First off, THANK YOU for the help SIMON!! It is greatly appreciated!
Here is the ComboFix log:ComboFix 08-02.05.3 - Owner 2008-02-09 11:13:30.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.289 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ddaba.dll
C:\WINDOWS\system32\pmnnonk.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\abadd.ini
C:\WINDOWS\system32\abadd.ini2
C:\WINDOWS\system32\bwpgfsmt.dll
C:\WINDOWS\system32\ddaba.dll
C:\WINDOWS\system32\dotlymib.dll
C:\WINDOWS\system32\fuucsyuf.ini
C:\WINDOWS\system32\fuyscuuf.dll
C:\WINDOWS\system32\llmrqufn.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mntwkyoo.dll
C:\WINDOWS\system32\myucugxt.dll
C:\WINDOWS\system32\nmgumqgb.dll
C:\WINDOWS\system32\nmgumqgb.dll . . . . failed to delete
C:\WINDOWS\system32\nmgumqgb.dllbox
C:\WINDOWS\system32\ooykwtnm.ini
C:\WINDOWS\system32\pmnnonk.dll
C:\WINDOWS\system32\ruugrewk.dll
C:\WINDOWS\system32\tfaayxij.dll
C:\WINDOWS\system32\tjhrtsjd.dll
C:\WINDOWS\system32\ucnclrrt.dll
C:\WINDOWS\system32\vseofhpl.dll
----- BITS: Possible infected sites -----
hxxp://www.download.windowsupdate.com.
((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 )))))))))))))))))))))))))))))))
.
2008-02-09 11:26 . 2008-02-09 11:28 19,054 ---hs---- C:\WINDOWS\system32\nmgumqgb.dllbox
2008-02-08 06:33 . 2008-02-09 08:44 534 --ahs---- C:\WINDOWS\system32\lkivnpbd.ini
2008-02-06 18:50 . 2008-02-09 11:22 163,904 --a------ C:\WINDOWS\system32\nmgumqgb.dll
2008-02-06 17:24 . 2004-04-01 04:03 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-02-06 17:24 . 2004-04-02 18:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-02-06 17:24 . 2004-04-01 16:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-02-06 17:19 . 2008-02-06 17:19 149 --a------ C:\WINDOWS\wininit.ini
2008-02-06 16:39 . 2008-02-06 16:39 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-06 16:39 . 2008-02-06 16:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-06 16:23 . 2008-02-07 06:14 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-02-06 16:19 . 2008-02-06 16:19 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-06 16:19 . 2008-02-06 21:06 <DIR> d-------- C:\Program Files\a-squared Free
2008-02-06 16:14 . 2008-02-06 16:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-06 12:36 . 2008-02-06 17:38 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-06 06:27 . 2008-02-07 12:19 1,014 --ahs---- C:\WINDOWS\system32\sobixlpr.ini
2008-02-05 06:25 . 2008-02-06 06:26 534 --ahs---- C:\WINDOWS\system32\cweawtlb.ini
2008-02-03 23:15 . 2008-02-05 06:23 1,014 --ahs---- C:\WINDOWS\system32\egjhuriu.ini
2008-02-03 10:58 . 2008-02-03 10:58 <DIR> d-------- C:\Program Files\Windows Defender
2008-02-02 23:43 . 2008-02-02 23:43 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-02-02 16:33 . 2008-02-03 23:13 834 --ahs---- C:\WINDOWS\system32\uxlvccoc.ini
2008-02-01 22:13 . 2008-02-01 22:15 170 --a------ C:\WINDOWS\fnerr.dat
2008-02-01 22:12 . 2008-02-01 22:12 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Bitstream
2008-02-01 16:56 . 2008-02-08 23:08 2,516 --ahs---- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-02-01 16:56 . 2008-02-08 23:08 88 -r-hs---- C:\Documents and Settings\All Users\Application Data\D5718AD1A6.sys
2008-02-01 16:28 . 2008-02-02 16:29 474 --ahs---- C:\WINDOWS\system32\finnilna.ini
2008-01-31 16:18 . 2008-02-01 16:26 354 --ahs---- C:\WINDOWS\system32\ctkarsdl.ini
2008-01-28 21:46 . 2008-01-28 21:46 <DIR> d-------- C:\Program Files\Dreamweaver 4
2008-01-27 18:35 . 2008-02-08 18:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-27 18:35 . 2008-01-27 18:35 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-23 12:17 . 2008-01-23 12:24 1,534 --a------ C:\welcome.html
2008-01-22 16:37 . 2008-01-22 16:37 118,784 --a------ C:\WINDOWS\SeaMonkeyUninstall.exe
2008-01-22 16:37 . 2008-01-22 16:37 118,784 --a------ C:\WINDOWS\GREUninstall.exe
2008-01-22 16:36 . 2008-01-22 16:36 <DIR> d-------- C:\Program Files\mozilla.org
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 23:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-06 21:35 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-03 14:12 --------- d-----w C:\Program Files\Quicken
2008-02-03 13:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-01 21:56 --------- d-----w C:\Documents and Settings\Owner\Application Data\Corel
2008-02-01 21:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel
2008-02-01 21:37 --------- d-----w C:\Program Files\Corel
