AntiVirus Popups

Hi, yesterday I turned on my computer and anytime I tried to access the internet, I was directed to an Antivirus site but yahoo blocked it saying this site could harm my computer. This continuely happened to any site I visit.

From previous events, I have a program I relied on to get rid of these viruses. The program is Combofix. After I ran the program, the Antivirus popups were gone and everything seemed fine. There was one problem though. My USB flash drive could not be accessed by that computer anymore, even though it works on other computers. The popup error says, "an error has occured while starting U3 launchpad due to a problem with one of its components. Remove and insert your U3 Smart Drive. If the problem persists, contact the U3 Smart drive manufacturers."

*Also note, I used this flashdrive beforehand to transfer Combofix to the infected computer.

Thank you for your help

Welcome to GeekPolice Forums! I'm Crush but, you can call me Chris too and I will be helping you with your Malware issues.

A few things to keep in mind as we progress:

1. We are all volunteer staff here so we log in and assess threads when real life, work, family, and other obligations permit. Additionally, we are located all over the world. There may be a bit of a time delay due to this.

2. Malware Removal threads are very time intensive. Each entry must be researched until it can be said with 100% certainty whether or not it can stay or needs to be removed. Sometimes additional work is needed to weed out suspect entries

3. This may turn into a long ordeal but, rest assured we will stay with you until you are completely disinfected.

4. Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer. Do not run any tools unless specifically asked to by a member of one of these usergroups

5. If you are not the original poster of this thread DO NOT run any fixes given to the poster in this thread. They are all custom tailored specifically to this user. It could prove to be disastrous.

6. Please keep responding until I give you the "All Clear". Absence of symptoms does not mean that everything is clear.

7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

8. If you have any questions or issues please stop and ask! We are all here to help.

---

IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.


If you follow these instructions, everything should go smoothly .

Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

To do this click , then click Preferences. Make sure Always notify me of replies is set to Yes

---

With that out of the way:

From previous events, I have a program I relied on to get rid of these viruses. The program is Combofix.

ComboFix should not be run without the guidance of a helper!

It is a powerful tool and is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private or regular use.

See ComboFix's Disclaimer

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please refer to this thread for more information on why you shouldn't use ComboFix without supervision of a trained expert: http://www.bleepingcomputer.com/forums/topic273628.html
=======

The autorun/autoplay feature, when enabled, causes one of two things to happen depending on previously made choices.

1. When a cd-rom or dvd is inserted, or a usb device (camera, flashdrive, external hard drive, etc) is attached, Windows will open a message window that provides a list of actions to take based on the content of the device or media.

2. If on prior occasion of the message window, the user selected to always perform the same action with certain types of media/device, there will be no message window opened upon detection of media/device. Instead, it will automatically run the previously selected program or execute the same behavior.

Example: with autorun/autoplay enabled you insert a music cd. Windows will detect the cd and it's contents, then open a message window that might offer to play the cd with Media Player, Music Match Jukebox, or any of many applications you may or may not have installed.
Insert a Movie DVD and Windows might prompt you to view it with Power DVD, Media Player, etc.

Example: with autorun/autoplay enabled and on a previous prompt for action the box was checked to always apply the same action, Windows might automatically open Roxio CD Creator or Nero Burning ROM when a blank cd is inserted.

Plug in a usb camera and Windows might open or prompt you to use the Scanner and Camera Transfer Wizard to transfer the pictures to your computer.

Plug in a flash drive and Windows might open or prompt you to use Windows Explorer to browse the contents of the flash drive. It may also just execute an infection residing on the flash drive, thereby infecting your computer.

Insert a game cd or software cd, and Windows might automatically begin the installation setup.

Malware authors have begun to exploit the autorun/autoplay feature, so the author of ComboFix, in an effort to help protect your computer from becoming infected via that avenue.It has been included in ComboFix for your future protection.

3. Many security apps disable it as well, and even Microsoft recommends disabling it. Disabling autorun/autoplay does not prevent you from accessing those media sources. They are still available by opening My Computer and accessing the source drive (cd, dvd, usb flash or external harddrive). Pictures on a camera can still be accessed/transfered through My Pictures and selecting Get Pictures from a Scanner or Camera. Media can also be accessed via the program you intend to use it with, such as music cds accessed via Media Player, blank cds via your burning program, image handling software provided with the camera, etc.

I do recommend you leave the feature disabled and get into the habit of accessing those media devices manually.

Please note that future versions of ComboFix will not run after this registry fix has been applied and therefore malware cleaning will be difficult.

I strongly suggest you post the combofix log here for review before applying the autorun fix. The software is not a "cure-all" and should not be treated as such!

===========================================

To re-enable auto-run:

Copy the text the in the code box to notepad. Save it as fixreg.reg to your desktop.

Be sure the "Save as" type is set to "all files"

Once you have saved it double click it and allow it to merge with the registry.

I would like to note on the autorun/autoplay feature, I can open up my USB flash drives that are not password protected. For those that are password protected, such as the U3 program, it states that I am missing a file/program to run it "an error has occurred while starting the U3 launchpad due to a problem with one of its components remove and insert your u3 smart drive if the problem persists contact u3 smart drive manufactures." Again this only happens to the computer that was infected, not to my other computers.

I tried uninstalling the U3 program and reinstalling it but the same error pops up. I also tried the autofix and it works meaning the autoplay/autorun pops up. That is not the issue though, for the U3 program does not allow me to put in my password to open my files. I was wondering if Combofix secured something down that U3 was depending on to allow it to run

Thanks for your help!
-----------------------------------------------
Here is the log file.


ComboFix 10-08-08.01 - John 08/09/2010 18:11:19.1.4 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.2727 [GMT -7]
Running from: F:\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-07-10 to 2010-08-10 )))))))))))))))))))))))))))))))
.

