Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

antispywareupdates.net problems


  • Please log in to reply

#1
wblakenc

wblakenc

    New Member

  • Member
  • Pip
  • 2 posts
The following is my hijackthis log. I have been reading that combofix.exe should get rid of the antispywareupdates.net problems, but does not seem to work for me. The following is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:53:53 PM, on 2/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iVIM\mysql\bin\mysqld.exe
C:\Program Files\Microsoft SQL Server\MSSQL$AIMS_SQLS\Binn\sqlservr.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B862223} - C:\Program Files\Helper\1202927849.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: OKI LPR Utility.lnk = C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - ?p=ZKxdm021YYUS
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1195589619906
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...ploader_v10.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://essvote.webe...bex/ieatgpc.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O20 - Winlogon Notify: bebeefbce - C:\WINDOWS\system32\bebeefbce.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: iVotronic Image Manager MySQL Database (iVIM MySQLd) - Unknown owner - C:\Program Files\iVIM\mysql\bin\mysqld.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

--
End of file - 9580 bytes


PLEASE HELP!!!!!
  • 0

Advertisements


#2
wblakenc

wblakenc

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I assume I will be asked to post a DSS log. The following are the logs:

Main.txt
Deckard's System Scanner v20071014.68
Run by Printelect on 2008-02-13 14:03:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-02-13 19:03:06 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Printelect.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:04:14 PM, on 2/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iVIM\mysql\bin\mysqld.exe
C:\Program Files\Microsoft SQL Server\MSSQL$AIMS_SQLS\Binn\sqlservr.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Printelect\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Printelect.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B862223} - C:\Program Files\Helper\1202927849.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: OKI LPR Utility.lnk = C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - ?p=ZKxdm021YYUS
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1195589619906
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...ploader_v10.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://essvote.webe...bex/ieatgpc.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O20 - Winlogon Notify: bebeefbce - C:\WINDOWS\system32\bebeefbce.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: iVotronic Image Manager MySQL Database (iVIM MySQLd) - Unknown owner - C:\Program Files\iVIM\mysql\bin\mysqld.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

--
End of file - 9591 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 iVIM MySQLd (iVotronic Image Manager MySQL Database) - "c:\program files\ivim\mysql\bin\mysqld.exe" "--defaults-file=c:\program files\ivim\mysql\my.ini" "ivim mysqld"
R2 SAVAdminService (Sophos Anti-Virus status reporter) - "c:\program files\sophos\sophos anti-virus\savadminservice.exe" <Not Verified; Sophos Plc; Sophos Anti-Virus>
R2 SAVService (Sophos Anti-Virus) - "c:\program files\sophos\sophos anti-virus\savservice.exe" <Not Verified; Sophos Plc; Sophos Anti-Virus>
R2 Sophos AutoUpdate Service - "c:\program files\sophos\autoupdate\alsvc.exe" <Not Verified; Sophos Plc; Sophos AutoUpdate>

S4 ATMsrvc (ATM Service) - c:\windows\system32\atmsrvc.exe <Not Verified; Adobe Systems Incorporated; Adobe Type Manager>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: OmniUSB
Device ID: USB\VID_104B&PID_0001\5&345F6DD7&0&1
Manufacturer: CSM GmbH
Name: OmniUSB
PNP Device ID: USB\VID_104B&PID_0001\5&345F6DD7&0&1
Service: omniusb

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: USB Mass Storage Device
Device ID: USB\VID_059B&PID_0033\0033487570122905
Manufacturer: Compatible USB storage device
Name: USB Mass Storage Device
PNP Device ID: USB\VID_059B&PID_0033\0033487570122905
Service: USBSTOR


