Ok here we go.ComboFix 07-12-16.4 - Jack Williams 2007-12-16 21:32:21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1407 [GMT -5:00]
Running from: C:\Documents and Settings\Jack Williams\Desktop\Combofix\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autos.exe
C:\Documents and Settings\Jack Williams\Application Data\ultra
C:\Documents and Settings\Jack Williams\Start Menu\Programs\Startup\infos.exe
C:\RECYCLER\desktopA.sys
C:\WINDOWS\Downloaded Program Files\Temp
.
((((((((((((((((((((((((( Files Created from 2007-11-17 to 2007-12-17 )))))))))))))))))))))))))))))))
.
2007-12-15 18:56 . 2007-12-15 18:56 <DIR> d-------- C:\Program Files\Portrait Professional Max 6
2007-12-15 18:19 . 2007-12-15 18:19 <DIR> d-------- C:\Program Files\Portrait Professional 6
2007-12-15 18:19 . 2007-12-15 18:19 <DIR> d-------- C:\Documents and Settings\Jack Williams\Application Data\Anthropics
2007-12-15 18:19 . 2007-12-15 23:49 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-13 19:01 . 2007-12-13 19:01 <DIR> d-------- C:\VundoFix Backups
2007-12-11 19:36 . 2007-12-11 19:36 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-10 22:18 . 2007-12-10 22:18 <DIR> d-------- C:\Documents and Settings\Jack Williams\Application Data\TrojanHunter
2007-12-10 22:13 . 2007-12-12 16:35 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2007-12-10 18:25 . 2007-12-10 18:25 <DIR> d-------- C:\Program Files\Carbonite
2007-12-10 18:25 . 2007-12-10 18:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Carbonite
2007-12-08 22:10 . 2007-12-08 22:10 <DIR> d-------- C:\Program Files\Windows Defender
2007-12-07 23:37 . 2007-12-07 23:37 <DIR> d-------- C:\Program Files\Proantivirus Lab
2007-12-07 17:57 . 2007-12-07 17:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-12-07 17:55 . 2004-12-02 23:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-12-07 17:55 . 2004-12-02 23:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Creative
2007-12-07 17:54 . 2007-12-07 17:54 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-12-06 19:18 . 2007-12-06 19:18 291,328 --a------ C:\WINDOWS\SYSTEM32\libcurl.dll
2007-12-06 16:11 . 2007-12-06 16:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2007-12-06 16:11 . 2006-12-08 02:04 76,800 --a------ C:\WINDOWS\SYSTEM32\E_FLB8JA.DLL
2007-12-06 16:11 . 2006-04-19 02:00 62,976 --a------ C:\WINDOWS\SYSTEM32\E_FD4B8JA.DLL
2007-12-02 21:17 . 2007-12-02 21:29 <DIR> d-------- C:\Program Files\Color Schemer Studio
2007-11-21 18:47 . 2007-12-16 21:37 <DIR> d-------- C:\Documents and Settings\Jack Williams\Application Data\WTablet
2007-11-21 18:47 . 2006-06-09 15:50 1,833,738 --------- C:\WINDOWS\SYSTEM32\WacomTablet.znc
2007-11-21 18:47 . 2006-06-21 11:57 1,507,328 --------- C:\WINDOWS\SYSTEM32\WacomTablet.cpl
2007-11-21 18:46 . 2007-11-21 18:46 <DIR> d-------- C:\WINDOWS\SYSTEM32\WTablet
2007-11-21 18:46 . 2007-11-21 18:47 <DIR> d-------- C:\Program Files\Tablet
2007-11-21 18:46 . 2006-06-21 12:08 937,984 --------- C:\WINDOWS\SYSTEM32\Tablet.exe
2007-11-21 18:46 . 2006-06-21 12:10 135,168 --------- C:\WINDOWS\SYSTEM32\Wintab32.dll
2007-11-21 18:46 . 2006-02-14 17:19 6,144 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wacomvhid.sys
2007-11-21 18:46 . 2006-02-14 17:18 5,632 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wacommousefilter.sys
2007-11-19 21:06 . 2007-11-19 21:07 <DIR> d-------- C:\Program Files\SEKONIC
2007-11-19 19:22 . 2007-11-19 19:22 21,504 --a------ C:\WINDOWS\jestertb.dll
