[wblakenc]

The following is my hijackthis log. I have been reading that combofix.exe should get rid of the antispywareupdates.net problems, but does not seem to work for me. The following is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:53:53 PM, on 2/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iVIM\mysql\bin\mysqld.exe
C:\Program Files\Microsoft SQL Server\MSSQL$AIMS_SQLS\Binn\sqlservr.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B862223} - C:\Program Files\Helper\1202927849.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: OKI LPR Utility.lnk = C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - ?p=ZKxdm021YYUS
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1195589619906
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...ploader_v10.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://essvote.webe...bex/ieatgpc.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O20 - Winlogon Notify: bebeefbce - C:\WINDOWS\system32\bebeefbce.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: iVotronic Image Manager MySQL Database (iVIM MySQLd) - Unknown owner - C:\Program Files\iVIM\mysql\bin\mysqld.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

--
End of file - 9580 bytes


PLEASE HELP!!!!!

[Advertisements]

I assume I will be asked to post a DSS log. The following are the logs:

Main.txt
Deckard's System Scanner v20071014.68
Run by Printelect on 2008-02-13 14:03:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-02-13 19:03:06 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Printelect.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:04:14 PM, on 2/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iVIM\mysql\bin\mysqld.exe
C:\Program Files\Microsoft SQL Server\MSSQL$AIMS_SQLS\Binn\sqlservr.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Printelect\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Printelect.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B862223} - C:\Program Files\Helper\1202927849.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: OKI LPR Utility.lnk = C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - ?p=ZKxdm021YYUS
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1195589619906
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...ploader_v10.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://essvote.webe...bex/ieatgpc.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O20 - Winlogon Notify: bebeefbce - C:\WINDOWS\system32\bebeefbce.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: iVotronic Image Manager MySQL Database (iVIM MySQLd) - Unknown owner - C:\Program Files\iVIM\mysql\bin\mysqld.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

--
End of file - 9591 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 iVIM MySQLd (iVotronic Image Manager MySQL Database) - "c:\program files\ivim\mysql\bin\mysqld.exe" "--defaults-file=c:\program files\ivim\mysql\my.ini" "ivim mysqld"
R2 SAVAdminService (Sophos Anti-Virus status reporter) - "c:\program files\sophos\sophos anti-virus\savadminservice.exe" <Not Verified; Sophos Plc; Sophos Anti-Virus>
R2 SAVService (Sophos Anti-Virus) - "c:\program files\sophos\sophos anti-virus\savservice.exe" <Not Verified; Sophos Plc; Sophos Anti-Virus>
R2 Sophos AutoUpdate Service - "c:\program files\sophos\autoupdate\alsvc.exe" <Not Verified; Sophos Plc; Sophos AutoUpdate>

S4 ATMsrvc (ATM Service) - c:\windows\system32\atmsrvc.exe <Not Verified; Adobe Systems Incorporated; Adobe Type Manager>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: OmniUSB
Device ID: USB\VID_104B&PID_0001\5&345F6DD7&0&1
Manufacturer: CSM GmbH
Name: OmniUSB
PNP Device ID: USB\VID_104B&PID_0001\5&345F6DD7&0&1
Service: omniusb

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: USB Mass Storage Device
Device ID: USB\VID_059B&PID_0033\0033487570122905
Manufacturer: Compatible USB storage device
Name: USB Mass Storage Device
PNP Device ID: USB\VID_059B&PID_0033\0033487570122905
Service: USBSTOR