-- Files created between 2008-01-13 and 2008-02-13 -----------------------------

2008-02-13 13:54:55 0 d-------- C:\spyware removal
2008-02-13 13:37:29 0 d-------- C:\Program Files\Helper
2008-02-13 13:37:25 122385 --a------ C:\WINDOWS\system32\bebeefbce.dll
2008-02-13 13:11:42 0 d--h----- C:\WINDOWS\PIF
2008-02-13 13:03:04 0 d-------- C:\Program Files\Common Files\Cisco Systems
2008-02-13 13:03:01 17920 --a------ C:\WINDOWS\system32\SophosBootTasks.exe <Not Verified; Sophos Plc; Sophos Anti-Virus>
2008-02-13 13:02:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Sophos
2008-02-13 12:43:56 0 d-------- C:\Program Files\Sophos
2008-02-13 12:42:52 0 d-------- C:\savxpsa
2008-02-13 12:31:26 0 d-------- C:\Program Files\Trend Micro
2008-02-13 12:30:38 22528 --a------ C:\WINDOWS\system32\msole32.exe
2008-02-13 12:30:38 16896 --a------ C:\WINDOWS\eventlowg.dll
2008-02-13 12:30:38 25344 --a------ C:\WINDOWS\daxtime.dll
2008-02-13 12:30:37 26368 --a------ C:\WINDOWS\liqui-Uninstaller.exe
2008-02-13 12:30:37 28928 --a------ C:\WINDOWS\liqui.exe
2008-02-13 12:30:37 25344 --a------ C:\WINDOWS\liqui.dll
2008-02-13 12:30:37 25344 --a------ C:\WINDOWS\fhfmm-Uninstaller.exe
2008-02-13 12:30:37 18688 --a------ C:\WINDOWS\fhfmm.exe
2008-02-13 12:30:36 31744 --a------ C:\WINDOWS\xadbrk_.exe
2008-02-13 12:30:36 13312 --a------ C:\WINDOWS\xadbrk.exe
2008-02-13 12:30:36 16128 --a------ C:\WINDOWS\xadbrk.dll
2008-02-13 12:30:36 12032 --a------ C:\WINDOWS\kkcomp.exe
2008-02-13 12:30:36 32512 --a------ C:\WINDOWS\kkcomp.dll
2008-02-13 12:30:36 21760 --a------ C:\WINDOWS\kkcomp$.exe
2008-02-13 12:30:35 13824 --a------ C:\WINDOWS\liqad.exe
2008-02-13 12:30:35 27392 --a------ C:\WINDOWS\liqad.dll
2008-02-13 12:30:35 26880 --a------ C:\WINDOWS\liqad$.exe
2008-02-13 12:30:35 31232 --a------ C:\WINDOWS\kvnab.exe
2008-02-13 12:30:35 31232 --a------ C:\WINDOWS\kvnab.dll
2008-02-13 12:30:34 14848 --a------ C:\WINDOWS\wbeInst$.exe
2008-02-13 12:30:34 25600 --a------ C:\WINDOWS\wbeCheck.exe
2008-02-13 12:30:34 13056 --a------ C:\WINDOWS\settn.dll
2008-02-13 12:30:34 23808 --a------ C:\WINDOWS\pbsysie.dll
2008-02-13 12:30:34 16896 --a------ C:\WINDOWS\kvnab$.exe
2008-02-13 12:30:34 18688 --a------ C:\WINDOWS\iexplorr23.dll
2008-02-13 12:30:34 15104 --a------ C:\WINDOWS\hcwprn.exe
2008-02-13 12:30:34 21504 --a------ C:\WINDOWS\cbinst$.exe
2008-02-13 12:30:33 29440 --a------ C:\WINDOWS\system32\ESHOPEE.exe
2008-02-13 12:30:33 14080 --a------ C:\WINDOWS\spredirect.dll
2008-02-13 12:30:33 20736 --a------ C:\WINDOWS\jd2002.dll
2008-02-13 12:30:33 20736 --a------ C:\WINDOWS\adbar.dll
2008-02-13 12:30:33 0 d-------- C:\Program Files\e-zshopper
2008-02-13 12:30:31 0 d-------- C:\Program Files\amsys
2008-02-13 12:30:30 25344 --a------ C:\WINDOWS\xxxvideo.exe
2008-02-13 12:30:30 0 d-------- C:\WINDOWS\system32\acespy
2008-02-13 12:30:30 8704 --a------ C:\WINDOWS\system32\ace16win.dll
2008-02-13 12:30:30 21504 --a------ C:\WINDOWS\ie_32.exe
2008-02-13 12:30:30 9728 --a------ C:\WINDOWS\aconti.exe
2008-02-13 12:30:30 0 d-------- C:\Program Files\Accoona
2008-02-13 12:30:29 14848 --a------ C:\WINDOWS\ngd.dll
2008-02-13 12:30:29 20992 --a------ C:\WINDOWS\hotporn.exe
2008-02-13 12:30:29 21504 --a------ C:\WINDOWS\dp0.dll
2008-02-13 12:30:29 0 d-------- C:\Program Files\p2pnetworks
2008-02-13 12:30:28 20992 --a------ C:\WINDOWS\vxddsk.exe
2008-02-13 12:30:28 31232 --a------ C:\WINDOWS\system32\wml.exe
2008-02-13 12:30:28 14080 --a------ C:\WINDOWS\system32\vxddsk.exe
2008-02-13 12:30:28 0 d-------- C:\Program Files\akl
2008-02-13 12:30:27 27136 --a------ C:\WINDOWS\wml.exe
2008-02-13 12:30:27 29184 --a------ C:\WINDOWS\flt.dll
2008-02-13 12:30:27 25600 --a------ C:\WINDOWS\7search.dll
2008-02-13 12:30:27 26112 --a------ C:\WINDOWS\764.exe
2008-02-13 12:30:26 18432 --a------ C:\WINDOWS\pbar.dll
2008-02-13 12:30:26 0 d-------- C:\Program Files\3721
2008-02-13 12:24:55 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-13 12:24:55 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-13 12:24:55 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-13 12:24:55 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-13 10:04:50 0 d-------- C:\Program Files\Lavasoft
2008-02-13 10:04:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-13 10:04:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-13 10:03:01 0 d-------- C:\WINDOWS\pss
2008-02-13 09:00:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-12 13:36:06 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-02-11 10:54:34 91659 --a------ C:\WINDOWS\system32\rxjddnvj.exe <Not Verified; Microsoft; runbll>
2008-02-06 15:24:09 0 d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-02-06 15:24:09 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-02-06 15:24:08 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-02-04 13:55:33 0 d-------- C:\Program Files\Citrix
2008-01-31 15:28:12 0 d-------- C:\Program Files\MSECache