2010-08-10 01:22 . 2010-08-10 01:22 -------- d-----w- c:\users\John\AppData\Local\temp
2010-08-10 01:22 . 2010-08-10 01:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-10 01:22 . 2010-08-10 01:22 -------- d-----w- c:\users\Mai\AppData\Local\temp
2010-08-10 01:22 . 2010-08-10 01:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-10 01:22 . 2010-08-10 01:22 -------- d-----w- c:\users\Andrew\AppData\Local\temp
2010-08-10 01:08 . 2010-08-10 01:09 -------- d-----w- C:\32788R22FWJFW
2010-08-09 23:15 . 2010-08-09 23:15 22486 ----a-r- c:\users\John\AppData\Roaming\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe
2010-08-09 19:53 . 2010-08-09 19:53 -------- d-----w- c:\programdata\U3
2010-08-09 06:47 . 2010-08-09 06:47 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-08-09 05:12 . 2010-08-09 05:12 -------- d-----w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com
2010-08-09 05:12 . 2010-08-09 05:12 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-04 04:33 . 2010-08-04 04:33 -------- d-----w- c:\users\John\AppData\Roaming\DataSafeOnline
2010-07-16 16:30 . 2010-07-16 16:31 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-15 18:23 . 2010-07-19 16:41 7916 ----a-w- c:\users\John\AppData\Local\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-10 01:05 . 2008-05-01 07:03 -------- d-----w- c:\users\John\AppData\Roaming\Skype
2010-08-10 01:04 . 2010-07-16 16:39 53613 ----a-w- c:\programdata\nvModes.dat
2010-08-09 23:00 . 2008-05-01 07:03 -------- d-----w- c:\users\John\AppData\Roaming\skypePM
2010-08-09 17:47 . 2009-11-18 20:18 -------- d-----w- c:\program files\thinkTDA
2010-08-09 04:54 . 2008-12-11 07:13 -------- d-----w- c:\users\John\AppData\Roaming\U3
2010-08-09 04:33 . 2010-06-27 05:55 -------- d-----w- c:\programdata\avg9
2010-08-05 23:52 . 2009-11-18 01:01 -------- d-----w- c:\users\John\AppData\Roaming\webex
2010-08-05 23:52 . 2009-11-18 01:00 -------- d-----w- c:\programdata\WebEx
2010-08-04 05:08 . 2008-07-23 05:04 -------- d-----w- c:\program files\Yahoo!
2010-08-04 05:04 . 2008-04-25 11:02 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-20 04:30 . 2009-08-16 06:47 -------- d-----w- c:\users\Mai\AppData\Roaming\HpUpdate
2010-07-16 16:39 . 2008-07-20 19:44 -------- d-----w- c:\programdata\NVIDIA
2010-07-15 18:23 . 2010-05-24 15:55 -------- d-----w- c:\users\Andrew\AppData\Roaming\Apple Computer
2010-07-15 16:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-15 16:09 . 2008-05-01 03:01 -------- d-----w- c:\programdata\Microsoft Help
2010-07-09 22:04 . 2008-12-21 22:38 -------- d-----w- c:\users\John\AppData\Roaming\Apple Computer
2010-07-03 20:28 . 2010-07-03 20:27 -------- d-----w- c:\program files\iTunes
2010-07-03 20:27 . 2010-07-03 20:27 -------- d-----w- c:\program files\iPod
2010-07-03 20:27 . 2008-06-01 08:06 -------- d-----w- c:\program files\Common Files\Apple
2010-07-03 20:27 . 2008-06-01 08:06 -------- d-----w- c:\programdata\Apple Computer
2010-07-03 20:25 . 2010-07-03 20:25 -------- d-----w- c:\program files\Bonjour
2010-07-03 20:21 . 2010-07-03 20:21 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-07-02 05:52 . 2009-05-25 05:32 -------- d-----w- c:\users\John\AppData\Roaming\Image Zone Express
2010-06-27 20:49 . 2009-05-01 15:20 -------- d-----w- c:\programdata\HP Product Assistant
2010-06-27 20:49 . 2010-04-25 01:08 -------- d-----w- c:\program files\QuickTime
2010-06-27 05:56 . 2008-05-13 05:20 -------- d-----w- c:\program files\AVG
2010-06-27 05:36 . 2009-11-27 03:49 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-27 05:35 . 2010-06-27 05:36 53632 ----a-w- c:\users\Mai\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-27 05:35 . 2009-11-27 03:49 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-27 05:32 . 2008-05-03 14:42 104968 ----a-w- c:\users\Mai\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-25 14:28 . 2008-05-01 03:04 -------- d-----w- c:\program files\Microsoft.NET
2010-06-23 04:26 . 2009-09-07 20:45 -------- d-----w- c:\users\John\AppData\Roaming\HpUpdate
2010-06-01 17:37 . 2009-10-04 05:53 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-26 17:06 . 2010-06-09 04:34 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-09 04:34 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 15:54 . 2008-05-01 06:22 104968 ----a-w- c:\users\Andrew\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2008-04-25 18:39 . 2008-04-25 18:29 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-08-07 1548288]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-03 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2007-11-01 204800]
"CMCService"="c:\program files\ATI\Catalyst Media Center\CMCService.exe" [2008-06-06 172032]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LaunchU3.exe.lnk - c:\users\John\AppData\Roaming\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2010-8-9 22486]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2010-1-4 81997]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=AVGRSSTX.DLL c:\progra~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):05,be,2e,ac,e9,48,ca,01

R1 SASDIFSV;SASDIFSV;c:\users\John\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\John\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]
R3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [2007-08-22 151552]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-03 30192]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:6522
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: ameritrade.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: izone.com\wwws
Trusted Zone: turbotax.com
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce- - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-09 18:22
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-08-09 18:23:52
ComboFix-quarantined-files.txt 2010-08-10 01:23
ComboFix2.txt 2010-08-09 06:38

Pre-Run: 372,916,277,248 bytes free
Post-Run: 372,919,402,496 bytes free

- - End Of File - - B90B1D2E704D409A745B369E78634E56

No Anti-Virus
I don't see an anti-virus program present on your system! This could have some serious ramifications including completely opening up your system to infection. You should pick ONE of the following and install it.

Note: Never install more than 1 anti-virus or firewall.

• AVG
  
• AntiVir Anti-Virus Personal (free)
  
• Avast! Anti-Virus Free
  

=========

You aren't running Anti Virus Software

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network.
Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software (for personal use), from one these excellent vendors NOW:

1) Antivir PersonalEditionClassic
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition
-Anti-virus program for Windows.
-The home edition is freeware for noncommercial user.
3) AVG Anti-Virus Free Edition
- Free edition of the AVG anti-virus program for Windows.
- Available for single computer use for home and non commercial use.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.
======
Re-running ComboFix to remove infections:

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   DDS::
   uInternet Settings,ProxyServer = http=127.0.0.1:6522
   IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
   Trusted Zone: ameritrade.com
   Trusted Zone: intuit.com\ttlc
   Trusted Zone: izone.com\wwws
   Trusted Zone: turbotax.com
   

4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.

Hi Chris,
From your last message you said I did not have any antivirus program running. I downloaded Microsft Essentials before I ran Combofix from the last log. I am not sure why it says that I do not have an antivirus program running. To your comment, I uninstalled Microsoft Essentials and installed AVG. Not sure if Combofix detected AVG so I am thinking there is something wrong in detecting antivirus programs now on top of my U3 launchpad unable to start up due to a missing file.

Thanks again Chris, I appreciate your help!

Here is my log ran in safemode
--------------------------------------
ComboFix 10-08-09.03 - John 08/10/2010 12:38:54.2.4 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.2898 [GMT -7:00]
Running from: c:\users\John\Desktop\ComboFix.exe
Command switches used :: c:\users\John\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-07-10 to 2010-08-10 )))))))))))))))))))))))))))))))
.

2010-08-10 19:50 . 2010-08-10 19:50 -------- d-----w- c:\users\John\AppData\Local\temp
2010-08-10 19:50 . 2010-08-10 19:50 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-10 19:50 . 2010-08-10 19:50 -------- d-----w- c:\users\Mai\AppData\Local\temp
2010-08-10 19:50 . 2010-08-10 19:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-10 19:50 . 2010-08-10 19:50 -------- d-----w- c:\users\Andrew\AppData\Local\temp
2010-08-10 19:36 . 2010-08-10 19:36 -------- d-----w- C:\32788R22FWJFW
2010-08-10 18:44 . 2010-08-10 18:44 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-10 18:44 . 2010-08-10 18:44 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-10 18:44 . 2010-08-10 18:44 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-10 18:44 . 2010-08-10 18:44 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-08-10 18:44 . 2010-08-10 18:44 -------- d-----w- c:\windows\system32\drivers\Avg
2010-08-10 18:44 . 2010-08-10 18:46 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-08-09 19:53 . 2010-08-09 19:53 -------- d-----w- c:\programdata\U3
2010-08-09 05:12 . 2010-08-09 05:12 -------- d-----w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com
2010-08-09 05:12 . 2010-08-09 05:12 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-04 04:33 . 2010-08-04 04:33 -------- d-----w- c:\users\John\AppData\Roaming\DataSafeOnline
2010-07-16 16:30 . 2010-07-16 16:31 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-15 18:23 . 2010-07-19 16:41 7916 ----a-w- c:\users\John\AppData\Local\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-10 19:32 . 2008-05-01 07:03 -------- d-----w- c:\users\John\AppData\Roaming\Skype
2010-08-10 19:32 . 2010-07-16 16:39 53613 ----a-w- c:\programdata\nvModes.dat
2010-08-10 18:42 . 2010-06-27 05:55 -------- d-----w- c:\programdata\avg9
2010-08-10 18:28 . 2009-11-18 20:18 -------- d-----w- c:\program files\thinkTDA
2010-08-10 17:23 . 2008-05-01 07:03 -------- d-----w- c:\users\John\AppData\Roaming\skypePM
2010-08-09 04:54 . 2008-12-11 07:13 -------- d-----w- c:\users\John\AppData\Roaming\U3
2010-08-05 23:52 . 2009-11-18 01:01 -------- d-----w- c:\users\John\AppData\Roaming\webex
2010-08-05 23:52 . 2009-11-18 01:00 -------- d-----w- c:\programdata\WebEx
2010-08-04 05:08 . 2008-07-23 05:04 -------- d-----w- c:\program files\Yahoo!
2010-08-04 05:04 . 2008-04-25 11:02 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-20 04:30 . 2009-08-16 06:47 -------- d-----w- c:\users\Mai\AppData\Roaming\HpUpdate
2010-07-16 16:39 . 2008-07-20 19:44 -------- d-----w- c:\programdata\NVIDIA
2010-07-15 18:23 . 2010-05-24 15:55 -------- d-----w- c:\users\Andrew\AppData\Roaming\Apple Computer
2010-07-15 16:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-15 16:09 . 2008-05-01 03:01 -------- d-----w- c:\programdata\Microsoft Help
2010-07-09 22:04 . 2008-12-21 22:38 -------- d-----w- c:\users\John\AppData\Roaming\Apple Computer
2010-07-03 20:28 . 2010-07-03 20:27 -------- d-----w- c:\program files\iTunes
2010-07-03 20:27 . 2010-07-03 20:27 -------- d-----w- c:\program files\iPod
2010-07-03 20:27 . 2008-06-01 08:06 -------- d-----w- c:\program files\Common Files\Apple
2010-07-03 20:27 . 2008-06-01 08:06 -------- d-----w- c:\programdata\Apple Computer
2010-07-03 20:25 . 2010-07-03 20:25 -------- d-----w- c:\program files\Bonjour
2010-07-03 20:21 . 2010-07-03 20:21 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-07-02 05:52 . 2009-05-25 05:32 -------- d-----w- c:\users\John\AppData\Roaming\Image Zone Express
2010-06-27 20:49 . 2009-05-01 15:20 -------- d-----w- c:\programdata\HP Product Assistant
2010-06-27 20:49 . 2010-04-25 01:08 -------- d-----w- c:\program files\QuickTime
2010-06-27 05:56 . 2008-05-13 05:20 -------- d-----w- c:\program files\AVG
2010-06-27 05:36 . 2009-11-27 03:49 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-27 05:35 . 2010-06-27 05:36 53632 ----a-w- c:\users\Mai\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-27 05:35 . 2009-11-27 03:49 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-27 05:32 . 2008-05-03 14:42 104968 ----a-w- c:\users\Mai\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-25 14:28 . 2008-05-01 03:04 -------- d-----w- c:\program files\Microsoft.NET
2010-06-23 04:26 . 2009-09-07 20:45 -------- d-----w- c:\users\John\AppData\Roaming\HpUpdate
2010-06-01 17:37 . 2009-10-04 05:53 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-26 17:06 . 2010-06-09 04:34 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-09 04:34 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 15:54 . 2008-05-01 06:22 104968 ----a-w- c:\users\Andrew\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2008-04-25 18:39 . 2008-04-25 18:29 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2010-08-10_19.02.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 13:05 . 2010-08-10 19:14 93314 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-30 00:13 . 2010-08-10 19:14 13120 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1764452266-3460967335-3339530625-1000_UserData.bin
- 2008-04-30 00:06 . 2010-08-10 16:14 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-30 00:06 . 2010-08-10 19:26 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-30 00:06 . 2010-08-10 16:14 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-30 00:06 . 2010-08-10 19:26 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-30 00:06 . 2010-08-10 16:14 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-30 00:06 . 2010-08-10 19:26 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-30 18:36 . 2010-08-10 16:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-30 18:36 . 2010-08-10 19:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-30 18:36 . 2010-08-10 16:14 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-30 18:36 . 2010-08-10 19:11 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-30 18:36 . 2010-08-10 16:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-30 18:36 . 2010-08-10 19:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-10 16:14 . 2010-08-10 16:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-08-10 19:34 . 2010-08-10 19:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-08-10 16:14 . 2010-08-10 16:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-10 19:34 . 2010-08-10 19:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2010-08-10 19:42 604264 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-08-10 18:49 604264 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-08-10 19:42 103964 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2010-08-10 18:49 103964 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-06-30 21:22 2102600 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-08-07 1548288]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-03 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2007-11-01 204800]
"CMCService"="c:\program files\ATI\Catalyst Media Center\CMCService.exe" [2008-06-06 172032]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-10 2065760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2010-1-4 81997]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
LaunchU3.exe.lnk - c:\windows\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2010-8-9 22486]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):05,be,2e,ac,e9,48,ca,01

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-10 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-08-10 243024]
R1 SASDIFSV;SASDIFSV;c:\users\John\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\John\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-10 308136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-06-30 431432]
R3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [2007-08-22 151552]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-03 30192]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride =
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce- - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-10 12:50
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-08-10 12:51:27
ComboFix-quarantined-files.txt 2010-08-10 19:51
ComboFix2.txt 2010-08-10 19:04
ComboFix3.txt 2010-08-10 01:23
ComboFix4.txt 2010-08-09 06:38

Pre-Run: 370,946,699,264 bytes free
Post-Run: 370,864,590,848 bytes free

- - End Of File - - 632624019E79062943839B53CBC2B4C1

Can you try running in normal mode please?

Hi Chris, I ran malwarebyte's -anti malware program. It came up with some some infections so I don't know if this will help but here's a log. Below that is the combofix log too. The u3 launchpad still does not open due to the error. Also, some of my other programs don't work anymore such as Primo PDF.

Thanks again
====================================
Malwarebytes log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4414

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

8/10/2010 3:14:13 PM
mbam-log-2010-08-10 (15-14-13).txt

Scan type: Full scan (C:\|D:\|F:\|G:\|)
Objects scanned: 349752
Time elapsed: 1 hour(s), 33 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\Users\John\AppData\Local\orhgbrjik\jjewscotssd.exe.vir (Malware.Gen) -> Quarantined and deleted successfully.
F:\Maxtor backup\JOHN-PC\C\Users\John\AppData\Local\orhgbrjik\jjewscotssd.exe (Malware.Gen) -> Quarantined and deleted successfully.

==================================
Combofix log

ComboFix 10-08-10.03 - John 08/10/2010 15:32:21.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.2103 [GMT -7]
Running from: c:\users\John\Desktop\ComboFix.exe
Command switches used :: c:\users\John\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-07-10 to 2010-08-10 )))))))))))))))))))))))))))))))
.

