Author Topic: I could not access ComputerHopeForum for at least 24 hours then suddenly (Read 13530 times)

jim.mar · « **on:** December 11, 2010, 02:55:51 PM »

I could not access ComputerHopeForum for at least 24 hours then suddenly, when i triedagain, I landed on this site which said

"Unfortunately, you have landed here because of an infection of some sort."
I followed all of the instrutons as best I could. All of the logs are attached. The HijackThis log is a screen snap as I couldn't figure how to copy all of the items.

I hope it is satisfactory... I tried to access the forum because I was having other troubles accessing some sites and I was looking for help. It all seemed to start when I cleared out my flash cookie file acting on the advice of Kim Komander. Things have not worked the same since. Can I correct this by using System Restore?? Thanks for your help, JIM

[recovering disk space - old attachment deleted by admin]

Computer_Commando · « **Reply #1 on:** December 11, 2010, 03:02:59 PM »

**Warning**
No helper is going to click on a *.doc linked file. It could be infected. Follow the instructions to copy & paste all the logs here.

jim.mar · « **Reply #2 on:** December 11, 2010, 03:04:54 PM »

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/10/2010 at 02:10 PM

Application Version : 4.46.1000

Core Rules Database Version : 5985
Trace Rules Database Version: 3797

Scan type : Complete Scan
Total Scan Time : 03:44:24

Memory items scanned : 540
Memory threats detected : 0
Registry items scanned : 11879
Registry threats detected : 10
File items scanned : 134229
File threats detected : 27

Browser Hijacker.Tubby
   (x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar
   (x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#NoModify
   (x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#NoRepair
   (x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#DisplayName
   (x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#UninstallString
   (x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#DisplayIcon
   (x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#DisplayVersion
   (x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#URLInfoAbout
   (x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#Publisher
   (x86) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#EstimatedSize

Adware.Tracking Cookie
   C:\Users\JIM\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@atdmt[1].txt
   C:\Users\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@bizrate[2].txt
   C:\Users\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@clickfuse[1].txt
   C:\Users\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@doubleclick[1].txt
   C:\Users\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@fastclick[1].txt
   C:\Users\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@kontera[1].txt
   C:\Users\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@media6degrees[1].txt
   C:\Users\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
   C:\Users\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@pointroll[2].txt
   C:\Users\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@questionmarket[1].txt
   C:\Users\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@revsci[1].txt
   C:\Users\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@serving-sys[2].txt
   C:\Users\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@steelhousemedia[2].txt
   C:\Users\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@trafficmp[1].txt
   C:\Users\Terri\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Terri\AppData\Roaming\Microsoft\Windows\Cookies\terri@azjmp[1].txt
   C:\Users\Terri\AppData\Roaming\Microsoft\Windows\Cookies\terri@doubleclick[1].txt

Trojan.Agent/Gen-Nullo[Micro]
   C:\WINDOWS\INSTALLER\MSI3814.TMP

jim.mar · « **Reply #3 on:** December 11, 2010, 03:06:08 PM »

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 6.1.7600

12/9/2010 9:42:13 AM
mbam-log-2010-12-09 (09-42-13).txt

Scan type: Quick Scan
Objects scanned: 98785
Time elapsed: 2 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d425283-d487-4337-bab6-ab8354a81457} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9d425283-d487-4337-bab6-ab8354a81457} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll (Adware.BHO) -> Quarantined and deleted successfully.

jim.mar · « **Reply #4 on:** December 11, 2010, 03:28:35 PM »

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:24:37 PM, on 12/11/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe
C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\Nero\Nero 9\Nero Express\NeroExpress.exe
C:\Program Files (x86)\Nero\Nero 9\Nero Express\NeroExpress.exe
C:\Program Files (x86)\Nero\Nero 9\Nero CoverDesigner\CoverDes.exe
C:\Program Files (x86)\Microsoft Office\Office\EXCEL.EXE
C:\Users\JIM\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
C:\PROGRA~2\Crawler\Toolbar\CToolbar.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\sniper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files (x86)\Elf_1.13\tbElf_.dll
R3 - URLSearchHook: SearchElf 1.1 Toolbar - {00f2c0c6-2194-484e-9064-44e57787867b} - C:\Program Files (x86)\SearchElf_1.1\tbSear.dll
O2 - BHO: SearchElf 1.1 Toolbar - {00f2c0c6-2194-484e-9064-44e57787867b} - C:\Program Files (x86)\SearchElf_1.1\tbSear.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files (x86)\Elf_1.13\tbElf_.dll
O2 - BHO: TranslatorBar 5 - {b9b97401-98e1-4942-930d-c36652dab7f2} - C:\Program Files (x86)\TranslatorBar_5\tbTra1.dll
O2 - BHO: NCH Toolbar - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\tbNCH.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
O3 - Toolbar: NCH Toolbar - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\tbNCH.dll
O3 - Toolbar: TranslatorBar 5 Toolbar - {b9b97401-98e1-4942-930d-c36652dab7f2} - C:\Program Files (x86)\TranslatorBar_5\tbTra1.dll
O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O3 - Toolbar: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files (x86)\Elf_1.13\tbElf_.dll
O3 - Toolbar: SearchElf 1.1 Toolbar - {00f2c0c6-2194-484e-9064-44e57787867b} - C:\Program Files (x86)\SearchElf_1.1\tbSear.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKCU\..\Run: [DriverFinder] C:\Program Files (x86)\DriverFinder\DriverFinder.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: CNET TechTracker.lnk = JIM\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12386 bytes

jim.mar · « **Reply #5 on:** December 14, 2010, 02:20:08 PM »

Quote from: Computer_Commando on December 11, 2010, 03:02:59 PM

**Warning**
No helper is going to click on a *.doc linked file. It could be infected. Follow the instructions to copy & paste all the logs here.

Thank you Computer_Comando, I'll know better next time. I have tried "System restore" back to before the problem started but it didn't work. So I guess I'll start over. Thanks for looking, see ya later, JIM

harry 48 · « **Reply #6 on:** December 14, 2010, 02:32:00 PM »

quote; So I guess I'll start over.

wait for an expert to help you , if you mean to reformat your pc by above

jim.mar · « **Reply #7 on:** December 14, 2010, 02:40:59 PM »

Quote from: harry 48 on December 14, 2010, 02:32:00 PM

quote; So I guess I'll start over.

wait for an expert to help you , if you mean to reformat your pc by above

Thanks Harry, no I didn't mean that but I have been waiting for an expert with no response so I figured I must have done something wrong. (I suppose they are all very busy) What I meant was, because I had used system restore, that the "logs" were no longer applicable and that I would have to do the whole procedure again. Right now I am too tired and confused. I think I have a problem with ADD. Whatever. Anyway, thanks for the comeback, I was beginning to think maybe I was banned or something. Thanks again, I'll try again tomorrow. JIM

SuperDave · « **Reply #8 on:** December 15, 2010, 04:04:06 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

Please uninstall Crawler and/or CToolBar from your programs. It is malware.

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
*******************************************
Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
RegistryBooster
There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners
*********************************************
Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
nvrd32.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

jim.mar · « **Reply #9 on:** December 16, 2010, 04:09:08 PM »

OK SuperDAve; I followed directions and here are the results of running OTL

OTL logfile created on: 12/16/2010 2:48:35 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\JIM\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244.04 Gb Total Space | 198.30 Gb Free Space | 81.26% Space Free | Partition Type: NTFS
Drive D: | 352.03 Gb Total Space | 285.01 Gb Free Space | 80.96% Space Free | Partition Type: NTFS
Drive E: | 63.48 Gb Total Space | 45.84 Gb Free Space | 72.22% Space Free | Partition Type: NTFS
Drive F: | 12.86 Gb Total Space | 8.70 Gb Free Space | 67.68% Space Free | Partition Type: NTFS

Computer Name: ROSE | User Name: JIM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\Users\JIM\Downloads\OTL.exe
PRC - [2010/12/16 09:46:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\JIM\Desktop\OTL.exe
PRC - [2010/12/09 10:44:21 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
PRC - [2010/11/10 20:08:04 | 000,724,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/11/10 20:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 05:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2010/09/07 09:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/09/03 12:08:10 | 002,618,368 | ---- | M] () -- C:\Users\JIM\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
PRC - [2009/11/06 12:58:38 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2006/11/09 10:19:14 | 000,204,800 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe
PRC - [2006/03/08 08:56:00 | 000,278,528 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe

========== Modules (SafeList) ==========

MOD - [2010/12/16 09:46:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\JIM\Desktop\OTL.exe
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/09/07 09:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/06/29 10:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/10 20:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/06 11:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/06 12:58:38 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/09 23:20:56 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2010/09/13 16:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2010/09/07 08:47:33 | 000,061,008 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/09/07 03:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2010/09/07 03:48:52 | 000,305,232 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/09/07 03:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2010/08/19 21:42:38 | 000,157,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2010/08/19 21:42:38 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2010/05/15 04:11:48 | 001,327,520 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010/02/17 11:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 11:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/11/27 00:47:56 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {00f2c0c6-2194-484e-9064-44e57787867b} - C:\Program Files (x86)\SearchElf_1.1\tbSear.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files (x86)\Elf_1.13\tbElf_.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {b9b97401-98e1-4942-930d-c36652dab7f2} - C:\Program Files (x86)\TranslatorBar_5\tbTra1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\tbNCH.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C4 CA 29 B2 96 70 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {00f2c0c6-2194-484e-9064-44e57787867b} - C:\Program Files (x86)\SearchElf_1.1\tbSear.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files (x86)\Elf_1.13\tbElf_.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2010/11/29 09:45:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010/10/22 12:01:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/10/22 12:01:45 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (SearchElf 1.1 Toolbar) - {00f2c0c6-2194-484e-9064-44e57787867b} - C:\Program Files (x86)\SearchElf_1.1\tbSear.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Elf 1.13 Toolbar) - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files (x86)\Elf_1.13\tbElf_.dll (Conduit Ltd.)
O2 - BHO: (TranslatorBar 5 Toolbar) - {b9b97401-98e1-4942-930d-c36652dab7f2} - C:\Program Files (x86)\TranslatorBar_5\tbTra1.dll (Conduit Ltd.)
O2 - BHO: (NCH Toolbar) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\tbNCH.dll (Conduit Ltd.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (SearchElf 1.1 Toolbar) - {00f2c0c6-2194-484e-9064-44e57787867b} - C:\Program Files (x86)\SearchElf_1.1\tbSear.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Elf 1.13 Toolbar) - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files (x86)\Elf_1.13\tbElf_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (TranslatorBar 5 Toolbar) - {b9b97401-98e1-4942-930d-c36652dab7f2} - C:\Program Files (x86)\TranslatorBar_5\tbTra1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (NCH Toolbar) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\tbNCH.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SearchElf 1.1 Toolbar) - {00F2C0C6-2194-484E-9064-44E57787867B} - C:\Program Files (x86)\SearchElf_1.1\tbSear.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Elf 1.13 Toolbar) - {B80F591E-FE9A-46CF-A13E-180377240586} - C:\Program Files (x86)\Elf_1.13\tbElf_.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (TranslatorBar 5 Toolbar) - {B9B97401-98E1-4942-930D-C36652DAB7F2} - C:\Program Files (x86)\TranslatorBar_5\tbTra1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (NCH Toolbar) - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - C:\Program Files (x86)\NCH\tbNCH.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [Creative MediaSource Go] C:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [DriverFinder] C:\Program Files (x86)\DriverFinder\DriverFinder.exe ()
O4 - HKCU..\Run: [MtdAcqu] C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\JIM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk = C:\Users\JIM\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/28 07:28:10 | 000,023,040 | ---- | M] () - E:\Auto Repair list 11-29-05.doc -- [ NTFS ]
O32 - AutoRun File - [2005/11/27 13:25:09 | 000,025,600 | ---- | M] () - E:\Auto specs.xls -- [ NTFS ]
O32 - AutoRun File - [2009/07/14 02:29:38 | 000,000,122 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\PROGRA~2\MCAFEE~1\202B13~1.181\SSSCHE~1.EXE - File not found
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: HDAudDeck - hkey= - key= - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
MsConfig:64bit - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig:64bit - StartUpReg: Microsoft Default Manager - hkey= - key= - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: MSN Toolbar - hkey= - key= - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe (Microsoft Corp.)
MsConfig:64bit - StartUpReg: OPSE reminder - hkey= - key= - C:\Program Files (x86)\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe (ScanSoft, Inc.)
MsConfig:64bit - StartUpReg: OpwareSE2 - hkey= - key= - C:\Program Files (x86)\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
MsConfig:64bit - StartUpReg: RegistryBooster - hkey= - key= - C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/16 09:46:51 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\JIM\Desktop\OTL.exe
[2010/12/11 14:18:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/12/11 14:07:06 | 000,000,000 | ---D | C] -- C:\Users\JIM\Documents\Downloads
[2010/12/11 14:06:57 | 000,000,000 | ---D | C] -- C:\Users\JIM\AppData\Local\OpenCandy
[2010/12/11 14:06:56 | 000,000,000 | ---D | C] -- C:\Users\JIM\AppData\Roaming\OpenCandy
[2010/12/11 14:06:56 | 000,000,000 | ---D | C] -- C:\Users\JIM\AppData\Roaming\CBS Interactive
[2010/12/11 14:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/12/11 14:03:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/12/11 14:02:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/12/10 11:06:03 | 000,000,000 | ---D | C] -- C:\Users\JIM\AppData\Roaming\SUPERAntiSpyware.com
[2010/12/10 11:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/12/10 11:05:58 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/12/10 11:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/12/10 09:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/12/08 11:02:12 | 000,000,000 | ---D | C] -- C:\Users\JIM\Desktop\SYTEM PROTECT
[2010/12/04 10:59:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2010/12/04 09:44:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchElf_1.1
[2010/12/04 09:43:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elf_1.13
[2010/12/03 14:17:11 | 000,000,000 | ---D | C] -- C:\Users\JIM\AppData\Roaming\eGames
[2010/12/03 14:03:13 | 000,000,000 | ---D | C] -- C:\Users\JIM\Desktop\Dump
[2010/12/02 09:59:56 | 000,000,000 | ---D | C] -- C:\Users\JIM\AppData\Roaming\Audacity
[2010/12/02 09:59:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
[2010/11/17 11:52:36 | 000,000,000 | ---D | C] -- C:\Users\JIM\New folder (2)
[2010/11/17 11:51:00 | 000,000,000 | ---D | C] -- C:\Users\JIM\New folder
[2010/11/17 11:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\Audio Converter 2
[2010/11/17 11:04:06 | 000,000,000 | ---D | C] -- C:\Users\JIM\AppData\Roaming\Xilisoft
[2010/11/17 11:03:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xilisoft
[2010/11/17 10:25:26 | 000,000,000 | ---D | C] -- C:\Users\JIM\Desktop\Audio format conv
[2010/11/16 16:46:58 | 000,000,000 | ---D | C] -- C:\Users\JIM\Desktop\PRETTY PAPER cd

========== Files - Modified Within 30 Days ==========

[2010/12/16 14:30:48 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/16 14:30:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/16 09:55:36 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/12/16 09:55:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/16 09:46:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\JIM\Desktop\OTL.exe
[2010/12/16 09:17:06 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/16 09:17:06 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/16 09:15:28 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/16 09:15:28 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/16 09:15:28 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/16 09:13:16 | 101,926,471 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2010/12/16 09:09:20 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/14 15:05:21 | 000,007,605 | ---- | M] () -- C:\Users\JIM\AppData\Local\resmon.resmoncfg
[2010/12/13 10:40:44 | 000,231,739 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2010/12/11 17:43:24 | 000,024,576 | ---- | M] () -- C:\Users\JIM\Documents\Fred comes home from his usual Saturday golf game.doc
[2010/12/11 14:27:16 | 000,002,965 | ---- | M] () -- C:\Users\JIM\Desktop\HiJackThis.lnk
[2010/12/11 14:25:53 | 000,001,640 | ---- | M] () -- C:\Users\JIM\Desktop\sniper - Shortcut.lnk
[2010/12/11 14:16:49 | 001,402,880 | ---- | M] () -- C:\Users\JIM\Desktop\HiJackThis.msi
[2010/12/11 14:06:58 | 000,001,184 | ---- | M] () -- C:\Users\JIM\Desktop\CNET TechTracker.lnk
[2010/12/11 14:06:58 | 000,001,164 | ---- | M] () -- C:\Users\JIM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk
[2010/12/10 11:05:57 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/10 10:58:23 | 000,740,352 | ---- | M] () -- C:\Users\JIM\Documents\Doc2.doc
[2010/12/09 12:48:34 | 000,019,456 | ---- | M] () -- C:\Users\JIM\Documents\Doc1.doc
[2010/12/04 11:00:05 | 000,002,736 | ---- | M] () -- C:\Users\JIM\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2010/12/03 09:46:25 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2010/12/02 09:59:19 | 000,001,046 | ---- | M] () -- C:\Users\JIM\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/11/29 20:51:18 | 003,836,427 | ---- | M] () -- C:\01 Come Harvest Time.wma
[2010/11/29 09:39:30 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/20 07:39:04 | 024,155,180 | ---- | M] () -- C:\Users\JIM\Desktop\God Made The Mountains[p].wav
[2010/11/17 11:59:45 | 000,001,297 | ---- | M] () -- C:\Users\JIM\Desktop\AVS4YOU Software Navigator.lnk
[2010/11/17 11:42:39 | 001,007,072 | ---- | M] () -- C:\Users\JIM\Desktop\SystemDlls.zip
[2010/11/17 11:03:58 | 000,002,119 | ---- | M] () -- C:\Users\Public\Desktop\Xilisoft Audio Converter 6.lnk

========== Files Created - No Company Name ==========

[2010/12/11 17:43:23 | 000,024,576 | ---- | C] () -- C:\Users\JIM\Documents\Fred comes home from his usual Saturday golf game.doc
[2010/12/11 14:25:53 | 000,001,640 | ---- | C] () -- C:\Users\JIM\Desktop\sniper - Shortcut.lnk
[2010/12/11 14:18:15 | 000,002,965 | ---- | C] () -- C:\Users\JIM\Desktop\HiJackThis.lnk
[2010/12/11 14:16:44 | 001,402,880 | ---- | C] () -- C:\Users\JIM\Desktop\HiJackThis.msi
[2010/12/11 14:06:58 | 000,001,184 | ---- | C] () -- C:\Users\JIM\Desktop\CNET TechTracker.lnk
[2010/12/11 14:06:58 | 000,001,164 | ---- | C] () -- C:\Users\JIM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk
[2010/12/10 11:05:57 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/10 10:58:23 | 000,740,352 | ---- | C] () -- C:\Users\JIM\Documents\Doc2.doc
[2010/12/09 12:48:32 | 000,019,456 | ---- | C] () -- C:\Users\JIM\Documents\Doc1.doc
[2010/12/04 11:00:05 | 000,002,736 | ---- | C] () -- C:\Users\JIM\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2010/12/03 09:46:25 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2010/12/02 09:59:19 | 000,001,046 | ---- | C] () -- C:\Users\JIM\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/11/29 20:50:41 | 003,836,427 | ---- | C] () -- C:\01 Come Harvest Time.wma
[2010/11/20 07:39:03 | 024,155,180 | ---- | C] () -- C:\Users\JIM\Desktop\God Made The Mountains[p].wav
[2010/11/17 11:41:55 | 001,007,072 | ---- | C] () -- C:\Users\JIM\Desktop\SystemDlls.zip
[2010/11/17 11:03:58 | 000,002,119 | ---- | C] () -- C:\Users\Public\Desktop\Xilisoft Audio Converter 6.lnk
[2010/11/16 10:08:05 | 000,233,472 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2010/11/10 08:09:34 | 000,002,443 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/11/09 12:38:00 | 000,001,302 | ---- | C] () -- C:\ProgramData\ss.ini
[2010/10/28 10:47:41 | 001,064,960 | ---- | C] () -- C:\Windows\SysWow64\MGIIpl2PX.dll
[2010/10/28 10:31:47 | 000,000,520 | ---- | C] () -- C:\Windows\_delis32.ini
[2010/10/23 10:35:09 | 000,000,556 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010/10/21 15:34:46 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/10/20 13:22:51 | 000,007,605 | ---- | C] () -- C:\Users\JIM\AppData\Local\resmon.resmoncfg
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[1999/01/22 11:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL
[1998/01/12 01:00:00 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\REGOBJ.DLL

========== LOP Check ==========

[2010/12/16 09:31:01 | 000,000,000 | ---D | M] -- C:\Users\JIM\AppData\Roaming\Audacity
[2010/10/21 09:25:22 | 000,000,000 | ---D | M] -- C:\Users\JIM\AppData\Roaming\AVG10
[2010/11/07 12:25:38 | 000,000,000 | ---D | M] -- C:\Users\JIM\AppData\Roaming\Canneverbe Limited
[2010/11/19 11:16:47 | 000,000,000 | ---D | M] -- C:\Users\JIM\AppData\Roaming\Canon
[2010/12/16 10:02:11 | 000,000,000 | ---D | M] -- C:\Users\JIM\AppData\Roaming\CBS Interactive
[2010/10/21 16:54:15 | 000,000,000 | ---D | M] -- C:\Users\JIM\AppData\Roaming\DriverFinder
[2010/12/16 10:02:12 | 000,000,000 | ---D | M] -- C:\Users\JIM\AppData\Roaming\eGames
[2010/12/14 13:58:16 | 000,000,000 | ---D | M] -- C:\Users\JIM\AppData\Roaming\NCH Swift Sound
[2010/12/16 10:03:19 | 000,000,000 | ---D | M] -- C:\Users\JIM\AppData\Roaming\OpenCandy
[2010/10/28 11:49:39 | 000,000,000 | ---D | M] -- C:\Users\JIM\AppData\Roaming\PriceGong
[2010/10/23 18:27:41 | 000,000,000 | ---D | M] -- C:\Users\JIM\AppData\Roaming\Recordpad
[2010/10/23 10:35:10 | 000,000,000 | ---D | M] -- C:\Users\JIM\AppData\Roaming\ScanSoft
[2010/10/21 16:44:14 | 000,000,000 | ---D | M] -- C:\Users\JIM\AppData\Roaming\Uniblue
[2010/11/01 15:35:23 | 000,000,000 | ---D | M] -- C:\Users\JIM\AppData\Roaming\WalaSoft
[2010/12/16 10:02:16 | 000,000,000 | ---D | M] -- C:\Users\JIM\AppData\Roaming\Xilisoft
[2009/07/13 22:08:49 | 000,007,936 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >
[2010/10/21 17:06:22 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$I0ZGKP8.exe
[2010/12/13 11:38:38 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$I2FT7RW
[2010/12/13 11:38:10 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$I457VOH
[2010/12/11 15:24:24 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$IBAPRAY.doc
[2010/12/14 12:21:11 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$IE7WDNZ.mp3
[2010/10/23 11:10:15 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$IJ8YN8P.lnk
[2010/12/14 12:50:20 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$IJU35PU
[2010/12/13 11:38:24 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$IWPY85N
[2010/12/14 12:49:53 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$IYBWUNG
[2010/12/14 12:19:31 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$IZYW62O.mp3
[2010/12/11 14:32:25 | 000,407,552 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RBAPRAY.doc
[2010/11/02 15:40:55 | 001,550,223 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RE7WDNZ.mp3
[2010/11/02 15:40:45 | 001,534,341 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RZYW62O.mp3
[2010/10/20 13:14:24 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\desktop.ini
[2010/11/30 15:57:03 | 026,767,928 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$R2FT7RW\Christmas in the valley.wav
[2010/11/30 15:57:04 | 027,168,824 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$R2FT7RW\Christmas in the valley[p].wav
[2010/12/01 11:42:32 | 024,242,744 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$R2FT7RW\Come on ring those bells[p].wav
[2010/12/01 11:42:33 | 028,265,528 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$R2FT7RW\Go tell it-1.wav
[2010/12/01 11:42:34 | 013,879,352 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$R2FT7RW\Jingle bells.wav
[2010/12/02 14:50:52 | 038,241,848 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$R2FT7RW\Mary's boy child[p].wav
[2010/12/02 10:28:13 | 031,339,064 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$R2FT7RW\Silver bells.wav
[2010/12/02 10:30:39 | 031,339,064 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$R2FT7RW\Silver bells[ok4].wav
[2010/12/02 15:59:39 | 003,107,107 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$R2FT7RW\White Christmas[+1a].mp3
[2010/11/16 10:28:30 | 002,945,777 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$R457VOH\C-H-R-I--S-T-M-A-S)1[-2].mp3
[2010/11/16 10:28:35 | 002,791,132 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$R457VOH\Do you have room for Jesus2[+1].mp3
[2010/11/16 10:28:39 | 001,704,438 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$R457VOH\Joy to the world(-1).mp3
[2010/11/16 10:28:43 | 002,060,539 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$R457VOH\Let it snow.mp3
[2010/11/16 10:28:47 | 002,228,559 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$R457VOH\Merry Christmas Polka[+1].mp3
[2010/11/16 10:28:55 | 003,820,983 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$R457VOH\Oh Holy Night 1.mp3
[2010/11/16 10:29:00 | 002,559,583 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$R457VOH\Rock and roll waltz[+1].mp3
[2010/11/16 10:29:04 | 002,264,503 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$R457VOH\Rockin around(p).mp3
[2010/11/16 10:29:09 | 002,584,242 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$R457VOH\Silver bells[-1].mp3
[2010/11/16 10:29:15 | 002,865,111 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$R457VOH\White Christmas[+1].mp3
[2010/11/16 10:29:21 | 002,885,591 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$R457VOH\Winter Wonderland[-1].mp3
[2010/11/16 09:56:40 | 006,149,994 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$R457VOH\Wonder of Christmas.mp3
[2009/09/07 10:01:16 | 000,001,922 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RB6WDVF\Creative Audio Converter (2).lnk
[2009/09/14 12:38:32 | 000,000,760 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RB6WDVF\Jodix Free WMA to MP3 Converter.lnk
[2009/12/20 15:58:32 | 000,000,804 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RB6WDVF\Some PDF to Word Converterr.lnk
[2010/04/06 10:32:36 | 000,000,840 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RB6WDVF\Xilisoft Audio Converter.lnk
[2010/11/19 11:17:10 | 000,532,481 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RJU35PU\Scan10001.JPG
[2010/11/05 09:54:14 | 000,021,710 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RWPY85N\Do you have room for Jesus1a[p].aup
[2010/11/05 10:21:29 | 000,019,968 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RWPY85N\DO YOU HAVE ROOM FOR JESUS2.doc
[2010/11/04 12:48:58 | 025,910,840 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RWPY85N\Do you have room for Jesus[d].wav
[2010/11/04 12:48:59 | 023,422,520 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RWPY85N\Do you have room for Jesus[p].wav
[2009/11/30 11:39:07 | 001,258,919 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RWPY85N\Jingle bells.mp3
[2009/12/05 15:12:15 | 001,889,993 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RWPY85N\Joy to the world(nw).mp3
[2010/11/04 12:49:00 | 024,556,088 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RWPY85N\Merry Christmas Poka[d].wav
[2010/11/04 12:49:01 | 024,579,128 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RWPY85N\Merry Christmas Polka[p].wav
[2008/03/04 11:47:11 | 003,824,789 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RWPY85N\Oh Holy Night 1.mp3
[2010/11/04 12:49:02 | 029,652,536 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RWPY85N\Rock and roll waltz[d].wav
[2010/11/04 12:49:03 | 029,638,712 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RWPY85N\Rock and roll waltz[p].wav
[2010/11/04 12:49:04 | 032,127,032 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RWPY85N\Silent Night 3[p].wav
[2010/11/04 12:49:05 | 028,274,744 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RWPY85N\Silent night2[p].wav
[2009/12/03 09:16:32 | 002,459,359 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RWPY85N\Wonder of Christmas[p].mp3
[2010/11/05 08:58:52 | 000,012,356 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RWPY85N\Do you have room for Jesus1a[p]_data\b00002.auf
[2010/11/05 08:58:52 | 000,012,356 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RWPY85N\Do you have room for Jesus1a[p]_data\b00003.auf
[2010/11/05 08:58:52 | 000,012,356 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RWPY85N\Do you have room for Jesus1a[p]_data\b00004.auf
[2010/11/05 08:58:52 | 000,012,356 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RWPY85N\Do you have room for Jesus1a[p]_data\b00005.auf
[2010/11/05 08:58:52 | 000,012,356 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RWPY85N\Do you have room for Jesus1a[p]_data\b00006.auf
[2010/11/05 08:58:52 | 000,012,356 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RWPY85N\Do you have room for Jesus1a[p]_data\b00007.auf
[2010/11/05 08:58:52 | 000,012,356 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RWPY85N\Do you have room for Jesus1a[p]_data\b00008.auf
[2010/11/05 08:58:52 | 000,012,356 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RWPY85N\Do you have room for Jesus1a[p]_data\b00009.auf
[2010/11/05 08:58:52 | 000,012,356 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RWPY85N\Do you have room for Jesus1a[p]_data\b00010.auf
[2010/11/05 08:58:52 | 000,012,356 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RWPY85N\Do you have room for Jesus1a[p]_data\b00011.auf
[2010/11/05 08:58:52 | 000,012,356 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RWPY85N\Do you have room for Jesus1a[p]_data\b00012.auf
[2010/11/05 08:58:52 | 000,012,356 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RWPY85N\Do you have room for Jesus1a[p]_data\b00013.auf
[2010/11/05 08:58:52 | 000,012,356 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RWPY85N\Do you have room for Jesus1a[p]_data\b00014.auf
[2010/11/05 08:58:52 | 000,012,356 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RWPY85N\Do you have room for Jesus1a[p]_data\b00015.auf
[2010/11/05 08:58:52 | 000,012,356 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RWPY85N\Do you have room for Jesus1a[p]_data\b00016.auf
[2010/11/05 08:58:52 | 000,012,356 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RWPY85N\Do you have room for Jesus1a[p]_data\b00017.auf
[2010/11/05 08:58:52 | 000,012,356 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RWPY85N\Do you have room for Jesus1a[p]_data\b00018.auf
[2010/11/05 08:58:52 | 000,012,356 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RWPY85N\Do you have room for Jesus1a[p]_data\b00019.auf
[2010/11/05 08:58:52 | 000,012,356 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3909975552-3371312792-2741729148-1000\$RWPY85N\Do you have room for Jesus1a[p]_data\b00022.auf
[2010

SuperDave · « **Reply #10 on:** December 17, 2010, 01:25:16 PM »

I don't see the Extras log. Please post it.

jim.mar · « **Reply #11 on:** December 17, 2010, 02:07:38 PM »

oooPS SORRY THOUGHT I DID THANKS FOR THE COMEBACK, here it is:

OTL Extras logfile created on: 12/16/2010 9:53:40 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\JIM\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244.04 Gb Total Space | 196.72 Gb Free Space | 80.61% Space Free | Partition Type: NTFS
Drive D: | 352.03 Gb Total Space | 285.01 Gb Free Space | 80.96% Space Free | Partition Type: NTFS
Drive E: | 63.48 Gb Total Space | 45.84 Gb Free Space | 72.22% Space Free | Partition Type: NTFS
Drive F: | 12.86 Gb Total Space | 8.70 Gb Free Space | 67.68% Space Free | Partition Type: NTFS

Computer Name: ROSE | User Name: JIM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{24BEFDE1-A699-4139-B61B-B1102FDE7279}" = AVG 2011
"{319B58E8-4C80-4912-8EA7-24A9658120C6}" = AVG 2011
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{E4C703FE-7F5C-475D-9458-8E2FD7110790}" = AVG 2011
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2011
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Small Business
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{088A077A-8028-408C-AE7B-4512AE2A65A0}" = Canon CanoScan Toolbox 4.6
"{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.5
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{578596FF-7F65-4767-9F90-37920741148C}" = MSN Toolbar Platform
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5cefd67c-383a-4be4-99d9-e447ec6a19a5}" = Nero 9 Essentials
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C82185E8-C27B-4EF4-2008-4444BC2C2B6D}" = Microsoft Streets & Trips 2008
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{D2261C4B-4D9B-4149-8472-31B7A2FEAB91}" = ArcSoft PhotoStudio 5.5
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}" = Microsoft Search Enhancement Pack
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ACE-HIGH MP3 WAV WMA OGG Converter" = ACE-HIGH MP3 WAV WMA OGG Converter
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"avast5" = avast! Free Antivirus
"AVS Audio Converter 6.2_is1" = AVS Audio Converter version 6.2
"AVS Audio Editor_is1" = AVS Audio Editor version 6.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"DriverFinder" = DriverFinder
"EGREEN" = ASUS E-Green Uninstall
"E-Hammer1.0.0" = E-Hammer
"Elf_1.13 Toolbar" = Elf 1.13 Toolbar
"Google Chrome" = Google Chrome
"Hunting Unlimited" = Hunting Unlimited
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"KaraFun_is1" = KaraFun 1.18
"KRISTAL Audio Engine" = KRISTAL Audio Engine
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"NCH Toolbar" = NCH Toolbar
"SearchElf_1.1 Toolbar" = SearchElf 1.1 Toolbar
"TranslatorBar_5 Toolbar" = TranslatorBar 5 Toolbar
"WaveStudio 7" = Creative WaveStudio 7
"Xilisoft Audio Converter 6" = Xilisoft Audio Converter 6

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CNET TechTracker" = CNET TechTracker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/9/2010 1:17:39 PM | Computer Name = Rose | Source = EventSystem | ID = 4622
Description =

Error - 12/9/2010 4:14:32 PM | Computer Name = Rose | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
file "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
on line 2. Invalid Xml syntax.

Error - 12/9/2010 9:25:34 PM | Computer Name = Rose | Source = EventSystem | ID = 4621
Description =

Error - 12/10/2010 1:20:29 PM | Computer Name = Rose | Source = EventSystem | ID = 4621
Description =

Error - 12/10/2010 5:39:42 PM | Computer Name = Rose | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
file "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
on line 2. Invalid Xml syntax.

Error - 12/11/2010 5:15:46 PM | Computer Name = Rose | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\JIM\Downloads\SoftonicDownloader_for_hijackthis.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error - 12/13/2010 2:58:43 PM | Computer Name = Rose | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
file "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
on line 2. Invalid Xml syntax.

Error - 12/13/2010 2:58:51 PM | Computer Name = Rose | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Users\JIM\downloads\softonicdownloader_for_hijackthis.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error - 12/16/2010 12:11:43 PM | Computer Name = Rose | Source = CNET TechTracker | ID = 131074
Description = Unable to complete request due to error: A connection with the server
could not be established

Error - 12/16/2010 12:11:43 PM | Computer Name = Rose | Source = CNET TechTracker | ID = 131074
Description = Unable to complete request due to error: The server was busy and could
not check for updates.

[ System Events ]
Error - 12/6/2010 11:22:29 AM | Computer Name = Rose | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 12/6/2010 11:22:59 AM | Computer Name = Rose | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 12/6/2010 11:25:02 AM | Computer Name = Rose | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:23:58 AM on ?12/?6/?2010 was unexpected.

Error - 12/7/2010 2:08:52 PM | Computer Name = Rose | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 12/7/2010 6:08:31 PM | Computer Name = Rose | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.

Error - 12/8/2010 4:51:33 PM | Computer Name = Rose | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.

Error - 12/9/2010 1:18:10 PM | Computer Name = Rose | Source = DCOM | ID = 10010
Description =

Error - 12/9/2010 4:55:16 PM | Computer Name = Rose | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.

Error - 12/14/2010 6:03:48 PM | Computer Name = Rose | Source = Service Control Manager | ID = 7022
Description = The avast! Antivirus service hung on starting.

Error - 12/15/2010 1:14:30 PM | Computer Name = Rose | Source = Service Control Manager | ID = 7022
Description = The Background Intelligent Transfer Service service hung on starting.

< End of report >

SuperDave · « **Reply #12 on:** December 17, 2010, 05:14:47 PM »

There is evidence in the logs that it's possible that you're running two Anti-Virus programs; AVG and Avast. If this is true, one of them will have to be disabled because they will conflict with each other.

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
********************************************

Perform an anti-rootkit (ARK) scan with the following:
•Sophos Anti-rootkit

Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
•Disconnect from the Internet or physically unplug you Internet cable connection.
•Clean out your temporary files.
•Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
•Temporarily disable your anti-virus and real-time anti-spyware protection.
•After starting the scan, do not use the computer until the scan has completed.
•When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
Note: Not all hidden components detected by ARKs are malicious. It is normal for a Firewall, some Anti-virus and Anti-malware software (ProcessGuard, Prevx1, AVG AS), sandboxes, virtual machines and Host based Intrusion Prevention Systems (HIPS) to hook into the OS kernal/SSDT in order to protect your system. You should not be alarmed if you see any hidden entries created by these software programs after performing a scan.

jim.mar · « **Reply #13 on:** December 18, 2010, 02:42:57 PM »

Thanks Dave. I followed your instructions and ARK revealed no hidden items.

Whats next? JIM

SuperDave · « **Reply #14 on:** December 18, 2010, 04:53:38 PM »

You were not too specific about your problems. Are you still experiencing problems?

Please download Rooter and Save it to your desktop.

Double click it to start the tool.
Click Scan.
Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

Computer Hope Forum

News:

Author Topic: I could not access ComputerHopeForum for at least 24 hours then suddenly (Read 13530 times)

jim.mar

I could not access ComputerHopeForum for at least 24 hours then suddenly

Computer_Commando

Re: I could not access ComputerHopeForum for at least 24 hours then suddenly

jim.mar

Re: I could not access ComputerHopeForum for at least 24 hours then suddenly

jim.mar

Re: I could not access ComputerHopeForum for at least 24 hours then suddenly

jim.mar

Re: I could not access ComputerHopeForum for at least 24 hours then suddenly

jim.mar

Re: I could not access ComputerHopeForum for at least 24 hours then suddenly

harry 48

Re: I could not access ComputerHopeForum for at least 24 hours then suddenly

jim.mar

Re: I could not access ComputerHopeForum for at least 24 hours then suddenly

SuperDave

Re: I could not access ComputerHopeForum for at least 24 hours then suddenly

jim.mar

Re: I could not access ComputerHopeForum for at least 24 hours then suddenly

SuperDave

Re: I could not access ComputerHopeForum for at least 24 hours then suddenly

jim.mar

Re: I could not access ComputerHopeForum for at least 24 hours then suddenly

SuperDave

Re: I could not access ComputerHopeForum for at least 24 hours then suddenly

jim.mar

Re: I could not access ComputerHopeForum for at least 24 hours then suddenly

SuperDave

Re: I could not access ComputerHopeForum for at least 24 hours then suddenly