2008-01-02 00:06 --------- d-----w C:\Program Files\QuickTime
2008-01-02 00:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-02 00:04 --------- d-----w C:\Program Files\Apple Software Update
2008-01-02 00:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-19 03:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-19 01:58 --------- d-----w C:\Program Files\Trillian
2007-12-16 00:36 --------- d-----w C:\Program Files\rFactor
2007-12-11 00:54 --------- d-----w C:\Documents and Settings\Owner\Application Data\Alien Skin
2007-02-13 02:11 21,856 ----a-w C:\Program Files\uninstal.log
2005-10-07 21:22 1,281 ----a-w C:\Program Files\ReadMe.txt
2005-09-27 19:41 44,092 ----a-r C:\Program Files\mashelp.chm
1999-12-22 23:28 540,203 ----a-w C:\Program Files\_SETUP.1
1999-12-22 23:28 5 -c--a-w C:\Program Files\DISK1.ID
1999-12-22 23:28 35 ----a-w C:\Program Files\SETUP.INI
1999-12-22 23:28 194,234 ----a-w C:\Program Files\_SETUP.LIB
1999-12-22 23:28 103 ----a-w C:\Program Files\SETUP.PKG
1998-06-18 17:43 70,711 ----a-w C:\Program Files\SETUP.INS
1997-01-18 17:04 320,411 ----a-w C:\Program Files\_INST32I.EX_
1997-01-18 16:53 45,312 ----a-w C:\Program Files\SETUP.EXE
1996-12-19 21:03 6,128 ----a-w C:\Program Files\_SETUP.DLL
1995-09-08 01:22 8,192 ----a-w C:\Program Files\_ISDEL.EXE
2007-04-02 00:21 88 --sha-r C:\WINDOWS\system32\D5718AD1A6.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{122C53B4-430A-4A32-8073-C9A8A78B1885}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66c53134-5a2f-458c-978a-236bc7c08a84}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74E48BD4-B456-469C-8E95-81F31E758DF3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89A1E40D-0254-4F99-B9AE-B60A2D8754A9}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9AE5E1FE-29E1-4247-9E8C-90612EDDD1C8}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2008-02-09 11:22 163904 --a------ C:\WINDOWS\system32\nmgumqgb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B80A440E-E6EB-4EFC-8D5A-3F50D772AC48}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C844A4D6-D82C-4982-B5C0-C72F8E947E06}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f5d4d317-6b9d-49d2-8d46-a4c5c35f13c5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 04:34 32768]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 16:43 4670704]
"Aim6"="" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 06:23 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 06:15 483328]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 15:43 233472]
"VTTimer"="VTTimer.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 18:57 81920]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-04-28 02:47 7573504]
"nwiz"="nwiz.exe" [2006-04-28 02:47 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-04-28 02:47 86016]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-19 20:05 185896]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 15:15 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 15:15 81920]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nmgumqgb]
nmgumqgb.dll 2008-02-09 11:22 163904 C:\WINDOWS\system32\nmgumqgb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnonk]
R1 crlscsi;crlscsi;C:\WINDOWS\system32\drivers\crlscsi.sys [2006-12-27 23:34]
R2 Par1284;Par1284;C:\Program Files\FlexiSIGN-PRO 7.5v2\Program\Par1284.sys [2003-10-09 16:48]
R2 PSI_SVC_2;Protexis Licensing V2;"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [2007-07-24 11:15]
R2 sfmgr;CaReTaKeR-CT NetMgr 1.2.1;C:\Program Files\Autodesk\3dsMax8\3dsmax8\plugins\Brazil\sfmgr\sfmgr.exe [2004-02-11 05:51]
S3 C-Dilla;C-Dilla;C:\WINDOWS\System32\drivers\CDANT.SYS [2002-07-18 22:59]
S3 GrooveInstallerService;Groove Installer Service;C:\Program Files\Groove Networks\Groove\Bin\GrooveInstallerService.exe [2003-03-28 18:35]
.
Contents of the 'Scheduled Tasks' folder
"2008-01-23 19:20:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-09 16:29:04 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-02-09 02:38:00 C:\WINDOWS\Tasks\WebReg 20071113213808.job"
- c:\Program Files\HP\Digital Imaging\bin\hpqwrg.exeX/TaskName 20071113213808 /N
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-09 11:26:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\nmgumqgb.dll
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\nmgumqgb.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-02-09 11:32:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-09 16:32:18
.