-- Files created between 2008-01-13 and 2008-02-13 -----------------------------

2008-02-13 13:54:55 0 d-------- C:\spyware removal
2008-02-13 13:37:29 0 d-------- C:\Program Files\Helper
2008-02-13 13:37:25 122385 --a------ C:\WINDOWS\system32\bebeefbce.dll
2008-02-13 13:11:42 0 d--h----- C:\WINDOWS\PIF
2008-02-13 13:03:04 0 d-------- C:\Program Files\Common Files\Cisco Systems
2008-02-13 13:03:01 17920 --a------ C:\WINDOWS\system32\SophosBootTasks.exe <Not Verified; Sophos Plc; Sophos Anti-Virus>
2008-02-13 13:02:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Sophos
2008-02-13 12:43:56 0 d-------- C:\Program Files\Sophos
2008-02-13 12:42:52 0 d-------- C:\savxpsa
2008-02-13 12:31:26 0 d-------- C:\Program Files\Trend Micro
2008-02-13 12:30:38 22528 --a------ C:\WINDOWS\system32\msole32.exe
2008-02-13 12:30:38 16896 --a------ C:\WINDOWS\eventlowg.dll
2008-02-13 12:30:38 25344 --a------ C:\WINDOWS\daxtime.dll
2008-02-13 12:30:37 26368 --a------ C:\WINDOWS\liqui-Uninstaller.exe
2008-02-13 12:30:37 28928 --a------ C:\WINDOWS\liqui.exe
2008-02-13 12:30:37 25344 --a------ C:\WINDOWS\liqui.dll
2008-02-13 12:30:37 25344 --a------ C:\WINDOWS\fhfmm-Uninstaller.exe
2008-02-13 12:30:37 18688 --a------ C:\WINDOWS\fhfmm.exe
2008-02-13 12:30:36 31744 --a------ C:\WINDOWS\xadbrk_.exe
2008-02-13 12:30:36 13312 --a------ C:\WINDOWS\xadbrk.exe
2008-02-13 12:30:36 16128 --a------ C:\WINDOWS\xadbrk.dll
2008-02-13 12:30:36 12032 --a------ C:\WINDOWS\kkcomp.exe
2008-02-13 12:30:36 32512 --a------ C:\WINDOWS\kkcomp.dll
2008-02-13 12:30:36 21760 --a------ C:\WINDOWS\kkcomp$.exe
2008-02-13 12:30:35 13824 --a------ C:\WINDOWS\liqad.exe
2008-02-13 12:30:35 27392 --a------ C:\WINDOWS\liqad.dll
2008-02-13 12:30:35 26880 --a------ C:\WINDOWS\liqad$.exe
2008-02-13 12:30:35 31232 --a------ C:\WINDOWS\kvnab.exe
2008-02-13 12:30:35 31232 --a------ C:\WINDOWS\kvnab.dll
2008-02-13 12:30:34 14848 --a------ C:\WINDOWS\wbeInst$.exe
2008-02-13 12:30:34 25600 --a------ C:\WINDOWS\wbeCheck.exe
2008-02-13 12:30:34 13056 --a------ C:\WINDOWS\settn.dll
2008-02-13 12:30:34 23808 --a------ C:\WINDOWS\pbsysie.dll
2008-02-13 12:30:34 16896 --a------ C:\WINDOWS\kvnab$.exe
2008-02-13 12:30:34 18688 --a------ C:\WINDOWS\iexplorr23.dll
2008-02-13 12:30:34 15104 --a------ C:\WINDOWS\hcwprn.exe
2008-02-13 12:30:34 21504 --a------ C:\WINDOWS\cbinst$.exe
2008-02-13 12:30:33 29440 --a------ C:\WINDOWS\system32\ESHOPEE.exe
2008-02-13 12:30:33 14080 --a------ C:\WINDOWS\spredirect.dll
2008-02-13 12:30:33 20736 --a------ C:\WINDOWS\jd2002.dll
2008-02-13 12:30:33 20736 --a------ C:\WINDOWS\adbar.dll
2008-02-13 12:30:33 0 d-------- C:\Program Files\e-zshopper
2008-02-13 12:30:31 0 d-------- C:\Program Files\amsys
2008-02-13 12:30:30 25344 --a------ C:\WINDOWS\xxxvideo.exe
2008-02-13 12:30:30 0 d-------- C:\WINDOWS\system32\acespy
2008-02-13 12:30:30 8704 --a------ C:\WINDOWS\system32\ace16win.dll
2008-02-13 12:30:30 21504 --a------ C:\WINDOWS\ie_32.exe
2008-02-13 12:30:30 9728 --a------ C:\WINDOWS\aconti.exe
2008-02-13 12:30:30 0 d-------- C:\Program Files\Accoona
2008-02-13 12:30:29 14848 --a------ C:\WINDOWS\ngd.dll
2008-02-13 12:30:29 20992 --a------ C:\WINDOWS\hotporn.exe
2008-02-13 12:30:29 21504 --a------ C:\WINDOWS\dp0.dll
2008-02-13 12:30:29 0 d-------- C:\Program Files\p2pnetworks
2008-02-13 12:30:28 20992 --a------ C:\WINDOWS\vxddsk.exe
2008-02-13 12:30:28 31232 --a------ C:\WINDOWS\system32\wml.exe
2008-02-13 12:30:28 14080 --a------ C:\WINDOWS\system32\vxddsk.exe
2008-02-13 12:30:28 0 d-------- C:\Program Files\akl
2008-02-13 12:30:27 27136 --a------ C:\WINDOWS\wml.exe
2008-02-13 12:30:27 29184 --a------ C:\WINDOWS\flt.dll
2008-02-13 12:30:27 25600 --a------ C:\WINDOWS\7search.dll
2008-02-13 12:30:27 26112 --a------ C:\WINDOWS\764.exe
2008-02-13 12:30:26 18432 --a------ C:\WINDOWS\pbar.dll
2008-02-13 12:30:26 0 d-------- C:\Program Files\3721
2008-02-13 12:24:55 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-13 12:24:55 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-13 12:24:55 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-13 12:24:55 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-13 10:04:50 0 d-------- C:\Program Files\Lavasoft
2008-02-13 10:04:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-13 10:04:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-13 10:03:01 0 d-------- C:\WINDOWS\pss
2008-02-13 09:00:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-12 13:36:06 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-02-11 10:54:34 91659 --a------ C:\WINDOWS\system32\rxjddnvj.exe <Not Verified; Microsoft; runbll>
2008-02-06 15:24:09 0 d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-02-06 15:24:09 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-02-06 15:24:08 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-02-04 13:55:33 0 d-------- C:\Program Files\Citrix
2008-01-31 15:28:12 0 d-------- C:\Program Files\MSECache