-- Find3M Report ---------------------------------------------------------------

2008-02-13 13:03:04 0 d-------- C:\Program Files\Common Files
2008-02-13 12:05:09 0 d-------- C:\Program Files\Yahoo!
2008-02-13 12:05:09 0 d-------- C:\Program Files\Google
2008-02-13 12:05:09 0 d-------- C:\Program Files\7-Zip
2008-02-12 16:16:34 0 d-------- C:\Program Files\AIMS
2008-02-12 10:44:12 0 d-------- C:\Documents and Settings\Printelect\Application Data\U3
2008-01-14 15:00:48 38460 --a------ C:\Documents and Settings\Printelect\Application Data\Microsoft Excel.ADR
2008-01-08 15:07:41 0 d-------- C:\Program Files\RMCOBOL
2007-11-28 14:09:14 202827 --a------ C:\WINDOWS\system32\atasnt40.dll <Not Verified; WebEx Communications, Inc; WebEx Application Sharing>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-ABCD-7DD20B862223}]
02/13/2008 01:37 PM 12800 --a------ C:\Program Files\Helper\1202927849.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 02:35 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 02:32 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 02:36 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 06:42 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/09/2005 07:29 PM]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [12/14/2004 01:12 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 04:48 PM]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [08/12/2005 03:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [9/18/2004 1:46:56 PM]
AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe [6/21/2007 6:18:00 AM]
OKI LPR Utility.lnk - C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe [8/10/2007 9:12:23 AM]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [12/17/2002 4:23:32 PM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [9/14/2007 1:00:15 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bebeefbce]
C:\WINDOWS\system32\bebeefbce.dll 02/13/2008 01:37 PM 122385 C:\WINDOWS\system32\bebeefbce.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
"C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a
Oracle\command
Oracle\command- OracleEnterprise.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

7899 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-02-13 14:04:42 ------------


Extra.txt
--------------------------------------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.20GHz
CPU 1: Intel® Pentium® 4 CPU 3.20GHz
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 1014.07 MiB / 553.68 MiB
Pagefile Memory (total/avail): 2441.4 MiB / 1944.88 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1938.45 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 148.96 GiB total, 138.07 GiB free.
D: is CDROM (No Media)
G: is Removable (FAT)
P: is Network (Unformatted)

\\.\PHYSICALDRIVE0 - SAMSUNG HD160JJ/P - 149.01 GiB - 2 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 148.96 GiB - C:

\\.\PHYSICALDRIVE1 - Imation Swivel Pro USB Device - 1961.06 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 1966.98 MiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Sophos Anti-Virus v ()