2007-11-18 20:47 . 2007-11-18 20:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ICS
2007-11-18 20:33 . 2007-11-18 20:33 <DIR> d-------- C:\Program Files\Portrait Displays
2007-11-18 20:33 . 2007-12-02 11:29 <DIR> d-------- C:\Program Files\ColorEyes Display Pro
2007-11-18 20:33 . 2006-05-19 15:43 11,776 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pdiddcci.sys
2007-11-18 20:33 . 2006-05-19 15:42 8,960 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\PdiPorts.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-17 02:09 --------- d-----w C:\Program Files\Qimage
2007-12-13 20:44 258,408 ----a-w C:\Documents and Settings\Jack Williams\Alpaca ValleyOFXLOG.DAT
2007-12-13 20:14 307,136 ----a-w C:\Documents and Settings\Jack Williams\QDATA1_20050923OFXLOG.DAT
2007-12-13 00:49 --------- d-----w C:\Program Files\Common Files\ACD Systems
2007-12-12 17:01 --------- d-----w C:\Program Files\XoftSpySE
2007-12-08 04:50 --------- d-----w C:\Program Files\eSignal
2007-11-19 01:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-06 00:09 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
2007-10-30 01:06 164 ----a-w C:\install.dat
2007-10-21 23:26 --------- d-----w C:\Program Files\Photomatix
2007-10-18 23:19 515,328 ----a-w C:\Documents and Settings\Jack Williams\QDATA1_20050923OFXOLD.DAT
2007-10-01 20:40 1,526,072 ----a-w C:\WINDOWS\WRSetup.dll
2007-03-13 22:45 3,018,824 ----a-w C:\Documents and Settings\Jack Williams\Application Data\prg.exe
2006-04-04 18:08 20 -c-ha-w C:\Documents and Settings\All Users\Application Data\PKP_DLea.DAT
2005-01-16 02:18 61 -csh--w C:\WINDOWS\cnerolf.dat
2007-02-28 22:46 88 -csh--r C:\WINDOWS\SYSTEM32\1246857284.sys
2007-03-01 22:36 1,682 -csha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Blue]
@={E300CD91-100F-4E67-9AF3-1384A6124015}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@={95A27763-F62A-4114-9072-E81D87DE3B68}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Red]
@={01CCCC8C-1D50-4b13-B96D-4B922DD3128B}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@={5E529433-B50E-4bef-A63B-16A6B71B071A}
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2007-12-10 18:25 483264 -ra------ C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2007-12-10 18:25 483264 -ra------ C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_CLASSES_ROOT\CLSID\{01CCCC8C-1D50-4b13-B96D-4B922DD3128B}]
2007-12-10 18:25 483264 -ra------ C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2007-12-10 18:25 483264 -ra------ C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"The Rush Limbaugh Show"="C:\Program Files\Rush 24-7 Media Center\Rush 24-7 Media Center.exe" [2006-01-23 11:56]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo R800 (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.exe" [2003-08-07 06:00]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"nwiz"="nwiz.exe" [2007-08-17 15:23 C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 06:00 C:\WINDOWS\SYSTEM32\RUNDLL32.EXE]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 06:00 C:\WINDOWS\SYSTEM32\RUNDLL32.EXE]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 04:50 C:\WINDOWS\LOGI_MWX.EXE]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 12:23]
"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-04-04 15:04]
