CPU at 100%

My CPU operates at 100% so frequently that I need to run Combofix daily just to get the usage back to the typical 10 - 20%. The computer grinds to a crawl whenever this happens. I originally thought it was a virus, then later thought it was AVG hanging up. Neither was correct. I now think some program or process goes into overdrive for whatever reason. Ive tried may different things to determine what it is is, but I can't figure it out. I have included the combofix report only because it is the only thing that stops it, so perhaps it will tell you something. Any help would be appreciated, I would hate to have to buy a new computer and the dreaded Vista.

 

What are your computer specs?
What programs are starting on bootup?
Any background scans running?
If using Spybot S&D, do you have Tea Timer on?

 

hrlow2 asks a bunch of good questions....

But.... what happened to the elusive ComboFix report?

:confused

 

Dell Dimension 4600 running XP, 2.59 ghz, 2 Gig RAM.

Looking at CCleaner, I have programs running at start up, but I have eliminated most of the ones that I knew I could. The rest are AVG, system, printers, etc. If there is a way to copy a list of them somewhere let me know how to do it.
I don't use tea timer and no back ground scans are running, at least as far as I know. Here is the latest combofix log:

ComboFix 09-05-17.03 - Gary L. Jones 05/17/2009 20:52.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1353 [GMT -4:00]
Running from: c:\documents and settings\Gary L. Jones\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\NPROTECT\00002138.
c:\recycler\NPROTECT\00002157.
c:\recycler\NPROTECT\00002163.
c:\recycler\NPROTECT\00003236.
c:\recycler\NPROTECT\00003237.
c:\recycler\NPROTECT\00003238.
c:\recycler\NPROTECT\00003239.
c:\recycler\NPROTECT\00003240.
c:\recycler\NPROTECT\00003241.
c:\recycler\NPROTECT\00003333.
c:\recycler\NPROTECT\00003370.
c:\recycler\NPROTECT\00003563.
c:\recycler\NPROTECT\00003565.
c:\recycler\NPROTECT\00003752.
c:\recycler\NPROTECT\00003761.pump
c:\recycler\NPROTECT\00003978.
c:\recycler\NPROTECT\00003985.
c:\recycler\NPROTECT\00004000.
c:\recycler\NPROTECT\00004004.
c:\recycler\NPROTECT\00004026.
c:\recycler\NPROTECT\00004168.
c:\recycler\NPROTECT\00004255.
c:\recycler\NPROTECT\00004258.
c:\recycler\NPROTECT\00004259.
c:\recycler\NPROTECT\00004260.
c:\recycler\NPROTECT\00004261.
c:\recycler\NPROTECT\00004262.
c:\recycler\NPROTECT\00004263.
c:\recycler\NPROTECT\00004264.
c:\recycler\NPROTECT\00004265.
c:\recycler\NPROTECT\00004775.
c:\recycler\NPROTECT\00004782.
c:\recycler\NPROTECT\00004802.
c:\recycler\NPROTECT\00012686.
c:\recycler\NPROTECT\00024218.
c:\recycler\NPROTECT\00032172.
c:\recycler\NPROTECT\00032183.
c:\recycler\NPROTECT\00032184.
c:\recycler\NPROTECT\00032480.
c:\recycler\NPROTECT\00032482.
c:\recycler\NPROTECT\00032483.
c:\recycler\NPROTECT\00032484.
c:\recycler\NPROTECT\00032485.
c:\recycler\NPROTECT\00032486.
c:\recycler\NPROTECT\00032487.
c:\recycler\NPROTECT\00032488.
c:\recycler\NPROTECT\00032489.
c:\recycler\NPROTECT\00032490.
c:\recycler\NPROTECT\00032491.
c:\recycler\NPROTECT\00032492.
c:\recycler\NPROTECT\00032493.
c:\recycler\NPROTECT\00032494.
c:\recycler\NPROTECT\00032495.
c:\recycler\NPROTECT\00032498.
c:\recycler\NPROTECT\00032499.
c:\recycler\NPROTECT\00032560.
c:\recycler\NPROTECT\00032568.
c:\recycler\NPROTECT\00032625.
c:\recycler\NPROTECT\00032630.
c:\recycler\NPROTECT\00032692.
c:\recycler\NPROTECT\00032960.
c:\recycler\NPROTECT\00033032.
c:\recycler\NPROTECT\00033033.
c:\recycler\NPROTECT\00033046.
c:\recycler\NPROTECT\00033086.
c:\recycler\NPROTECT\00033152.
c:\recycler\NPROTECT\00055860.
c:\recycler\NPROTECT\00055885.
c:\recycler\NPROTECT\00055904.
c:\recycler\NPROTECT\00055910.
c:\recycler\NPROTECT\00059298.
c:\recycler\NPROTECT\00059318.
c:\recycler\NPROTECT\00059439.
c:\recycler\NPROTECT\00059523.
c:\recycler\NPROTECT\00059560.
c:\recycler\NPROTECT\00059768.
c:\recycler\NPROTECT\00059770.
c:\recycler\NPROTECT\00059957.
c:\recycler\NPROTECT\00059966.pump
c:\recycler\NPROTECT\00060182.
c:\recycler\NPROTECT\00060189.
c:\recycler\NPROTECT\00060204.
c:\recycler\NPROTECT\00060208.
c:\recycler\NPROTECT\00060230.
c:\recycler\NPROTECT\00060374.
c:\recycler\NPROTECT\00060886.
c:\recycler\NPROTECT\00060892.
c:\recycler\NPROTECT\00060901.
c:\recycler\NPROTECT\00060914.

----- BITS: Possible infected sites -----

hxxp://download.linksys.com
.
((((((((((((((((((((((((( Files Created from 2009-04-18 to 2009-05-18 )))))))))))))))))))))))))))))))
.

2009-05-13 02:07 . 2009-05-13 02:07 11952 -c--a-w c:\windows\system32\avgrsstx.dll
2009-05-13 02:07 . 2009-05-13 02:07 108552 -c--a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-13 02:07 . 2009-05-13 02:07 325896 -c--a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-13 02:07 . 2009-05-17 21:36 -------- dc----w c:\windows\system32\drivers\Avg
2009-05-13 02:06 . 2009-05-13 02:06 -------- dc----w c:\documents and settings\All Users\Application Data\avg8
2009-05-06 03:52 . 2009-05-06 03:52 1340797 -c--a-w C:\MGtools.exe
2009-05-04 02:45 . 2009-05-04 02:46 -------- dc----w c:\program files\ACT
2009-05-03 18:28 . 2009-05-03 18:28 -------- dc----w c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-21 21:53 . 2007-05-25 14:56 -------- dc----w c:\program files\Verizon
2009-05-12 23:37 . 2005-06-02 12:54 -------- dc----w c:\program files\Mozilla Thunderbird
2009-05-12 19:49 . 2008-09-30 00:33 -------- dc----w c:\program files\CCleaner
2009-05-08 23:46 . 2008-11-02 23:06 256 -c--a-w c:\windows\system32\pool.bin
2009-05-06 05:48 . 2008-11-30 17:08 -------- dc----w c:\program files\SUPERAntiSpyware
2009-04-29 01:48 . 2006-05-04 18:36 -------- dc----w c:\program files\Palm
2009-04-25 21:37 . 2008-09-12 19:58 848 -csha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-04-25 16:39 . 2009-03-09 22:16 64160 -c--a-w c:\windows\system32\drivers\Lbd.sys
2009-04-24 21:35 . 2005-04-01 03:08 -------- dc----w c:\program files\GCCalc
2009-04-18 17:23 . 2007-05-25 15:14 -------- dc----w c:\program files\Common Files\Motive
2009-04-15 04:32 . 2004-01-30 06:53 150928 -c--a-w c:\documents and settings\Gary L. Jones\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-15 04:30 . 2009-02-05 00:26 -------- dc----w c:\program files\Common Files\AnswerWorks 5.0
2009-04-15 04:26 . 2007-03-04 20:11 -------- dc----w c:\program files\Common Files\Intuit
2009-04-15 04:21 . 2007-03-04 20:09 -------- dc----w c:\program files\TurboTax
2009-04-14 14:39 . 2008-12-01 16:48 -------- dc----w c:\program files\Malwarebytes' Anti-Malware
2009-04-13 12:18 . 2009-02-12 01:01 75739 -c--a-w C:\gccalcbu.zip
2009-04-09 06:12 . 2008-04-21 04:12 -------- dc----w c:\program files\7-Zip
2009-04-06 20:53 . 2009-04-06 20:53 -------- dc----w c:\program files\iTunes
2009-04-06 20:53 . 2009-04-06 20:53 -------- dc----w c:\program files\iPod
2009-04-06 20:52 . 2007-07-01 00:44 -------- dc----w c:\program files\Common Files\Apple
2009-04-06 19:32 . 2008-12-01 16:48 38496 -c--a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2008-12-01 16:48 15504 -c--a-w c:\windows\system32\drivers\mbam.sys
2009-04-01 11:18 . 2004-01-16 11:17 -------- dc----w c:\program files\Java
2009-03-29 15:39 . 2004-11-07 00:12 -------- dc----w c:\program files\LimeWire
2009-03-20 15:14 . 2007-10-20 04:05 -------- dc----w c:\program files\Common Files\Logitech
2009-03-19 20:32 . 2008-01-29 16:01 23400 -c--a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-09 22:16 . 2009-03-28 18:11 15688 -c--a-w c:\windows\system32\lsdelete.exe
2009-03-09 09:19 . 2008-11-30 04:42 410984 -c--a-w c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2003-07-16 20:41 284160 -c--a-w c:\windows\system32\pdh.dll
2009-03-06 03:59 . 2009-03-16 13:14 1900544 -c--a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 03:59 . 2007-09-08 23:47 36864 -c--a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-03 00:18 . 2004-02-06 23:05 826368 -c--a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 07:56 78336 -c--a-w c:\windows\system32\ieencode.dll
2002-02-06 13:47 . 2004-02-25 20:37 270336 -c--a-w c:\program files\cdintf.dll
2002-01-30 16:50 . 2004-02-25 20:37 81024 -c--a-w c:\program files\acfpdf16.drv
2002-01-30 16:50 . 2004-02-25 20:37 45056 -c--a-w c:\program files\FllIntf.fll
2002-01-30 16:50 . 2004-02-25 20:37 61 -c--a-w c:\program files\acfpdf.txt
2002-01-30 16:50 . 2004-02-25 20:37 43272 -c--a-w c:\program files\acfpdfui.dll
2002-01-30 16:50 . 2004-02-25 20:37 18704 -c--a-w c:\program files\pdfmon.dll
2002-01-30 16:50 . 2004-02-25 20:37 180592 -c--a-w c:\program files\acfpdf.drv
2002-01-30 16:50 . 2004-02-25 20:37 137380 -c--a-w c:\program files\acfpdf.dll
2001-05-10 15:04 . 2004-02-25 20:37 162304 -c--a-w c:\program files\UNWISE.EXE
.

((((((((((((((((((((((((((((( SnapShot@2009-05-06_14.18.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-18 00:45 . 2009-05-18 00:45 16384 c:\windows\Temp\Perflib_Perfdata_a6c.dat
+ 2009-05-18 00:45 . 2009-05-18 00:45 16384 c:\windows\Temp\Perflib_Perfdata_888.dat
+ 2008-11-23 18:54 . 2009-05-07 03:28 84661 c:\windows\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
- 2008-11-23 18:54 . 2008-11-23 18:54 84661 c:\windows\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
- 2008-02-09 16:08 . 2009-05-02 13:57 27784 c:\windows\SYSTEM32\DRIVERS\avgmfx86.sys
+ 2009-05-13 02:07 . 2009-05-13 02:07 27784 c:\windows\SYSTEM32\DRIVERS\avgmfx86.sys
+ 2008-02-13 22:42 . 2009-05-12 21:03 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-02-13 22:42 . 2009-04-29 11:35 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-02-13 22:42 . 2009-04-29 11:35 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-02-13 22:42 . 2009-05-12 21:03 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-02-13 22:42 . 2009-05-12 21:03 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-02-13 22:42 . 2009-04-29 11:35 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-05-12 21:03 . 2009-05-12 21:03 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2009-04-17 04:17 . 2009-04-17 04:17 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2006-10-27 01:07 . 2006-10-27 01:07 17680 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\PXBPROXY.DLL
+ 2009-03-20 21:15 . 2008-03-04 21:58 77312 c:\windows\DEVCON.EXE
- 2008-12-10 21:36 . 2008-03-04 21:58 77312 c:\windows\DEVCON.EXE
+ 2009-02-03 02:15 . 2009-02-03 02:15 240544 c:\windows\SYSTEM32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2008-02-13 22:42 . 2009-04-29 11:35 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-02-13 22:42 . 2009-05-12 21:03 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-02-13 22:42 . 2009-04-29 11:35 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-02-13 22:42 . 2009-05-12 21:03 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-02-13 22:42 . 2009-05-12 21:03 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2008-02-13 22:42 . 2009-04-29 11:35 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2008-02-13 22:42 . 2009-04-29 11:35 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-02-13 22:42 . 2009-05-12 21:03 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2008-02-13 22:42 . 2009-04-29 11:35 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2008-02-13 22:42 . 2009-05-12 21:03 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2009-05-12 21:03 . 2009-05-12 21:03 350064 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2009-02-03 02:15 . 2009-02-03 02:15 3771296 c:\windows\SYSTEM32\Macromed\Flash\NPSWF32.dll
+ 2008-02-13 22:42 . 2009-05-12 21:03 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-02-13 22:42 . 2009-04-29 11:35 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-02-13 22:42 . 2009-04-29 11:35 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-02-13 22:42 . 2009-05-12 21:03 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2005-05-11 14:06 . 2009-05-07 07:16 24699336 c:\windows\SYSTEM32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-03-10 1553920]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2007-04-11 26704]
"lxdomon.exe"="c:\program files\Lexmark 9500 Series\lxdomon.exe" [2008-01-02 455336]
"lxdoamon"="c:\program files\Lexmark 9500 Series\lxdoamon.exe" [2008-01-02 25256]
"Lexmark 9500 Series Fax Server"="c:\program files\Lexmark 9500 Series\fm3032.exe" [2008-01-02 311976]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-28 185896]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-13 1947928]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

c:\documents and settings\Gary L. Jones\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2002-8-9 299008]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-100000000002}\SC_Acrobat.exe [2006-5-16 25214]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NosecurityTab"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NosecurityTab"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-07 15:18 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42 72208 ----a-w c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-13 02:07 11952 -c--a-w c:\windows\SYSTEM32\avgrsstx.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=c:\windows\pss\Billminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=c:\windows\pss\Quicken Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Gary L. Jones^Start Menu^Programs^Startup^Iomega Product Registration.lnk]
path=c:\documents and settings\Gary L. Jones\Start Menu\Programs\Startup\Iomega Product Registration.lnk
backup=c:\windows\pss\Iomega Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE c:\windows\System32\NvCpl.dll,NvStartup
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"UpdReg"=c:\windows\UpdReg.EXE
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\SYSTEM32\\java.exe"=
"c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxdocoms.exe"=
"c:\\Program Files\\Lexmark 9500 Series\\lxdomon.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxdocfg.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdopswx.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdotime.exe"=
"c:\\Program Files\\Lexmark 9500 Series\\lxdoFax.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdojswx.exe"=
"c:\\Program Files\\Lexmark 9500 Series\\frun.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Acrobat\\Acrobat.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdowbgw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"67:UDP"= 67:UDPHCP Discovery Service

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [3/9/2009 6:16 PM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [5/12/2009 10:07 PM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [5/12/2009 10:07 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/17/2008 4:11 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/17/2008 4:11 PM 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [5/12/2009 10:07 PM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/12/2009 10:06 PM 298776]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]
R2 lxdo_device;lxdo_device;c:\windows\system32\lxdocoms.exe -service --> c:\windows\system32\lxdocoms.exe -service [?]
R2 lxdoCATSCustConnectService;lxdoCATSCustConnectService;c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdoserv.exe [2/8/2009 3:15 PM 98984]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 11:31 PM 29263712]
R3 dsdd;dsdd;c:\windows\SYSTEM32\DRIVERS\dsvideo.sys [4/9/2004 9:52 AM 2111]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 953168]
S3 brfilt;Brother MFC Filter Driver;c:\windows\SYSTEM32\DRIVERS\BrFilt.sys [1/30/2004 3:04 AM 2944]
S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\SYSTEM32\DRIVERS\BrParImg.sys [1/30/2004 3:04 AM 3168]
S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\SYSTEM32\DRIVERS\BrParwdm.sys [1/30/2004 3:04 AM 39552]
S3 BrSerWDM;Brother Serial driver;c:\windows\SYSTEM32\DRIVERS\brserwdm.sys [8/17/2004 4:07 PM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\SYSTEM32\DRIVERS\BrUsbMdm.sys [8/17/2004 4:58 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\SYSTEM32\DRIVERS\BrUsbScn.sys [8/17/2004 4:58 PM 10368]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\SYSTEM32\DRIVERS\gan_adapter.sys [10/19/2006 11:11 AM 10664]
S3 RioS10;RioS10 driver;c:\windows\SYSTEM32\DRIVERS\RioS10.sys [9/7/2004 10:59 PM 12661]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/17/2008 4:11 PM 7408]
UnknownUnknown dsload;dsload; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-04-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 16:38]

2009-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-05-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-25 02:49]
.
.
------- Supplementary Scan -------
.
uStart Page = https://webmail.g-c.com/owa/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/forgotPassword.asp?close=true&RW=1
uInternet Settings,ProxyOverride = *.local
IE: Clear Fields - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Enqueue current page with Bulk Image Downloader - file://c:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link target with Bulk Image Downloader - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Open current page with Bulk Image Downloader - file://c:\program files\Bulk Image Downloader\iemenu\iebid.htm
IE: Open link target with Bulk Image Downloader - file://c:\program files\Bulk Image Downloader\iemenu\iebidlink.htm
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: aol.com\free
Trusted Zone: turbotax.com
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB
DPF: {9723C9A8-7B0B-4479-BDC4-6B6D3F5D9079} - hxxps://gcmagic.g-c.com:4443/imtapp/res/jar/instctrl.dll
FF - ProfilePath - c:\documents and settings\Gary L. Jones\Application Data\Mozilla\Firefox\Profiles\dqsyo0y9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - component: c:\documents and settings\Gary L. Jones\Application Data\Mozilla\Firefox\Profiles\dqsyo0y9.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMCult3DP.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\windows\system32\Cult3D\NPMCult3DP.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 20:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2009-05-18 21:00
ComboFix-quarantined-files.txt 2009-05-18 00:59
ComboFix2.txt 2009-05-17 22:20
ComboFix3.txt 2009-05-12 20:11
ComboFix4.txt 2009-05-11 03:26
ComboFix5.txt 2009-05-18 00:51

Pre-Run: 9,224,617,984 bytes free
Post-Run: 9,199,443,968 bytes free

408 --- E O F --- 2009-05-12 21:03

 

Shut down the computer for a few days, started it back up tonight. Happened again - CPU at 100%. Ran combofix and CPU went back to 10%. Here is today's log.


ComboFix 09-05-26.05 - Gary L. Jones 05/27/2009 22:24.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1248 [GMT -4:00]
Running from: c:\documents and settings\Gary L. Jones\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\NPROTECT\00002138.
c:\recycler\NPROTECT\00002157.
c:\recycler\NPROTECT\00002163.
c:\recycler\NPROTECT\00003236.
c:\recycler\NPROTECT\00003237.
c:\recycler\NPROTECT\00003238.
c:\recycler\NPROTECT\00003239.
c:\recycler\NPROTECT\00003240.
c:\recycler\NPROTECT\00003241.
c:\recycler\NPROTECT\00003333.
c:\recycler\NPROTECT\00003370.
c:\recycler\NPROTECT\00003563.
c:\recycler\NPROTECT\00003565.
c:\recycler\NPROTECT\00003752.
c:\recycler\NPROTECT\00003761.pump
c:\recycler\NPROTECT\00003978.
c:\recycler\NPROTECT\00003985.
c:\recycler\NPROTECT\00004000.
c:\recycler\NPROTECT\00004004.
c:\recycler\NPROTECT\00004026.
c:\recycler\NPROTECT\00004168.
c:\recycler\NPROTECT\00004255.
c:\recycler\NPROTECT\00004258.
c:\recycler\NPROTECT\00004259.
c:\recycler\NPROTECT\00004260.
c:\recycler\NPROTECT\00004261.
c:\recycler\NPROTECT\00004262.
c:\recycler\NPROTECT\00004263.
c:\recycler\NPROTECT\00004264.
c:\recycler\NPROTECT\00004265.
c:\recycler\NPROTECT\00004775.
c:\recycler\NPROTECT\00004782.
c:\recycler\NPROTECT\00004802.
c:\recycler\NPROTECT\00012686.
c:\recycler\NPROTECT\00024218.
c:\recycler\NPROTECT\00032172.
c:\recycler\NPROTECT\00032183.
c:\recycler\NPROTECT\00032184.
c:\recycler\NPROTECT\00032480.
c:\recycler\NPROTECT\00032482.
c:\recycler\NPROTECT\00032483.
c:\recycler\NPROTECT\00032484.
c:\recycler\NPROTECT\00032485.
c:\recycler\NPROTECT\00032486.
c:\recycler\NPROTECT\00032487.
c:\recycler\NPROTECT\00032488.
c:\recycler\NPROTECT\00032489.
c:\recycler\NPROTECT\00032490.
c:\recycler\NPROTECT\00032491.
c:\recycler\NPROTECT\00032492.
c:\recycler\NPROTECT\00032493.
c:\recycler\NPROTECT\00032494.
c:\recycler\NPROTECT\00032495.
c:\recycler\NPROTECT\00032498.
c:\recycler\NPROTECT\00032499.
c:\recycler\NPROTECT\00032560.
c:\recycler\NPROTECT\00032568.
c:\recycler\NPROTECT\00032625.
c:\recycler\NPROTECT\00032630.
c:\recycler\NPROTECT\00032692.
c:\recycler\NPROTECT\00032960.
c:\recycler\NPROTECT\00033032.
c:\recycler\NPROTECT\00033033.
c:\recycler\NPROTECT\00033046.
c:\recycler\NPROTECT\00033086.
c:\recycler\NPROTECT\00033152.
c:\recycler\NPROTECT\00055860.
c:\recycler\NPROTECT\00055885.
c:\recycler\NPROTECT\00055904.
c:\recycler\NPROTECT\00055910.
c:\recycler\NPROTECT\00059298.
c:\recycler\NPROTECT\00059318.
c:\recycler\NPROTECT\00059439.
c:\recycler\NPROTECT\00059523.
c:\recycler\NPROTECT\00059560.
c:\recycler\NPROTECT\00059768.
c:\recycler\NPROTECT\00059770.
c:\recycler\NPROTECT\00059957.
c:\recycler\NPROTECT\00059966.pump
c:\recycler\NPROTECT\00060182.
c:\recycler\NPROTECT\00060189.
c:\recycler\NPROTECT\00060204.
c:\recycler\NPROTECT\00060208.
c:\recycler\NPROTECT\00060230.
c:\recycler\NPROTECT\00060374.
c:\recycler\NPROTECT\00060886.
c:\recycler\NPROTECT\00060892.
c:\recycler\NPROTECT\00060901.
c:\recycler\NPROTECT\00060914.

----- BITS: Possible infected sites -----

hxxp://download.linksys.com
.
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-28 )))))))))))))))))))))))))))))))
.

2009-05-23 06:47 . 2009-05-23 06:48 -------- dc----w c:\program files\Image Grabber II
2009-05-23 06:08 . 2009-05-23 06:08 -------- dc----w c:\program files\GordoSoftware
2009-05-19 13:19 . 2009-05-13 02:07 2051864 -c--a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-19 13:19 . 2009-05-13 02:07 424472 -c--a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll
2009-05-19 13:19 . 2009-05-13 02:07 3288344 -c--a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-05-19 13:19 . 2009-05-13 02:07 354584 -c--a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-05-19 13:19 . 2009-05-13 02:07 177432 -c--a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll
2009-05-19 13:19 . 2009-05-13 02:06 312088 -c--a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll
2009-05-19 13:19 . 2009-05-13 02:07 486168 -c--a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-05-19 13:18 . 2009-05-13 02:07 1437464 -c--a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-05-19 13:18 . 2009-05-13 02:07 755992 -c--a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
2009-05-18 06:54 . 2009-05-26 07:57 -------- dc-h--w C:\$AVG8.VAULT$
2009-05-17 21:36 . 2009-05-13 02:07 3399960 -c--a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-05-17 21:36 . 2009-05-13 02:07 2302232 -c--a-w c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-05-13 02:07 . 2009-05-13 02:07 11952 -c--a-w c:\windows\system32\avgrsstx.dll
2009-05-13 02:07 . 2009-05-13 02:07 108552 -c--a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-13 02:07 . 2009-05-13 02:07 325896 -c--a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-13 02:07 . 2009-05-13 02:07 27784 -c--a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-13 02:07 . 2009-05-26 12:02 -------- dc----w c:\windows\system32\drivers\Avg
2009-05-13 02:06 . 2009-05-13 02:06 -------- dc----w c:\documents and settings\All Users\Application Data\avg8
2009-05-07 22:10 . 2009-05-07 22:10 29696 -c--a-r c:\documents and settings\Gary L. Jones\Application Data\Microsoft\Installer\{493CCEF3-B98C-4979-92F4-F848C365A82B}\IconF0CEFCC9.exe
2009-05-06 03:59 . 2009-05-06 03:59 57344 -c--a-w c:\documents and settings\Gary L. Jones\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-3dd22a75-n\Decora-SSE.dll
2009-05-06 03:59 . 2009-05-06 03:59 315392 -c--a-w c:\documents and settings\Gary L. Jones\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-10a06fbb-n\jogl.dll
2009-05-06 03:59 . 2009-05-06 03:59 24064 -c--a-w c:\documents and settings\Gary L. Jones\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-57c9ddf0-n\Decora-D3D.dll
2009-05-06 03:59 . 2009-05-06 03:59 20480 -c--a-w c:\documents and settings\Gary L. Jones\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-10a06fbb-n\jogl_awt.dll
2009-05-06 03:59 . 2009-05-06 03:59 114688 -c--a-w c:\documents and settings\Gary L. Jones\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-10a06fbb-n\jogl_cg.dll
2009-05-06 03:59 . 2009-05-06 03:59 499712 -c--a-w c:\documents and settings\Gary L. Jones\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-250690ce-n\msvcp71.dll
2009-05-06 03:59 . 2009-05-06 03:59 499712 -c--a-w c:\documents and settings\Gary L. Jones\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-250690ce-n\jmc.dll
2009-05-06 03:59 . 2009-05-06 03:59 348160 -c--a-w c:\documents and settings\Gary L. Jones\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-250690ce-n\msvcr71.dll
2009-05-06 03:59 . 2009-05-06 03:59 20480 -c--a-w c:\documents and settings\Gary L. Jones\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-6821cb04-n\gluegen-rt.dll
2009-05-06 03:52 . 2009-05-06 03:52 1340797 -c--a-w C:\MGtools.exe
2009-05-04 02:45 . 2009-05-04 02:46 -------- dc----w c:\program files\ACT
2009-05-03 18:28 . 2009-05-03 18:28 -------- dc----w c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-21 21:53 . 2007-05-25 14:56 -------- dc----w c:\program files\Verizon
2009-05-28 02:18 . 2005-06-02 12:54 -------- dc----w c:\program files\Mozilla Thunderbird
2009-05-28 01:24 . 2006-10-07 18:53 -------- dc----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-19 05:18 . 2004-01-31 16:24 -------- dc----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-18 20:12 . 2007-12-30 01:06 -------- dc----w c:\documents and settings\Gary L. Jones\Application Data\ZoomBrowser EX
2009-05-18 20:12 . 2007-12-29 22:48 -------- dc----w c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-05-12 21:03 . 2007-11-25 16:53 -------- dc----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-12 19:49 . 2008-09-30 00:33 -------- dc----w c:\program files\CCleaner
2009-05-08 23:46 . 2008-11-02 23:06 256 -c--a-w c:\windows\system32\pool.bin
2009-05-06 05:48 . 2009-03-27 22:02 117760 ----a-w c:\documents and settings\Gary L. Jones\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-06 05:48 . 2008-11-30 17:08 -------- dc----w c:\program files\SUPERAntiSpyware
2009-04-29 01:48 . 2006-05-04 18:36 -------- dc----w c:\program files\Palm
2009-04-27 21:39 . 2009-04-27 21:39 299352 -c--a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\threatwork.exe
2009-04-25 21:37 . 2008-09-12 19:58 848 -csha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-04-25 21:37 . 2008-09-12 19:58 848 -csha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-04-25 16:39 . 2009-04-25 16:39 25440 -c--a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\savapibridge.dll
2009-04-25 16:39 . 2009-04-25 16:39 15688 -c--a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe
2009-04-25 16:39 . 2009-04-25 16:39 165728 -c--a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavamessage.dll
2009-04-25 16:39 . 2009-04-25 16:39 343888 -c--a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavalicense.dll
2009-04-25 16:39 . 2009-04-25 16:39 289632 -c--a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\UpdateManager.dll
2009-04-25 16:39 . 2009-04-25 16:39 82784 -c--a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\ShellExt.dll
2009-04-25 16:39 . 2009-04-25 16:39 1629024 -c--a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll
2009-04-25 16:39 . 2009-04-25 16:39 212848 -c--a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll
2009-04-25 16:39 . 2009-04-25 16:39 40288 -c--a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll
2009-04-25 16:39 . 2009-04-25 16:39 64160 -c--a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys
2009-04-25 16:39 . 2009-03-09 22:16 64160 -c--a-w c:\windows\system32\drivers\Lbd.sys
2009-04-25 16:39 . 2009-04-25 16:39 632680 -c--a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll
2009-04-25 16:38 . 2009-04-25 16:38 539512 -c--a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2009-04-25 16:38 . 2009-04-25 16:38 552808 -c--a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2009-04-25 16:38 . 2009-04-25 16:38 2324808 -c--a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-04-25 16:38 . 2009-04-25 16:38 626000 -c--a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWWSC.exe
2009-04-25 16:38 . 2009-04-25 16:38 516440 -c--a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe
2009-04-25 16:38 . 2009-04-25 16:38 953168 -c--a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe
2009-04-24 21:35 . 2005-04-01 03:08 -------- dc----w c:\program files\GCCalc
2009-04-18 17:28 . 2007-05-25 15:15 -------- dc----w c:\documents and settings\All Users\Application Data\Motive
2009-04-18 17:23 . 2007-05-25 15:14 -------- dc----w c:\program files\Common Files\Motive
2009-04-15 04:32 . 2004-01-30 06:53 150928 -c--a-w c:\documents and settings\Gary L. Jones\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-15 04:30 . 2009-02-05 00:26 -------- dc----w c:\program files\Common Files\AnswerWorks 5.0
2009-04-15 04:26 . 2007-03-04 20:12 -------- dc----w c:\documents and settings\All Users\Application Data\Intuit
2009-04-15 04:26 . 2007-03-04 20:11 -------- dc----w c:\program files\Common Files\Intuit
2009-04-15 04:21 . 2007-03-04 20:09 -------- dc----w c:\program files\TurboTax
2009-04-14 14:39 . 2008-12-01 16:48 -------- dc----w c:\program files\Malwarebytes' Anti-Malware
2009-04-14 14:38 . 2008-12-08 05:17 2967799 -c--a-w c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-04-13 12:18 . 2009-02-12 01:01 75739 -c--a-w C:\gccalcbu.zip
2009-04-12 23:54 . 2009-04-16 03:37 954368 -c--a-w c:\documents and settings\Gary L. Jones\Application Data\Mozilla\Firefox\Profiles\dqsyo0y9.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-04-12 23:54 . 2009-04-16 03:37 71652 -c--a-w c:\documents and settings\Gary L. Jones\Application Data\Mozilla\Firefox\Profiles\dqsyo0y9.default\extensions\piclens@cooliris.com\libs\avutil-49.dll
2009-04-12 23:54 . 2009-04-16 03:37 103424 -c--a-w c:\documents and settings\Gary L. Jones\Application Data\Mozilla\Firefox\Profiles\dqsyo0y9.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-04-12 23:54 . 2009-04-16 03:37 4534272 -c--a-w c:\documents and settings\Gary L. Jones\Application Data\Mozilla\Firefox\Profiles\dqsyo0y9.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-04-12 23:54 . 2009-04-16 03:37 344064 -c--a-w c:\documents and settings\Gary L. Jones\Application Data\Mozilla\Firefox\Profiles\dqsyo0y9.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-04-12 23:54 . 2009-04-16 03:37 131868 -c--a-w c:\documents and settings\Gary L. Jones\Application Data\Mozilla\Firefox\Profiles\dqsyo0y9.default\extensions\piclens@cooliris.com\libs\avformat-52.dll
2009-04-12 23:54 . 2009-04-16 03:37 1161626 -c--a-w c:\documents and settings\Gary L. Jones\Application Data\Mozilla\Firefox\Profiles\dqsyo0y9.default\extensions\piclens@cooliris.com\libs\avcodec-51.dll
2009-04-12 23:54 . 2009-04-16 03:37 65536 -c--a-w c:\documents and settings\Gary L. Jones\Application Data\Mozilla\Firefox\Profiles\dqsyo0y9.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-04-09 06:12 . 2008-04-21 04:12 -------- dc----w c:\program files\7-Zip
2009-04-06 20:53 . 2009-04-06 20:53 -------- dc----w c:\program files\iTunes
2009-04-06 20:53 . 2009-04-06 20:53 -------- dc----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-06 20:53 . 2009-04-06 20:53 -------- dc----w c:\program files\iPod
2009-04-06 20:52 . 2007-07-01 00:44 -------- dc----w c:\program files\Common Files\Apple
2009-04-06 20:45 . 2009-04-06 20:45 75048 -c--a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-06 19:32 . 2008-12-01 16:48 38496 -c--a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2008-12-01 16:48 15504 -c--a-w c:\windows\system32\drivers\mbam.sys
2009-04-01 11:18 . 2004-01-16 11:17 -------- dc----w c:\program files\Java
2009-04-01 11:15 . 2009-04-01 11:15 152576 -c--a-w c:\documents and settings\Gary L. Jones\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-31 19:52 . 2009-02-10 03:55 -------- dc----w c:\documents and settings\All Users\Application Data\LxThumbs
2009-03-29 15:39 . 2004-11-07 00:12 -------- dc----w c:\program files\LimeWire
2009-03-19 20:32 . 2009-03-19 20:32 23400 -c--a-w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 20:32 . 2008-01-29 16:01 23400 -c--a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-13 18:22 . 2009-03-13 18:22 152576 -c--a-w c:\documents and settings\Gary L. Jones\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-03-09 22:16 . 2009-03-28 18:11 15688 -c--a-w c:\windows\system32\lsdelete.exe
2009-03-09 22:14 . 2009-03-09 22:14 69664 -c--a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\64\lbd.sys
2009-03-09 22:14 . 2009-03-09 22:14 274792 -c--a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\64\AAWDriverTool.exe
2009-03-09 22:14 . 2009-03-09 22:14 73064 -c--a-w c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\AAWDriverTool.exe
2009-03-09 09:19 . 2008-11-30 04:42 410984 -c--a-w c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2003-07-16 20:41 284160 -c--a-w c:\windows\system32\pdh.dll
2009-03-06 03:59 . 2009-03-16 13:14 1900544 -c--a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 03:59 . 2007-09-08 23:47 36864 -c--a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-03 00:18 . 2004-02-06 23:05 826368 -c--a-w c:\windows\system32\wininet.dll
2002-02-06 13:47 . 2004-02-25 20:37 270336 -c--a-w c:\program files\cdintf.dll
2002-01-30 16:50 . 2004-02-25 20:37 81024 -c--a-w c:\program files\acfpdf16.drv
2002-01-30 16:50 . 2004-02-25 20:37 45056 -c--a-w c:\program files\FllIntf.fll
2002-01-30 16:50 . 2004-02-25 20:37 61 -c--a-w c:\program files\acfpdf.txt
2002-01-30 16:50 . 2004-02-25 20:37 43272 -c--a-w c:\program files\acfpdfui.dll
2002-01-30 16:50 . 2004-02-25 20:37 18704 -c--a-w c:\program files\pdfmon.dll
2002-01-30 16:50 . 2004-02-25 20:37 180592 -c--a-w c:\program files\acfpdf.drv
2002-01-30 16:50 . 2004-02-25 20:37 137380 -c--a-w c:\program files\acfpdf.dll
2001-05-10 15:04 . 2004-02-25 20:37 162304 -c--a-w c:\program files\UNWISE.EXE
.

((((((((((((((((((((((((((((( SnapShot@2009-05-06_14.18.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-28 01:24 . 2009-05-28 01:24 16384 c:\windows\Temp\Perflib_Perfdata_c28.dat
+ 2009-05-28 01:24 . 2009-05-28 01:24 16384 c:\windows\Temp\Perflib_Perfdata_a34.dat
- 2008-11-23 18:54 . 2008-11-23 18:54 84661 c:\windows\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
+ 2008-11-23 18:54 . 2009-05-07 03:28 84661 c:\windows\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
+ 2008-02-13 22:42 . 2009-05-12 21:03 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-02-13 22:42 . 2009-04-29 11:35 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-02-13 22:42 . 2009-04-29 11:35 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-02-13 22:42 . 2009-05-12 21:03 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-02-13 22:42 . 2009-05-12 21:03 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-02-13 22:42 . 2009-04-29 11:35 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-04-17 04:17 . 2009-04-17 04:17 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2009-05-12 21:03 . 2009-05-12 21:03 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2006-10-27 01:07 . 2006-10-27 01:07 17680 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\PXBPROXY.DLL
- 2008-12-10 21:36 . 2008-03-04 21:58 77312 c:\windows\DEVCON.EXE
+ 2009-03-20 21:15 . 2008-03-04 21:58 77312 c:\windows\DEVCON.EXE
+ 2009-05-23 06:08 . 2009-05-23 06:08 5694 c:\windows\Installer\{E09088F0-9B39-40F1-9436-6706B0FE574F}\_4ae13d6c.exe
+ 2009-05-23 06:08 . 2009-05-23 06:08 5694 c:\windows\Installer\{E09088F0-9B39-40F1-9436-6706B0FE574F}\_294823.exe
+ 2009-05-23 06:08 . 2009-05-23 06:08 5694 c:\windows\Installer\{E09088F0-9B39-40F1-9436-6706B0FE574F}\_18be6784.exe
+ 2009-02-03 02:15 . 2009-02-03 02:15 240544 c:\windows\SYSTEM32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2008-02-13 22:42 . 2009-04-29 11:35 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-02-13 22:42 . 2009-05-12 21:03 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-02-13 22:42 . 2009-05-12 21:03 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2008-02-13 22:42 . 2009-04-29 11:35 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-02-13 22:42 . 2009-05-12 21:03 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2008-02-13 22:42 . 2009-04-29 11:35 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-02-13 22:42 . 2009-05-12 21:03 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2008-02-13 22:42 . 2009-04-29 11:35 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2008-02-13 22:42 . 2009-04-29 11:35 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2008-02-13 22:42 . 2009-05-12 21:03 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2009-05-12 21:03 . 2009-05-12 21:03 350064 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2009-02-03 02:15 . 2009-02-03 02:15 3771296 c:\windows\SYSTEM32\Macromed\Flash\NPSWF32.dll
- 2008-02-13 22:42 . 2009-04-29 11:35 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-02-13 22:42 . 2009-05-12 21:03 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-02-13 22:42 . 2009-04-29 11:35 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-02-13 22:42 . 2009-05-12 21:03 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2005-05-11 14:06 . 2009-05-07 07:16 24699336 c:\windows\SYSTEM32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-03-10 1553920]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2007-04-11 26704]
"lxdomon.exe"="c:\program files\Lexmark 9500 Series\lxdomon.exe" [2008-01-02 455336]
"lxdoamon"="c:\program files\Lexmark 9500 Series\lxdoamon.exe" [2008-01-02 25256]
"Lexmark 9500 Series Fax Server"="c:\program files\Lexmark 9500 Series\fm3032.exe" [2008-01-02 311976]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-28 185896]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-13 1947928]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

c:\documents and settings\Gary L. Jones\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2002-8-9 299008]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-100000000002}\SC_Acrobat.exe [2006-5-16 25214]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NosecurityTab"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NosecurityTab"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-07 15:18 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42 72208 ----a-w c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-13 02:07 11952 -c--a-w c:\windows\SYSTEM32\avgrsstx.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=c:\windows\pss\Billminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=c:\windows\pss\Quicken Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Gary L. Jones^Start Menu^Programs^Startup^Iomega Product Registration.lnk]
path=c:\documents and settings\Gary L. Jones\Start Menu\Programs\Startup\Iomega Product Registration.lnk
backup=c:\windows\pss\Iomega Product Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE c:\windows\System32\NvCpl.dll,NvStartup
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"UpdReg"=c:\windows\UpdReg.EXE
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\SYSTEM32\\java.exe"=
"c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxdocoms.exe"=
"c:\\Program Files\\Lexmark 9500 Series\\lxdomon.exe"=
"c:\\WINDOWS\\SYSTEM32\\lxdocfg.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdopswx.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdotime.exe"=
"c:\\Program Files\\Lexmark 9500 Series\\lxdoFax.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdojswx.exe"=
"c:\\Program Files\\Lexmark 9500 Series\\frun.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Acrobat\\Acrobat.exe"=
"c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdowbgw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"67:UDP"= 67:UDPHCP Discovery Service

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [3/9/2009 6:16 PM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [5/12/2009 10:07 PM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [5/12/2009 10:07 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/17/2008 4:11 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/17/2008 4:11 PM 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [5/12/2009 10:07 PM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/12/2009 10:06 PM 298776]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 953168]
R2 lxdo_device;lxdo_device;c:\windows\system32\lxdocoms.exe -service --> c:\windows\system32\lxdocoms.exe -service [?]
R2 lxdoCATSCustConnectService;lxdoCATSCustConnectService;c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdoserv.exe [2/8/2009 3:15 PM 98984]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 11:31 PM 29263712]
R3 dsdd;dsdd;c:\windows\SYSTEM32\DRIVERS\dsvideo.sys [4/9/2004 9:52 AM 2111]
S3 brfilt;Brother MFC Filter Driver;c:\windows\SYSTEM32\DRIVERS\BrFilt.sys [1/30/2004 3:04 AM 2944]
S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\SYSTEM32\DRIVERS\BrParImg.sys [1/30/2004 3:04 AM 3168]
S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\SYSTEM32\DRIVERS\BrParwdm.sys [1/30/2004 3:04 AM 39552]
S3 BrSerWDM;Brother Serial driver;c:\windows\SYSTEM32\DRIVERS\brserwdm.sys [8/17/2004 4:07 PM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\SYSTEM32\DRIVERS\BrUsbMdm.sys [8/17/2004 4:58 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\SYSTEM32\DRIVERS\BrUsbScn.sys [8/17/2004 4:58 PM 10368]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\SYSTEM32\DRIVERS\gan_adapter.sys [10/19/2006 11:11 AM 10664]
S3 RioS10;RioS10 driver;c:\windows\SYSTEM32\DRIVERS\RioS10.sys [9/7/2004 10:59 PM 12661]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/17/2008 4:11 PM 7408]
UnknownUnknown dsload;dsload; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-05-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 16:38]

2009-05-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-05-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-25 02:49]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = https://webmail.g-c.com/owa/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/forgotPassword.asp?close=true&RW=1
uInternet Settings,ProxyOverride = *.local
IE: Clear Fields - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Enqueue current page with Bulk Image Downloader - file://c:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link target with Bulk Image Downloader - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Open current page with Bulk Image Downloader - file://c:\program files\Bulk Image Downloader\iemenu\iebid.htm
IE: Open link target with Bulk Image Downloader - file://c:\program files\Bulk Image Downloader\iemenu\iebidlink.htm
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: aol.com\free
Trusted Zone: turbotax.com
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB
DPF: {9723C9A8-7B0B-4479-BDC4-6B6D3F5D9079} - hxxps://gcmagic.g-c.com:4443/imtapp/res/jar/instctrl.dll
FF - ProfilePath - c:\documents and settings\Gary L. Jones\Application Data\Mozilla\Firefox\Profiles\dqsyo0y9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - component: c:\documents and settings\Gary L. Jones\Application Data\Mozilla\Firefox\Profiles\dqsyo0y9.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMCult3DP.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\windows\system32\Cult3D\NPMCult3DP.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-27 22:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2009-05-28 22:35
ComboFix-quarantined-files.txt 2009-05-28 02:34
ComboFix2.txt 2009-05-18 01:01
ComboFix3.txt 2009-05-17 22:20
ComboFix4.txt 2009-05-12 20:11
ComboFix5.txt 2009-05-28 02:23

Pre-Run: 12,312,551,424 bytes free
Post-Run: 12,300,083,200 bytes free

482 --- E O F --- 2009-05-12 21:03