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Printelect\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DELLPC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Printelect
LOGONSERVER=\\DELLPC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=040a
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PRINTE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\PRINTE~1\LOCALS~1\Temp
USERDOMAIN=DELLPC
USERNAME=Printelect
USERPROFILE=C:\Documents and Settings\Printelect
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Printelect (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat 7.0 Professional --> msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Type Manager 4.1 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Adobe Type Manager\DeIsL1.isu" -c"C:\Program Files\Adobe Type Manager\UNINST.DLL"
AIMS 1.2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{F02508AA-CB34-4991-9961-108EC04D4162}
Audit Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB72DB88-EA7E-11D7-9B99-0020ED72F2B0}\setup.exe" -l0x9
Broadcom Advanced Control Suite --> MsiExec.exe /I{058B32E2-6310-4359-B2D4-1988390C3B83}
Cobol-WOW v3.12.00 --> C:\WINDOWS\IsUninst.exe -fC:\CobolWOW\Uninst.isu
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Data Acquisition Manager v6.0.0.0 --> MsiExec.exe /I{547B7ACA-2AD8-11D7-B2B3-005004D382E0}
Election Data Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FEF514F8-5800-4B62-AB60-26C41E577EC3}\Setup.exe" -l0x9
ESS Image Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6099973-DC91-4E6A-8D8E-AA8CCE2DE32B}\Setup.exe" -l0x9
GoToMeeting/GoToWebinar 3.0.0.198 --> C:\Program Files\Citrix\GoToMeeting\198\G2MUninstall.exe /uninstall
Hardware Programming Manager --> C:\WINDOWS\uninst.exe -fc:\apps\ess\hpm\DeIsL1.isu -cc:\apps\ess\hpm\_ISREG32.DLL
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
iVotronic Image Manager --> C:\PROGRA~1\iVIM\UNWISE.EXE C:\PROGRA~1\iVIM\INSTALL.LOG
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft Access 2002 Runtime --> MsiExec.exe /I{901C0409-6000-11D3-8CFE-0050048383C9}
Microsoft Office Basic Edition 2003 --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server Desktop Engine (AIMS_SQLS) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
OKI LPR Utility --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\uiokilpr.isu -cC:\WINDOWS\system32\uiokilpr.dll
OKI Network Extension --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{38ADB9A6-798C-11D6-A855-00105A80791C}\setup.exe" -l0x9 -Removeall
OmniDrive USB Professional --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{801777C6-7541-42A2-AB73-5366E5C9593A}\setup.exe"
PCM V1.51 --> "C:\Program Files\PCM\unins000.exe"
PowerDVD 5.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
RM/COBOL v7.50.01 Runtime System --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\RMCOBOL\uninst.isu" -c"C:\PROGRA~1\RMCOBOL\_uninstl.dll"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sophos Anti-Virus --> MsiExec.exe /X{034759DA-E21A-4795-BFB3-C66D17FAD183}
Sophos AutoUpdate --> MsiExec.exe /X{15C418EB-7675-42BE-B2B3-281952DA014D}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Unity Election Reporting Manager --> C:\WINDOWS\uninst.exe -fc:\apps\ess\urs\DeIsL1.isu -cc:\apps\ess\urs\_ISREG32.DLL
WebEx --> C:\WINDOWS\DOWNLO~1\atcliun.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\cache\YINSTH~1.DLL


-- Application Event Log -------------------------------------------------------

Event Record #/Type1278 / Warning
Event Submitted/Written: 02/13/2008 01:26:48 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type1277 / Warning
Event Submitted/Written: 02/13/2008 01:26:48 PM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Event Record #/Type1276 / Warning
Event Submitted/Written: 02/13/2008 01:26:31 PM
Event ID/Source: 19011 / MSSQL$AIMS_SQLS
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type1275 / Warning
Event Submitted/Written: 02/13/2008 01:22:08 PM
Event ID/Source: 17 / Sophos Anti-Virus
Event Description:
Adware/PUA 'NirCmd' has been removed.

Event Record #/Type1274 / Warning
Event Submitted/Written: 02/13/2008 01:21:56 PM
Event ID/Source: 16 / Sophos Anti-Virus
Event Description:
File "C:\WINDOWS\Nircmd.exe" belongs to adware/PUA 'NirCmd' (of type Other).



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type20240 / Warning
Event Submitted/Written: 02/13/2008 01:40:55 PM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type20239 / Error
Event Submitted/Written: 02/13/2008 01:30:45 PM
Event ID/Source: 8032 / BROWSER
Event Description:
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{2FE0A154-2BDA-4895-ADA8-7083903BF802}.
The backup browser is stopping.

Event Record #/Type20233 / Warning
Event Submitted/Written: 02/13/2008 01:27:30 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\D6GTZ3D1 on the network \Device\NetBT_Tcpip_{2FE0A154-2BDA-4895-ADA8-7083903BF802}.
The data is the error code.

Event Record #/Type20212 / Error
Event Submitted/Written: 02/13/2008 01:10:13 PM
Event ID/Source: 8032 / BROWSER
Event Description:
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{2FE0A154-2BDA-4895-ADA8-7083903BF802}.
The backup browser is stopping.

Event Record #/Type20211 / Warning
Event Submitted/Written: 02/13/2008 01:06:48 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\D6GTZ3D1 on the network \Device\NetBT_Tcpip_{2FE0A154-2BDA-4895-ADA8-7083903BF802}.
The data is the error code.



-- End of Deckard's System Scanner: finished at 2008-02-13 14:04:42 ------------
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP