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
06/25/2008 12:24 PM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}"= C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\CyberDefender\cdmyidd.dll [06/07/2008 03:22 PM 3794248]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [06/25/2008 12:24 PM 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}]
[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CD24EB02-9831-4838-99D0-726D411B1328}]
[HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [02/01/2008 12:55 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/25/2008 12:23 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"I.R.I.S. Desktop Search"="C:\Program Files\IRIS Desktop Search\IRISDesktopSearch.exe" [01/11/2006 07:37 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [9/24/2005 1:28:44 AM]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [9/24/2005 2:39:30 AM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [6/10/2007 2:09:14 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"disableregistrytools"=0 (0x0)
"disabletaskmgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-06-28 16:08:30 ------------


Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.80GHz
Percentage of Memory in Use: 69%
Physical Memory (total/avail): 503.48 MiB / 155.93 MiB
Pagefile Memory (total/avail): 1230.25 MiB / 829.07 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1943.59 MiB

C: is Fixed (NTFS) - 68.56 GiB total, 53.37 GiB free.
D: is Fixed (FAT32) - 5.99 GiB total, 1.48 GiB free.
E: is CDROM (CDFS)
F: is CDROM (CDFS)
G: is Removable (FAT)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1200JB-00GVA0 - 111.79 GiB - 2 partitions
\PARTITION0 - Unknown - 6 GiB - D:
\PARTITION1 (bootable) - Installable File System - 68.56 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device