-- Find3M Report ---------------------------------------------------------------

2008-02-13 13:03:04 0 d-------- C:\Program Files\Common Files
2008-02-13 12:05:09 0 d-------- C:\Program Files\Yahoo!
2008-02-13 12:05:09 0 d-------- C:\Program Files\Google
2008-02-13 12:05:09 0 d-------- C:\Program Files\7-Zip
2008-02-12 16:16:34 0 d-------- C:\Program Files\AIMS
2008-02-12 10:44:12 0 d-------- C:\Documents and Settings\Printelect\Application Data\U3
2008-01-14 15:00:48 38460 --a------ C:\Documents and Settings\Printelect\Application Data\Microsoft Excel.ADR
2008-01-08 15:07:41 0 d-------- C:\Program Files\RMCOBOL
2007-11-28 14:09:14 202827 --a------ C:\WINDOWS\system32\atasnt40.dll <Not Verified; WebEx Communications, Inc; WebEx Application Sharing>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-ABCD-7DD20B862223}]
02/13/2008 01:37 PM 12800 --a------ C:\Program Files\Helper\1202927849.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 02:35 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 02:32 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 02:36 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 06:42 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/09/2005 07:29 PM]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [12/14/2004 01:12 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 04:48 PM]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [08/12/2005 03:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [9/18/2004 1:46:56 PM]
AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe [6/21/2007 6:18:00 AM]
OKI LPR Utility.lnk - C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe [8/10/2007 9:12:23 AM]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [12/17/2002 4:23:32 PM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [9/14/2007 1:00:15 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bebeefbce]
C:\WINDOWS\system32\bebeefbce.dll 02/13/2008 01:37 PM 122385 C:\WINDOWS\system32\bebeefbce.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
"C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a
Oracle\command
Oracle\command- OracleEnterprise.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

7899 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-02-13 14:04:42 ------------


Extra.txt
--------------------------------------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.20GHz
CPU 1: Intel® Pentium® 4 CPU 3.20GHz
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 1014.07 MiB / 553.68 MiB
Pagefile Memory (total/avail): 2441.4 MiB / 1944.88 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1938.45 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 148.96 GiB total, 138.07 GiB free.
D: is CDROM (No Media)
G: is Removable (FAT)
P: is Network (Unformatted)

\\.\PHYSICALDRIVE0 - SAMSUNG HD160JJ/P - 149.01 GiB - 2 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 148.96 GiB - C:

\\.\PHYSICALDRIVE1 - Imation Swivel Pro USB Device - 1961.06 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 1966.98 MiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Sophos Anti-Virus v ()

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Printelect\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DELLPC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Printelect
LOGONSERVER=\\DELLPC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=040a
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PRINTE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\PRINTE~1\LOCALS~1\Temp
USERDOMAIN=DELLPC
USERNAME=Printelect
USERPROFILE=C:\Documents and Settings\Printelect
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Printelect (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat 7.0 Professional --> msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Type Manager 4.1 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Adobe Type Manager\DeIsL1.isu" -c"C:\Program Files\Adobe Type Manager\UNINST.DLL"
AIMS 1.2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{F02508AA-CB34-4991-9961-108EC04D4162}
Audit Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB72DB88-EA7E-11D7-9B99-0020ED72F2B0}\setup.exe" -l0x9
Broadcom Advanced Control Suite --> MsiExec.exe /I{058B32E2-6310-4359-B2D4-1988390C3B83}
Cobol-WOW v3.12.00 --> C:\WINDOWS\IsUninst.exe -fC:\CobolWOW\Uninst.isu
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Data Acquisition Manager v6.0.0.0 --> MsiExec.exe /I{547B7ACA-2AD8-11D7-B2B3-005004D382E0}
Election Data Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FEF514F8-5800-4B62-AB60-26C41E577EC3}\Setup.exe" -l0x9
ESS Image Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6099973-DC91-4E6A-8D8E-AA8CCE2DE32B}\Setup.exe" -l0x9
GoToMeeting/GoToWebinar 3.0.0.198 --> C:\Program Files\Citrix\GoToMeeting\198\G2MUninstall.exe /uninstall
Hardware Programming Manager --> C:\WINDOWS\uninst.exe -fc:\apps\ess\hpm\DeIsL1.isu -cc:\apps\ess\hpm\_ISREG32.DLL
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
iVotronic Image Manager --> C:\PROGRA~1\iVIM\UNWISE.EXE C:\PROGRA~1\iVIM\INSTALL.LOG
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft Access 2002 Runtime --> MsiExec.exe /I{901C0409-6000-11D3-8CFE-0050048383C9}
Microsoft Office Basic Edition 2003 --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server Desktop Engine (AIMS_SQLS) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
OKI LPR Utility --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\uiokilpr.isu -cC:\WINDOWS\system32\uiokilpr.dll
OKI Network Extension --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{38ADB9A6-798C-11D6-A855-00105A80791C}\setup.exe" -l0x9 -Removeall
OmniDrive USB Professional --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{801777C6-7541-42A2-AB73-5366E5C9593A}\setup.exe"
PCM V1.51 --> "C:\Program Files\PCM\unins000.exe"
PowerDVD 5.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
RM/COBOL v7.50.01 Runtime System --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\RMCOBOL\uninst.isu" -c"C:\PROGRA~1\RMCOBOL\_uninstl.dll"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sophos Anti-Virus --> MsiExec.exe /X{034759DA-E21A-4795-BFB3-C66D17FAD183}
Sophos AutoUpdate --> MsiExec.exe /X{15C418EB-7675-42BE-B2B3-281952DA014D}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Unity Election Reporting Manager --> C:\WINDOWS\uninst.exe -fc:\apps\ess\urs\DeIsL1.isu -cc:\apps\ess\urs\_ISREG32.DLL
WebEx --> C:\WINDOWS\DOWNLO~1\atcliun.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\cache\YINSTH~1.DLL


-- Application Event Log -------------------------------------------------------

Event Record #/Type1278 / Warning
Event Submitted/Written: 02/13/2008 01:26:48 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type1277 / Warning
Event Submitted/Written: 02/13/2008 01:26:48 PM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Event Record #/Type1276 / Warning
Event Submitted/Written: 02/13/2008 01:26:31 PM
Event ID/Source: 19011 / MSSQL$AIMS_SQLS
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type1275 / Warning
Event Submitted/Written: 02/13/2008 01:22:08 PM
Event ID/Source: 17 / Sophos Anti-Virus
Event Description:
Adware/PUA 'NirCmd' has been removed.

Event Record #/Type1274 / Warning
Event Submitted/Written: 02/13/2008 01:21:56 PM
Event ID/Source: 16 / Sophos Anti-Virus
Event Description:
File "C:\WINDOWS\Nircmd.exe" belongs to adware/PUA 'NirCmd' (of type Other).



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type20240 / Warning
Event Submitted/Written: 02/13/2008 01:40:55 PM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type20239 / Error
Event Submitted/Written: 02/13/2008 01:30:45 PM
Event ID/Source: 8032 / BROWSER
Event Description:
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{2FE0A154-2BDA-4895-ADA8-7083903BF802}.
The backup browser is stopping.

Event Record #/Type20233 / Warning
Event Submitted/Written: 02/13/2008 01:27:30 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\D6GTZ3D1 on the network \Device\NetBT_Tcpip_{2FE0A154-2BDA-4895-ADA8-7083903BF802}.
The data is the error code.

Event Record #/Type20212 / Error
Event Submitted/Written: 02/13/2008 01:10:13 PM
Event ID/Source: 8032 / BROWSER
Event Description:
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{2FE0A154-2BDA-4895-ADA8-7083903BF802}.
The backup browser is stopping.

Event Record #/Type20211 / Warning
Event Submitted/Written: 02/13/2008 01:06:48 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\D6GTZ3D1 on the network \Device\NetBT_Tcpip_{2FE0A154-2BDA-4895-ADA8-7083903BF802}.
The data is the error code.



-- End of Deckard's System Scanner: finished at 2008-02-13 14:04:42 ------------

[wblakenc]

I assume I will be asked to post a DSS log. The following are the logs:

Main.txt
Deckard's System Scanner v20071014.68
Run by Printelect on 2008-02-13 14:03:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-02-13 19:03:06 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Printelect.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:04:14 PM, on 2/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iVIM\mysql\bin\mysqld.exe
C:\Program Files\Microsoft SQL Server\MSSQL$AIMS_SQLS\Binn\sqlservr.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Printelect\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Printelect.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B862223} - C:\Program Files\Helper\1202927849.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: OKI LPR Utility.lnk = C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - ?p=ZKxdm021YYUS
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1195589619906
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...ploader_v10.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://essvote.webe...bex/ieatgpc.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O20 - Winlogon Notify: bebeefbce - C:\WINDOWS\system32\bebeefbce.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: iVotronic Image Manager MySQL Database (iVIM MySQLd) - Unknown owner - C:\Program Files\iVIM\mysql\bin\mysqld.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

--
End of file - 9591 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 iVIM MySQLd (iVotronic Image Manager MySQL Database) - "c:\program files\ivim\mysql\bin\mysqld.exe" "--defaults-file=c:\program files\ivim\mysql\my.ini" "ivim mysqld"
R2 SAVAdminService (Sophos Anti-Virus status reporter) - "c:\program files\sophos\sophos anti-virus\savadminservice.exe" <Not Verified; Sophos Plc; Sophos Anti-Virus>
R2 SAVService (Sophos Anti-Virus) - "c:\program files\sophos\sophos anti-virus\savservice.exe" <Not Verified; Sophos Plc; Sophos Anti-Virus>
R2 Sophos AutoUpdate Service - "c:\program files\sophos\autoupdate\alsvc.exe" <Not Verified; Sophos Plc; Sophos AutoUpdate>

S4 ATMsrvc (ATM Service) - c:\windows\system32\atmsrvc.exe <Not Verified; Adobe Systems Incorporated; Adobe Type Manager>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: OmniUSB
Device ID: USB\VID_104B&PID_0001\5&345F6DD7&0&1
Manufacturer: CSM GmbH
Name: OmniUSB
PNP Device ID: USB\VID_104B&PID_0001\5&345F6DD7&0&1
Service: omniusb

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: USB Mass Storage Device
Device ID: USB\VID_059B&PID_0033\0033487570122905
Manufacturer: Compatible USB storage device
Name: USB Mass Storage Device
PNP Device ID: USB\VID_059B&PID_0033\0033487570122905
Service: USBSTOR


-- Files created between 2008-01-13 and 2008-02-13 -----------------------------

2008-02-13 13:54:55 0 d-------- C:\spyware removal
2008-02-13 13:37:29 0 d-------- C:\Program Files\Helper
2008-02-13 13:37:25 122385 --a------ C:\WINDOWS\system32\bebeefbce.dll
2008-02-13 13:11:42 0 d--h----- C:\WINDOWS\PIF
2008-02-13 13:03:04 0 d-------- C:\Program Files\Common Files\Cisco Systems
2008-02-13 13:03:01 17920 --a------ C:\WINDOWS\system32\SophosBootTasks.exe <Not Verified; Sophos Plc; Sophos Anti-Virus>
2008-02-13 13:02:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Sophos
2008-02-13 12:43:56 0 d-------- C:\Program Files\Sophos
2008-02-13 12:42:52 0 d-------- C:\savxpsa
2008-02-13 12:31:26 0 d-------- C:\Program Files\Trend Micro
2008-02-13 12:30:38 22528 --a------ C:\WINDOWS\system32\msole32.exe
2008-02-13 12:30:38 16896 --a------ C:\WINDOWS\eventlowg.dll
2008-02-13 12:30:38 25344 --a------ C:\WINDOWS\daxtime.dll
2008-02-13 12:30:37 26368 --a------ C:\WINDOWS\liqui-Uninstaller.exe
2008-02-13 12:30:37 28928 --a------ C:\WINDOWS\liqui.exe
2008-02-13 12:30:37 25344 --a------ C:\WINDOWS\liqui.dll
2008-02-13 12:30:37 25344 --a------ C:\WINDOWS\fhfmm-Uninstaller.exe
2008-02-13 12:30:37 18688 --a------ C:\WINDOWS\fhfmm.exe
2008-02-13 12:30:36 31744 --a------ C:\WINDOWS\xadbrk_.exe
2008-02-13 12:30:36 13312 --a------ C:\WINDOWS\xadbrk.exe
2008-02-13 12:30:36 16128 --a------ C:\WINDOWS\xadbrk.dll
2008-02-13 12:30:36 12032 --a------ C:\WINDOWS\kkcomp.exe
2008-02-13 12:30:36 32512 --a------ C:\WINDOWS\kkcomp.dll
2008-02-13 12:30:36 21760 --a------ C:\WINDOWS\kkcomp$.exe
2008-02-13 12:30:35 13824 --a------ C:\WINDOWS\liqad.exe
2008-02-13 12:30:35 27392 --a------ C:\WINDOWS\liqad.dll
2008-02-13 12:30:35 26880 --a------ C:\WINDOWS\liqad$.exe
2008-02-13 12:30:35 31232 --a------ C:\WINDOWS\kvnab.exe
2008-02-13 12:30:35 31232 --a------ C:\WINDOWS\kvnab.dll
2008-02-13 12:30:34 14848 --a------ C:\WINDOWS\wbeInst$.exe
2008-02-13 12:30:34 25600 --a------ C:\WINDOWS\wbeCheck.exe
2008-02-13 12:30:34 13056 --a------ C:\WINDOWS\settn.dll
2008-02-13 12:30:34 23808 --a------ C:\WINDOWS\pbsysie.dll
2008-02-13 12:30:34 16896 --a------ C:\WINDOWS\kvnab$.exe
2008-02-13 12:30:34 18688 --a------ C:\WINDOWS\iexplorr23.dll
2008-02-13 12:30:34 15104 --a------ C:\WINDOWS\hcwprn.exe
2008-02-13 12:30:34 21504 --a------ C:\WINDOWS\cbinst$.exe
2008-02-13 12:30:33 29440 --a------ C:\WINDOWS\system32\ESHOPEE.exe
2008-02-13 12:30:33 14080 --a------ C:\WINDOWS\spredirect.dll
2008-02-13 12:30:33 20736 --a------ C:\WINDOWS\jd2002.dll
2008-02-13 12:30:33 20736 --a------ C:\WINDOWS\adbar.dll
2008-02-13 12:30:33 0 d-------- C:\Program Files\e-zshopper
2008-02-13 12:30:31 0 d-------- C:\Program Files\amsys
2008-02-13 12:30:30 25344 --a------ C:\WINDOWS\xxxvideo.exe
2008-02-13 12:30:30 0 d-------- C:\WINDOWS\system32\acespy
2008-02-13 12:30:30 8704 --a------ C:\WINDOWS\system32\ace16win.dll
2008-02-13 12:30:30 21504 --a------ C:\WINDOWS\ie_32.exe
2008-02-13 12:30:30 9728 --a------ C:\WINDOWS\aconti.exe
2008-02-13 12:30:30 0 d-------- C:\Program Files\Accoona
2008-02-13 12:30:29 14848 --a------ C:\WINDOWS\ngd.dll
2008-02-13 12:30:29 20992 --a------ C:\WINDOWS\hotporn.exe
2008-02-13 12:30:29 21504 --a------ C:\WINDOWS\dp0.dll
2008-02-13 12:30:29 0 d-------- C:\Program Files\p2pnetworks
2008-02-13 12:30:28 20992 --a------ C:\WINDOWS\vxddsk.exe
2008-02-13 12:30:28 31232 --a------ C:\WINDOWS\system32\wml.exe
2008-02-13 12:30:28 14080 --a------ C:\WINDOWS\system32\vxddsk.exe
2008-02-13 12:30:28 0 d-------- C:\Program Files\akl
2008-02-13 12:30:27 27136 --a------ C:\WINDOWS\wml.exe
2008-02-13 12:30:27 29184 --a------ C:\WINDOWS\flt.dll
2008-02-13 12:30:27 25600 --a------ C:\WINDOWS\7search.dll
2008-02-13 12:30:27 26112 --a------ C:\WINDOWS\764.exe
2008-02-13 12:30:26 18432 --a------ C:\WINDOWS\pbar.dll
2008-02-13 12:30:26 0 d-------- C:\Program Files\3721
2008-02-13 12:24:55 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-13 12:24:55 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-13 12:24:55 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-13 12:24:55 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-13 10:04:50 0 d-------- C:\Program Files\Lavasoft
2008-02-13 10:04:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-13 10:04:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-13 10:03:01 0 d-------- C:\WINDOWS\pss
2008-02-13 09:00:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-12 13:36:06 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-02-11 10:54:34 91659 --a------ C:\WINDOWS\system32\rxjddnvj.exe <Not Verified; Microsoft; runbll>
2008-02-06 15:24:09 0 d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-02-06 15:24:09 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-02-06 15:24:08 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-02-04 13:55:33 0 d-------- C:\Program Files\Citrix
2008-01-31 15:28:12 0 d-------- C:\Program Files\MSECache


-- Find3M Report ---------------------------------------------------------------

2008-02-13 13:03:04 0 d-------- C:\Program Files\Common Files
2008-02-13 12:05:09 0 d-------- C:\Program Files\Yahoo!
2008-02-13 12:05:09 0 d-------- C:\Program Files\Google
2008-02-13 12:05:09 0 d-------- C:\Program Files\7-Zip
2008-02-12 16:16:34 0 d-------- C:\Program Files\AIMS
2008-02-12 10:44:12 0 d-------- C:\Documents and Settings\Printelect\Application Data\U3
2008-01-14 15:00:48 38460 --a------ C:\Documents and Settings\Printelect\Application Data\Microsoft Excel.ADR
2008-01-08 15:07:41 0 d-------- C:\Program Files\RMCOBOL
2007-11-28 14:09:14 202827 --a------ C:\WINDOWS\system32\atasnt40.dll <Not Verified; WebEx Communications, Inc; WebEx Application Sharing>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-ABCD-7DD20B862223}]
02/13/2008 01:37 PM 12800 --a------ C:\Program Files\Helper\1202927849.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 02:35 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 02:32 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 02:36 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 06:42 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/09/2005 07:29 PM]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [12/14/2004 01:12 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 04:48 PM]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [08/12/2005 03:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [9/18/2004 1:46:56 PM]
AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe [6/21/2007 6:18:00 AM]
OKI LPR Utility.lnk - C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe [8/10/2007 9:12:23 AM]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [12/17/2002 4:23:32 PM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [9/14/2007 1:00:15 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bebeefbce]
C:\WINDOWS\system32\bebeefbce.dll 02/13/2008 01:37 PM 122385 C:\WINDOWS\system32\bebeefbce.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
"C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a
Oracle\command
Oracle\command- OracleEnterprise.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

7899 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-02-13 14:04:42 ------------


Extra.txt
--------------------------------------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.20GHz
CPU 1: Intel® Pentium® 4 CPU 3.20GHz
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 1014.07 MiB / 553.68 MiB
Pagefile Memory (total/avail): 2441.4 MiB / 1944.88 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1938.45 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 148.96 GiB total, 138.07 GiB free.
D: is CDROM (No Media)
G: is Removable (FAT)
P: is Network (Unformatted)

\\.\PHYSICALDRIVE0 - SAMSUNG HD160JJ/P - 149.01 GiB - 2 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 148.96 GiB - C:

\\.\PHYSICALDRIVE1 - Imation Swivel Pro USB Device - 1961.06 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 1966.98 MiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Sophos Anti-Virus v ()