"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2002-04-04 15:01]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-04-04 15:03]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 16:54]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 C:\WINDOWS\SYSTEM32\CTXFIHLP.EXE]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 C:\WINDOWS\CTHELPER.EXE]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-05 17:18]
"Digital Patrol Update 5"="C:\Program Files\Proantivirus Lab\Digital Patrol Scanner 5.0\update.exe" [2007-11-18 18:52]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"Carbonite Backup"="C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2007-12-10 18:25]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 15:40]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoRecentDocsHistory"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hueyPROTray.lnk]
backup=C:\WINDOWS\pss\hueyPROTray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logo Calibration Loader.lnk]
backup=C:\WINDOWS\pss\Logo Calibration Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor.lnk]
backup=C:\WINDOWS\pss\Monitor.lnkCommon Startup
R0 pe3ah4nb;DiRT Environment Driver (pe3ah4nb);C:\WINDOWS\system32\drivers\pe3ah4nb.sys
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);C:\WINDOWS\system32\drivers\pe3ah4nc.sys
R0 ps6ah4nb;DiRT Synchronization Driver (ps6ah4nb);C:\WINDOWS\system32\drivers\ps6ah4nb.sys
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);C:\WINDOWS\system32\drivers\ps6ah4nc.sys
R0 ps7ah4nc;DiRT Synchronization Driver (ps7ah4nc);C:\WINDOWS\system32\drivers\ps7ah4nc.sys
R0 SSFS0BB9;Spy Sweeper File System Filer Driver: 0BB9;C:\WINDOWS\system32\Drivers\SSFS0BB9.SYS
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S2 pr2ah4nb;DiRT Drivers Auto Removal (pr2ah4nb);C:\WINDOWS\system32\pr2ah4nb.exe svc
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);C:\WINDOWS\system32\pr2ah4nc.exe svc
S3 chdrvr01;CH Control Manager Driver 1;C:\WINDOWS\system32\DRIVERS\chdrvr01.sys
S3 chdrvr02;CH Control Manager Driver 2;C:\WINDOWS\system32\DRIVERS\chdrvr02.sys
S3 chdrvr03;CH Control Manager Driver 3;C:\WINDOWS\system32\DRIVERS\chdrvr03.sys
S3 cvspydr2;ColorVision Spyder 2;C:\WINDOWS\system32\DRIVERS\cvspydr2.sys
S3 imhidusb;Immersion's HID USB Driver;C:\WINDOWS\system32\DRIVERS\imhidusb.sys
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 PIBus;PIBus Device;C:\WINDOWS\system32\DRIVERS\PIBus.sys
S3 PIKbd;PI Virtual Keyboard;C:\WINDOWS\system32\DRIVERS\PIKbd.sys
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 PPJoyBus;Parallel Port Joystick Bus device driver;C:\WINDOWS\system32\drivers\PPJoyBus.sys
S3 PPortJoystick;Parallel Port Joystick device driver;C:\WINDOWS\system32\drivers\PPortJoy.sys
S3 Ssrspumbo;Ssrspumbo;C:\WINDOWS\system32\drivers\RASPTI.SYS
S3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
"2007-12-16 20:01:39 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
"2007-12-17 02:37:36 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-12-16 20:04:33 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-12-11 01:00:02 C:\WINDOWS\Tasks\wrSpySweeper_LDFD04388063F4D14959389DE543C98F4.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe>/ScheduleSweep=wrSpySweeper_LDFD04388063F4D14959389DE543C98F4
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- A:\
"2007-12-17 02:37:35 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-08-28 10:12:56 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-12-16 21:37:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-16 21:38:38 - machine was rebooted
.