2010-08-10 22:37 . 2010-08-10 22:37 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-10 22:37 . 2010-08-10 22:37 -------- d-----w- c:\users\Mai\AppData\Local\temp
2010-08-10 22:37 . 2010-08-10 22:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-10 22:37 . 2010-08-10 22:37 -------- d-----w- c:\users\Andrew\AppData\Local\temp
2010-08-10 20:28 . 2010-08-10 20:28 -------- d-----w- c:\users\John\AppData\Roaming\Malwarebytes
2010-08-10 20:28 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-10 20:28 . 2010-08-10 20:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-10 20:28 . 2010-08-10 20:28 -------- d-----w- c:\programdata\Malwarebytes
2010-08-10 20:28 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-10 19:51 . 2010-08-10 22:37 -------- d-----w- c:\users\John\AppData\Local\temp
2010-08-10 18:44 . 2010-08-10 18:44 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-10 18:44 . 2010-08-10 18:44 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-10 18:44 . 2010-08-10 18:44 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-10 18:44 . 2010-08-10 18:44 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-08-10 18:44 . 2010-08-10 18:44 -------- d-----w- c:\windows\system32\drivers\Avg
2010-08-10 18:44 . 2010-08-10 18:46 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-08-09 19:53 . 2010-08-09 19:53 -------- d-----w- c:\programdata\U3
2010-08-09 05:12 . 2010-08-09 05:12 -------- d-----w- c:\users\John\AppData\Roaming\SUPERAntiSpyware.com
2010-08-09 05:12 . 2010-08-09 05:12 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-04 04:33 . 2010-08-04 04:33 -------- d-----w- c:\users\John\AppData\Roaming\DataSafeOnline
2010-07-16 16:30 . 2010-07-16 16:31 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-15 18:23 . 2010-07-19 16:41 7916 ----a-w- c:\users\John\AppData\Local\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-10 22:37 . 2008-05-01 07:03 -------- d-----w- c:\users\John\AppData\Roaming\Skype
2010-08-10 22:19 . 2010-07-16 16:39 53613 ----a-w- c:\programdata\nvModes.dat
2010-08-10 18:42 . 2010-06-27 05:55 -------- d-----w- c:\programdata\avg9
2010-08-10 18:28 . 2009-11-18 20:18 -------- d-----w- c:\program files\thinkTDA
2010-08-10 17:23 . 2008-05-01 07:03 -------- d-----w- c:\users\John\AppData\Roaming\skypePM
2010-08-09 04:54 . 2008-12-11 07:13 -------- d-----w- c:\users\John\AppData\Roaming\U3
2010-08-05 23:52 . 2009-11-18 01:01 -------- d-----w- c:\users\John\AppData\Roaming\webex
2010-08-05 23:52 . 2009-11-18 01:00 -------- d-----w- c:\programdata\WebEx
2010-08-04 05:08 . 2008-07-23 05:04 -------- d-----w- c:\program files\Yahoo!
2010-08-04 05:04 . 2008-04-25 11:02 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-20 04:30 . 2009-08-16 06:47 -------- d-----w- c:\users\Mai\AppData\Roaming\HpUpdate
2010-07-16 16:39 . 2008-07-20 19:44 -------- d-----w- c:\programdata\NVIDIA
2010-07-15 18:23 . 2010-05-24 15:55 -------- d-----w- c:\users\Andrew\AppData\Roaming\Apple Computer
2010-07-15 16:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-15 16:09 . 2008-05-01 03:01 -------- d-----w- c:\programdata\Microsoft Help
2010-07-09 22:04 . 2008-12-21 22:38 -------- d-----w- c:\users\John\AppData\Roaming\Apple Computer
2010-07-03 20:28 . 2010-07-03 20:27 -------- d-----w- c:\program files\iTunes
2010-07-03 20:27 . 2010-07-03 20:27 -------- d-----w- c:\program files\iPod
2010-07-03 20:27 . 2008-06-01 08:06 -------- d-----w- c:\program files\Common Files\Apple
2010-07-03 20:27 . 2008-06-01 08:06 -------- d-----w- c:\programdata\Apple Computer
2010-07-03 20:25 . 2010-07-03 20:25 -------- d-----w- c:\program files\Bonjour
2010-07-03 20:21 . 2010-07-03 20:21 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-07-02 05:52 . 2009-05-25 05:32 -------- d-----w- c:\users\John\AppData\Roaming\Image Zone Express
2010-06-27 20:49 . 2009-05-01 15:20 -------- d-----w- c:\programdata\HP Product Assistant
2010-06-27 20:49 . 2010-04-25 01:08 -------- d-----w- c:\program files\QuickTime
2010-06-27 05:56 . 2008-05-13 05:20 -------- d-----w- c:\program files\AVG
2010-06-27 05:36 . 2009-11-27 03:49 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-27 05:35 . 2010-06-27 05:36 53632 ----a-w- c:\users\Mai\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-27 05:35 . 2009-11-27 03:49 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-27 05:32 . 2008-05-03 14:42 104968 ----a-w- c:\users\Mai\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-25 14:28 . 2008-05-01 03:04 -------- d-----w- c:\program files\Microsoft.NET
2010-06-23 04:26 . 2009-09-07 20:45 -------- d-----w- c:\users\John\AppData\Roaming\HpUpdate
2010-06-01 17:37 . 2009-10-04 05:53 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-26 17:06 . 2010-06-09 04:34 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-09 04:34 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 15:54 . 2008-05-01 06:22 104968 ----a-w- c:\users\Andrew\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2008-04-25 18:39 . 2008-04-25 18:29 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2010-08-10_19.02.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-25 11:24 . 2010-08-10 22:21 54414 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-08-10 22:21 93512 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-30 00:13 . 2010-08-10 22:21 13120 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1764452266-3460967335-3339530625-1000_UserData.bin
- 2008-04-30 00:06 . 2010-08-10 16:14 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-30 00:06 . 2010-08-10 20:22 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-30 00:06 . 2010-08-10 20:22 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-30 00:06 . 2010-08-10 16:14 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-30 00:06 . 2010-08-10 16:14 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-30 00:06 . 2010-08-10 20:22 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-30 18:36 . 2010-08-10 22:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-30 18:36 . 2010-08-10 16:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-30 18:36 . 2010-08-10 16:14 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-30 18:36 . 2010-08-10 22:18 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-30 18:36 . 2010-08-10 16:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-30 18:36 . 2010-08-10 22:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-10 06:20 . 2010-08-10 06:20 22486 c:\windows\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe
+ 2010-08-10 22:22 . 2010-08-10 22:22 22486 c:\windows\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe
- 2010-08-10 16:14 . 2010-08-10 16:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-08-10 22:18 . 2010-08-10 22:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-08-10 22:18 . 2010-08-10 22:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-08-10 16:14 . 2010-08-10 16:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2010-08-10 22:25 604264 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-08-10 18:49 604264 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-08-10 18:49 103964 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2010-08-10 22:25 103964 c:\windows\System32\perfc009.dat
- 2009-06-23 04:16 . 2010-08-10 04:50 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-06-23 04:16 . 2010-08-10 20:02 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-06-30 21:22 2102600 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-08-07 1548288]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-03 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2007-11-01 204800]
"CMCService"="c:\program files\ATI\Catalyst Media Center\CMCService.exe" [2008-06-06 172032]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-10 2065760]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2010-1-4 81997]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
LaunchU3.exe.lnk - c:\windows\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2010-8-10 22486]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):05,be,2e,ac,e9,48,ca,01

R1 SASDIFSV;SASDIFSV;c:\users\John\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\John\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-06-30 431432]
R3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [2007-08-22 151552]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-03 30192]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-10 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-08-10 243024]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-10 308136]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride =
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-10 15:37
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-08-10 15:39:05
ComboFix-quarantined-files.txt 2010-08-10 22:39
ComboFix2.txt 2010-08-10 19:51
ComboFix3.txt 2010-08-10 19:04
ComboFix4.txt 2010-08-10 01:23
ComboFix5.txt 2010-08-10 22:27

Pre-Run: 367,409,541,120 bytes free
Post-Run: 367,368,200,192 bytes free

- - End Of File - - 7B8B088B81AC1EED0234E834C5909C52

Hi,

You tried reinstalling U3, right? the log is clean

Hi Chris,

Yes sir, I tried reinstalling U3, but it's still the same problem. I'm thinking that combofix locked up a part of the computer that U3 needed so it can't run anymore. Uninstalling the Primo PDF worked out fine. So I don't know if I should reformat or system restore to an earlier date. In the mean time, I am waiting for a response to the U3 manufacturer. What is your opinion on this since this program are vital to me.

Thanks for all your help again.

Let's try uninstalling combofix

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

let me know if that resolves your U3 issues

Chris,

I did what you said but still same problem. I contacted U3 customer service and did what they said by updating the launchpad and after reinstalling and no help so I have no clue what to do.

Thanks

Hi,

I'll have a look around and see if I can come up with anything

Hi,

I just got some news about the problem. It is NOT only the U3 launchpad that does not work, but every USB flash drive/external hard drive that that requires a password protection access. It seems that every time I use a USB device that requires a program to be executed to access the device, it is not being executed. Here is a screen shot of the error.


Thanks for all your help Chris! I appreciate all your hard work and am looking forward to see what you come up with.

