Solved Recovery Console vs clean up on Vista

learninmypc

Posts: 9,659   +724
A friend in the building I live in asked me yesterday if I was online & I told him yes.
Long story short, I found out he got hit with Whitesmoke & I told him I could get it cleaned up by coming in here for help.
He then asked me about using the Recovery Console instead & I told him he'd lose everything & he knows that.
To my knowledge,he only had the trial programs on his Vista pc.
So, my question is, would it be faster for me to use the Recovery Console & then install MS updates, SUPERAntispyware, Mbam, Spybot S&D,Avast , CCleaner & probably SeaMonkey for a browser.WOT & other necessary addons?
Or get help in here to clean it up?
I believe it is Vista. Other than that, I know no more about it cept he can't get online,yet. TIA:)
 
I assume you're talking about using recovery partition to reset the computer to its original state?
That will work in most cases.
However if the computer is infected with some kind of rootkit that won't work.
To remove a rootkit he'd have to format his hard drive.
Using recovery partition does NOT format hard drive.
 
I assume you're talking about using recovery partition to reset the computer to its original state?
That will work in most cases.
However if the computer is infected with some kind of rootkit that won't work.
To remove a rootkit he'd have to format his hard drive.
Using recovery partition does NOT format hard drive.

Ok, since I'm not too familiar with Vista, I'll tell him & see what he says.
I don't feel like formatting a harddrive & reinstalling it.
ALL I do know is I clicked on his Google Chrome Icon & saw a Whitesmoke URL & knew it was not good.
Thank you Broni
 
As previously stated, I used SAS portable & it found over 385 tracking cookies which were removed & I rebooted.
Still unable to get online,I used a flashdrive to hopefully remove ALL of Norton.
Still unable to get online, I finally hooked it up to my DSL & am in here in Safe Mode With Networking & running aswMBR ver 0.9.9.1...Will post results in next post.
 
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-11 13:17:33
-----------------------------
13:17:33.437 OS Version: Windows 6.0.6001 Service Pack 1
13:17:33.437 Number of processors: 2 586 0x6B02
13:17:33.438 ComputerName: HOMEPC UserName: earl
13:17:33.981 Initialize success
13:18:27.689 AVAST engine defs: 12021101
13:19:04.375 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000004c
13:19:04.378 Disk 0 Vendor: ST325031 3.AH Size: 238475MB BusType: 3
13:19:04.385 Disk 0 MBR read successfully
13:19:04.389 Disk 0 MBR scan
13:19:04.396 Disk 0 unknown MBR code
13:19:04.400 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 226949 MB offset 63
13:19:04.434 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11523 MB offset 464792580
13:19:04.468 Disk 0 scanning sectors +488392065
13:19:04.533 Disk 0 scanning C:\Windows\system32\drivers
13:19:11.444 Service scanning
13:19:12.559 Modules scanning
13:19:14.735 Disk 0 trace - called modules:
13:19:14.754 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
13:19:14.760 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84fbc030]
13:19:14.767 3 CLASSPNP.SYS[8072e745] -> nt!IofCallDriver -> [0x84a3d4f0]
13:19:14.779 5 acpi.sys[8060b6a0] -> nt!IofCallDriver -> \Device\0000004c[0x84a41ab8]
13:19:15.308 AVAST engine scan C:\Windows
13:19:16.826 AVAST engine scan C:\Windows\system32
13:21:34.679 AVAST engine scan C:\Windows\system32\drivers
13:21:43.791 AVAST engine scan C:\Users\earl.homepc
13:24:09.058 AVAST engine scan C:\ProgramData
13:25:53.703 Scan finished successfully
13:30:48.474 Disk 0 MBR has been saved successfully to "C:\Users\earl.homepc\Desktop\MBR.dat"
13:30:48.497 The log file has been saved successfully to "C:\Users\earl.homepc\Desktop\aswMBR.txt"
 
When I was doing the Bootkit remover, I got this warning
WARNING.jpg

What do I do?

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 1 (build 6
001), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
ATA_Read(): DeviceIoControl() ERROR 1
Boot sector MD5 is: 306a70bb88e51c06c67244ab8a2237bf

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...
 
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.11.06

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
earl :: HOMEPC [administrator]

2/11/2012 2:42:22 PM
mbam-log-2012-02-11 (14-42-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 177996
Time elapsed: 4 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6001.18000
Run by earl at 15:25:05 on 2012-02-11
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80273&lng=en
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
uSearch Page = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80273&lng=en
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80273
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Shopping Assistant Plugin: {1631550f-191d-4826-b069-d9439253d926} - c:\program files\pricegong\2.5.3\PriceGongIE.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AppGraffiti: {6f6a5334-78e9-4d9b-8182-8b41ea8c39ef} - c:\progra~1\appgra~1\APPGRA~1.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: : {ccb69577-088b-4004-9ed8-ff5bcc83a039} - c:\progra~1\rebate~1\RebateI.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [Google Update] "c:\users\earl.homepc\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ChicaPasswordManager] c:\program files\chicalogic\chica password manager\stpass.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [Linkury Chrome Smartbar] c:\users\earl.homepc\appdata\local\linkury\application\Linkury.exe startup
uRun: [RebateInformer] c:\progra~1\rebate~1\REBATE~1.EXE /STARTUP
uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\cyberlink dvd suite deluxe\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\cyberlink dvd suite deluxe" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 184.16.33.54
TCP: Interfaces\{B1C57204-5091-4C47-8EED-2FA742EAA100} : DhcpNameServer = 192.168.1.1 184.16.33.54
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - c:\progra~1\rebate~1\RebateI.dll
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? SASDIFSV;SASDIFSV
R? SASKUTIL;SASKUTIL
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? aswFsBlk;aswFsBlk
S? aswMonFlt;aswMonFlt
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
.
=============== Created Last 30 ================
.
2012-02-11 23:05:36 -------- d-----w- c:\users\earl.homepc\appdata\local\Mozilla
2012-02-11 23:05:00 -------- d-----w- c:\program files\SeaMonkey
2012-02-11 22:40:56 -------- d-----w- c:\users\earl.homepc\appdata\roaming\Malwarebytes
2012-02-11 22:40:50 -------- d-----w- c:\programdata\Malwarebytes
2012-02-11 22:40:49 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-11 22:40:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-11 22:30:02 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-11 22:30:02 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-11 22:29:20 41184 ----a-w- c:\windows\avastSS.scr
2012-02-11 22:29:02 -------- d-----w- c:\programdata\AVAST Software
2012-02-11 22:29:02 -------- d-----w- c:\program files\AVAST Software
2012-02-11 20:56:01 2730536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-02-11 20:55:54 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c4e7f698-a5a2-4ed5-854d-f8a35872170d}\mpengine.dll
2012-02-11 20:55:53 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-11 19:40:26 -------- d-----w- c:\users\earl.homepc\appdata\roaming\SUPERAntiSpyware.com
2012-02-11 19:40:26 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-27 20:13:15 143360 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-01-27 20:13:15 143360 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-01-27 20:13:15 143360 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-01-27 20:13:15 143360 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-01-27 20:13:15 143360 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-01-27 20:13:15 143360 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-01-27 20:13:14 143360 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-01-27 20:11:36 -------- d-----w- c:\users\earl.homepc\appdata\local\Apple
2012-01-25 23:32:31 -------- d-----w- c:\program files\AppGraffiti
2012-01-25 23:32:23 -------- d-----w- c:\program files\RebateInformer
2012-01-25 23:32:23 -------- d-----w- c:\program files\Inbox.com
2012-01-25 23:30:33 -------- d-----w- c:\program files\Inbox Toolbar
2012-01-23 17:58:35 -------- d-----w- c:\users\earl.homepc\appdata\roaming\RealNetworks
2012-01-16 17:33:51 -------- d-----w- c:\users\earl.homepc\appdata\local\Real
2012-01-16 17:33:30 -------- d-----w- c:\program files\common files\xing shared
2012-01-13 18:19:54 125952 ----a-w- c:\windows\system32\srvsvc.dll
2012-01-13 18:19:53 17920 ----a-w- c:\windows\system32\netevent.dll
2012-01-13 18:19:28 378368 ----a-w- c:\windows\system32\winhttp.dll
.
==================== Find3M ====================
.
2012-01-16 17:33:11 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-01-16 17:33:11 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-01-09 20:46:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-03 18:02:30 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 15:26:49.04 ===============
 
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe Flash Player 11 Plugin
Adobe Flash Player ActiveX
Amazon Kindle
AppGraffiti
Apple Software Update
ASPCA Tri Reminder by We-Care.com v4.0.13.5
avast! Free Antivirus
Community Smartbar
CyberLink DVD Suite Deluxe
Google Chrome
Google Earth
Google Update Helper
Hardware Diagnostic Tools
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Demo
HP Recovery Manager RSS
HP Total Care Advisor
HP Total Care Setup
HP Update
HPAsset component for HP Active Support Library
Inbox Toolbar
InstallIQ Updater
Java Auto Updater
Java(TM) 6 Update 30
Java(TM) 6 Update 7
Juno Preloader
LabelPrint
LightScribe System Software 1.14.25.1
LightScribe Template Labeler
Malwarebytes Anti-Malware version 1.60.1.1000
Media Player Classic - Home Cinema v1.5.2.3456
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Live Search Toolbar
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Music Oasis
muvee Reveal
My HP Games
NetZero Preloader
NVIDIA Drivers
PictureMover
Power2Go
PowerDirector
PriceGong 2.5.3
Python 2.5.2
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
RebateInformer
SeaMonkey (2.7.1)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Soft Data Fax Modem with SmartCP
SPORE Creature Creator Trial Edition
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Yahoo! Software Update
Yahoo! Toolbar
.
==== End Of File ===========================
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-11 16:25:58
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\0000004f ST325031 rev.3.AH
Running: gmer.exe; Driver: C:\Users\EARL~1.HOM\AppData\Local\Temp\kfldipow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8E5137A2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===========================================================

Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Oh, sorry about it :)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix 12-02-11.03 - earl 02/11/2012 17:01:54.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2942.1917 [GMT -8:00]
Running from: c:\users\earl.homepc\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-12 to 2012-02-12 )))))))))))))))))))))))))))))))
.
.
2012-02-11 23:05 . 2012-02-11 23:05 -------- d-----w- c:\users\earl.homepc\AppData\Local\Mozilla
2012-02-11 23:05 . 2012-02-11 23:05 -------- d-----w- c:\program files\SeaMonkey
2012-02-11 22:40 . 2012-02-11 22:40 -------- d-----w- c:\users\earl.homepc\AppData\Roaming\Malwarebytes
2012-02-11 22:40 . 2012-02-11 22:40 -------- d-----w- c:\programdata\Malwarebytes
2012-02-11 22:40 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-11 22:40 . 2012-02-11 22:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-11 22:30 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-02-11 22:30 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-02-11 22:30 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-02-11 22:30 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-02-11 22:30 . 2011-11-28 17:52 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-11 22:30 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-11 22:29 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-02-11 22:29 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-11 22:29 . 2012-02-11 22:29 -------- d-----w- c:\programdata\AVAST Software
2012-02-11 22:29 . 2012-02-11 22:29 -------- d-----w- c:\program files\AVAST Software
2012-02-11 20:55 . 2012-01-17 12:39 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4E7F698-A5A2-4ED5-854D-F8A35872170D}\mpengine.dll
2012-02-11 20:55 . 2012-01-29 13:10 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-11 19:40 . 2012-02-11 19:40 -------- d-----w- c:\users\earl.homepc\AppData\Roaming\SUPERAntiSpyware.com
2012-02-11 19:40 . 2012-02-11 19:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-01 21:53 . 2012-02-08 22:08 -------- d-----w- c:\program files\Google
2012-01-27 20:13 . 2012-01-27 20:13 143360 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-01-27 20:13 . 2012-01-27 20:13 143360 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-01-27 20:13 . 2012-01-27 20:13 143360 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-01-27 20:13 . 2012-01-27 20:13 143360 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-01-27 20:13 . 2012-01-27 20:13 143360 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-01-27 20:13 . 2012-01-27 20:13 143360 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-01-27 20:13 . 2012-01-27 20:13 143360 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-01-27 20:12 . 2012-01-27 20:13 -------- d-----w- c:\program files\QuickTime
2012-01-27 20:12 . 2012-01-27 20:12 -------- d-----w- c:\programdata\Apple Computer
2012-01-27 20:11 . 2012-01-27 20:11 -------- d-----w- c:\users\earl.homepc\AppData\Local\Apple
2012-01-27 20:11 . 2012-01-27 20:11 -------- d-----w- c:\programdata\Apple
2012-01-27 20:11 . 2012-01-27 20:11 -------- d-----w- c:\program files\Apple Software Update
2012-01-25 23:32 . 2012-01-25 23:32 -------- d-----w- c:\program files\AppGraffiti
2012-01-25 23:32 . 2012-02-11 21:59 -------- d-----w- c:\program files\RebateInformer
2012-01-25 23:32 . 2012-01-25 23:32 -------- d-----w- c:\program files\Inbox.com
2012-01-25 23:30 . 2012-01-25 23:30 -------- d-----w- c:\program files\Inbox Toolbar
2012-01-16 17:33 . 2012-01-16 17:33 -------- d-----w- c:\users\earl.homepc\AppData\Local\Real
2012-01-16 17:33 . 2012-01-16 17:33 -------- d-----w- c:\program files\Common Files\xing shared
2012-01-16 17:33 . 2012-01-16 17:33 -------- d-----w- c:\program files\Real
2012-01-15 23:30 . 2012-01-15 23:30 -------- d-----w- c:\users\earl.homepc\AppData\Roaming\Media Player Classic
2012-01-13 18:19 . 2010-09-06 16:24 125952 ----a-w- c:\windows\system32\srvsvc.dll
2012-01-13 18:19 . 2010-09-06 16:23 17920 ----a-w- c:\windows\system32\netevent.dll
2012-01-13 18:19 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-16 17:33 . 2008-11-13 10:50 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-01-16 17:33 . 2008-11-13 10:34 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-01-09 20:46 . 2012-01-09 20:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-03 18:02 . 2012-01-03 18:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CCB69577-088B-4004-9ED8-FF5BCC83A039}]
2012-01-03 17:38 832680 ----a-w- c:\progra~1\REBATE~1\RebateI.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-10-17 972080]
"Linkury Chrome Smartbar"="c:\users\earl.homepc\AppData\Local\Linkury\Application\Linkury.exe" [2012-01-25 19768]
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-10-11 1179648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-27 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-27 92704]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-01-16 296056]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files\PictureMover\Bin\PictureMover.exe [2008-9-8 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - kfldipow
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-01 21:53]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-01 21:53]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3556668068-2155704131-84744496-1000Core.job
- c:\users\earl.homepc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-01 20:55]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3556668068-2155704131-84744496-1000UA.job
- c:\users\earl.homepc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-01 20:55]
.
2012-02-03 c:\windows\Tasks\HPCeeScheduleForearl.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-11-13 19:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80273&lng=en
uSearchAssistant = hxxp://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
TCP: DhcpNameServer = 192.168.1.1 184.16.33.54
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - c:\progra~1\REBATE~1\RebateI.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-ChicaPasswordManager - c:\program files\ChicaLogic\Chica Password Manager\stpass.exe
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-11 17:08
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-02-11 17:10:11
ComboFix-quarantined-files.txt 2012-02-12 01:10
.
Pre-Run: 168,266,170,368 bytes free
Post-Run: 169,105,739,776 bytes free
.
- - End Of File - - 80E1B03E081E5BE2FBF622525247361D
 
You run rKill only if Combofix doesn't want to run - not your case.