2007-12-14 22:13:48 --- E O F ---
HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:42:53 PM, on 12/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Proantivirus Lab\Digital Patrol Scanner 5.0\update.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rush 24-7 Media Center\Rush 24-7 Media Center.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://msn.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O3 - Toolbar: optionsXpress Toolbar - {63CC63C6-1AE1-491C-B96A-812A7950A1EC} - C:\Program Files\optionsXpress\optionsXpress Toolbar\optionsXpressToolbar.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R800 (Copy 1)] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2J1.EXE" /P32 "EPSON Stylus Photo R800 (Copy 1)" /O5 "LPT1:" /M "Stylus Photo R800"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Digital Patrol Update 5] "C:\Program Files\Proantivirus Lab\Digital Patrol Scanner 5.0\update.exe" /autoupdate
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Carbonite Backup] "C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [The Rush Limbaugh Show] "C:\Program Files\Rush 24-7 Media Center\Rush 24-7 Media Center.exe" /noopen
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
http://support.dell.com/systemprofiler/SysPro.CABO16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -
http://www.fileplanet.com/fpdlmgr/cabs/ ... 1.1.74.cabO16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} -
http://moneycentral.msn.com/cabs/pmupd806.exeO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcafee.com/molbin/share ... insctl.cabO16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} -
https://webdl.symantec.com/activex/symdlmgr.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microso ... 3218979578O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) -
http://www.parallelgraphics.com/l2/bin/cortvrml.cabO16 - DPF: {AF9104F7-D6E9-46CC-8FBF-BBE2FB05E3CF} -
https://www.optionsxpress.com/toolbox/t ... oolbar.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
http://download.mcafee.com/molbin/share ... cgdmgr.cabO16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) -
http://www.driveragent.com/files/driveragent.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{C791E32C-20A5-45AD-8A3B-425A2E65F157}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CarboniteService - Carbonite, Inc. (
http://www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nb) (pr2ah4nb) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nb.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 10138 bytes
Uninstall List:
3DMark05
ACDSee Pro 2
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS2
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 8.1.1
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe SVG Viewer 3.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advanced GET
Art Explosion Publisher Pro 2.0
AudibleManager
AV Bros. Colorist 1.0 (Remove Only)
B/W Styler 1.01
Ballistic Explorer
Battlestations: Midway
Broadcom Advanced Control Suite 2
Broadcom Gigabit Integrated Controller
BurnPlugin for Audible
Capture NX
Carbonite
CHROMiX ColorThink 2.2
Click And Fix 3.2 Full Version
Colin McRae Rally 2005
Color Schemer Studio
Corel Painter IX
Creative Audio Console
Creative MediaSource
Crystal Reports 9
Curves 2
Data Transfer Software
DCCK
Dell Driver Reset Tool
Digimarc MyPictureMarc Watermarking Plugin
Digital Patrol Scanner
DiRT
ENIGMA
Enigma Codebook Tool
EPSON Print CD
EPSON Printer Software
eSignal
Essex Option Pro 5.5
EVGA Display Driver
FocalBlade
Forté Agent
GETData for the Internet
GunTracker 2.4 (Update)
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Photo and Imaging 1.0 - HP Photosmart Printer Series
hueyPRO 1.5.0
ICC Color Profiles
Imatest 2.0.7
Intel Application Accelerator
Internet Explorer Default Page
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Logitech Gaming Software
Logitech MouseWare 9.79
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator X
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
Musicmatch for Windows Media Player
My Photo Calendars & Cards
Neat Image v5.7 Pro+
Newlite Business Card Printer 2.0
Newlite Business Publisher Studio 2.0
nik Color Efex Pro 2.0 IE
Nikon Message Center
NVIDIA Drivers
On Target
optionsXpress Toolbar
OT2005
P.I.M. II Plug-In
PDF Settings
Photomatix Pro version 2.5
PhotoPresets with One-Click WOW! for Adobe Camera Raw
Photosmart Printer 130,230,7150,7350,7550 (Remove only)
Portrait Professional 6.3
Portrait Professional Max 6.3
PowerDVD 5.3
ProfileMaker Professional 4.1.5
Qimage
Qimage 30 Day Trial
Quicken 2007
QuickTime
RadLight 4.0 FINAL
RealPlayer
RegCure 1.5.0.0
Rhapsody Player Engine
Rob's Reloading Organizer
RSI Shooting Lab
Rush 24-7 Media Center
SanDisk TransferMate
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
Sentinel System Driver
Ship Simulator 2008
Sound Blaster Audigy 2 ZS
Spelling Dictionaries Support For Adobe Reader 8
Spy Sweeper
Stamps.com
Stamps.com support for Microsoft Outlook 2000-2007
Stamps.com support for Microsoft Word 2000-2007
Starry Night Pro
Tablet
the 123 of digital imaging Interactive Learning Suite
Tone Mapping Plug-In 1.1.2
TrojanHunter 5.0
TTS_Technology
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
WebSite Complete Deluxe Edition
Windows Defender
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
XoftSpySE
Thanks,