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Printelect\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DELLPC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Printelect
LOGONSERVER=\\DELLPC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=040a
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PRINTE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\PRINTE~1\LOCALS~1\Temp
USERDOMAIN=DELLPC
USERNAME=Printelect
USERPROFILE=C:\Documents and Settings\Printelect
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Printelect (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat 7.0 Professional --> msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Type Manager 4.1 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Adobe Type Manager\DeIsL1.isu" -c"C:\Program Files\Adobe Type Manager\UNINST.DLL"
AIMS 1.2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{F02508AA-CB34-4991-9961-108EC04D4162}
Audit Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB72DB88-EA7E-11D7-9B99-0020ED72F2B0}\setup.exe" -l0x9
Broadcom Advanced Control Suite --> MsiExec.exe /I{058B32E2-6310-4359-B2D4-1988390C3B83}
Cobol-WOW v3.12.00 --> C:\WINDOWS\IsUninst.exe -fC:\CobolWOW\Uninst.isu
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Data Acquisition Manager v6.0.0.0 --> MsiExec.exe /I{547B7ACA-2AD8-11D7-B2B3-005004D382E0}
Election Data Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FEF514F8-5800-4B62-AB60-26C41E577EC3}\Setup.exe" -l0x9
ESS Image Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6099973-DC91-4E6A-8D8E-AA8CCE2DE32B}\Setup.exe" -l0x9
GoToMeeting/GoToWebinar 3.0.0.198 --> C:\Program Files\Citrix\GoToMeeting\198\G2MUninstall.exe /uninstall
Hardware Programming Manager --> C:\WINDOWS\uninst.exe -fc:\apps\ess\hpm\DeIsL1.isu -cc:\apps\ess\hpm\_ISREG32.DLL
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
iVotronic Image Manager --> C:\PROGRA~1\iVIM\UNWISE.EXE C:\PROGRA~1\iVIM\INSTALL.LOG
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft Access 2002 Runtime --> MsiExec.exe /I{901C0409-6000-11D3-8CFE-0050048383C9}
Microsoft Office Basic Edition 2003 --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server Desktop Engine (AIMS_SQLS) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
OKI LPR Utility --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\uiokilpr.isu -cC:\WINDOWS\system32\uiokilpr.dll
OKI Network Extension --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{38ADB9A6-798C-11D6-A855-00105A80791C}\setup.exe" -l0x9 -Removeall
OmniDrive USB Professional --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{801777C6-7541-42A2-AB73-5366E5C9593A}\setup.exe"
PCM V1.51 --> "C:\Program Files\PCM\unins000.exe"
PowerDVD 5.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
RM/COBOL v7.50.01 Runtime System --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\RMCOBOL\uninst.isu" -c"C:\PROGRA~1\RMCOBOL\_uninstl.dll"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sophos Anti-Virus --> MsiExec.exe /X{034759DA-E21A-4795-BFB3-C66D17FAD183}
Sophos AutoUpdate --> MsiExec.exe /X{15C418EB-7675-42BE-B2B3-281952DA014D}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Unity Election Reporting Manager --> C:\WINDOWS\uninst.exe -fc:\apps\ess\urs\DeIsL1.isu -cc:\apps\ess\urs\_ISREG32.DLL
WebEx --> C:\WINDOWS\DOWNLO~1\atcliun.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\cache\YINSTH~1.DLL


-- Application Event Log -------------------------------------------------------

Event Record #/Type1278 / Warning
Event Submitted/Written: 02/13/2008 01:26:48 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type1277 / Warning
Event Submitted/Written: 02/13/2008 01:26:48 PM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Event Record #/Type1276 / Warning
Event Submitted/Written: 02/13/2008 01:26:31 PM
Event ID/Source: 19011 / MSSQL$AIMS_SQLS
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type1275 / Warning
Event Submitted/Written: 02/13/2008 01:22:08 PM
Event ID/Source: 17 / Sophos Anti-Virus
Event Description:
Adware/PUA 'NirCmd' has been removed.

Event Record #/Type1274 / Warning
Event Submitted/Written: 02/13/2008 01:21:56 PM
Event ID/Source: 16 / Sophos Anti-Virus
Event Description:
File "C:\WINDOWS\Nircmd.exe" belongs to adware/PUA 'NirCmd' (of type Other).



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type20240 / Warning
Event Submitted/Written: 02/13/2008 01:40:55 PM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type20239 / Error
Event Submitted/Written: 02/13/2008 01:30:45 PM
Event ID/Source: 8032 / BROWSER
Event Description:
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{2FE0A154-2BDA-4895-ADA8-7083903BF802}.
The backup browser is stopping.

Event Record #/Type20233 / Warning
Event Submitted/Written: 02/13/2008 01:27:30 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\D6GTZ3D1 on the network \Device\NetBT_Tcpip_{2FE0A154-2BDA-4895-ADA8-7083903BF802}.
The data is the error code.

Event Record #/Type20212 / Error
Event Submitted/Written: 02/13/2008 01:10:13 PM
Event ID/Source: 8032 / BROWSER
Event Description:
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{2FE0A154-2BDA-4895-ADA8-7083903BF802}.
The backup browser is stopping.

Event Record #/Type20211 / Warning
Event Submitted/Written: 02/13/2008 01:06:48 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\D6GTZ3D1 on the network \Device\NetBT_Tcpip_{2FE0A154-2BDA-4895-ADA8-7083903BF802}.
The data is the error code.



-- End of Deckard's System Scanner: finished at 2008-02-13 14:04:42 ------------