\\.\PHYSICALDRIVE5 - SanDisk U3 Cruzer Micro USB Device - 478.5 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 483.21 MiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"="C:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\TurboTax\\Home & Business 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Home & Business 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Home & Business 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Home & Business 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Compaq_Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-F78BF48CE2
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Compaq_Owner
LOGONSERVER=\\YOUR-F78BF48CE2
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp
USERDOMAIN=YOUR-F78BF48CE2
USERNAME=Compaq_Owner
USERPROFILE=C:\Documents and Settings\Compaq_Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Compaq_Owner (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{71EEA108-09C9-4D81-8FA2-D48C70681242}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AnswerWorks 4.0 Runtime - English --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Blackhawk Striker 2 from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\BFAF1EEC-E987-415B-BCB8-80CDB0BC6CDF\Uninstall.exe"
Blasterball 2 from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\75528D5F-DD82-402E-BA7C-045B7DC6A712\Uninstall.exe"
Blasterball 2 Holidays from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D06AB82F-D68E-405A-9886-AB8804291B6D\Uninstall.exe"
Blasterball 2 Remix from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\9D7E7CDA-051E-4B0D-8CEE-58F41F449CF9\Uninstall.exe"
Bounce Symphony from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\29FF6D07-4A15-41F1-9D5E-E0F3A58012C6\Uninstall.exe"
Crystal Maze from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C43D84CD-EBFC-48D3-A330-7868C8AD415A\Uninstall.exe"
Data Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2702&SUBSYS_8D88A259\HXFSETUP.EXE -U -IVEN_14F1&DEV_2702&SUBSYS_8D88A259
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Final Drive Nitro from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\657A0149-EEC7-4FB2-AB4F-CB7AA027748E\Uninstall.exe"
Form Fill (Windows Live Toolbar) --> MsiExec.exe /X{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}
GoToMeeting/GoToWebinar 3.0.0.198 --> C:\Program Files\Citrix\GoToMeeting\198\G2MUninstall.exe /uninstall
Help and Support Additions --> WScript.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\eHelpSetup.jse eHelpUninstall
HijackThis 2.0.0 --> "C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Boot Optimizer --> MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Cameras 6.0 --> C:\Program Files\HP\Digital Imaging\{61CF89F5-5175-4b3b-ABB8-C89821252D50}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.5 --> "C:\Program Files\HP\Digital Imaging\{18E0918E-1060-48f3-925C-56C82E88551B}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
HP Solution Center and Imaging Support Tools 6.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
I.R.I.S. Desktop Search --> C:\Program Files\IRIS Desktop Search\uninst.exe
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE20E2F5-1903-4AAE-B1AF-2046E586C925}
J2SE Runtime Environment 5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
JumpStart World Presents Pet Playground --> C:\Program Files\Common Files\Knowledge Adventure\Uninstall\PetPlaygroundUn.exe
Lexibox Deluxe from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\F05A08BF-E600-4FBD-A53A-3D47296B1275\Uninstall.exe"
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
MetaFrame Presentation Server Web Client for Win32 --> C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Metaphor Player Version 1.0 --> "C:\Program Files\Metaphor\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Dancer LE --> MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MyIdentityDefender Toolbar (CyberDefender Corporation) --> C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\CyberDefender\cdinstx.exe /u
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7}
Overball from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\FA7F5211-C629-4711-BD82-7DFFB08CB518\Uninstall.exe"
PC-Doctor for Windows --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{19C989C4-50AE-43A4-B06E-8C70FFFF852F} /l1033
Phoenix Assault from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\CCCDE323-C76D-44DA-BB5B-B8ABE767756E\Uninstall.exe"
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Polar Bowler from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\05E21449-3BA3-42BF-BBDA-95205F4EA40A\Uninstall.exe"
Polar Golfer from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\3330A279-CC39-4A17-AE19-DA464B26AD9A\Uninstall.exe"
Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8}
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickBooks Product Listing Service --> MsiExec.exe /I{91208A47-5D08-4C79-986F-1931940F51BB}
QuickBooks Simple Start Free Starter Edition --> msiexec.exe /I {71EEA108-09C9-4D81-8FA2-D48C70681242} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Free Starter Edition" ADDREMOVE=1 OEMVENDOR=DIRECT
Quicken 2005 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Qwest Internet Security Services --> "C:\Program Files\QwestInternetSecurity\ISS\app\Repair.exe" -REMOVE
Readiris Pro 11 --> MsiExec.exe /I{8CE0B1C5-15E9-4027-92F4-F63C57FEFD87}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remove Adobe Photoshop Album 2.0 Starter Edition installer --> c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\Adobe_PhotoShop_Album\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
Remove Microsoft Money 2005 installer --> c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\Money\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
Remove WeatherBug installer --> c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\WeatherBug\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
Rhapsody --> C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Rhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shooting Stars Pool from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\045C89A0-CA37-443C-8826-F750227DE69C\Uninstall.exe"
Slyder from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\8BA6F58B-7A91-461F-95F8-E34F8BD8AA4E\Uninstall.exe"
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Super Granny from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\DE87FA96-7840-420C-86F9-33F3B7B3CED1\Uninstall.exe"
SupportSoft Assisted Service --> MsiExec.exe /I{5A3F6A80-7913-475E-8B96-477A952CFA43}
Tradewinds from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\66195170-D19D-46C5-8FB7-8A4630071ADC\Uninstall.exe"
TurboTax Home & Business 2007 --> C:\Program Files\TurboTax\Home & Business 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Home & Business 2007\Uninstall.log" -NoGui
Watchtower Library 2006 - English Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{42EED331-936C-446E-9374-077F7B028518}\Setup.exe"
Watchtower Library 2007 - English --> C:\Program Files\Watchtower\Watchtower Library 2007\E\uninst.exe
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type8938 / Error
Event Submitted/Written: 06/26/2008 10:16:17 AM
Event ID/Source: 4614 / EventSystem
Event Description:
The COM+ Event System detected an inconsistency in its internal state. The assertion "GetLastError() == 122L" failed at line 201 of d:\qxp_slp\com\com1x\src\events\shared\sectools.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type8920 / Error
Event Submitted/Written: 06/26/2008 07:28:32 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application compaq connections.exe, version 2.0.0.1, faulting module backweb.dll, version 6.3.2.62, fault address 0x0017c313.
Processing media-specific event for [compaq connections.exe!ws!]

Event Record #/Type8913 / Error
Event Submitted/Written: 06/26/2008 06:07:37 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type8865 / Error
Event Submitted/Written: 06/17/2008 10:30:03 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 686628912.

Event Record #/Type8864 / Error
Event Submitted/Written: 06/17/2008 10:29:50 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type38354 / Error
Event Submitted/Written: 06/28/2008 01:30:21 PM
Event ID/Source: 16 / Windows Update Agent
Event Description:
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Event Record #/Type37009 / Error
Event Submitted/Written: 06/27/2008 07:12:08 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Automatic LiveUpdate Scheduler service failed to start due to the following error:
%%3

Event Record #/Type36971 / Error
Event Submitted/Written: 06/27/2008 01:55:20 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Automatic LiveUpdate Scheduler service failed to start due to the following error:
%%3

Event Record #/Type36946 / Error
Event Submitted/Written: 06/27/2008 01:27:37 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Automatic LiveUpdate Scheduler service failed to start due to the following error:
%%3

Event Record #/Type36924 / Error
Event Submitted/Written: 06/27/2008 00:59:53 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Automatic LiveUpdate Scheduler service failed to start due to the following error:
%%3



-- End of Deckard's System Scanner: finished at 2008-06-28 16:08:30 ------------

Directories/Files moved to C:\Deckard\System Scanner\backup

2008-06-27 07:31:04 8431 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\avg8inst.log
2008-06-27 07:11:56 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR1.tmp
2008-06-27 14:11:00 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR10.tmp
2008-06-27 14:38:51 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR11.tmp
2008-06-27 15:06:38 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR12.tmp
2008-06-27 15:34:30 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR13.tmp
2008-06-27 16:02:17 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR14.tmp
2008-06-27 16:30:04 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR15.tmp
2008-06-27 16:57:52 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR16.tmp
2008-06-27 17:25:38 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR17.tmp
2008-06-27 17:53:30 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR18.tmp
2008-06-27 19:05:51 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR19.tmp
2008-06-27 19:31:23 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR1A.tmp
2008-06-27 19:56:56 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR1B.tmp
2008-06-27 20:24:29 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR1C.tmp
2008-06-27 20:50:01 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR1D.tmp
2008-06-27 21:15:34 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR1E.tmp
2008-06-27 21:41:12 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR1F.tmp
2008-06-27 07:57:53 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR2.tmp
2008-06-27 22:06:42 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR20.tmp
2008-06-27 22:32:16 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR21.tmp
2008-06-27 22:57:54 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR22.tmp
2008-06-27 23:23:23 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR23.tmp
2008-06-27 23:49:12 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR24.tmp
2008-06-28 00:14:50 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR25.tmp
2008-06-28 00:40:17 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR26.tmp
2008-06-28 01:05:49 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR27.tmp
2008-06-28 01:31:25 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR28.tmp
2008-06-28 01:56:58 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR29.tmp
2008-06-28 07:17:33 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR2A.tmp
2008-06-28 07:46:42 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR2B.tmp
2008-06-28 08:13:12 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR2C.tmp
2008-06-28 08:38:44 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR2D.tmp
2008-06-28 09:04:16 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR2E.tmp
2008-06-28 09:31:36 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR2F.tmp
2008-06-27 08:25:21 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR3.tmp
2008-06-28 09:57:11 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR30.tmp
2008-06-28 10:25:00 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR31.tmp
2008-06-28 10:50:29 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR32.tmp
2008-06-28 11:16:09 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR33.tmp
2008-06-28 11:41:58 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR34.tmp
2008-06-28 12:07:34 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR35.tmp
2008-06-28 12:33:06 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR36.tmp
2008-06-28 12:58:59 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR37.tmp
2008-06-28 13:24:11 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR38.tmp
2008-06-28 13:49:44 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR39.tmp
2008-06-28 14:15:34 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR3A.tmp
2008-06-28 14:41:06 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR3B.tmp
2008-06-28 15:06:40 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR3C.tmp
2008-06-28 15:33:55 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR3D.tmp
2008-06-28 15:57:48 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR3E.tmp
2008-06-27 08:53:00 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR4.tmp
2008-06-27 09:20:30 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR5.tmp
2008-06-27 09:33:28 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR6.tmp
2008-06-27 10:01:02 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR7.tmp
2008-06-27 10:28:37 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR8.tmp
2008-06-27 10:56:28 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MAR9.tmp
2008-06-27 11:24:13 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MARA.tmp
2008-06-27 11:52:01 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MARB.tmp
2008-06-27 12:19:51 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MARC.tmp
2008-06-27 12:47:37 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MARD.tmp
2008-06-27 13:15:25 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MARE.tmp
2008-06-27 13:43:15 1285 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\MARF.tmp
2008-06-28 07:29:23 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_104.dat
2008-06-28 09:36:16 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_12c.dat
2008-06-28 11:46:45 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_140.dat
2008-06-28 09:09:04 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_144.dat
2008-06-28 14:20:14 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_154.dat
2008-06-28 15:38:44 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_160.dat
2008-06-28 11:20:59 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_164.dat
2008-06-28 10:55:18 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_16c.dat
2008-06-28 13:54:32 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_170.dat
2008-06-28 13:03:25 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_1c4.dat
2008-06-27 20:54:43 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_1c8.dat
2008-06-27 12:52:20 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_1ec.dat
2008-06-28 01:10:33 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_1f0.dat
2008-06-27 19:10:32 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_1f4.dat
2008-06-27 11:01:08 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_1f8.dat
2008-06-27 10:05:46 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_204.dat
2008-06-27 22:36:58 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_210.dat
2008-06-27 14:15:46 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_214.dat
2008-06-27 17:02:34 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_218.dat
2008-06-27 22:11:25 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_258.dat
2008-06-27 23:02:32 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_270.dat
2008-06-28 00:44:59 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_310.dat
2008-06-27 20:29:12 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_334.dat
2008-06-27 20:01:43 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_360.dat
2008-06-27 13:47:58 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_36c.dat
2008-06-27 12:24:34 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_3b8.dat
2008-06-27 17:58:11 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_3cc.dat
2008-06-27 09:25:14 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_3fc.dat
2008-06-27 17:30:22 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_454.dat
2008-06-27 21:45:51 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_468.dat
2008-06-28 01:36:07 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_504.dat
2008-06-27 15:39:11 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_5e0.dat
2008-06-28 02:01:45 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_5f4.dat
2008-06-27 13:20:12 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_618.dat
2008-06-27 08:30:03 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_630.dat
2008-06-27 21:20:17 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_67c.dat
2008-06-27 08:02:34 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_680.dat
2008-06-27 11:56:45 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_694.dat
2008-06-27 09:38:12 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_6b8.dat
2008-06-28 00:19:30 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_6ec.dat
2008-06-27 11:28:55 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_6f8.dat
2008-06-27 14:43:35 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_6fc.dat
2008-06-27 23:53:53 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_708.dat
2008-06-27 23:28:05 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_710.dat
2008-06-27 16:07:00 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_74c.dat
2008-06-27 10:33:19 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_768.dat
2008-06-27 07:27:50 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_778.dat
2008-06-27 15:11:22 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_7a0.dat
2008-06-27 08:57:44 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_7c.dat
2008-06-28 15:11:20 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_7d4.dat
2008-06-28 14:45:46 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_7dc.dat
2008-06-28 10:01:50 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_bc.dat
2008-06-28 07:52:30 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_c0.dat
2008-06-28 08:43:32 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_cc.dat
2008-06-27 16:34:46 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_dc.dat
2008-06-28 12:12:13 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_e4.dat
2008-06-28 13:28:53 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_f4.dat
2008-06-28 10:29:38 16384 --a-----t C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_f8.dat
2008-06-27 07:31:06 0 d-------- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\RarSFX0
2008-06-28 16:01:00 0 d-------- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\WPDNSE
2008-06-27 16:30:17 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF102D.tmp
2008-06-27 12:20:04 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF10BF.tmp
2008-06-28 01:06:03 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF12F0.tmp
2008-06-27 21:41:27 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF13F5.tmp
2008-06-27 07:58:05 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF14B1.tmp
2008-06-28 07:17:44 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF17B0.tmp
2008-06-27 11:24:26 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF17B6.tmp
2008-06-28 00:40:32 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF17D4.tmp
2008-06-27 23:49:26 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF25EB.tmp
2008-06-27 19:57:11 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF267B.tmp
2008-06-28 01:57:11 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF267C.tmp
2008-06-27 23:23:38 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF26C7.tmp
2008-06-27 20:50:16 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF27A0.tmp
2008-06-28 01:31:40 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF27C5.tmp
2008-06-27 11:52:16 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF280A.tmp
2008-06-27 08:25:35 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF281C.tmp
2008-06-27 09:33:42 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF2E1.tmp
2008-06-28 00:15:04 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF2F0F.tmp
2008-06-28 14:16:07 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF3071.tmp
2008-06-28 09:04:53 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF386B.tmp
2008-06-28 15:34:33 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF3AE3.tmp
2008-06-28 10:51:06 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF3EA8.tmp
2008-06-27 15:34:42 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF40B6.tmp
2008-06-28 11:42:36 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF4172.tmp
2008-06-27 10:56:41 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF4204.tmp
2008-06-27 16:02:31 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF4480.tmp
2008-06-28 13:24:46 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF4EB3.tmp
2008-06-27 14:39:07 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF517D.tmp
2008-06-28 12:33:40 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF565.tmp
2008-06-28 08:39:20 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF572F.tmp
2008-06-27 07:12:18 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF594D.tmp
2008-06-28 11:16:47 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF5E40.tmp
2008-06-28 09:32:12 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF6668.tmp
2008-06-28 15:06:57 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF7DDC.tmp
2008-06-27 14:11:12 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF981.tmp
2008-06-28 13:50:20 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFA45.tmp
2008-06-27 22:32:29 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFB3F.tmp
2008-06-28 12:59:16 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFBE5B.tmp
2008-06-28 12:08:03 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFDBE4.tmp
2008-06-28 07:47:10 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFDC7A.tmp
2008-06-28 14:41:37 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFE443.tmp
2008-06-28 09:57:43 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFE9B2.tmp
2008-06-28 08:13:45 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFEA9D.tmp
2008-06-28 10:25:31 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFEE41.tmp
2008-06-27 19:06:02 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFF0E3.tmp
2008-06-27 17:25:52 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFF13F.tmp
2008-06-27 09:20:43 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFF1F3.tmp
2008-06-27 16:58:02 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFF2D1.tmp
2008-06-27 17:53:42 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFF35E.tmp
2008-06-27 15:06:50 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFF3C6.tmp
2008-06-27 21:15:46 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFF3E5.tmp
2008-06-27 10:28:48 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFF42F.tmp
2008-06-27 12:47:50 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFF505.tmp
2008-06-27 19:31:35 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFF636.tmp
2008-06-27 13:15:38 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFF677.tmp
2008-06-27 10:01:16 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFF73C.tmp
2008-06-27 13:43:27 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFF79F.tmp
2008-06-27 22:58:03 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFF85D.tmp
2008-06-27 22:06:54 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFFA27.tmp
2008-06-27 20:24:41 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFFB18.tmp
2008-06-27 08:53:14 16384 --a------ C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFFC82.tmp
2008-06-28 15:56:41 5030 --a------ C:\WINDOWS\temp\SysSvcNullTrace.txt
2007-11-27 18:45:08 45064 --a------ C:\WINDOWS\Downloaded Program Files\PerformanceOptimizerPre_Installer.exe <Verified; ; microinstaller>

-*- End of Logfile -*-
Go to the top of the page
 
+Quote Post
Billy O'Neal
post Jul 21 2008, 10:10 AM
Post #2


Multi Megaton Malware Munition
******

Group: HJT Team
Posts: 3,967
Joined: 17-January 08
From: Northfield, Ohio
Member No.: 184,215
Hello, capt.frito.
Under NO CIRCUMSTANCES should ComboFix be run unsupervised. CF can cause severe damage to systems when used improperty and in some instances can prevent machines from ever starting again!! Please don't use this tool unless under the guidance of a trained helper.

welcome.gif to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. smile.gif
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the button in the lower left hand corner of your screen.

We need to create a Deckard's System Scanner (DSS) Log
Please download Deckard's System Scanner (DSS) from one of the links below and save to your Desktop.
Primary Mirror
Secondary Mirror
DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
Note: You must be logged onto an account with administrator privileges when using Deckard's System Scanner.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it and follow the prompts.
  3. If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  4. When the scan is complete, two text files will open in Notepad:
    • main.txt <-- Will be maximized
    • extra.txt <-- Will be minimized
  5. If not, they both can be found in the C:\Deckard\System Scanner folder.
  6. Please copy (<Control>+C) and paste (<Control>+V) the contents of main.txt and extra.txt in your next reply.
Note: When running DSS, some firewalls may warn that DSS is trying to access the Internet; especially if you are asked to download the most current version of HijackThis. Please ensure that DSS is given permission to access the internet.
Note: If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.

In your next reply, please include the following:
  • DSS's Main.txt
  • DSS's Extra.txt

Billy3


--------------------
The forum is always a busy place. In the event I fail to reply within twenty-four hours, feel free to send me a PM.
Have I helped you? If so, please say so in My Guestbook.
Go to the top of the page
 
+Quote Post
capt.frito
post Jul 21 2008, 03:22 PM
Post #3


Member
**

Group: Members
Posts: 24
Joined: 28-June 08
Member No.: 219,148
Hi Billy,

Thanks for helping me with this. It's not my computer either, it belongs to a buddy who only knows how to click everything that says "click me" ;-)

A few things: I'm a Linux guy so I dd'd the entire drive before I did anything, so I wasn't too worried about breaking things (I have a dd'd copy as of the posting I made). Anyway, clearly you guys are very busy and I figured that if I could get some things out of the way, the better for everyone. But you run the show from here on out.

I did run Deckert's and I have all the files. I'll post them shortly, I don't have access to them atm :-| I do remember that it didn't like the version of HJT I had (it was too new apparently) and so it used it's own "internal" version, whatever that means. But we can give it another try if you like.

Have you heard of this particular problem before, this basefdrn32.dll thing?

Ppl call me "Frito"

best,
Capt. Frito
Go to the top of the page
 
+Quote Post
Billy O'Neal
post Jul 21 2008, 03:27 PM
Post #4


Multi Megaton Malware Munition
******

Group: HJT Team
Posts: 3,967
Joined: 17-January 08
From: Northfield, Ohio
Member No.: 184,215
I have not heard of any specific DLL by that name. Make sure DSS is run again; several parts of it's log are time sensitive smile.gif

Have a nice day,
Billy3


--------------------
The forum is always a busy place. In the event I fail to reply within twenty-four hours, feel free to send me a PM.
Have I helped you? If so, please say so in My Guestbook.
Go to the top of the page
 
+Quote Post
Billy O'Neal
post Jul 28 2008, 08:29 AM
Post #5


Multi Megaton Malware Munition
******

Group: HJT Team
Posts: 3,967
Joined: 17-January 08
From: Northfield, Ohio
Member No.: 184,215
Hello, capt.frito.
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3


--------------------
The forum is always a busy place. In the event I fail to reply within twenty-four hours, feel free to send me a PM.
Have I helped you? If so, please say so in My Guestbook.
Go to the top of the page
 
+Quote Post
Billy O'Neal
post Jul 28 2008, 10:04 AM
Post #6


Multi Megaton Malware Munition
******

Group: