Highjackthis Log - Major issues on computer: virus

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:08 PM, on 11/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\RegCure\RegCure.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Uniblue\RegistryBooster 2010\registrybooster.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\mshta.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ron Cusano\Desktop\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMeshMediabarTb\iMeshMediaBarDx.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Mirar - {E0948440-9FA1-470C-8836-47EC22E1BDEC} - (no file)
O3 - Toolbar: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files\iMeshMediabarTb\iMeshMediaBarDx.dll
O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [8169Diag] C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe /hw
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /FU "C:\WINDOWS\TEMP\E_S395.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [UniblueRegistryBooster] "C:\Program Files\Uniblue\RegistryBooster 2010\launcher.exe" delay 20000
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Advanced Email Extractor - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scan link with AEE - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/link.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://C:\Program%20Files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html (file missing) (HKCU)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 15619 bytes

ComboFix 09-11-05.01 - Ron Cusano 11/05/2009 21:48.1.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2051 [GMT -5:00]
Running from: c:\documents and settings\Ron Cusano\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\b2042970-346c-4a6c-1340-b21efabc83cd.exe

.
((((((((((((((((((((((((( Files Created from 2009-10-06 to 2009-11-06 )))))))))))))))))))))))))))))))
.

2009-12-15 01:49 . 2009-12-15 01:49      --------      d-----w-      c:\documents and settings\All Users\Application Data\IObit
2009-12-15 01:49 . 2009-07-15 01:04      --------      d-----w-      c:\program files\IObit
2009-12-14 22:09 . 2009-12-14 22:10      --------      dc-h--w-      c:\windows\ie8
2009-12-14 22:09 . 2009-12-14 22:11      --------      d--h--w-      c:\windows\msdownld.tmp
2009-12-14 22:07 . 2009-06-02 10:12      102912      -c----w-      c:\windows\system32\dllcache\iecompat.dll
2009-11-06 02:20 . 2009-11-06 02:20      117760      ----a-w-      c:\documents and settings\Ron Cusano\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-06 02:20 . 2009-11-06 02:20      --------      d-----w-      c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-06 02:18 . 2009-11-06 02:19      --------      d-----w-      c:\program files\SUPERAntiSpyware
2009-11-06 02:18 . 2009-11-06 02:18      --------      d-----w-      c:\documents and settings\Ron Cusano\Application Data\SUPERAntiSpyware.com
2009-11-06 02:16 . 2009-11-06 02:16      --------      d-----w-      c:\program files\Common Files\Wise Installation Wizard
2009-11-06 01:47 . 2009-11-06 01:47      --------      d-----w-      c:\documents and settings\Ron Cusano\Application Data\Uniblue
2009-11-06 01:46 . 2009-11-06 01:46      --------      d-----w-      c:\program files\Uniblue
2009-11-05 22:40 . 2009-11-05 22:41      --------      d-----w-      C:\$WIN_NT$.~BT
2009-11-05 14:40 . 2009-11-05 14:40      --------      d-----w-      c:\program files\iPod
2009-11-05 14:40 . 2009-11-05 14:42      --------      d-----w-      c:\program files\iTunes
2009-11-05 14:34 . 2009-11-05 14:34      79144      ----a-w-      c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-02 14:19 . 2009-10-21 13:57      2025752      ----a-w-      c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
2009-10-29 01:16 . 2009-10-29 01:19      --------      d-----w-      c:\documents and settings\All Users\Application Data\avg9
2009-10-29 01:08 . 2009-10-20 19:57      3767064      ----a-w-      c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
2009-10-25 20:37 . 2009-10-25 20:37      --------      d-----w-      c:\documents and settings\Ron Cusano\Local Settings\Application Data\Threat Expert
2009-10-25 20:05 . 2009-10-08 15:31      149456      ----a-w-      c:\windows\SGDetectionTool.dll
2009-10-25 20:05 . 2009-10-08 15:31      767952      ----a-w-      c:\windows\BDTSupport.dll
2009-10-25 20:05 . 2008-11-26 16:08      131      ----a-w-      c:\windows\IDB.zip
2009-10-25 20:05 . 2009-10-08 15:31      165840      ----a-w-      c:\windows\PCTBDRes.dll
2009-10-25 20:05 . 2009-10-08 15:31      1636304      ----a-w-      c:\windows\PCTBDCore.dll
2009-10-25 20:05 . 2009-10-02 18:19      1152470      ----a-w-      c:\windows\UDB.zip
2009-10-19 21:40 . 2009-05-18 18:17      26600      ----a-w-      c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-19 21:40 . 2008-04-17 17:12      107368      ----a-w-      c:\windows\system32\GEARAspi.dll
2009-10-19 21:38 . 2009-10-19 21:40      --------      d-----w-      c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-19 21:34 . 2009-11-05 14:40      --------      d-----w-      c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-19 21:32 . 2009-10-19 21:40      --------      dc----w-      c:\windows\system32\DRVSTORE
2009-10-19 21:31 . 2009-11-05 14:40      --------      d-----w-      c:\program files\Common Files\Apple
2009-10-19 21:04 . 2009-10-19 21:04      --------      d-----w-      c:\documents and settings\All Users\Application Data\153E
2009-10-19 21:02 . 2009-10-19 21:54      --------      d-----w-      c:\documents and settings\Ron Cusano\Local Settings\Application Data\BearShare
2009-10-19 21:02 . 2009-10-19 21:02      --------      d-----w-      c:\program files\BearShare Applications
2009-10-19 19:31 . 2009-10-19 19:31      --------      d-----w-      c:\documents and settings\All Users\Application Data\BFA
2009-10-19 19:30 . 2009-10-19 19:30      --------      d-----w-      c:\documents and settings\Ron Cusano\Application Data\BearShareTb
2009-10-19 19:30 . 2009-10-19 19:30      --------      d-----w-      c:\program files\BearShareTb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-06 02:43 . 2009-04-23 14:57      --------      d---a-w-      c:\documents and settings\All Users\Application Data\TEMP
2009-11-06 02:43 . 2009-04-23 14:57      --------      d-----w-      c:\program files\Spyware Doctor
2009-11-05 21:08 . 2009-04-24 19:34      7159      ----a-w-      c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys
2009-11-05 19:13 . 2009-04-23 19:51      --------      d-----w-      c:\program files\Citrix
2009-11-05 14:34 . 2009-04-24 20:51      --------      d-----w-      c:\program files\32BITEMB
2009-11-03 15:24 . 2009-04-23 18:32      --------      d-----w-      c:\program files\e-Sword
2009-11-01 00:34 . 2009-04-23 18:46      --------      d-----w-      c:\program files\Advanced Email Extractor PRO
2009-10-29 01:16 . 2009-08-20 15:52      --------      d-----w-      c:\program files\AVG
2009-10-24 14:38 . 2009-04-23 19:00      1901      ----a-w-      c:\windows\panose.bin
2009-10-20 17:59 . 2009-08-31 01:29      --------      d-----w-      c:\program files\RegCure
2009-10-19 21:40 . 2009-05-01 12:35      --------      d-----w-      c:\documents and settings\Ron Cusano\Application Data\Apple Computer
2009-10-19 21:38 . 2009-04-24 14:15      --------      d-----w-      c:\program files\Bonjour
2009-10-19 21:36 . 2009-04-24 14:23      --------      d-----w-      c:\program files\QuickTime
2009-10-16 03:21 . 2009-04-23 20:03      --------      d-----w-      c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-14 22:21 . 2009-07-15 01:04      --------      d-----w-      c:\documents and settings\Ron Cusano\Application Data\IObit
2009-10-14 22:21 . 2009-09-24 20:52      --------      d-----w-      c:\program files\Common Files\Akamai
2009-10-06 20:31 . 2009-04-23 14:57      87784      ----a-w-      c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-30 16:09 . 2009-04-24 14:38      --------      d-----w-      c:\documents and settings\All Users\Application Data\FLEXnet
2009-09-24 12:55 . 2009-04-23 14:57      229304      ----a-w-      c:\windows\system32\drivers\pctgntdi.sys
2009-09-23 20:10 . 2009-04-23 14:57      207280      ----a-w-      c:\windows\system32\drivers\PCTCore.sys
2009-09-23 11:24 . 2009-04-25 00:50      195848      ----a-w-      c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe
2009-09-23 11:24 . 2009-04-25 00:50      1010440      ----a-w-      c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe
2009-09-22 15:18 . 2009-09-22 15:10      --------      d-----w-      c:\documents and settings\Ron Cusano\Application Data\iMeshMediabarTb
2009-09-22 15:11 . 2009-09-22 15:11      --------      d-----w-      c:\documents and settings\All Users\Application Data\033C
2009-09-22 15:10 . 2009-09-22 15:10      --------      d-----w-      c:\program files\iMeshMediabarTb
2009-09-22 14:50 . 2009-04-28 23:51      --------      d-----w-      c:\documents and settings\Ron Cusano\Application Data\LimeWire
2009-09-17 02:53 . 2009-09-17 02:53      --------      d-----w-      c:\documents and settings\All Users\Application Data\Citrix
2009-09-17 02:15 . 2009-04-23 19:51      108920      ----a-w-      c:\documents and settings\Ron Cusano\g2ax_customer_downloadhelper_win32_x86.exe
2009-09-16 07:20 . 2009-09-01 12:56      7383      ----a-w-      c:\windows\system32\drivers\pctcore.cat
2009-09-15 10:20 . 2009-10-25 20:00      7383      ----a-w-      c:\windows\system32\drivers\pctplsg.cat
2009-09-15 06:12 . 2009-10-25 20:01      7412      ----a-w-      c:\windows\system32\drivers\PCTAppEvent.cat
2009-09-15 05:01 . 2009-10-25 20:01      7387      ----a-w-      c:\windows\system32\drivers\pctgntdi.cat
2009-09-11 18:12 . 2009-04-28 23:50      --------      d-----w-      c:\program files\LimeWire
2009-09-11 14:18 . 2008-04-25 16:16      136192      ----a-w-      c:\windows\system32\msv1_0.dll
2009-09-10 12:40 . 2009-04-14 21:23      --------      d-----w-      c:\program files\Microsoft Silverlight
2009-09-04 21:03 . 2008-04-25 16:16      58880      ----a-w-      c:\windows\system32\msasn1.dll
2009-09-03 13:45 . 2009-04-23 14:57      70408      ----a-w-      c:\windows\system32\drivers\pctplsg.sys
2009-08-29 08:08 . 2008-04-25 16:16      916480      ----a-w-      c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2008-04-25 16:16      247326      ----a-w-      c:\windows\system32\strmdll.dll
2009-08-20 16:06 . 2009-08-20 16:06      20      ----a-w-      c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IETOOLBAR.DLL
2009-08-20 15:52 . 2009-08-20 15:52      12552      ----a-w-      c:\windows\system32\drivers\avgrkx86.sys
2009-08-20 15:52 . 2009-08-20 15:52      11952      ----a-w-      c:\windows\system32\avgrsstx.dll
2009-08-20 15:52 . 2009-08-20 15:52      108552      ----a-w-      c:\windows\system32\drivers\avgtdix.sys
2009-08-20 15:52 . 2009-08-20 15:52      335240      ----a-w-      c:\windows\system32\drivers\avgldx86.sys
2009-08-20 15:52 . 2009-08-20 15:52      27784      ----a-w-      c:\windows\system32\drivers\avgmfx86.sys
2009-08-20 15:52 . 2009-08-20 15:52      50968      ----a-w-      c:\windows\system32\avgfwdx.dll
2009-08-20 15:52 . 2009-08-20 15:52      29208      ----a-w-      c:\windows\system32\drivers\avgfwdx.sys
2009-08-18 03:33 . 2009-08-18 03:33      1193832      ----a-w-      c:\windows\system32\FM20.DLL
2009-08-17 16:55 . 2009-08-17 16:55      24859      ----a-w-      c:\documents and settings\All Users\Application Data\tmp817.tmp
2009-08-12 13:02 . 2009-08-12 13:02      850736      ----a-w-      c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\dblgen11.dll
2009-08-12 13:02 . 2009-08-12 13:02      787760      ----a-w-      c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblgen10.dll
2009-08-12 13:02 . 2009-08-12 13:02      763184      ----a-w-      c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblib10.dll
2009-08-12 13:02 . 2009-08-12 13:02      570672      ----a-w-      c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlhttps10.dll
2009-08-12 13:02 . 2009-08-12 13:02      496944      ----a-w-      c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlrsa10.dll
2009-08-12 13:02 . 2009-08-12 13:02      423216      ----a-w-      c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbmlsync.exe
2009-08-12 13:02 . 2009-08-12 13:02      394544      ----a-w-      c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbcon10.dll
2009-08-12 13:02 . 2009-08-12 13:02      296240      ----a-w-      c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlsock10.dll
2009-08-12 13:02 . 2009-08-12 13:02      263472      ----a-w-      c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlcrsa10.dll
2009-08-12 13:02 . 2009-08-12 13:02      2151728      ----a-w-      c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\iAnywhere.Data.SQLAnywhere.dll
2009-08-12 13:02 . 2009-08-12 13:02      1152304      ----a-w-      c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbtool10.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-08-10 14:06      91576      ----a-w-      c:\program files\BearShareTb\BearShareDx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 16:58      1107200      ----a-w-      c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]
2009-07-31 11:58      91568      ----a-w-      c:\program files\iMeshMediabarTb\iMeshMediaBarDx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
"{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\program files\iMeshMediabarTb\iMeshMediaBarDx.dll" [2009-07-31 91568]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\program files\BearShareTb\BearShareDx.dll" [2009-08-10 91576]
"{472734EA-242A-422B-ADF8-83D1E48CC825}"= "c:\program files\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]

[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]

[HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-01-09 20:13      583312      ----a-r-      c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-01-09 20:13      583312      ----a-r-      c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-01-09 20:13      583312      ----a-r-      c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-23 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-13 2000112]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"UniblueRegistryBooster"="c:\program files\Uniblue\RegistryBooster 2010\launcher.exe" [2009-09-29 59184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-14 136600]
"8169Diag"="c:\program files\Realtek\Diagnostics Utility\8169Diag.exe" [2008-02-26 909312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-01-09 669840]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-02 2028312]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-08-18 16806912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-23 108544]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-7-16 984352]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-6-10 525640]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21      548352      ----a-w-      c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-20 15:52      11952      ----a-w-      c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [8/20/2009 10:52 AM 12552]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [4/23/2009 9:57 AM 207280]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/20/2009 10:52 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/20/2009 10:52 AM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 9:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 74480]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/20/2009 10:52 AM 297752]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [10/25/2009 3:05 PM 112592]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [12/14/2009 8:49 PM 305936]
R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [4/14/2009 4:18 PM 8960]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [8/20/2009 10:52 AM 29208]
R3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [4/14/2009 4:18 PM 11264]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 7408]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/25/2008 11:16 AM 14336]
S2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [8/20/2009 10:52 AM 1370488]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [8/20/2009 10:52 AM 29208]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [4/14/2009 4:18 PM 16640]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [4/23/2009 9:57 AM 358600]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*NewlyCreated* - SASDIFSV
*NewlyCreated* - SASENUM
*NewlyCreated* - SASKUTIL
*Deregistered* - mbr
*Deregistered* - PCTSDInjDriver32
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai      REG_MULTI_SZ       Akamai
.
Contents of the 'Scheduled Tasks' folder

2009-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-11-05 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 19:46]

2009-11-06 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 19:46]

2009-11-05 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 19:46]
.
.
------- Supplementary Scan -------
.
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Advanced Email Extractor - c:\program%20files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Scan link with AEE - c:\program%20files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/link.html
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-*{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
Toolbar-{E0948440-9FA1-470C-8836-47EC22E1BDEC} - (no file)
WebBrowser-{E0948440-9FA1-470C-8836-47EC22E1BDEC} - (no file)
AddRemove-b2042970-346c-4a6c-1340-b21efabc83cd - c:\windows\system32\b2042970-346c-4a6c-1340-b21efabc83cd.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-05 21:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3586.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3586.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d6,87,65,91,bc,33,b2,42,ac,1f,bb,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d6,87,65,91,bc,33,b2,42,ac,1f,bb,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1096)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-11-06 21:59
ComboFix-quarantined-files.txt 2009-11-06 02:59

Pre-Run: 432,434,638,848 bytes free
Post-Run: 433,085,960,192 bytes free

- - End Of File - - C0BAD6E8447FA6E4021A39592633FD14

ComboFix 09-11-05.01 - Ron Cusano 11/05/2009 21:48.1.4 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3071.2051 [GMT -5:00]
Running from: c:\documents and settings\Ron Cusano\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
 
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
c:\windows\system32\b2042970-346c-4a6c-1340-b21efabc83cd.exe
 
.
(((((((((((((((((((((((((   Files Created from 2009-10-06 to 2009-11-06  )))))))))))))))))))))))))))))))
.
 
2009-12-15 01:49 . 2009-12-15 01:49	--------	d-----w-	c:\documents and settings\All Users\Application Data\IObit
2009-12-15 01:49 . 2009-07-15 01:04	--------	d-----w-	c:\program files\IObit
2009-12-14 22:09 . 2009-12-14 22:10	--------	dc-h--w-	c:\windows\ie8
2009-12-14 22:09 . 2009-12-14 22:11	--------	d--h--w-	c:\windows\msdownld.tmp
2009-12-14 22:07 . 2009-06-02 10:12	102912	-c----w-	c:\windows\system32\dllcache\iecompat.dll
2009-11-06 02:20 . 2009-11-06 02:20	117760	----a-w-	c:\documents and settings\Ron Cusano\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-06 02:20 . 2009-11-06 02:20	--------	d-----w-	c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-06 02:18 . 2009-11-06 02:19	--------	d-----w-	c:\program files\SUPERAntiSpyware
2009-11-06 02:18 . 2009-11-06 02:18	--------	d-----w-	c:\documents and settings\Ron Cusano\Application Data\SUPERAntiSpyware.com
2009-11-06 02:16 . 2009-11-06 02:16	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2009-11-06 01:47 . 2009-11-06 01:47	--------	d-----w-	c:\documents and settings\Ron Cusano\Application Data\Uniblue
2009-11-06 01:46 . 2009-11-06 01:46	--------	d-----w-	c:\program files\Uniblue
2009-11-05 22:40 . 2009-11-05 22:41	--------	d-----w-	C:\$WIN_NT$.~BT
2009-11-05 14:40 . 2009-11-05 14:40	--------	d-----w-	c:\program files\iPod
2009-11-05 14:40 . 2009-11-05 14:42	--------	d-----w-	c:\program files\iTunes
2009-11-05 14:34 . 2009-11-05 14:34	79144	----a-w-	c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-02 14:19 . 2009-10-21 13:57	2025752	----a-w-	c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
2009-10-29 01:16 . 2009-10-29 01:19	--------	d-----w-	c:\documents and settings\All Users\Application Data\avg9
2009-10-29 01:08 . 2009-10-20 19:57	3767064	----a-w-	c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
2009-10-25 20:37 . 2009-10-25 20:37	--------	d-----w-	c:\documents and settings\Ron Cusano\Local Settings\Application Data\Threat Expert
2009-10-25 20:05 . 2009-10-08 15:31	149456	----a-w-	c:\windows\SGDetectionTool.dll
2009-10-25 20:05 . 2009-10-08 15:31	767952	----a-w-	c:\windows\BDTSupport.dll
2009-10-25 20:05 . 2008-11-26 16:08	131	----a-w-	c:\windows\IDB.zip
2009-10-25 20:05 . 2009-10-08 15:31	165840	----a-w-	c:\windows\PCTBDRes.dll
2009-10-25 20:05 . 2009-10-08 15:31	1636304	----a-w-	c:\windows\PCTBDCore.dll
2009-10-25 20:05 . 2009-10-02 18:19	1152470	----a-w-	c:\windows\UDB.zip
2009-10-19 21:40 . 2009-05-18 18:17	26600	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-19 21:40 . 2008-04-17 17:12	107368	----a-w-	c:\windows\system32\GEARAspi.dll
2009-10-19 21:38 . 2009-10-19 21:40	--------	d-----w-	c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-19 21:34 . 2009-11-05 14:40	--------	d-----w-	c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-19 21:32 . 2009-10-19 21:40	--------	dc----w-	c:\windows\system32\DRVSTORE
2009-10-19 21:31 . 2009-11-05 14:40	--------	d-----w-	c:\program files\Common Files\Apple
2009-10-19 21:04 . 2009-10-19 21:04	--------	d-----w-	c:\documents and settings\All Users\Application Data\153E
2009-10-19 21:02 . 2009-10-19 21:54	--------	d-----w-	c:\documents and settings\Ron Cusano\Local Settings\Application Data\BearShare
2009-10-19 21:02 . 2009-10-19 21:02	--------	d-----w-	c:\program files\BearShare Applications
2009-10-19 19:31 . 2009-10-19 19:31	--------	d-----w-	c:\documents and settings\All Users\Application Data\BFA
2009-10-19 19:30 . 2009-10-19 19:30	--------	d-----w-	c:\documents and settings\Ron Cusano\Application Data\BearShareTb
2009-10-19 19:30 . 2009-10-19 19:30	--------	d-----w-	c:\program files\BearShareTb
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-06 02:43 . 2009-04-23 14:57	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2009-11-06 02:43 . 2009-04-23 14:57	--------	d-----w-	c:\program files\Spyware Doctor
2009-11-05 21:08 . 2009-04-24 19:34	7159	----a-w-	c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys
2009-11-05 19:13 . 2009-04-23 19:51	--------	d-----w-	c:\program files\Citrix
2009-11-05 14:34 . 2009-04-24 20:51	--------	d-----w-	c:\program files\32BITEMB
2009-11-03 15:24 . 2009-04-23 18:32	--------	d-----w-	c:\program files\e-Sword
2009-11-01 00:34 . 2009-04-23 18:46	--------	d-----w-	c:\program files\Advanced Email Extractor PRO
2009-10-29 01:16 . 2009-08-20 15:52	--------	d-----w-	c:\program files\AVG
2009-10-24 14:38 . 2009-04-23 19:00	1901	----a-w-	c:\windows\panose.bin
2009-10-20 17:59 . 2009-08-31 01:29	--------	d-----w-	c:\program files\RegCure
2009-10-19 21:40 . 2009-05-01 12:35	--------	d-----w-	c:\documents and settings\Ron Cusano\Application Data\Apple Computer
2009-10-19 21:38 . 2009-04-24 14:15	--------	d-----w-	c:\program files\Bonjour
2009-10-19 21:36 . 2009-04-24 14:23	--------	d-----w-	c:\program files\QuickTime
2009-10-16 03:21 . 2009-04-23 20:03	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-14 22:21 . 2009-07-15 01:04	--------	d-----w-	c:\documents and settings\Ron Cusano\Application Data\IObit
2009-10-14 22:21 . 2009-09-24 20:52	--------	d-----w-	c:\program files\Common Files\Akamai
2009-10-06 20:31 . 2009-04-23 14:57	87784	----a-w-	c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-30 16:09 . 2009-04-24 14:38	--------	d-----w-	c:\documents and settings\All Users\Application Data\FLEXnet
2009-09-24 12:55 . 2009-04-23 14:57	229304	----a-w-	c:\windows\system32\drivers\pctgntdi.sys
2009-09-23 20:10 . 2009-04-23 14:57	207280	----a-w-	c:\windows\system32\drivers\PCTCore.sys
2009-09-23 11:24 . 2009-04-25 00:50	195848	----a-w-	c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe
2009-09-23 11:24 . 2009-04-25 00:50	1010440	----a-w-	c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe
2009-09-22 15:18 . 2009-09-22 15:10	--------	d-----w-	c:\documents and settings\Ron Cusano\Application Data\iMeshMediabarTb
2009-09-22 15:11 . 2009-09-22 15:11	--------	d-----w-	c:\documents and settings\All Users\Application Data\033C
2009-09-22 15:10 . 2009-09-22 15:10	--------	d-----w-	c:\program files\iMeshMediabarTb
2009-09-22 14:50 . 2009-04-28 23:51	--------	d-----w-	c:\documents and settings\Ron Cusano\Application Data\LimeWire
2009-09-17 02:53 . 2009-09-17 02:53	--------	d-----w-	c:\documents and settings\All Users\Application Data\Citrix
2009-09-17 02:15 . 2009-04-23 19:51	108920	----a-w-	c:\documents and settings\Ron Cusano\g2ax_customer_downloadhelper_win32_x86.exe
2009-09-16 07:20 . 2009-09-01 12:56	7383	----a-w-	c:\windows\system32\drivers\pctcore.cat
2009-09-15 10:20 . 2009-10-25 20:00	7383	----a-w-	c:\windows\system32\drivers\pctplsg.cat
2009-09-15 06:12 . 2009-10-25 20:01	7412	----a-w-	c:\windows\system32\drivers\PCTAppEvent.cat
2009-09-15 05:01 . 2009-10-25 20:01	7387	----a-w-	c:\windows\system32\drivers\pctgntdi.cat
2009-09-11 18:12 . 2009-04-28 23:50	--------	d-----w-	c:\program files\LimeWire
2009-09-11 14:18 . 2008-04-25 16:16	136192	----a-w-	c:\windows\system32\msv1_0.dll
2009-09-10 12:40 . 2009-04-14 21:23	--------	d-----w-	c:\program files\Microsoft Silverlight
2009-09-04 21:03 . 2008-04-25 16:16	58880	----a-w-	c:\windows\system32\msasn1.dll
2009-09-03 13:45 . 2009-04-23 14:57	70408	----a-w-	c:\windows\system32\drivers\pctplsg.sys
2009-08-29 08:08 . 2008-04-25 16:16	916480	----a-w-	c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2008-04-25 16:16	247326	----a-w-	c:\windows\system32\strmdll.dll
2009-08-20 16:06 . 2009-08-20 16:06	20	----a-w-	c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IETOOLBAR.DLL
2009-08-20 15:52 . 2009-08-20 15:52	12552	----a-w-	c:\windows\system32\drivers\avgrkx86.sys
2009-08-20 15:52 . 2009-08-20 15:52	11952	----a-w-	c:\windows\system32\avgrsstx.dll
2009-08-20 15:52 . 2009-08-20 15:52	108552	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2009-08-20 15:52 . 2009-08-20 15:52	335240	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2009-08-20 15:52 . 2009-08-20 15:52	27784	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2009-08-20 15:52 . 2009-08-20 15:52	50968	----a-w-	c:\windows\system32\avgfwdx.dll
2009-08-20 15:52 . 2009-08-20 15:52	29208	----a-w-	c:\windows\system32\drivers\avgfwdx.sys
2009-08-18 03:33 . 2009-08-18 03:33	1193832	----a-w-	c:\windows\system32\FM20.DLL
2009-08-17 16:55 . 2009-08-17 16:55	24859	----a-w-	c:\documents and settings\All Users\Application Data\tmp817.tmp
2009-08-12 13:02 . 2009-08-12 13:02	850736	----a-w-	c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\dblgen11.dll
2009-08-12 13:02 . 2009-08-12 13:02	787760	----a-w-	c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblgen10.dll
2009-08-12 13:02 . 2009-08-12 13:02	763184	----a-w-	c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblib10.dll
2009-08-12 13:02 . 2009-08-12 13:02	570672	----a-w-	c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlhttps10.dll
2009-08-12 13:02 . 2009-08-12 13:02	496944	----a-w-	c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlrsa10.dll
2009-08-12 13:02 . 2009-08-12 13:02	423216	----a-w-	c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbmlsync.exe
2009-08-12 13:02 . 2009-08-12 13:02	394544	----a-w-	c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbcon10.dll
2009-08-12 13:02 . 2009-08-12 13:02	296240	----a-w-	c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlsock10.dll
2009-08-12 13:02 . 2009-08-12 13:02	263472	----a-w-	c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlcrsa10.dll
2009-08-12 13:02 . 2009-08-12 13:02	2151728	----a-w-	c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\iAnywhere.Data.SQLAnywhere.dll
2009-08-12 13:02 . 2009-08-12 13:02	1152304	----a-w-	c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbtool10.dll
.
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
 
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-08-10 14:06	91576	----a-w-	c:\program files\BearShareTb\BearShareDx.dll
 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 16:58	1107200	----a-w-	c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]
2009-07-31 11:58	91568	----a-w-	c:\program files\iMeshMediabarTb\iMeshMediaBarDx.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
"{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\program files\iMeshMediabarTb\iMeshMediaBarDx.dll" [2009-07-31 91568]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\program files\BearShareTb\BearShareDx.dll" [2009-08-10 91576]
"{472734EA-242A-422B-ADF8-83D1E48CC825}"= "c:\program files\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216]
 
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
 
[HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]
 
[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]
 
[HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar]
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
 
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-01-09 20:13	583312	----a-r-	c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-01-09 20:13	583312	----a-r-	c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-01-09 20:13	583312	----a-r-	c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-23 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-13 2000112]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"UniblueRegistryBooster"="c:\program files\Uniblue\RegistryBooster 2010\launcher.exe" [2009-09-29 59184]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-14 136600]
"8169Diag"="c:\program files\Realtek\Diagnostics Utility\8169Diag.exe" [2008-02-26 909312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-01-09 669840]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-02 2028312]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-08-18 16806912]
 
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-23 108544]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-7-16 984352]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-6-10 525640]
 
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21	548352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-20 15:52	11952	----a-w-	c:\windows\system32\avgrsstx.dll
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
 
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [8/20/2009 10:52 AM 12552]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [4/23/2009 9:57 AM 207280]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/20/2009 10:52 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/20/2009 10:52 AM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 9:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 74480]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/20/2009 10:52 AM 297752]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [10/25/2009 3:05 PM 112592]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [12/14/2009 8:49 PM 305936]
R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [4/14/2009 4:18 PM 8960]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [8/20/2009 10:52 AM 29208]
R3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [4/14/2009 4:18 PM 11264]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 7408]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/25/2008 11:16 AM 14336]
S2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [8/20/2009 10:52 AM 1370488]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [8/20/2009 10:52 AM 29208]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [4/14/2009 4:18 PM 16640]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [4/23/2009 9:57 AM 358600]
 
--- Other Services/Drivers In Memory ---
 
*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*NewlyCreated* - SASDIFSV
*NewlyCreated* - SASENUM
*NewlyCreated* - SASKUTIL
*Deregistered* - mbr
*Deregistered* - PCTSDInjDriver32
*Deregistered* - PROCEXP113
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Contents of the 'Scheduled Tasks' folder
 
2009-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
 
2009-11-05 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 19:46]
 
2009-11-06 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 19:46]
 
2009-11-05 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 19:46]
.
.
------- Supplementary Scan -------
.
mSearch Bar = 
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Advanced Email Extractor - c:\program%20files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Scan link with AEE - c:\program%20files\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/link.html
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
.
- - - - ORPHANS REMOVED - - - -
 
URLSearchHooks-*{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
Toolbar-{E0948440-9FA1-470C-8836-47EC22E1BDEC} - (no file)
WebBrowser-{E0948440-9FA1-470C-8836-47EC22E1BDEC} - (no file)
AddRemove-b2042970-346c-4a6c-1340-b21efabc83cd - c:\windows\system32\b2042970-346c-4a6c-1340-b21efabc83cd.exe
 
 
 
**************************************************************************
 
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-05 21:57
Windows 5.1.2600 Service Pack 3 NTFS
 
scanning hidden processes ...  
 
scanning hidden autostart entries ... 
 
scanning hidden files ...  
 
scan completed successfully
hidden files: 0
 
**************************************************************************
 
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3586.dll"
 
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3586.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
 
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d6,87,65,91,bc,33,b2,42,ac,1f,bb,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d6,87,65,91,bc,33,b2,42,ac,1f,bb,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
 
- - - - - - - > 'winlogon.exe'(1096)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-11-06 21:59
ComboFix-quarantined-files.txt  2009-11-06 02:59
 
Pre-Run: 432,434,638,848 bytes free
Post-Run: 433,085,960,192 bytes free
 
- - End Of File - - C0BAD6E8447FA6E4021A39592633FD14

1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:
180:
181:
182:
183:
184:
185:
186:
187:
188:
189:
190:
191:
192:
193:
194:
195:
196:
197:
198:
199:
200:
201:
202:
203:
204:
205:
206:
207:
208:
209:
210:
211:
212:
213:
214:
215:
216:
217:
218:
219:
220:
221:
222:
223:
224:
225:
226:
227:
228:
229:
230:
231:
232:
233:
234:
235:
236:
237:
238:
239:
240:
241:
242:
243:
244:
245:
246:
247:
248:
249:
250:
251:
252:
253:
254:
255:
256:
257:
258:
259:
260:
261:
262:
263:
264:
265:
266:
267:
268:
269:
270:
271:
272:
273:
274:
275:
276:
277:
278:
279:
280:
281:
282:
283:
284:
285:
286:
287:
288:
289:
290:
291:
292:
293:
294:
295:
296:
297:
298:
299:
300:
301:
302:
303:
304:
305:
306:
307:
308:
309:
310:
311:
312:
313:
314:
315:
316:
317:
318:
319:
320:
321:
322:
323:
324:
325:
326:
327:
328:
329:
330:
331:
332:
333:
334:
335:
336:
337:
338:
339:
340:
341:
342:
343:
344:
345:
346:
347:
348:
349:
350:
351:
352:
353:
354:
355:
356:
357:
358:
359:
360:
361:
362:
363:
364:
365:

Select all Open in new window

Question

Highjackthis Log - Major issues on computer

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

virus - highjackthis

HijackThis Software

Anti-Spyware

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Need individual assistance?

Our experts are ready to help.

Want to learn from the best?

Read articles from industry experts.

Working on a long term project?

Store your work and research.

What Makes Experts Exchange Unique?

Trusted by the world's most respected brands.

Faithfully serving IT professionals since 1996.

Related Solutions

Free Tech Articles

Cloud Class Webinars

Join the Community

Give a Little. Get a Lot.

Answers

3 Ways to Join

The Experts

The Experts

Testimonials

Testimonials

Testimonials

Business Clients

Business Clients

In the Press

In the Press

In the Press