AntiVirus Popups

Hi, yesterday I turned on my computer and anytime I tried to access the internet, I was directed to an Antivirus site but yahoo blocked it saying this site could harm my computer. This continuely happened to any site I visit.

From previous events, I have a program I relied on to get rid of these viruses. The program is Combofix. After I ran the program, the Antivirus popups were gone and everything seemed fine. There was one problem though. My USB flash drive could not be accessed by that computer anymore, even though it works on other computers. The popup error says, "an error has occured while starting U3 launchpad due to a problem with one of its components. Remove and insert your U3 Smart Drive. If the problem persists, contact the U3 Smart drive manufacturers."

*Also note, I used this flashdrive beforehand to transfer Combofix to the infected computer.

Thank you for your help

Welcome to GeekPolice Forums! I'm Crush but, you can call me Chris too and I will be helping you with your Malware issues.

A few things to keep in mind as we progress:

1. We are all volunteer staff here so we log in and assess threads when real life, work, family, and other obligations permit. Additionally, we are located all over the world. There may be a bit of a time delay due to this.

2. Malware Removal threads are very time intensive. Each entry must be researched until it can be said with 100% certainty whether or not it can stay or needs to be removed. Sometimes additional work is needed to weed out suspect entries

3. This may turn into a long ordeal but, rest assured we will stay with you until you are completely disinfected.

4. Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer. Do not run any tools unless specifically asked to by a member of one of these usergroups

5. If you are not the original poster of this thread DO NOT run any fixes given to the poster in this thread. They are all custom tailored specifically to this user. It could prove to be disastrous.

6. Please keep responding until I give you the "All Clear". Absence of symptoms does not mean that everything is clear.

7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

8. If you have any questions or issues please stop and ask! We are all here to help.

---

IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.


If you follow these instructions, everything should go smoothly .

Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

To do this click , then click Preferences. Make sure Always notify me of replies is set to Yes

---

With that out of the way:

From previous events, I have a program I relied on to get rid of these viruses. The program is Combofix.

ComboFix should not be run without the guidance of a helper!

It is a powerful tool and is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private or regular use.

See ComboFix's Disclaimer

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please refer to this thread for more information on why you shouldn't use ComboFix without supervision of a trained expert: http://www.bleepingcomputer.com/forums/topic273628.html
=======

The autorun/autoplay feature, when enabled, causes one of two things to happen depending on previously made choices.

1. When a cd-rom or dvd is inserted, or a usb device (camera, flashdrive, external hard drive, etc) is attached, Windows will open a message window that provides a list of actions to take based on the content of the device or media.

2. If on prior occasion of the message window, the user selected to always perform the same action with certain types of media/device, there will be no message window opened upon detection of media/device. Instead, it will automatically run the previously selected program or execute the same behavior.

Example: with autorun/autoplay enabled you insert a music cd. Windows will detect the cd and it's contents, then open a message window that might offer to play the cd with Media Player, Music Match Jukebox, or any of many applications you may or may not have installed.
Insert a Movie DVD and Windows might prompt you to view it with Power DVD, Media Player, etc.

Example: with autorun/autoplay enabled and on a previous prompt for action the box was checked to always apply the same action, Windows might automatically open Roxio CD Creator or Nero Burning ROM when a blank cd is inserted.

Plug in a usb camera and Windows might open or prompt you to use the Scanner and Camera Transfer Wizard to transfer the pictures to your computer.

Plug in a flash drive and Windows might open or prompt you to use Windows Explorer to browse the contents of the flash drive. It may also just execute an infection residing on the flash drive, thereby infecting your computer.

Insert a game cd or software cd, and Windows might automatically begin the installation setup.

Malware authors have begun to exploit the autorun/autoplay feature, so the author of ComboFix, in an effort to help protect your computer from becoming infected via that avenue.It has been included in ComboFix for your future protection.

3. Many security apps disable it as well, and even Microsoft recommends disabling it. Disabling autorun/autoplay does not prevent you from accessing those media sources. They are still available by opening My Computer and accessing the source drive (cd, dvd, usb flash or external harddrive). Pictures on a camera can still be accessed/transfered through My Pictures and selecting Get Pictures from a Scanner or Camera. Media can also be accessed via the program you intend to use it with, such as music cds accessed via Media Player, blank cds via your burning program, image handling software provided with the camera, etc.

I do recommend you leave the feature disabled and get into the habit of accessing those media devices manually.

Please note that future versions of ComboFix will not run after this registry fix has been applied and therefore malware cleaning will be difficult.

I strongly suggest you post the combofix log here for review before applying the autorun fix. The software is not a "cure-all" and should not be treated as such!

===========================================

To re-enable auto-run:

Copy the text the in the code box to notepad. Save it as fixreg.reg to your desktop.

Be sure the "Save as" type is set to "all files"

Once you have saved it double click it and allow it to merge with the registry.

I would like to note on the autorun/autoplay feature, I can open up my USB flash drives that are not password protected. For those that are password protected, such as the U3 program, it states that I am missing a file/program to run it "an error has occurred while starting the U3 launchpad due to a problem with one of its components remove and insert your u3 smart drive if the problem persists contact u3 smart drive manufactures." Again this only happens to the computer that was infected, not to my other computers.

I tried uninstalling the U3 program and reinstalling it but the same error pops up. I also tried the autofix and it works meaning the autoplay/autorun pops up. That is not the issue though, for the U3 program does not allow me to put in my password to open my files. I was wondering if Combofix secured something down that U3 was depending on to allow it to run

Thanks for your help!
-----------------------------------------------
Here is the log file.


ComboFix 10-08-08.01 - John 08/09/2010 18:11:19.1.4 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.2727 [GMT -7]
Running from: F:\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-07-10 to 2010-08-10 )))))))))))))))))))))))))))))))
.