All looks clean so far.
Any current issues?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
I'll run OTL in a bit, but I thought I'd let you know I'm getting a pop up that says "Smartbar has stopped working correctly. Windows will close the program & notify you if a solution is available"

AND right behind it is an Avast warning. I'll try to post a screenshot of it shortly.
SMARTWARNING.jpg
 
OTL logfile created on: 2/11/2012 5:51:10 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\earl.homepc\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 72.00% Memory free
5.97 Gb Paging File | 5.09 Gb Available in Paging File | 85.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.63 Gb Total Space | 157.33 Gb Free Space | 70.99% Space Free | Partition Type: NTFS
Drive D: | 11.25 Gb Total Space | 1.54 Gb Free Space | 13.68% Space Free | Partition Type: NTFS
Drive F: | 955.52 Mb Total Space | 693.20 Mb Free Space | 72.55% Space Free | Partition Type: FAT

Computer Name: HOMEPC | User Name: earl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/11 17:46:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\earl.homepc\Desktop\OTL.exe
PRC - [2012/01/16 09:33:12 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/01/03 09:38:30 | 001,142,784 | ---- | M] (Inbox.com, Inc.) -- C:\Program Files\RebateInformer\RebateInf.exe
PRC - [2011/11/28 10:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/10/11 12:49:14 | 001,179,648 | ---- | M] (W3i, LLC) -- C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
PRC - [2008/10/28 22:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/08 15:12:40 | 000,430,080 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\PictureMover\Bin\PictureMover.exe
PRC - [2007/04/18 07:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/23 10:12:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2012/01/22 14:55:57 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll
MOD - [2012/01/22 14:45:06 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.ni.dll
MOD - [2012/01/22 14:45:06 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fdbb4d76b37aada9010c49a6e09da067\System.Transactions.ni.dll
MOD - [2012/01/22 14:45:06 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.Wrapper.dll
MOD - [2012/01/22 14:44:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2012/01/22 14:44:45 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2012/01/22 14:44:29 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2012/01/22 14:44:16 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2012/01/22 14:43:46 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll
MOD - [2012/01/22 14:43:30 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll
MOD - [2012/01/22 14:43:19 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll
MOD - [2012/01/22 14:42:48 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll
MOD - [2012/01/22 14:42:27 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll
MOD - [2012/01/22 14:42:23 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2012/01/22 14:42:09 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2008/10/17 09:39:18 | 000,032,768 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008/10/17 09:32:58 | 000,007,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008/10/17 09:32:54 | 000,057,344 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008/10/17 09:32:48 | 000,118,784 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008/10/17 09:32:46 | 000,010,240 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008/10/17 09:32:26 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008/10/17 09:32:26 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008/10/17 09:32:26 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2008/09/08 15:20:54 | 001,703,936 | ---- | M] () -- C:\Users\earl.homepc\AppData\Roaming\PictureMover\EN-US\Presentation.dll
MOD - [2008/09/08 15:11:56 | 003,870,720 | ---- | M] () -- C:\Users\earl.homepc\AppData\Roaming\PictureMover\Bin\Core.dll
MOD - [2008/07/27 10:22:54 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2008/07/27 10:03:15 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/07/27 10:03:15 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2008/01/20 18:24:29 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 09:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 09:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 09:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 09:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 09:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 09:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/09/26 22:51:00 | 007,478,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/09/10 04:48:20 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/09/10 04:46:22 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/09/04 03:34:34 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/08/01 04:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/21 08:12:50 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/07/21 08:12:22 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/05/22 01:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3556668068-2155704131-84744496-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid=80273&lng=en
IE - HKU\S-1-5-21-3556668068-2155704131-84744496-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3556668068-2155704131-84744496-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
IE - HKU\S-1-5-21-3556668068-2155704131-84744496-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
IE - HKU\S-1-5-21-3556668068-2155704131-84744496-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\npctrl.1.0.30716.0.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\earl.homepc\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\earl.homepc\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/21 14:35:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.7.1\extensions\\Components: C:\Program Files\SeaMonkey\components [2012/02/11 15:05:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.7.1\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins

[2012/02/11 15:05:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\earl.homepc\AppData\Roaming\mozilla\Extensions
[2012/02/11 15:21:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\earl.homepc\AppData\Roaming\mozilla\SeaMonkey\Profiles\574a9a2d.default\extensions
[2012/02/11 15:08:53 | 000,000,000 | ---D | M] (WOT) -- C:\Users\earl.homepc\AppData\Roaming\mozilla\SeaMonkey\Profiles\574a9a2d.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
() (No name found) -- C:\USERS\EARL.HOMEPC\APPDATA\ROAMING\MOZILLA\SEAMONKEY\PROFILES\574A9A2D.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\EARL.HOMEPC\APPDATA\ROAMING\MOZILLA\SEAMONKEY\PROFILES\574A9A2D.DEFAULT\EXTENSIONS\{F13B157F-B174-47E7-A34D-4815DDFDFEB8}.XPI
() (No name found) -- C:\USERS\EARL.HOMEPC\APPDATA\ROAMING\MOZILLA\SEAMONKEY\PROFILES\574A9A2D.DEFAULT\EXTENSIONS\INSPECTOR@MOZILLA.ORG.XPI

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\earl\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\earl\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\earl\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\earl\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\npctrl.1.0.30716.0.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\earl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\earl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Users\earl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\Program Files\RebateInformer\RebateI.dll (Inbox.com, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3556668068-2155704131-84744496-1000\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3556668068-2155704131-84744496-1000..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKU\S-1-5-21-3556668068-2155704131-84744496-1000..\Run: [Linkury Chrome Smartbar] C:\Users\earl.homepc\AppData\Local\Linkury\Application\Linkury.exe ()
O4 - HKU\S-1-5-21-3556668068-2155704131-84744496-1000..\Run: [RebateInformer] C:\Program Files\RebateInformer\RebateInf.exe (Inbox.com, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\##aswSnx private storage\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3556668068-2155704131-84744496-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3556668068-2155704131-84744496-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3556668068-2155704131-84744496-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 184.16.33.54
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1C57204-5091-4C47-8EED-2FA742EAA100}: DhcpNameServer = 192.168.1.1 184.16.33.54
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\rebinfo {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\Program Files\RebateInformer\RebateI.dll (Inbox.com, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\earl.homepc\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\earl.homepc\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/11 17:46:52 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\earl.homepc\Desktop\OTL.exe
[2012/02/11 17:26:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/11 17:09:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/11 17:00:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/11 17:00:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/11 17:00:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/11 17:00:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/11 17:00:07 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/11 17:00:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/11 16:58:13 | 004,402,217 | R--- | C] (Swearware) -- C:\Users\earl.homepc\Desktop\ComboFix.exe
[2012/02/11 15:24:01 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\earl.homepc\Desktop\dds.scr
[2012/02/11 15:05:36 | 000,000,000 | ---D | C] -- C:\Users\earl.homepc\AppData\Roaming\Mozilla
[2012/02/11 15:05:36 | 000,000,000 | ---D | C] -- C:\Users\earl.homepc\AppData\Local\Mozilla
[2012/02/11 15:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey
[2012/02/11 15:05:00 | 000,000,000 | ---D | C] -- C:\Program Files\SeaMonkey
[2012/02/11 14:40:56 | 000,000,000 | ---D | C] -- C:\Users\earl.homepc\AppData\Roaming\Malwarebytes
[2012/02/11 14:40:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/11 14:40:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/11 14:40:49 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/11 14:40:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/11 14:30:02 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/02/11 14:30:02 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/02/11 14:30:02 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/02/11 14:30:02 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/02/11 14:30:02 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/02/11 14:30:02 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/02/11 14:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/02/11 14:29:20 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/02/11 14:29:19 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/02/11 14:29:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/02/11 14:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/02/11 13:34:14 | 000,000,000 | ---D | C] -- C:\Users\earl.homepc\Desktop\bootkit_remover
[2012/02/11 13:16:45 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\earl.homepc\Desktop\aswMBR.exe
[2012/02/11 11:40:26 | 000,000,000 | ---D | C] -- C:\Users\earl.homepc\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/11 11:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/02/08 14:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/02/01 13:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/01/27 12:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/01/27 12:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/01/27 12:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/01/27 12:11:36 | 000,000,000 | ---D | C] -- C:\Users\earl.homepc\AppData\Local\Apple
[2012/01/27 12:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/01/27 12:11:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/01/25 15:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti
[2012/01/25 15:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\AppGraffiti
[2012/01/25 15:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RebateInformer
[2012/01/25 15:32:23 | 000,000,000 | ---D | C] -- C:\Program Files\RebateInformer
[2012/01/25 15:32:23 | 000,000,000 | ---D | C] -- C:\Program Files\Inbox.com
[2012/01/25 15:30:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
[2012/01/25 15:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\Inbox Toolbar
[2012/01/23 09:58:35 | 000,000,000 | ---D | C] -- C:\Users\earl.homepc\AppData\Roaming\RealNetworks
[2012/01/20 15:18:00 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2012/01/16 09:33:51 | 000,000,000 | ---D | C] -- C:\Users\earl.homepc\AppData\Local\Real
[2012/01/16 09:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/01/16 09:33:15 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2012/01/16 09:33:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2012/01/16 09:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2012/01/16 09:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012/01/16 09:33:00 | 000,000,000 | ---D | C] -- C:\Users\earl.homepc\AppData\Roaming\Real
[2012/01/15 15:30:10 | 000,000,000 | ---D | C] -- C:\Users\earl.homepc\AppData\Roaming\Media Player Classic
[2012/01/15 03:02:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell

========== Files - Modified Within 30 Days ==========

[2012/02/11 17:46:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\earl.homepc\Desktop\OTL.exe
[2012/02/11 17:43:16 | 000,070,755 | ---- | M] () -- C:\Users\earl.homepc\Desktop\SMART WARNING.jpg
[2012/02/11 17:36:25 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/11 17:36:25 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/11 17:31:20 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/11 17:31:09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/11 17:31:09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/11 17:31:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/11 17:31:01 | 3085,361,152 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/11 17:16:58 | 001,008,141 | ---- | M] () -- C:\Users\earl.homepc\Desktop\rkill.exe
[2012/02/11 17:05:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3556668068-2155704131-84744496-1000UA.job
[2012/02/11 16:58:24 | 004,402,217 | R--- | M] (Swearware) -- C:\Users\earl.homepc\Desktop\ComboFix.exe
[2012/02/11 16:58:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/11 16:25:21 | 000,001,545 | ---- | M] () -- C:\Users\earl.homepc\Desktop\gmer.exe
[2012/02/11 16:21:56 | 000,294,216 | ---- | M] () -- C:\Users\earl.homepc\Desktop\gmer.zip
[2012/02/11 16:05:00 | 000,000,866 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3556668068-2155704131-84744496-1000Core.job
[2012/02/11 15:24:03 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\earl.homepc\Desktop\dds.scr
[2012/02/11 15:05:04 | 000,001,821 | ---- | M] () -- C:\Users\earl.homepc\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[2012/02/11 15:05:04 | 000,001,797 | ---- | M] () -- C:\Users\Public\Desktop\SeaMonkey.lnk
[2012/02/11 14:40:51 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/11 14:30:02 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/02/11 14:30:02 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/11 14:13:45 | 000,002,078 | ---- | M] () -- C:\Users\earl.homepc\Desktop\Google Chrome.lnk
[2012/02/11 14:13:45 | 000,002,040 | ---- | M] () -- C:\Users\earl.homepc\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/11 13:42:31 | 000,031,591 | ---- | M] () -- C:\Users\earl.homepc\Desktop\WARNING.jpg
[2012/02/11 13:32:21 | 000,044,607 | ---- | M] () -- C:\Users\earl.homepc\Desktop\bootkit_remover.zip
[2012/02/11 13:30:48 | 000,000,512 | ---- | M] () -- C:\Users\earl.homepc\Desktop\MBR.dat
[2012/02/11 13:17:16 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\earl.homepc\Desktop\aswMBR.exe
[2012/02/11 11:39:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012/02/08 14:09:15 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/02/02 18:01:01 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForearl.job
[2012/01/27 12:12:47 | 000,001,732 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/01/25 15:32:23 | 000,000,793 | ---- | M] () -- C:\Users\Public\Desktop\RebateInformer.lnk
[2012/01/25 15:32:23 | 000,000,052 | ---- | M] () -- C:\Users\Public\Desktop\RebateGiant.com.url
[2012/01/17 14:50:43 | 000,257,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/16 09:33:38 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/01/16 09:33:15 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll

========== Files Created - No Company Name ==========

[2012/02/11 17:43:38 | 000,070,755 | ---- | C] () -- C:\Users\earl.homepc\Desktop\SMART WARNING.jpg
[2012/02/11 17:16:54 | 001,008,141 | ---- | C] () -- C:\Users\earl.homepc\Desktop\rkill.exe
[2012/02/11 17:00:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/11 17:00:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/11 17:00:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/11 17:00:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/11 17:00:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/11 16:25:21 | 000,001,545 | ---- | C] () -- C:\Users\earl.homepc\Desktop\gmer.exe
[2012/02/11 16:21:52 | 000,294,216 | ---- | C] () -- C:\Users\earl.homepc\Desktop\gmer.zip
[2012/02/11 15:05:02 | 000,001,821 | ---- | C] () -- C:\Users\earl.homepc\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[2012/02/11 15:05:02 | 000,001,797 | ---- | C] () -- C:\Users\Public\Desktop\SeaMonkey.lnk
[2012/02/11 14:40:51 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/11 14:30:02 | 000,001,835 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/11 13:58:33 | 3085,361,152 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/11 13:42:31 | 000,031,591 | ---- | C] () -- C:\Users\earl.homepc\Desktop\WARNING.jpg
[2012/02/11 13:32:21 | 000,044,607 | ---- | C] () -- C:\Users\earl.homepc\Desktop\bootkit_remover.zip
[2012/02/11 13:30:48 | 000,000,512 | ---- | C] () -- C:\Users\earl.homepc\Desktop\MBR.dat
[2012/02/11 11:39:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012/02/08 14:09:15 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/02/01 13:53:19 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/01 13:53:18 | 000,000,878 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/27 12:12:47 | 000,001,732 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/01/27 12:11:34 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/01/25 15:32:23 | 000,000,793 | ---- | C] () -- C:\Users\Public\Desktop\RebateInformer.lnk
[2012/01/25 15:32:23 | 000,000,052 | ---- | C] () -- C:\Users\Public\Desktop\RebateGiant.com.url
[2012/01/16 09:33:38 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2008/11/13 02:35:04 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/11/13 02:35:04 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2008/11/13 02:19:40 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/11/13 02:19:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 000,257,768 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/12/29 14:42:09 | 000,000,000 | ---D | M] -- C:\Users\earl\AppData\Roaming\PictureMover
[2012/01/01 12:03:01 | 000,000,000 | ---D | M] -- C:\Users\earl.homepc\AppData\Roaming\PictureMover
[2012/01/09 11:04:21 | 000,000,000 | ---D | M] -- C:\Users\earl.homepc\AppData\Roaming\Titanium Gears
[2012/02/11 17:30:02 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 13:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/20 18:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/11/13 02:10:46 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2012/02/11 17:10:12 | 000,010,599 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 13:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012/02/11 17:31:01 | 3085,361,152 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/11 17:31:00 | 3399,233,536 | -HS- | M] () -- C:\pagefile.sys
[2012/01/01 12:08:15 | 000,000,489 | ---- | M] () -- C:\updatedatfix.log
[2008/08/26 04:37:52 | 000,000,458 | ---- | M] () -- C:\Windows Sidebar

< %systemroot%\Fonts\*.com >
[2006/11/02 04:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 04:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 04:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 04:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 13:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 04:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/11/28 10:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 18:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 19:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 19:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 19:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 02:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 02:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/01/02 20:11:24 | 000,000,286 | -HS- | M] () -- C:\Users\earl.homepc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/02/11 13:17:16 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\earl.homepc\Desktop\aswMBR.exe
[2012/02/11 16:58:24 | 004,402,217 | R--- | M] (Swearware) -- C:\Users\earl.homepc\Desktop\ComboFix.exe
[2012/02/11 16:25:21 | 000,001,545 | ---- | M] () -- C:\Users\earl.homepc\Desktop\gmer.exe
[2012/02/11 17:46:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\earl.homepc\Desktop\OTL.exe
[2012/02/11 17:16:58 | 001,008,141 | ---- | M] () -- C:\Users\earl.homepc\Desktop\rkill.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/01/01 12:01:53 | 000,000,402 | -HS- | M] () -- C:\Users\earl.homepc\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
Back