Hi,

Make sure the flash drive is inserted in to the computer, then please run an OTL scan

Here is the OTL scan, second post will be the extras since I'm not sure you want it or not and it is too big to fit.
Thanks

OTL logfile created on: 8/12/2010 11:49:44 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\John\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.71 Gb Total Space | 341.66 Gb Free Space | 74.97% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.24 Gb Free Space | 52.35% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 391.33 Gb Free Space | 84.02% Space Free | Partition Type: NTFS
Drive G: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHN-PC
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/12 22:52:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\John\Downloads\OTL.exe
PRC - [2010/08/10 11:43:36 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/08/10 11:43:36 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/08/10 11:43:35 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/08/10 11:43:33 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/08/10 11:43:23 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/08/10 11:43:06 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/02 22:02:00 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/06/26 22:45:39 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/21 16:54:34 | 000,169,312 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2008/07/21 16:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2008/06/06 00:31:36 | 000,262,246 | ---- | M] () -- C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
PRC - [2008/06/06 00:31:20 | 000,172,032 | ---- | M] (CyberLink Corp.) -- C:\Program Files\ATI\Catalyst Media Center\CMCService.exe
PRC - [2008/06/06 00:31:12 | 001,073,152 | ---- | M] (Cyberlink) -- C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2008/01/17 07:22:20 | 004,907,008 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/10/31 20:18:16 | 000,204,800 | ---- | M] () -- C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
PRC - [2007/10/23 09:45:40 | 001,336,632 | ---- | M] () -- C:\ProgramData\U3\U3Launcher\LaunchU3.exe
PRC - [2007/06/26 13:22:42 | 000,081,997 | ---- | M] () -- C:\Program Files\USB TV\EM28XX\BDARemote.exe


========== Modules (SafeList) ==========

MOD - [2010/08/12 22:52:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\John\Downloads\OTL.exe
MOD - [2010/03/05 07:01:02 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
MOD - [2009/04/10 23:28:25 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiutils.dll
MOD - [2009/04/10 23:28:25 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemsvc.dll
MOD - [2009/04/10 23:28:25 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemprox.dll
MOD - [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\fastprox.dll
MOD - [2009/04/10 23:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2009/04/10 23:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 00:36:49 | 000,188,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wbemdisp.dll
MOD - [2008/01/19 00:36:48 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
MOD - [2008/01/19 00:36:37 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll
MOD - [2008/01/19 00:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/08/10 11:43:06 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/07/02 22:02:00 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/06/30 14:22:46 | 000,431,432 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/24 18:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/07/21 16:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2008/06/06 00:31:38 | 000,110,692 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2008/06/06 00:31:36 | 000,262,246 | ---- | M] () [Auto | Running] -- C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2008/06/06 00:31:12 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/08/22 16:19:32 | 000,151,552 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe -- (bepldr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Users\John\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | System | Stopped] -- C:\Users\John\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS -- (SASDIFSV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\John\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/08/10 11:44:15 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/08/10 11:44:09 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/08/10 11:44:07 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/24 05:23:16 | 011,614,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/04/25 11:39:52 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/04/25 11:39:52 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/04/25 11:39:52 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/24 11:06:40 | 002,054,872 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/31 18:33:22 | 000,479,744 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/08/31 15:14:40 | 000,038,656 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/04/29 01:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/04/26 03:41:38 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2006/12/19 13:19:24 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1764452266-3460967335-3339530625-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1764452266-3460967335-3339530625-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1764452266-3460967335-3339530625-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1764452266-3460967335-3339530625-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1764452266-3460967335-3339530625-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =



O1 HOSTS File: ([2010/08/10 15:37:10 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (WsftpBrowserHelper Class) - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CMCService] C:\Program Files\ATI\Catalyst Media Center\CMCService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [Nitro PDF Printer Monitor] C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Mai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk = C:\Program Files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1764452266-3460967335-3339530625-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1764452266-3460967335-3339530625-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1764452266-3460967335-3339530625-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-1764452266-3460967335-3339530625-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1764452266-3460967335-3339530625-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1764452266-3460967335-3339530625-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} https://yardi.lomco.com/voyager60/activexviewer9.cab (Crystal Report Viewer Control 9)
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} http://u3.sandisk.com/download/apps/LPInstaller.CAB (CInstallLPCtrl Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://investools.webex.com/client/T27L10NSP11EP5/webex/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/06/19 11:07:02 | 000,000,138 | R--- | M] () - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 05:26:23 | 000,000,309 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - State: "startup" - 0

SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ATI\CATALY~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/08/11 15:45:52 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/08/11 14:57:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/08/11 14:49:37 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/08/11 10:36:21 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\PrimoPDF
[2010/08/11 08:11:43 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/08/11 08:11:43 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/08/11 08:11:42 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/08/11 08:11:42 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/08/11 08:11:42 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/08/11 08:11:42 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/08/11 08:11:42 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/08/11 08:11:42 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/08/11 08:11:42 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/08/11 08:11:42 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/08/11 08:11:42 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/08/11 08:11:42 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/08/11 08:11:42 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/08/11 08:11:42 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/08/11 08:11:42 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/08/11 08:11:41 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/08/11 08:11:38 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/11 08:11:36 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/08/11 08:11:24 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/08/11 08:11:23 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/08/10 15:39:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/08/10 13:28:20 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Malwarebytes
[2010/08/10 13:28:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/10 13:28:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/10 13:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/10 13:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/10 12:51:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/08/10 12:51:28 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\temp
[2010/08/10 11:44:16 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/08/10 11:44:14 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/08/10 11:44:08 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/08/10 11:44:06 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/08/10 11:44:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/08/10 11:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/08/09 12:53:00 | 000,000,000 | ---D | C] -- C:\ProgramData\U3
[2010/08/09 08:51:07 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\My Email outlook
[2010/08/08 23:20:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/08 22:12:59 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\SUPERAntiSpyware.com
[2010/08/08 22:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/08/03 21:33:33 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\DataSafeOnline
[2010/07/16 09:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation

========== Files - Modified Within 30 Days ==========

[2010/08/12 23:50:36 | 004,456,448 | ---- | M] () -- C:\Users\John\NTUSER.DAT
[2010/08/12 23:48:57 | 000,707,392 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/12 23:48:57 | 000,607,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/12 23:48:57 | 000,104,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/12 23:45:11 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/12 23:45:11 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/12 18:51:30 | 063,336,486 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/08/12 09:46:38 | 000,053,613 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/08/12 09:46:38 | 000,053,613 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/08/12 09:45:16 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/12 09:45:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/12 09:45:09 | 3487,748,096 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/12 00:57:29 | 000,524,288 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{9bfd4e0c-865f-11df-ad5a-001d099bc3ef}.TMContainer00000000000000000001.regtrans-ms
[2010/08/12 00:57:29 | 000,065,536 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{9bfd4e0c-865f-11df-ad5a-001d099bc3ef}.TM.blf
[2010/08/12 00:38:56 | 003,938,261 | -H-- | M] () -- C:\Users\John\AppData\Local\IconCache.db
[2010/08/11 15:20:31 | 000,390,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/11 11:31:19 | 000,001,860 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk
[2010/08/11 10:33:59 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2010/08/11 10:33:57 | 000,000,314 | ---- | M] () -- C:\Windows\primopdf.ini
[2010/08/11 00:25:35 | 000,006,431 | ---- | M] () -- C:\Users\John\AppData\Roaming\PrimoPDFSet.xml
[2010/08/11 00:25:04 | 000,000,310 | ---- | M] () -- C:\Users\John\AppData\Roaming\APUSet.xml
[2010/08/10 15:37:16 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/08/10 15:37:10 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/08/10 13:28:17 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/10 11:44:17 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/08/10 11:44:15 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/08/10 11:44:09 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/08/10 11:44:07 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/08/10 11:44:06 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/08/09 22:37:23 | 000,000,402 | ---- | M] () -- C:\Users\John\Desktop\fixreg.reg
[2010/07/19 09:41:16 | 000,007,916 | ---- | M] () -- C:\Users\John\AppData\Local\d3d9caps.dat

========== Files Created - No Company Name ==========

[2010/08/11 15:51:04 | 000,001,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/08/11 15:51:04 | 000,001,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk
[2010/08/11 15:51:04 | 000,000,637 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BDARemote.lnk
[2010/08/11 10:33:59 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2010/08/10 13:28:17 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/10 12:58:04 | 3487,748,096 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/10 11:44:06 | 063,336,486 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/08/10 11:44:06 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/08/09 22:37:23 | 000,000,402 | ---- | C] () -- C:\Users\John\Desktop\fixreg.reg
[2010/07/16 09:39:10 | 000,053,613 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/07/16 09:39:09 | 000,053,613 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/07/15 11:23:56 | 000,007,916 | ---- | C] () -- C:\Users\John\AppData\Local\d3d9caps.dat
[2009/12/20 18:42:18 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/08/18 12:11:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/14 12:27:24 | 000,049,152 | ---- | C] () -- C:\Windows\System32\FTPStubInstUtils.dll
[2009/06/14 01:30:02 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/06/12 17:48:18 | 000,000,013 | ---- | C] () -- C:\Windows\OemOut.ini
[2008/06/06 22:53:39 | 000,001,652 | ---- | C] () -- C:\Windows\wsnk.ini
[2008/05/02 12:49:43 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2008/04/29 20:35:29 | 000,000,101 | ---- | C] () -- C:\Windows\REDEMUNINS.INI
[2008/04/25 04:04:19 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/04/24 13:22:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\MFT_anet.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/08/03 21:33:33 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DataSafeOnline
[2010/07/01 22:52:00 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Image Zone Express
[2009/06/11 11:16:00 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Nitro PDF
[2010/08/12 00:05:51 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PrimoPDF
[2009/05/24 22:32:43 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Printer Info Cache
[2008/04/29 22:18:10 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Redemption
[2010/08/05 16:52:25 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\webex
[2008/06/08 23:17:34 | 000,000,000 | ---D | M] -- C:\Users\Mai\AppData\Roaming\Image Zone Express
[2008/07/19 22:31:44 | 000,000,000 | ---D | M] -- C:\Users\Mai\AppData\Roaming\NCH Swift Sound
[2009/07/09 21:11:31 | 000,000,000 | ---D | M] -- C:\Users\Mai\AppData\Roaming\Nitro PDF
[2008/06/08 23:03:34 | 000,000,000 | ---D | M] -- C:\Users\Mai\AppData\Roaming\Printer Info Cache
[2009/11/26 20:49:22 | 000,000,000 | ---D | M] -- C:\Users\Mai\AppData\Roaming\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1
[2010/08/12 00:57:31 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/08/10 15:39:05 | 000,016,435 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/04/25 11:45:08 | 000,004,796 | RH-- | M] () -- C:\dell.sdr
[2010/08/12 09:45:09 | 3487,748,096 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/12 09:45:08 | 3801,366,528 | -HS- | M] () -- C:\pagefile.sys
[2008/04/25 04:19:11 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2007/08/07 16:49:00 | 000,065,536 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\bcmwlrmt.dll
[2009/03/08 04:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 04:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2010/06/25 23:02:14 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll
[2009/04/10 23:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/10 23:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 03:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/08/10 11:44:09 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/08/10 11:44:07 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/08/10 11:44:15 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/06/18 08:04:57 | 000,302,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2010/06/18 08:04:44 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2010/06/16 09:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys

< %appdata%\*.* >
[2010/08/11 00:25:04 | 000,000,310 | ---- | M] () -- C:\Users\John\AppData\Roaming\APUSet.xml
[2010/08/11 00:25:35 | 000,006,431 | ---- | M] () -- C:\Users\John\AppData\Roaming\PrimoPDFSet.xml
[2008/04/29 20:10:22 | 000,000,008 | ---- | M] () -- C:\Users\John\AppData\Roaming\usb.dat.bin

< %PROGRAMFILES%\*. >
[2008/05/02 12:49:41 | 000,000,000 | ---D | M] -- C:\Program Files\activePDF
[2010/06/26 22:36:07 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/12/21 15:39:05 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/01/04 22:47:39 | 000,000,000 | ---D | M] -- C:\Program Files\ATI
[2010/01/04 22:46:10 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2010/06/26 22:56:09 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2008/09/10 20:51:43 | 000,000,000 | ---D | M] -- C:\Program Files\AVS4YOU
[2010/07/03 13:25:42 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/08/10 15:35:14 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/01/04 22:47:44 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2008/04/25 04:20:26 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2008/04/25 04:06:15 | 000,000,000 | ---D | M] -- C:\Program Files\Dell DataSafe Online
[2008/04/25 04:08:37 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2010/01/04 22:52:21 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2009/11/26 20:31:34 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2008/05/10 21:00:08 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/06/06 23:38:03 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2008/05/02 22:48:45 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/01/04 22:50:24 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/04/25 04:04:16 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/08/11 15:18:18 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/07/03 13:27:52 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/07/03 13:28:11 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2008/04/25 04:02:46 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2008/06/12 17:48:18 | 000,000,000 | ---D | M] -- C:\Program Files\Juniper
[2010/08/10 13:28:17 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/10/05 16:10:50 | 000,000,000 | ---D | M] -- C:\Program Files\Maxtor
[2006/11/02 05:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2010/04/21 20:01:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/06/27 13:49:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/04/22 03:05:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/06/25 07:28:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/11 15:18:16 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/04/25 18:23:53 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/07/22 22:12:26 | 000,000,000 | ---D | M] -- C:\Program Files\My.Freeze.com NetAssistant
[2008/07/19 23:22:33 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Swift Sound
[2010/08/11 10:33:57 | 000,000,000 | ---D | M] -- C:\Program Files\Nitro PDF
[2010/07/16 09:31:40 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2010/06/27 13:49:12 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006/11/02 05:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/04/25 04:17:31 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2010/06/02 07:03:06 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2008/07/26 16:13:32 | 000,000,000 | ---D | M] -- C:\Program Files\SmartSoftVideoConverter
[2010/08/12 10:22:09 | 000,000,000 | ---D | M] -- C:\Program Files\thinkTDA
[2010/02/21 16:36:35 | 000,000,000 | ---D | M] -- C:\Program Files\TurboTax
[2006/11/02 06:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/01/04 22:50:28 | 000,000,000 | ---D | M] -- C:\Program Files\USB TV
[2008/07/22 22:23:33 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2009/10/08 23:38:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/10/08 23:38:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009/10/08 23:38:06 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/10/08 23:38:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2010/08/11 14:56:59 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2009/10/29 07:24:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 05:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/10/08 23:38:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009/11/17 12:18:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/10/08 23:38:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2009/06/14 12:27:24 | 000,000,000 | ---D | M] -- C:\Program Files\WS_FTP Pro
[2010/08/03 22:08:13 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
< End of report >


Last edited by smartbro949 on 13th August 2010, 7:04 am; edited 2 times in total

Ah my apologies I thought I gave you instructions before.

Download OTL.exe by OldTimer to your Desktop.

• Close all windows and double click OTL.exe.
  
• Click Run Scan and let the program run uninterrupted.
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

Here is the extras OTL scan log. The OTL scan is on the first post.

Thanks again

OTL Extras logfile created on: 8/12/2010 11:49:44 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\John\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.71 Gb Total Space | 341.66 Gb Free Space | 74.97% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.24 Gb Free Space | 52.35% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 391.33 Gb Free Space | 84.02% Space Free | Partition Type: NTFS
Drive G: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHN-PC
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C3BF82DF-CE5A-4955-A2E0-534AC577CD9F}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{C5D83982-7225-4062-A97B-0427479B451F}" = lport=86 | protocol=6 | dir=in | name=broadcam web server |
"{C723FADE-7085-4FC6-96A6-10AEFE3902B8}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BE1D5EC-ADCC-4A1E-B3FD-6AF19A888F84}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
"{211893D5-7B50-49FC-86FF-A2085D00C716}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{234C5622-3DF7-4E16-9027-6E8DFD2D9916}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{27EF8BD5-1010-44AB-9EDB-6CEB740AD121}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{303D5885-183A-464E-BBC0-4C4B75D043E6}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
"{368109EE-B321-4FF6-8AAC-9ADF0C60C388}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{37398C07-3C3D-4650-AAB1-A55633C387CF}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{3AC36FB7-39CB-4847-9D55-05A5A57F168D}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{9086F673-6224-4306-BE6E-E4B9E288F79D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{90DDBB83-17C4-4544-B108-DE8CA3D5DE3F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CB2CF4AC-6980-43D9-B647-B641C323A8BA}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F215EE0F-EED4-453B-BDA9-D6EE178B718F}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{F5F7A60B-F5C1-4685-9D1A-BB2688E41362}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{08C151C6-98C9-4015-87A3-C836D093A408}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{120F7E7F-AD63-47C3-A6D4-0599DD97ECA9}C:\program files\thinktda\usergui\1613\ieembed.exe" = protocol=6 | dir=in | app=c:\program files\thinktda\usergui\1613\ieembed.exe |
"TCP Query User{1E385DC6-055F-4D34-9675-24386ACA5228}C:\program files\thinktda\usergui\1611\ieembed.exe" = protocol=6 | dir=in | app=c:\program files\thinktda\usergui\1611\ieembed.exe |
"TCP Query User{378E8393-4C88-43DD-AA85-37CF914E7A5A}C:\program files\thinktda\usergui\1644\ieembed.exe" = protocol=6 | dir=in | app=c:\program files\thinktda\usergui\1644\ieembed.exe |
"TCP Query User{43340F0E-F6BF-4E31-81F9-B38718A24364}C:\program files\thinktda\usergui\1614\ieembed.exe" = protocol=6 | dir=in | app=c:\program files\thinktda\usergui\1614\ieembed.exe |
"TCP Query User{83429BF1-2711-43F3-BEF6-B34BC4242DD9}C:\program files\thinktda\usergui\1675\ieembed.exe" = protocol=6 | dir=in | app=c:\program files\thinktda\usergui\1675\ieembed.exe |
"TCP Query User{AC94E1F6-044B-4D69-B249-29F830A4A87D}C:\program files\thinktda\usergui\1588\ieembed.exe" = protocol=6 | dir=in | app=c:\program files\thinktda\usergui\1588\ieembed.exe |
"TCP Query User{B30FED32-ECE3-47F0-BD52-11A4291C4766}C:\program files\thinktda\usergui\1646\ieembed.exe" = protocol=6 | dir=in | app=c:\program files\thinktda\usergui\1646\ieembed.exe |
"TCP Query User{B3861E82-BDE7-43E3-8C93-662251906301}C:\program files\thinktda\usergui\1585\ieembed.exe" = protocol=6 | dir=in | app=c:\program files\thinktda\usergui\1585\ieembed.exe |
"TCP Query User{D15748B0-4A18-47AF-AD5A-B304525CB7FF}C:\program files\thinktda\usergui\1640\ieembed.exe" = protocol=6 | dir=in | app=c:\program files\thinktda\usergui\1640\ieembed.exe |
"TCP Query User{D300BEDD-6F13-4411-B26B-7C0C0B37DEF1}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{D92E3C52-49AB-422D-9BDB-A40563E390AA}C:\program files\thinktda\usergui\1643\ieembed.exe" = protocol=6 | dir=in | app=c:\program files\thinktda\usergui\1643\ieembed.exe |
"TCP Query User{DD497446-821A-4EB6-B833-F9DB19B74020}C:\program files\thinktda\usergui\1642\ieembed.exe" = protocol=6 | dir=in | app=c:\program files\thinktda\usergui\1642\ieembed.exe |
"UDP Query User{061EB3CD-B7B7-4205-AEFF-FD4BDA8323CB}C:\program files\thinktda\usergui\1644\ieembed.exe" = protocol=17 | dir=in | app=c:\program files\thinktda\usergui\1644\ieembed.exe |
"UDP Query User{0C191387-AE36-43EE-86B4-0596812F36AC}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1DF50405-21AC-40F8-9C66-8B10938E9F0E}C:\program files\thinktda\usergui\1588\ieembed.exe" = protocol=17 | dir=in | app=c:\program files\thinktda\usergui\1588\ieembed.exe |
"UDP Query User{2903ABDB-8FBF-4940-9EA3-76BAE92E9C6B}C:\program files\thinktda\usergui\1613\ieembed.exe" = protocol=17 | dir=in | app=c:\program files\thinktda\usergui\1613\ieembed.exe |
"UDP Query User{332F6A2F-B4EF-4C14-9BB7-994640B66886}C:\program files\thinktda\usergui\1614\ieembed.exe" = protocol=17 | dir=in | app=c:\program files\thinktda\usergui\1614\ieembed.exe |
"UDP Query User{61145E22-EA95-4406-B6E2-AD11699314E8}C:\program files\thinktda\usergui\1646\ieembed.exe" = protocol=17 | dir=in | app=c:\program files\thinktda\usergui\1646\ieembed.exe |
"UDP Query User{6FBDB0C4-B27F-463C-9EE8-A19CB6B4A5B3}C:\program files\thinktda\usergui\1643\ieembed.exe" = protocol=17 | dir=in | app=c:\program files\thinktda\usergui\1643\ieembed.exe |
"UDP Query User{8D84F65E-D04E-46FC-9F0E-4BC823D5D630}C:\program files\thinktda\usergui\1642\ieembed.exe" = protocol=17 | dir=in | app=c:\program files\thinktda\usergui\1642\ieembed.exe |
"UDP Query User{8F3D2CD9-EB71-4E44-9910-72001EA7ACB1}C:\program files\thinktda\usergui\1675\ieembed.exe" = protocol=17 | dir=in | app=c:\program files\thinktda\usergui\1675\ieembed.exe |
"UDP Query User{9E3B7CE6-9CCD-4D20-B8A1-CBF00C4928B9}C:\program files\thinktda\usergui\1611\ieembed.exe" = protocol=17 | dir=in | app=c:\program files\thinktda\usergui\1611\ieembed.exe |
"UDP Query User{AA435583-13FB-4330-9441-1C4F2C9859DD}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{B09D9A4F-C8EE-4ABF-9C1F-35764E472B10}C:\program files\thinktda\usergui\1640\ieembed.exe" = protocol=17 | dir=in | app=c:\program files\thinktda\usergui\1640\ieembed.exe |
"UDP Query User{DA4B526E-6B81-40C6-86C4-A0136E545DE7}C:\program files\thinktda\usergui\1585\ieembed.exe" = protocol=17 | dir=in | app=c:\program files\thinktda\usergui\1585\ieembed.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Catalyst Media Center
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB Video Driver
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4D36E953-4456-4F8F-BC44-90BC4AA59889}" = Maxtor Manager
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4FB600F5-C478-4DF7-A2BC-57D3807BAC91}" = BPDSoftware_Ini
"{5104B07C-6A3D-4E7E-8BBB-960B52554BDD}" = BPD_HPSU
"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{7AA9AC5F-E6E2-4310-9DE5-8282748C0A90}" = Nitro PDF Professional
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{868EA922-5675-4E91-BDA6-BBD0F923C5EF}" = HP Officejet Pro All-In-One Series
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8868D822-2CBA-46B2-A286-B400B6185769}" = 7500_7600_7700_Help
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8F968232-15C6-4872-84C2-9FCDAA1AEAB6}" = MPM
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C3E98E64-683E-4271-9D39-88B1AAB1AE7B}" = L7600
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher
"{DEB9AEF7-3ADA-40a9-9C98-546D54FE9CBD}" = ProductContext
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{FC4F90EC-B1DA-11D9-9D77-000129760D75}" = Catalyst Media Center DVD Authoring Module
"69083DC58646DE46A09847A522A1CC487F918039" = Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG9Uninstall" = AVG Free 9.0
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Google Desktop" = Google Desktop
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"thinkorswim from TD AMERITRADE" = thinkorswim from TD AMERITRADE
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"WS_FTP Pro" = Ipswitch WS_FTP Pro

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1764452266-3460967335-3339530625-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/21/2009 1:12:55 AM | Computer Name = John-PC | Source = EventSystem | ID = 4621
Description =

Error - 9/21/2009 3:17:40 AM | Computer Name = John-PC | Source = EventSystem | ID = 4621
Description =

Error - 9/22/2009 1:36:55 AM | Computer Name = John-PC | Source = EventSystem | ID = 4622
Description =