2010-08-10 01:22 . 2010-08-10 01:22 -------- d-----w- c:\users\John\AppData\Local\temp
2010-08-10 01:22 . 2010-08-10 01:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-10 01:22 . 2010-08-10 01:22 -------- d-----w- c:\users\Mai\AppData\Local\temp
2010-08-10 01:22 . 2010-08-10 01:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-10 01:22 . 2010-08-10 01:22 -------- d-----w- c:\users\Andrew\AppData\Local\temp
2010-08-10 01:08 . 2010-08-10 01:09 -------- d-----w- C:\32788R22FWJFW
2010-08-09 23:15 . 2010-08-09 23:15 22486 ----a-r- c:\users\John\AppData\Roaming\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe
2010-08-09 19:53 . 2010-08-09 19:53 -------- d-----w- c:\programdata\U3
2010-08-09 06:47 . 2010-08-09 06:47 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-08-09 05:12 . 2010-08-09 05:12 -------- d-----w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com
2010-08-09 05:12 . 2010-08-09 05:12 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-04 04:33 . 2010-08-04 04:33 -------- d-----w- c:\users\John\AppData\Roaming\DataSafeOnline
2010-07-16 16:30 . 2010-07-16 16:31 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-15 18:23 . 2010-07-19 16:41 7916 ----a-w- c:\users\John\AppData\Local\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-10 01:05 . 2008-05-01 07:03 -------- d-----w- c:\users\John\AppData\Roaming\Skype
2010-08-10 01:04 . 2010-07-16 16:39 53613 ----a-w- c:\programdata\nvModes.dat
2010-08-09 23:00 . 2008-05-01 07:03 -------- d-----w- c:\users\John\AppData\Roaming\skypePM
2010-08-09 17:47 . 2009-11-18 20:18 -------- d-----w- c:\program files\thinkTDA
2010-08-09 04:54 . 2008-12-11 07:13 -------- d-----w- c:\users\John\AppData\Roaming\U3
2010-08-09 04:33 . 2010-06-27 05:55 -------- d-----w- c:\programdata\avg9
2010-08-05 23:52 . 2009-11-18 01:01 -------- d-----w- c:\users\John\AppData\Roaming\webex
2010-08-05 23:52 . 2009-11-18 01:00 -------- d-----w- c:\programdata\WebEx
2010-08-04 05:08 . 2008-07-23 05:04 -------- d-----w- c:\program files\Yahoo!
2010-08-04 05:04 . 2008-04-25 11:02 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-20 04:30 . 2009-08-16 06:47 -------- d-----w- c:\users\Mai\AppData\Roaming\HpUpdate
2010-07-16 16:39 . 2008-07-20 19:44 -------- d-----w- c:\programdata\NVIDIA
2010-07-15 18:23 . 2010-05-24 15:55 -------- d-----w- c:\users\Andrew\AppData\Roaming\Apple Computer
2010-07-15 16:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-15 16:09 . 2008-05-01 03:01 -------- d-----w- c:\programdata\Microsoft Help
2010-07-09 22:04 . 2008-12-21 22:38 -------- d-----w- c:\users\John\AppData\Roaming\Apple Computer
2010-07-03 20:28 . 2010-07-03 20:27 -------- d-----w- c:\program files\iTunes
2010-07-03 20:27 . 2010-07-03 20:27 -------- d-----w- c:\program files\iPod
2010-07-03 20:27 . 2008-06-01 08:06 -------- d-----w- c:\program files\Common Files\Apple
2010-07-03 20:27 . 2008-06-01 08:06 -------- d-----w- c:\programdata\Apple Computer
2010-07-03 20:25 . 2010-07-03 20:25 -------- d-----w- c:\program files\Bonjour
2010-07-03 20:21 . 2010-07-03 20:21 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-07-02 05:52 . 2009-05-25 05:32 -------- d-----w- c:\users\John\AppData\Roaming\Image Zone Express
2010-06-27 20:49 . 2009-05-01 15:20 -------- d-----w- c:\programdata\HP Product Assistant
2010-06-27 20:49 . 2010-04-25 01:08 -------- d-----w- c:\program files\QuickTime
2010-06-27 05:56 . 2008-05-13 05:20 -------- d-----w- c:\program files\AVG
2010-06-27 05:36 . 2009-11-27 03:49 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-27 05:35 . 2010-06-27 05:36 53632 ----a-w- c:\users\Mai\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-27 05:35 . 2009-11-27 03:49 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-27 05:32 . 2008-05-03 14:42 104968 ----a-w- c:\users\Mai\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-25 14:28 . 2008-05-01 03:04 -------- d-----w- c:\program files\Microsoft.NET
2010-06-23 04:26 . 2009-09-07 20:45 -------- d-----w- c:\users\John\AppData\Roaming\HpUpdate
2010-06-01 17:37 . 2009-10-04 05:53 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-26 17:06 . 2010-06-09 04:34 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-09 04:34 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 15:54 . 2008-05-01 06:22 104968 ----a-w- c:\users\Andrew\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2008-04-25 18:39 . 2008-04-25 18:29 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-08-07 1548288]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-03 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2007-11-01 204800]
"CMCService"="c:\program files\ATI\Catalyst Media Center\CMCService.exe" [2008-06-06 172032]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LaunchU3.exe.lnk - c:\users\John\AppData\Roaming\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2010-8-9 22486]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2010-1-4 81997]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=AVGRSSTX.DLL c:\progra~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):05,be,2e,ac,e9,48,ca,01

R1 SASDIFSV;SASDIFSV;c:\users\John\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\John\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]
R3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [2007-08-22 151552]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-03 30192]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:6522
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: ameritrade.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: izone.com\wwws
Trusted Zone: turbotax.com
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce- - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-09 18:22
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-08-09 18:23:52
ComboFix-quarantined-files.txt 2010-08-10 01:23
ComboFix2.txt 2010-08-09 06:38

Pre-Run: 372,916,277,248 bytes free
Post-Run: 372,919,402,496 bytes free

- - End Of File - - B90B1D2E704D409A745B369E78634E56

No Anti-Virus
I don't see an anti-virus program present on your system! This could have some serious ramifications including completely opening up your system to infection. You should pick ONE of the following and install it.

Note: Never install more than 1 anti-virus or firewall.

• AVG
  
• AntiVir Anti-Virus Personal (free)
  
• Avast! Anti-Virus Free
  

=========

You aren't running Anti Virus Software

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network.
Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software (for personal use), from one these excellent vendors NOW:

1) Antivir PersonalEditionClassic
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition
-Anti-virus program for Windows.
-The home edition is freeware for noncommercial user.
3) AVG Anti-Virus Free Edition
- Free edition of the AVG anti-virus program for Windows.
- Available for single computer use for home and non commercial use.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.
======
Re-running ComboFix to remove infections:

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   DDS::
   uInternet Settings,ProxyServer = http=127.0.0.1:6522
   IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
   Trusted Zone: ameritrade.com
   Trusted Zone: intuit.com\ttlc
   Trusted Zone: izone.com\wwws
   Trusted Zone: turbotax.com
   

4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.

Hi Chris,
From your last message you said I did not have any antivirus program running. I downloaded Microsft Essentials before I ran Combofix from the last log. I am not sure why it says that I do not have an antivirus program running. To your comment, I uninstalled Microsoft Essentials and installed AVG. Not sure if Combofix detected AVG so I am thinking there is something wrong in detecting antivirus programs now on top of my U3 launchpad unable to start up due to a missing file.

Thanks again Chris, I appreciate your help!

Here is my log ran in safemode
--------------------------------------
ComboFix 10-08-09.03 - John 08/10/2010 12:38:54.2.4 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.2898 [GMT -7:00]
Running from: c:\users\John\Desktop\ComboFix.exe
Command switches used :: c:\users\John\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-07-10 to 2010-08-10 )))))))))))))))))))))))))))))))
.

2010-08-10 19:50 . 2010-08-10 19:50 -------- d-----w- c:\users\John\AppData\Local\temp
2010-08-10 19:50 . 2010-08-10 19:50 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-10 19:50 . 2010-08-10 19:50 -------- d-----w- c:\users\Mai\AppData\Local\temp
2010-08-10 19:50 . 2010-08-10 19:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-10 19:50 . 2010-08-10 19:50 -------- d-----w- c:\users\Andrew\AppData\Local\temp
2010-08-10 19:36 . 2010-08-10 19:36 -------- d-----w- C:\32788R22FWJFW
2010-08-10 18:44 . 2010-08-10 18:44 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-10 18:44 . 2010-08-10 18:44 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-10 18:44 . 2010-08-10 18:44 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-10 18:44 . 2010-08-10 18:44 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-08-10 18:44 . 2010-08-10 18:44 -------- d-----w- c:\windows\system32\drivers\Avg
2010-08-10 18:44 . 2010-08-10 18:46 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-08-09 19:53 . 2010-08-09 19:53 -------- d-----w- c:\programdata\U3
2010-08-09 05:12 . 2010-08-09 05:12 -------- d-----w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com
2010-08-09 05:12 . 2010-08-09 05:12 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-04 04:33 . 2010-08-04 04:33 -------- d-----w- c:\users\John\AppData\Roaming\DataSafeOnline
2010-07-16 16:30 . 2010-07-16 16:31 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-15 18:23 . 2010-07-19 16:41 7916 ----a-w- c:\users\John\AppData\Local\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-10 19:32 . 2008-05-01 07:03 -------- d-----w- c:\users\John\AppData\Roaming\Skype
2010-08-10 19:32 . 2010-07-16 16:39 53613 ----a-w- c:\programdata\nvModes.dat
2010-08-10 18:42 . 2010-06-27 05:55 -------- d-----w- c:\programdata\avg9
2010-08-10 18:28 . 2009-11-18 20:18 -------- d-----w- c:\program files\thinkTDA
2010-08-10 17:23 . 2008-05-01 07:03 -------- d-----w- c:\users\John\AppData\Roaming\skypePM
2010-08-09 04:54 . 2008-12-11 07:13 -------- d-----w- c:\users\John\AppData\Roaming\U3
2010-08-05 23:52 . 2009-11-18 01:01 -------- d-----w- c:\users\John\AppData\Roaming\webex
2010-08-05 23:52 . 2009-11-18 01:00 -------- d-----w- c:\programdata\WebEx
2010-08-04 05:08 . 2008-07-23 05:04 -------- d-----w- c:\program files\Yahoo!
2010-08-04 05:04 . 2008-04-25 11:02 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-20 04:30 . 2009-08-16 06:47 -------- d-----w- c:\users\Mai\AppData\Roaming\HpUpdate
2010-07-16 16:39 . 2008-07-20 19:44 -------- d-----w- c:\programdata\NVIDIA
2010-07-15 18:23 . 2010-05-24 15:55 -------- d-----w- c:\users\Andrew\AppData\Roaming\Apple Computer
2010-07-15 16:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-15 16:09 . 2008-05-01 03:01 -------- d-----w- c:\programdata\Microsoft Help
2010-07-09 22:04 . 2008-12-21 22:38 -------- d-----w- c:\users\John\AppData\Roaming\Apple Computer
2010-07-03 20:28 . 2010-07-03 20:27 -------- d-----w- c:\program files\iTunes
2010-07-03 20:27 . 2010-07-03 20:27 -------- d-----w- c:\program files\iPod
2010-07-03 20:27 . 2008-06-01 08:06 -------- d-----w- c:\program files\Common Files\Apple
2010-07-03 20:27 . 2008-06-01 08:06 -------- d-----w- c:\programdata\Apple Computer
2010-07-03 20:25 . 2010-07-03 20:25 -------- d-----w- c:\program files\Bonjour
2010-07-03 20:21 . 2010-07-03 20:21 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-07-02 05:52 . 2009-05-25 05:32 -------- d-----w- c:\users\John\AppData\Roaming\Image Zone Express
2010-06-27 20:49 . 2009-05-01 15:20 -------- d-----w- c:\programdata\HP Product Assistant
2010-06-27 20:49 . 2010-04-25 01:08 -------- d-----w- c:\program files\QuickTime
2010-06-27 05:56 . 2008-05-13 05:20 -------- d-----w- c:\program files\AVG
2010-06-27 05:36 . 2009-11-27 03:49 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-27 05:35 . 2010-06-27 05:36 53632 ----a-w- c:\users\Mai\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-27 05:35 . 2009-11-27 03:49 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-27 05:32 . 2008-05-03 14:42 104968 ----a-w- c:\users\Mai\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-25 14:28 . 2008-05-01 03:04 -------- d-----w- c:\program files\Microsoft.NET
2010-06-23 04:26 . 2009-09-07 20:45 -------- d-----w- c:\users\John\AppData\Roaming\HpUpdate
2010-06-01 17:37 . 2009-10-04 05:53 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-26 17:06 . 2010-06-09 04:34 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-09 04:34 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 15:54 . 2008-05-01 06:22 104968 ----a-w- c:\users\Andrew\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2008-04-25 18:39 . 2008-04-25 18:29 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2010-08-10_19.02.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 13:05 . 2010-08-10 19:14 93314 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-30 00:13 . 2010-08-10 19:14 13120 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1764452266-3460967335-3339530625-1000_UserData.bin
- 2008-04-30 00:06 . 2010-08-10 16:14 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-30 00:06 . 2010-08-10 19:26 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-30 00:06 . 2010-08-10 16:14 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-30 00:06 . 2010-08-10 19:26 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-30 00:06 . 2010-08-10 16:14 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-30 00:06 . 2010-08-10 19:26 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-30 18:36 . 2010-08-10 16:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-30 18:36 . 2010-08-10 19:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-30 18:36 . 2010-08-10 16:14 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-30 18:36 . 2010-08-10 19:11 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-30 18:36 . 2010-08-10 16:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-30 18:36 . 2010-08-10 19:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-10 16:14 . 2010-08-10 16:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-08-10 19:34 . 2010-08-10 19:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-08-10 16:14 . 2010-08-10 16:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-10 19:34 . 2010-08-10 19:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2010-08-10 19:42 604264 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-08-10 18:49 604264 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-08-10 19:42 103964 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2010-08-10 18:49 103964 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-06-30 21:22 2102600 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-08-07 1548288]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-03 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2007-11-01 204800]
"CMCService"="c:\program files\ATI\Catalyst Media Center\CMCService.exe" [2008-06-06 172032]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-10 2065760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2010-1-4 81997]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
LaunchU3.exe.lnk - c:\windows\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2010-8-9 22486]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):05,be,2e,ac,e9,48,ca,01

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-10 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-08-10 243024]
R1 SASDIFSV;SASDIFSV;c:\users\John\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\John\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-10 308136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-06-30 431432]
R3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [2007-08-22 151552]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-03 30192]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride =
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce- - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-10 12:50
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-08-10 12:51:27
ComboFix-quarantined-files.txt 2010-08-10 19:51
ComboFix2.txt 2010-08-10 19:04
ComboFix3.txt 2010-08-10 01:23
ComboFix4.txt 2010-08-09 06:38

Pre-Run: 370,946,699,264 bytes free
Post-Run: 370,864,590,848 bytes free

- - End Of File - - 632624019E79062943839B53CBC2B4C1

Can you try running in normal mode please?

Hi Chris, I ran malwarebyte's -anti malware program. It came up with some some infections so I don't know if this will help but here's a log. Below that is the combofix log too. The u3 launchpad still does not open due to the error. Also, some of my other programs don't work anymore such as Primo PDF.

Thanks again
====================================
Malwarebytes log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4414

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

8/10/2010 3:14:13 PM
mbam-log-2010-08-10 (15-14-13).txt

Scan type: Full scan (C:\|D:\|F:\|G:\|)
Objects scanned: 349752
Time elapsed: 1 hour(s), 33 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\Users\John\AppData\Local\orhgbrjik\jjewscotssd.exe.vir (Malware.Gen) -> Quarantined and deleted successfully.
F:\Maxtor backup\JOHN-PC\C\Users\John\AppData\Local\orhgbrjik\jjewscotssd.exe (Malware.Gen) -> Quarantined and deleted successfully.

==================================
Combofix log

ComboFix 10-08-10.03 - John 08/10/2010 15:32:21.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.2103 [GMT -7]
Running from: c:\users\John\Desktop\ComboFix.exe
Command switches used :: c:\users\John\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-07-10 to 2010-08-10 )))))))))))))))))))))))))))))))
.

2010-08-10 22:37 . 2010-08-10 22:37 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-10 22:37 . 2010-08-10 22:37 -------- d-----w- c:\users\Mai\AppData\Local\temp
2010-08-10 22:37 . 2010-08-10 22:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-10 22:37 . 2010-08-10 22:37 -------- d-----w- c:\users\Andrew\AppData\Local\temp
2010-08-10 20:28 . 2010-08-10 20:28 -------- d-----w- c:\users\John\AppData\Roaming\Malwarebytes
2010-08-10 20:28 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-10 20:28 . 2010-08-10 20:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-10 20:28 . 2010-08-10 20:28 -------- d-----w- c:\programdata\Malwarebytes
2010-08-10 20:28 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-10 19:51 . 2010-08-10 22:37 -------- d-----w- c:\users\John\AppData\Local\temp
2010-08-10 18:44 . 2010-08-10 18:44 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-10 18:44 . 2010-08-10 18:44 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-10 18:44 . 2010-08-10 18:44 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-10 18:44 . 2010-08-10 18:44 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-08-10 18:44 . 2010-08-10 18:44 -------- d-----w- c:\windows\system32\drivers\Avg
2010-08-10 18:44 . 2010-08-10 18:46 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-08-09 19:53 . 2010-08-09 19:53 -------- d-----w- c:\programdata\U3
2010-08-09 05:12 . 2010-08-09 05:12 -------- d-----w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com
2010-08-09 05:12 . 2010-08-09 05:12 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-04 04:33 . 2010-08-04 04:33 -------- d-----w- c:\users\John\AppData\Roaming\DataSafeOnline
2010-07-16 16:30 . 2010-07-16 16:31 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-15 18:23 . 2010-07-19 16:41 7916 ----a-w- c:\users\John\AppData\Local\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-10 22:37 . 2008-05-01 07:03 -------- d-----w- c:\users\John\AppData\Roaming\Skype
2010-08-10 22:19 . 2010-07-16 16:39 53613 ----a-w- c:\programdata\nvModes.dat
2010-08-10 18:42 . 2010-06-27 05:55 -------- d-----w- c:\programdata\avg9
2010-08-10 18:28 . 2009-11-18 20:18 -------- d-----w- c:\program files\thinkTDA
2010-08-10 17:23 . 2008-05-01 07:03 -------- d-----w- c:\users\John\AppData\Roaming\skypePM
2010-08-09 04:54 . 2008-12-11 07:13 -------- d-----w- c:\users\John\AppData\Roaming\U3
2010-08-05 23:52 . 2009-11-18 01:01 -------- d-----w- c:\users\John\AppData\Roaming\webex
2010-08-05 23:52 . 2009-11-18 01:00 -------- d-----w- c:\programdata\WebEx
2010-08-04 05:08 . 2008-07-23 05:04 -------- d-----w- c:\program files\Yahoo!
2010-08-04 05:04 . 2008-04-25 11:02 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-20 04:30 . 2009-08-16 06:47 -------- d-----w- c:\users\Mai\AppData\Roaming\HpUpdate
2010-07-16 16:39 . 2008-07-20 19:44 -------- d-----w- c:\programdata\NVIDIA
2010-07-15 18:23 . 2010-05-24 15:55 -------- d-----w- c:\users\Andrew\AppData\Roaming\Apple Computer
2010-07-15 16:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-15 16:09 . 2008-05-01 03:01 -------- d-----w- c:\programdata\Microsoft Help
2010-07-09 22:04 . 2008-12-21 22:38 -------- d-----w- c:\users\John\AppData\Roaming\Apple Computer
2010-07-03 20:28 . 2010-07-03 20:27 -------- d-----w- c:\program files\iTunes
2010-07-03 20:27 . 2010-07-03 20:27 -------- d-----w- c:\program files\iPod
2010-07-03 20:27 . 2008-06-01 08:06 -------- d-----w- c:\program files\Common Files\Apple
2010-07-03 20:27 . 2008-06-01 08:06 -------- d-----w- c:\programdata\Apple Computer
2010-07-03 20:25 . 2010-07-03 20:25 -------- d-----w- c:\program files\Bonjour
2010-07-03 20:21 . 2010-07-03 20:21 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-07-02 05:52 . 2009-05-25 05:32 -------- d-----w- c:\users\John\AppData\Roaming\Image Zone Express
2010-06-27 20:49 . 2009-05-01 15:20 -------- d-----w- c:\programdata\HP Product Assistant
2010-06-27 20:49 . 2010-04-25 01:08 -------- d-----w- c:\program files\QuickTime
2010-06-27 05:56 . 2008-05-13 05:20 -------- d-----w- c:\program files\AVG
2010-06-27 05:36 . 2009-11-27 03:49 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-27 05:35 . 2010-06-27 05:36 53632 ----a-w- c:\users\Mai\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-27 05:35 . 2009-11-27 03:49 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-27 05:32 . 2008-05-03 14:42 104968 ----a-w- c:\users\Mai\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-25 14:28 . 2008-05-01 03:04 -------- d-----w- c:\program files\Microsoft.NET
2010-06-23 04:26 . 2009-09-07 20:45 -------- d-----w- c:\users\John\AppData\Roaming\HpUpdate
2010-06-01 17:37 . 2009-10-04 05:53 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-26 17:06 . 2010-06-09 04:34 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-09 04:34 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 15:54 . 2008-05-01 06:22 104968 ----a-w- c:\users\Andrew\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2008-04-25 18:39 . 2008-04-25 18:29 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2010-08-10_19.02.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-25 11:24 . 2010-08-10 22:21 54414 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-08-10 22:21 93512 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-30 00:13 . 2010-08-10 22:21 13120 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1764452266-3460967335-3339530625-1000_UserData.bin
- 2008-04-30 00:06 . 2010-08-10 16:14 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-30 00:06 . 2010-08-10 20:22 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-30 00:06 . 2010-08-10 20:22 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-30 00:06 . 2010-08-10 16:14 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-30 00:06 . 2010-08-10 16:14 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-30 00:06 . 2010-08-10 20:22 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-30 18:36 . 2010-08-10 22:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-30 18:36 . 2010-08-10 16:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-30 18:36 . 2010-08-10 16:14 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-30 18:36 . 2010-08-10 22:18 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-30 18:36 . 2010-08-10 16:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-30 18:36 . 2010-08-10 22:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-10 06:20 . 2010-08-10 06:20 22486 c:\windows\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe
+ 2010-08-10 22:22 . 2010-08-10 22:22 22486 c:\windows\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe
- 2010-08-10 16:14 . 2010-08-10 16:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-08-10 22:18 . 2010-08-10 22:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-08-10 22:18 . 2010-08-10 22:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-08-10 16:14 . 2010-08-10 16:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2010-08-10 22:25 604264 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-08-10 18:49 604264 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-08-10 18:49 103964 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2010-08-10 22:25 103964 c:\windows\System32\perfc009.dat
- 2009-06-23 04:16 . 2010-08-10 04:50 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-06-23 04:16 . 2010-08-10 20:02 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-06-30 21:22 2102600 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-08-07 1548288]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-03 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2007-11-01 204800]
"CMCService"="c:\program files\ATI\Catalyst Media Center\CMCService.exe" [2008-06-06 172032]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-10 2065760]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2010-1-4 81997]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
LaunchU3.exe.lnk - c:\windows\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2010-8-10 22486]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):05,be,2e,ac,e9,48,ca,01

R1 SASDIFSV;SASDIFSV;c:\users\John\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\John\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-06-30 431432]
R3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [2007-08-22 151552]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-03 30192]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-10 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-08-10 243024]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-10 308136]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride =
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-10 15:37
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-08-10 15:39:05
ComboFix-quarantined-files.txt 2010-08-10 22:39
ComboFix2.txt 2010-08-10 19:51
ComboFix3.txt 2010-08-10 19:04
ComboFix4.txt 2010-08-10 01:23
ComboFix5.txt 2010-08-10 22:27

Pre-Run: 367,409,541,120 bytes free
Post-Run: 367,368,200,192 bytes free

- - End Of File - - 7B8B088B81AC1EED0234E834C5909C52

Hi,

You tried reinstalling U3, right? the log is clean

Hi Chris,

Yes sir, I tried reinstalling U3, but it's still the same problem. I'm thinking that combofix locked up a part of the computer that U3 needed so it can't run anymore. Uninstalling the Primo PDF worked out fine. So I don't know if I should reformat or system restore to an earlier date. In the mean time, I am waiting for a response to the U3 manufacturer. What is your opinion on this since this program are vital to me.

Thanks for all your help again.

Let's try uninstalling combofix

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

let me know if that resolves your U3 issues

Chris,

I did what you said but still same problem. I contacted U3 customer service and did what they said by updating the launchpad and after reinstalling and no help so I have no clue what to do.

Thanks

Hi,

I'll have a look around and see if I can come up with anything

Hi,

I just got some news about the problem. It is NOT only the U3 launchpad that does not work, but every USB flash drive/external hard drive that that requires a password protection access. It seems that every time I use a USB device that requires a program to be executed to access the device, it is not being executed. Here is a screen shot of the error.


Thanks for all your help Chris! I appreciate all your hard work and am looking forward to see what you come up with.

Hi,

Make sure the flash drive is inserted in to the computer, then please run an OTL scan

Here is the OTL scan, second post will be the extras since I'm not sure you want it or not and it is too big to fit.
Thanks

OTL logfile created on: 8/12/2010 11:49:44 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\John\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.71 Gb Total Space | 341.66 Gb Free Space | 74.97% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.24 Gb Free Space | 52.35% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 391.33 Gb Free Space | 84.02% Space Free | Partition Type: NTFS
Drive G: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHN-PC
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/12 22:52:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\John\Downloads\OTL.exe
PRC - [2010/08/10 11:43:36 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/08/10 11:43:36 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/08/10 11:43:35 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/08/10 11:43:33 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/08/10 11:43:23 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/08/10 11:43:06 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/02 22:02:00 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/06/26 22:45:39 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/21 16:54:34 | 000,169,312 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2008/07/21 16:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2008/06/06 00:31:36 | 000,262,246 | ---- | M] () -- C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
PRC - [2008/06/06 00:31:20 | 000,172,032 | ---- | M] (CyberLink Corp.) -- C:\Program Files\ATI\Catalyst Media Center\CMCService.exe
PRC - [2008/06/06 00:31:12 | 001,073,152 | ---- | M] (Cyberlink) -- C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/10/31 20:18:16 | 000,204,800 | ---- | M] () -- C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
PRC - [2007/10/23 09:45:40 | 001,336,632 | ---- | M] () -- C:\ProgramData\U3\U3Launcher\LaunchU3.exe
PRC - [2007/06/26 13:22:42 | 000,081,997 | ---- | M] () -- C:\Program Files\USB TV\EM28XX\BDARemote.exe


========== Modules (SafeList) ==========

MOD - [2010/08/12 22:52:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\John\Downloads\OTL.exe
MOD - [2010/03/05 07:01:02 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
MOD - [2009/04/10 23:28:25 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiutils.dll
MOD - [2009/04/10 23:28:25 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemsvc.dll
MOD - [2009/04/10 23:28:25 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemprox.dll
MOD - [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\fastprox.dll
MOD - [2009/04/10 23:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2009/04/10 23:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 00:36:49 | 000,188,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemdisp.dll
MOD - [2008/01/19 00:36:48 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
MOD - [2008/01/19 00:36:37 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll
MOD - [2008/01/19 00:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/08/10 11:43:06 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/07/02 22:02:00 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/06/30 14:22:46 | 000,431,432 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/24 18:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/07/21 16:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2008/06/06 00:31:38 | 000,110,692 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2008/06/06 00:31:36 | 000,262,246 | ---- | M] () [Auto | Running] -- C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2008/06/06 00:31:12 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/08/22 16:19:32 | 000,151,552 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe -- (bepldr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Users\John\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | System | Stopped] -- C:\Users\John\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS -- (SASDIFSV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\John\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/08/10 11:44:15 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/08/10 11:44:09 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/08/10 11:44:07 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/24 05:23:16 | 011,614,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/04/25 11:39:52 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/04/25 11:39:52 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/04/25 11:39:52 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/24 11:06:40 | 002,054,872 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/31 18:33:22 | 000,479,744 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/08/31 15:14:40 | 000,038,656 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/04/29 01:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/04/26 03:41:38 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2006/12/19 13:19:24 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1764452266-3460967335-3339530625-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1764452266-3460967335-3339530625-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1764452266-3460967335-3339530625-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1764452266-3460967335-3339530625-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1764452266-3460967335-3339530625-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =



O1 HOSTS File: ([2010/08/10 15:37:10 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (WsftpBrowserHelper Class) - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CMCService] C:\Program Files\ATI\Catalyst Media Center\CMCService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [Nitro PDF Printer Monitor] C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Mai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk = C:\Program Files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1764452266-3460967335-3339530625-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1764452266-3460967335-3339530625-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1764452266-3460967335-3339530625-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-1764452266-3460967335-3339530625-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1764452266-3460967335-3339530625-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1764452266-3460967335-3339530625-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} https://yardi.lomco.com/voyager60/activexviewer9.cab (Crystal Report Viewer Control 9)
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} http://u3.sandisk.com/download/apps/LPInstaller.CAB (CInstallLPCtrl Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://investools.webex.com/client/T27L10NSP11EP5/webex/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/06/19 11:07:02 | 000,000,138 | R--- | M] () - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 05:26:23 | 000,000,309 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - State: "startup" - 0

SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ATI\CATALY~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/08/11 15:45:52 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/08/11 14:57:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/08/11 14:49:37 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/08/11 10:36:21 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\PrimoPDF
[2010/08/11 08:11:43 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/08/11 08:11:43 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/08/11 08:11:42 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/08/11 08:11:42 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/08/11 08:11:42 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/08/11 08:11:42 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/08/11 08:11:42 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/08/11 08:11:42 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/08/11 08:11:42 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/08/11 08:11:42 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/08/11 08:11:42 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/08/11 08:11:42 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/08/11 08:11:42 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/08/11 08:11:42 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/08/11 08:11:42 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/08/11 08:11:41 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/08/11 08:11:38 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/11 08:11:36 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/08/11 08:11:24 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/08/11 08:11:23 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/08/10 15:39:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/08/10 13:28:20 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Malwarebytes
[2010/08/10 13:28:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/10 13:28:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/10 13:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/10 13:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/10 12:51:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/08/10 12:51:28 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\temp
[2010/08/10 11:44:16 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/08/10 11:44:14 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/08/10 11:44:08 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/08/10 11:44:06 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/08/10 11:44:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/08/10 11:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/08/09 12:53:00 | 000,000,000 | ---D | C] -- C:\ProgramData\U3
[2010/08/09 08:51:07 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\My Email outlook
[2010/08/08 23:20:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/08 22:12:59 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\SUPERAntiSpyware.com
[2010/08/08 22:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/08/03 21:33:33 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\DataSafeOnline
[2010/07/16 09:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation

========== Files - Modified Within 30 Days ==========

[2010/08/12 23:50:36 | 004,456,448 | ---- | M] () -- C:\Users\John\NTUSER.DAT
[2010/08/12 23:48:57 | 000,707,392 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/12 23:48:57 | 000,607,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/12 23:48:57 | 000,104,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/12 23:45:11 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/12 23:45:11 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/12 18:51:30 | 063,336,486 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/08/12 09:46:38 | 000,053,613 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/08/12 09:46:38 | 000,053,613 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/08/12 09:45:16 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/12 09:45:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/12 09:45:09 | 3487,748,096 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/12 00:57:29 | 000,524,288 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{9bfd4e0c-865f-11df-ad5a-001d099bc3ef}.TMContainer00000000000000000001.regtrans-ms
[2010/08/12 00:57:29 | 000,065,536 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{9bfd4e0c-865f-11df-ad5a-001d099bc3ef}.TM.blf
[2010/08/12 00:38:56 | 003,938,261 | -H-- | M] () -- C:\Users\John\AppData\Local\IconCache.db
[2010/08/11 15:20:31 | 000,390,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/11 11:31:19 | 000,001,860 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk
[2010/08/11 10:33:59 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2010/08/11 10:33:57 | 000,000,314 | ---- | M] () -- C:\Windows\primopdf.ini
[2010/08/11 00:25:35 | 000,006,431 | ---- | M] () -- C:\Users\John\AppData\Roaming\PrimoPDFSet.xml
[2010/08/11 00:25:04 | 000,000,310 | ---- | M] () -- C:\Users\John\AppData\Roaming\APUSet.xml
[2010/08/10 15:37:16 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/08/10 15:37:10 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/08/10 13:28:17 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/10 11:44:17 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/08/10 11:44:15 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/08/10 11:44:09 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/08/10 11:44:07 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/08/10 11:44:06 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/08/09 22:37:23 | 000,000,402 | ---- | M] () -- C:\Users\John\Desktop\fixreg.reg
[2010/07/19 09:41:16 | 000,007,916 | ---- | M] () -- C:\Users\John\AppData\Local\d3d9caps.dat

========== Files Created - No Company Name ==========

[2010/08/11 15:51:04 | 000,001,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/08/11 15:51:04 | 000,001,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk
[2010/08/11 15:51:04 | 000,000,637 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BDARemote.lnk
[2010/08/11 10:33:59 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2010/08/10 13:28:17 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/10 12:58:04 | 3487,748,096 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/10 11:44:06 | 063,336,486 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/08/10 11:44:06 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/08/09 22:37:23 | 000,000,402 | ---- | C] () -- C:\Users\John\Desktop\fixreg.reg
[2010/07/16 09:39:10 | 000,053,613 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/07/16 09:39:09 | 000,053,613 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/07/15 11:23:56 | 000,007,916 | ---- | C] () -- C:\Users\John\AppData\Local\d3d9caps.dat
[2009/12/20 18:42:18 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/08/18 12:11:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/14 12:27:24 | 000,049,152 | ---- | C] () -- C:\Windows\System32\FTPStubInstUtils.dll
[2009/06/14 01:30:02 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/06/12 17:48:18 | 000,000,013 | ---- | C] () -- C:\Windows\OemOut.ini
[2008/06/06 22:53:39 | 000,001,652 | ---- | C] () -- C:\Windows\wsnk.ini
[2008/05/02 12:49:43 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2008/04/29 20:35:29 | 000,000,101 | ---- | C] () -- C:\Windows\REDEMUNINS.INI
[2008/04/25 04:04:19 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/04/24 13:22:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\MFT_anet.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/08/03 21:33:33 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DataSafeOnline
[2010/07/01 22:52:00 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Image Zone Express
[2009/06/11 11:16:00 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Nitro PDF
[2010/08/12 00:05:51 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PrimoPDF
[2009/05/24 22:32:43 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Printer Info Cache
[2008/04/29 22:18:10 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Redemption
[2010/08/05 16:52:25 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\webex
[2008/06/08 23:17:34 | 000,000,000 | ---D | M] -- C:\Users\Mai\AppData\Roaming\Image Zone Express
[2008/07/19 22:31:44 | 000,000,000 | ---D | M] -- C:\Users\Mai\AppData\Roaming\NCH Swift Sound
[2009/07/09 21:11:31 | 000,000,000 | ---D | M] -- C:\Users\Mai\AppData\Roaming\Nitro PDF
[2008/06/08 23:03:34 | 000,000,000 | ---D | M] -- C:\Users\Mai\AppData\Roaming\Printer Info Cache
[2009/11/26 20:49:22 | 000,000,000 | ---D | M] -- C:\Users\Mai\AppData\Roaming\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1
[2010/08/12 00:57:31 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/08/10 15:39:05 | 000,016,435 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/04/25 11:45:08 | 000,004,796 | RH-- | M] () -- C:\dell.sdr
[2010/08/12 09:45:09 | 3487,748,096 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/12 09:45:08 | 3801,366,528 | -HS- | M] () -- C:\pagefile.sys
[2008/04/25 04:19:11 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2007/08/07 16:49:00 | 000,065,536 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\bcmwlrmt.dll
[2009/03/08 04:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 04:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2010/06/25 23:02:14 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll
[2009/04/10 23:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/10 23:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 03:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/08/10 11:44:09 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/08/10 11:44:07 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/08/10 11:44:15 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/06/18 08:04:57 | 000,302,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2010/06/18 08:04:44 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2010/06/16 09:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys

< %appdata%\*.* >
[2010/08/11 00:25:04 | 000,000,310 | ---- | M] () -- C:\Users\John\AppData\Roaming\APUSet.xml
[2010/08/11 00:25:35 | 000,006,431 | ---- | M] () -- C:\Users\John\AppData\Roaming\PrimoPDFSet.xml
[2008/04/29 20:10:22 | 000,000,008 | ---- | M] () -- C:\Users\John\AppData\Roaming\usb.dat.bin

< %PROGRAMFILES%\*. >
[2008/05/02 12:49:41 | 000,000,000 | ---D | M] -- C:\Program Files\activePDF
[2010/06/26 22:36:07 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/12/21 15:39:05 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/01/04 22:47:39 | 000,000,000 | ---D | M] -- C:\Program Files\ATI
[2010/01/04 22:46:10 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2010/06/26 22:56:09 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2008/09/10 20:51:43 | 000,000,000 | ---D | M] -- C:\Program Files\AVS4YOU
[2010/07/03 13:25:42 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/08/10 15:35:14 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/01/04 22:47:44 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2008/04/25 04:20:26 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2008/04/25 04:06:15 | 000,000,000 | ---D | M] -- C:\Program Files\Dell DataSafe Online
[2008/04/25 04:08:37 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2010/01/04 22:52:21 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2009/11/26 20:31:34 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2008/05/10 21:00:08 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/06/06 23:38:03 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2008/05/02 22:48:45 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/01/04 22:50:24 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/04/25 04:04:16 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/08/11 15:18:18 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/07/03 13:27:52 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/07/03 13:28:11 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2008/04/25 04:02:46 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2008/06/12 17:48:18 | 000,000,000 | ---D | M] -- C:\Program Files\Juniper
[2010/08/10 13:28:17 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/10/05 16:10:50 | 000,000,000 | ---D | M] -- C:\Program Files\Maxtor
[2006/11/02 05:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2010/04/21 20:01:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/06/27 13:49:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/04/22 03:05:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/06/25 07:28:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/11 15:18:16 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/04/25 18:23:53 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/07/22 22:12:26 | 000,000,000 | ---D | M] -- C:\Program Files\My.Freeze.com NetAssistant
[2008/07/19 23:22:33 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Swift Sound
[2010/08/11 10:33:57 | 000,000,000 | ---D | M] -- C:\Program Files\Nitro PDF
[2010/07/16 09:31:40 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2010/06/27 13:49:12 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006/11/02 05:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/04/25 04:17:31 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2010/06/02 07:03:06 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2008/07/26 16:13:32 | 000,000,000 | ---D | M] -- C:\Program Files\SmartSoftVideoConverter
[2010/08/12 10:22:09 | 000,000,000 | ---D | M] -- C:\Program Files\thinkTDA
[2010/02/21 16:36:35 | 000,000,000 | ---D | M] -- C:\Program Files\TurboTax
[2006/11/02 06:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/01/04 22:50:28 | 000,000,000 | ---D | M] -- C:\Program Files\USB TV
[2008/07/22 22:23:33 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2009/10/08 23:38:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/10/08 23:38:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009/10/08 23:38:06 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/10/08 23:38:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2010/08/11 14:56:59 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2009/10/29 07:24:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 05:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/10/08 23:38:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009/11/17 12:18:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/10/08 23:38:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2009/06/14 12:27:24 | 000,000,000 | ---D | M] -- C:\Program Files\WS_FTP Pro
[2010/08/03 22:08:13 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
< End of report >


Last edited by smartbro949 on 13th August 2010, 7:04 am; edited 2 times in total