2008-02-03 15:34:15 --- E O F ---
Here is the NEW HiJackThis Log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:23 AM, on 2/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Autodesk\3dsMax8\3dsmax8\plugins\Brazil\sfmgr\sfmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\nmgumqgb.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} -
file://C:\Program Files\ProENGINEER Special Edition\i486_nt\obj\pvx_install.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/Shar ... vSniff.cabO16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) -
https://inotes.armstrong.com/LCCMX002.a ... otes6W.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/Shar ... /cabsa.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 0028989953O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file:///C:/Program%20Files/AutoCAD%202002/InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) -
file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O20 - Winlogon Notify: nmgumqgb - C:\WINDOWS\SYSTEM32\nmgumqgb.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: Groove Installer Service (GrooveInstallerService) - Groove Networks, Inc. - C:\Program Files\Groove Networks\Groove\Bin\GrooveInstallerService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: CaReTaKeR-CT NetMgr 1.2.1 (sfmgr) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\3dsmax8\plugins\Brazil\sfmgr\sfmgr.exe
--
End of file - 9651 bytes
Here is the CCleaner Uninstall List:2170_Help
2170
21_22_Trb
3ds max 5
a-squared Free 3.1
Ad-Aware 2007
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Illustrator 10
Adobe Photoshop 7.0
Adobe Photoshop CS2
Adobe Reader 8.1.1
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Agere Systems PCI Soft Modem
AIM 6
AIOMinimal
AiOSoftware
AiO_Scan
Alien Skin Eye Candy 5 Impact
Alien Skin Eye Candy 5 Nature
Alien Skin Eye Candy 5 Textures
Alien Skin Filter
Alien Skin Xenofex 2.0 Demo
Animation Factory
Apple Software Update
AutoCAD 2002
Autodesk 3ds Max 8
Backburner
Brasil R.S 1.2.58
C-Dilla Licence Management System
CameraDrivers
CCleaner (remove only)
Collaboration Tools Release Wildfire 2.0 Datecode F000
Comcast High-Speed Internet Install Wizard
Copy
Corel Applications
CorelDRAW Graphics Suite X3
CorelDRAW Graphics Suite X4 - Capture
CorelDRAW Graphics Suite X4 - Content
CorelDRAW Graphics Suite X4 - Draw
CorelDRAW Graphics Suite X4 - Filters
CorelDRAW Graphics Suite X4 - FontNav
CorelDRAW Graphics SUite X4 - ICA
CorelDRAW Graphics Suite X4 - IPM
CorelDRAW Graphics Suite X4 - Lang EN
CorelDRAW Graphics Suite X4 - PP
CorelDRAW Graphics Suite X4 - VBA
CorelDRAW Graphics Suite X4
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
CorelDRAW(R) Graphics Suite X4
CreativeProjects
Digimax Master
Director
DirtSimInc Late Models, Phase 2 Full version
DocProc
End It All
EN
Eye Candy 4000
Fax
FileZilla (remove only)
FlexiSIGN-PRO 7.5v2
FloorPlan 3D v8
FontNav
Game Elements PC Recoil Pad
Groove
Hemera GraphicsDesk
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB926239)
HP Deskjet Preloaded Printer Drivers
HP Image Zone 3.5
HP Image Zone Plus 3.5
HP Instant Support
HP Photo & Imaging 3.5 - HP Devices
HP PSC & OfficeJet 3.5
HP Software Update
hpg2436
hpg3970
hpg4600
hpg5530
hpg8200
HPIZ350
hpmdtab
HpSdpAppCoreApp
HPSystemDiagnostics
Image Resizer Powertoy for Windows XP
Imagesynth
InstantShare
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0 Update 10
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Joesville_Dirt_MG_v1.0
KBD
Knoll Light Factory 2
KPT 6
Madden NFL 2004
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1
Microsoft Office Standard Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual J# .NET Redistributable Package 1.1
Mozilla Firefox (2.0.0.12)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
NASCAR Heat Essentials
NASCAR Heat MOD Launcher 2 - Swiss Army Knife Edition
NVIDIA Drivers
NVIDIA Photoshop Plug-ins
Overland
Paint Shop Pro 7
PC-Doctor for Windows
PhotoGallery
Photosmart 140,240,7200,7600,7700,7900 Series
PrimoPDF Redistribution Package
PrimoPDF
PrintScreen
Pro/ENGINEER Training Edition Release Wildfire 2.0 [F000]
PS2
PSShortcutsP
Python 2.2 combined Win32 extensions
Python 2.2.1
QFolder
Quicken 2004
QuickProjects
QuickTime
Readme
RealPlayer
RecordNow!
rFactor (remove only)
Rhapsody Player Engine
Rhapsody
Samsung USB Driver
Sansa Media Converter
Sansa Updater
Scan
SeaMonkey (1.1.7)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Sentinel System Driver
Shutterfly Plugin
SkinsHP1
SkinsHP2
SnagIt 7
Splutterfish Brazil 1.0 Final
Spybot - Search & Destroy
Symbols for FloorPlan v8
The DirtFactor Late Model
TrayApp
Trillian
Ulead Drop Spot 1.0
Ulead Drop Spot
Ulead PhotoImpact 8
Unload
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update Manager
Updates from HP
VBA
VIA Rhine-Family Fast Ethernet Adapter
Visual Basic for Applications (R) Core - English
Visual Basic for Applications (R) Core
WebFldrs XP
WebReg
Windows Defender
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
WinResTools Wizard
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool 1v7