Error - 9/22/2009 1:36:55 AM | Computer Name = John-PC | Source = EventSystem | ID = 4621
Description =

Error - 9/22/2009 5:57:42 PM | Computer Name = John-PC | Source = EventSystem | ID = 4621
Description =

Error - 9/23/2009 3:20:28 AM | Computer Name = John-PC | Source = EventSystem | ID = 4621
Description =

Error - 9/23/2009 8:09:41 PM | Computer Name = John-PC | Source = EventSystem | ID = 4621
Description =

Error - 9/24/2009 3:39:25 AM | Computer Name = John-PC | Source = EventSystem | ID = 4621
Description =

Error - 9/25/2009 8:10:51 PM | Computer Name = John-PC | Source = EventSystem | ID = 4621
Description =

Error - 9/28/2009 3:00:08 AM | Computer Name = John-PC | Source = EventSystem | ID = 4621
Description =

[ Broadcom Wireless LAN Events ]
Error - 6/27/2010 3:51:00 PM | Computer Name = John-PC | Source = WLAN-Tray | ID = 0
Description = 12:50:59, Sun, Jun 27, 10 Error - Unable to gain access to user store


Error - 8/9/2010 2:05:52 AM | Computer Name = John-PC | Source = WLAN-Tray | ID = 0
Description = 23:05:52, Sun, Aug 08, 10 Error - Unable to gain access to user store


Error - 8/9/2010 2:43:03 AM | Computer Name = John-PC | Source = WLAN-Tray | ID = 0
Description = 23:43:03, Sun, Aug 08, 10 Error - Unable to gain access to user store


Error - 8/10/2010 12:46:50 AM | Computer Name = John-PC | Source = WLAN-Tray | ID = 0
Description = 21:46:50, Mon, Aug 09, 10 Error - Unable to gain access to user store


Error - 8/10/2010 3:11:29 PM | Computer Name = John-PC | Source = WLAN-Tray | ID = 0
Description = 12:11:29, Tue, Aug 10, 10 Error - Unable to gain access to user store


Error - 8/10/2010 3:58:10 PM | Computer Name = John-PC | Source = WLAN-Tray | ID = 0
Description = 12:58:10, Tue, Aug 10, 10 Error - Unable to gain access to user store


[ Media Center Events ]
Error - 5/30/2008 4:27:20 PM | Computer Name = John-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/1/2008 1:24:36 AM | Computer Name = John-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/6/2008 11:26:20 PM | Computer Name = John-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/8/2008 6:04:47 PM | Computer Name = John-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 11/10/2008 3:05:23 AM | Computer Name = John-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/1/2009 2:37:59 PM | Computer Name = John-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/1/2009 2:49:31 AM | Computer Name = John-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 3/8/2009 11:43:11 PM | Computer Name = John-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/11/2009 3:37:15 PM | Computer Name = John-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/11/2009 11:44:10 PM | Computer Name = John-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 9/8/2009 11:28:28 PM | Computer Name = John-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 534
seconds with 300 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/12/2010 5:15:53 PM | Computer Name = John-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OneTouch 4.

Error - 8/12/2010 5:15:53 PM | Computer Name = John-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OneTouch 4.

Error - 8/12/2010 5:15:54 PM | Computer Name = John-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OneTouch 4.

Error - 8/12/2010 5:15:54 PM | Computer Name = John-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OneTouch 4.

Error - 8/12/2010 6:02:19 PM | Computer Name = John-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OneTouch 4.

Error - 8/12/2010 6:02:19 PM | Computer Name = John-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OneTouch 4.

Error - 8/13/2010 1:55:48 AM | Computer Name = John-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OneTouch 4.

Error - 8/13/2010 1:55:48 AM | Computer Name = John-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OneTouch 4.

Error - 8/13/2010 2:49:59 AM | Computer Name = John-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OneTouch 4.

Error - 8/13/2010 2:49:59 AM | Computer Name = John-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OneTouch 4.


< End of report >

Hi,

Please go Start>Run type regedit

Look under the following key:

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\INIFilemapping

If you see a value named autorun.inf, which has a value "@SYS: DoesNotExist" please delete it

Hi,

No, it did not have that value.
It has "@SYS:Software\Swearware\dump"

Hi,

Can you delete that value please?

Hi Chris,

That value is deleted and the USB flash drive appears to be working correctly once again. Thank you so much for your help and I have purchased a quick tips book from this site to support your hard work!

Thanks again

Any more issues I can help with?

Nope!

Everything is running swell again. Thanks for all your help. If I have any more issues, I'll be sure to contact you.

Thanks again

Beautiful

Congratulations!! Your PC is all clean!
To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

There are many things you can do to keep this from happening again. You can think of a computer like a car. It requires basic maintenance to keep in tip top shape and ready to go. Would you drive your car 100,000 miles without changing the oil? The same principle applies here.

Cleaning

Now that your PC is free of malware, it is important to clean up your PC. There are several good free cleaners available. You should make sure to clean up your temp files regularly, at least once a week.

ATF Cleaner
CCleaner

Defragmenting Your Hard Disk

Over time your PC can become fragmented, Windows comes with a defragmenting utility, however, it is very slow, and there are other options available.

To use the defragmenter included with Windows either go to Start/Run and type dfrg.msc, hit enter; or
right-click My Computer, choose Manage, Storage, Disk Defragmenter.

In the Defragmenter utility, select your main partition/HD, generally C:\ and select analyze . The analysis report will tell you whether or not your disk needs to be defragmented, if it does, click defragment. Be patient, this can take a long time.

Repeat for multiple partitions/hard disks.

System Restore Cleanup Instructions

If you are using Windows ME or XP then it is good to disable and re-enable system restore to make sure there are no infected files left in a restore point. (All restore points will be deleted that way)
You can find instructions on how to disable and re-enable system restore here:

Windows ME System Restore Guide

Windows XP System Restore Guide

Reading Tip:
Computer Health
Keep Your System Updated

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately, if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

To update Windows and office

Go to Start > All Programs > Microsoft Update

Alternatively, you can visit the link below to update Windows and Office products.

Microsoft Update

If you are forgetful, you can change some settings so that you will be informed of updates. Here's how:

1. Go to Start > Control Panel > Automatic Updates
2. Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
3. Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.4. Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.

Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

Be careful when opening attachments and downloading files.

1. Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
2. Never open emails from unknown senders.
3. Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These are called hoaxes. The email addresses used in the hoaxes can be easily spoofed. Check the antivirus vendor websites to be sure.
4. Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Surf safely

Many security exploits on websites are directed to users of Internet Explorer and Firefox.

If you use Firefox, try the No-script Add On - which, by default, disables all scripts on all websites. If you trust the website, you can manually allow scripts to work.

Backup regularly

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft Article to learn how to backup. Follow This Article by Microsoft to restore your backups.

Alternatively, you can use 3rd-party programs to back up your data. Examples of these can be found at
Bleeping Computer

Avoid P2P

I see you have P2P software installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

Prevent A Re-infection

1. Winpatrol

Winpatrol is a heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features Here

You can get a Free Copy of Winpatrol or use the Plus Version for more features.

You can read Win Patrol FAQ if you run into problems.

2. Hosts File

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:
MVPS Hosts File
Blue Tack’s Hosts File
Blue Tack’s Hosts Manager

3. Spybot Search and Destroy

Spybot Search & Destroy is another program for scanning spyware and adware. You are strongly encouraged to run a scan at least once per week.

Spybot Search & Destroy can be downloaded from here.

If you need help in using Spybot Search & Destroy, you can read Spybot Search and Destroy tutorial at Bleeping Computer.

4. SiteHound Toolbar

SiteHound is a toolbar that warns you if you go to a site that is known to scam people, that has potentially lots of viruses or spyware or other questionable content. If you know the site, you can enter it; if you don't, it will bring you back to the previous page. Currently, SiteHound works for Internet Explorer and Firefox only.

====

Stand Up and Be Counted ---> Malware Complaints<--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
============================================================
See this page for more info about malware and prevention.
Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site.
Before the thread is archived, do you have any more questions?

Happy surfing and stay clean!