[Solved] Recovery Console vs clean up on Vista

learninmypc · Feb 12, 2012

OTL logfile created on: 2/11/2012 10:08:01 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\earl.homepc\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 87.38% Memory free
5.95 Gb Paging File | 5.74 Gb Available in Paging File | 96.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.63 Gb Total Space | 161.15 Gb Free Space | 72.71% Space Free | Partition Type: NTFS
Drive D: | 11.25 Gb Total Space | 1.54 Gb Free Space | 13.68% Space Free | Partition Type: NTFS
Drive F: | 955.52 Mb Total Space | 693.25 Mb Free Space | 72.55% Space Free | Partition Type: FAT

Computer Name: HOMEPC | User Name: earl | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/11 17:46:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\earl.homepc\Desktop\OTL.exe
PRC - [2008/10/28 22:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/20 18:24:02 | 000,498,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2011/11/28 09:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 09:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 09:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 09:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 09:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 09:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/09/26 22:51:00 | 007,478,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/09/10 04:48:20 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/09/10 04:46:22 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/09/04 03:34:34 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/08/01 04:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/21 08:12:50 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/07/21 08:12:22 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/05/22 01:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid=80273&lng=en
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\npctrl.1.0.30716.0.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\earl.homepc\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\earl.homepc\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/21 14:35:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.7.1\extensions\\Components: C:\Program Files\SeaMonkey\components [2012/02/11 15:05:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.7.1\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins

[2012/02/11 15:05:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\earl.homepc\AppData\Roaming\mozilla\Extensions
[2012/02/11 15:21:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\earl.homepc\AppData\Roaming\mozilla\SeaMonkey\Profiles\574a9a2d.default\extensions
[2012/02/11 15:08:53 | 000,000,000 | ---D | M] (WOT) -- C:\Users\earl.homepc\AppData\Roaming\mozilla\SeaMonkey\Profiles\574a9a2d.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
() (No name found) -- C:\USERS\EARL.HOMEPC\APPDATA\ROAMING\MOZILLA\SEAMONKEY\PROFILES\574A9A2D.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\EARL.HOMEPC\APPDATA\ROAMING\MOZILLA\SEAMONKEY\PROFILES\574A9A2D.DEFAULT\EXTENSIONS\{F13B157F-B174-47E7-A34D-4815DDFDFEB8}.XPI
() (No name found) -- C:\USERS\EARL.HOMEPC\APPDATA\ROAMING\MOZILLA\SEAMONKEY\PROFILES\574A9A2D.DEFAULT\EXTENSIONS\INSPECTOR@MOZILLA.ORG.XPI

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\earl\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\earl\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\earl\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\earl\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\npctrl.1.0.30716.0.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\earl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\earl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Users\earl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKCU..\Run: [Linkury Chrome Smartbar] C:\Users\earl.homepc\AppData\Local\Linkury\Application\Linkury.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 184.16.33.54
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1C57204-5091-4C47-8EED-2FA742EAA100}: DhcpNameServer = 192.168.1.1 184.16.33.54
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\earl.homepc\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\earl.homepc\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/11 21:51:09 | 000,000,000 | ---D | C] -- C:\## aswSnx private storage
[2012/02/11 19:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/11 17:46:52 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\earl.homepc\Desktop\OTL.exe
[2012/02/11 17:26:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/11 17:09:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/11 17:00:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/11 17:00:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/11 17:00:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/11 17:00:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/11 17:00:07 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/11 17:00:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/11 15:05:36 | 000,000,000 | ---D | C] -- C:\Users\earl.homepc\AppData\Roaming\Mozilla
[2012/02/11 15:05:36 | 000,000,000 | ---D | C] -- C:\Users\earl.homepc\AppData\Local\Mozilla
[2012/02/11 15:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey
[2012/02/11 15:05:00 | 000,000,000 | ---D | C] -- C:\Program Files\SeaMonkey
[2012/02/11 14:40:56 | 000,000,000 | ---D | C] -- C:\Users\earl.homepc\AppData\Roaming\Malwarebytes
[2012/02/11 14:40:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/11 14:40:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/11 14:40:49 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/11 14:40:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/11 14:30:02 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/02/11 14:30:02 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/02/11 14:30:02 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/02/11 14:30:02 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/02/11 14:30:02 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/02/11 14:30:02 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/02/11 14:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/02/11 14:29:20 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/02/11 14:29:19 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/02/11 14:29:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/02/11 14:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/02/11 11:40:26 | 000,000,000 | ---D | C] -- C:\Users\earl.homepc\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/11 11:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/02/08 14:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/02/01 13:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/01/27 12:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/01/27 12:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/01/27 12:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/01/27 12:11:36 | 000,000,000 | ---D | C] -- C:\Users\earl.homepc\AppData\Local\Apple
[2012/01/27 12:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/01/27 12:11:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/01/25 15:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti
[2012/01/25 15:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\AppGraffiti
[2012/01/23 09:58:35 | 000,000,000 | ---D | C] -- C:\Users\earl.homepc\AppData\Roaming\RealNetworks
[2012/01/20 15:18:00 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2012/01/16 09:33:51 | 000,000,000 | ---D | C] -- C:\Users\earl.homepc\AppData\Local\Real
[2012/01/16 09:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/01/16 09:33:15 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2012/01/16 09:33:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2012/01/16 09:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2012/01/16 09:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012/01/16 09:33:00 | 000,000,000 | ---D | C] -- C:\Users\earl.homepc\AppData\Roaming\Real
[2012/01/15 15:30:10 | 000,000,000 | ---D | C] -- C:\Users\earl.homepc\AppData\Roaming\Media Player Classic
[2012/01/15 03:02:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell

========== Files - Modified Within 30 Days ==========

[2012/02/11 22:06:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/11 22:05:29 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/11 22:05:29 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/11 22:05:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3556668068-2155704131-84744496-1000UA.job
[2012/02/11 21:58:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/11 21:55:14 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/11 21:55:14 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/11 21:53:50 | 000,064,092 | ---- | M] () -- C:\Users\earl.homepc\Desktop\SAME WARNING.jpg
[2012/02/11 21:50:37 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/11 17:46:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\earl.homepc\Desktop\OTL.exe
[2012/02/11 16:05:00 | 000,000,866 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3556668068-2155704131-84744496-1000Core.job
[2012/02/11 15:05:04 | 000,001,821 | ---- | M] () -- C:\Users\earl.homepc\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[2012/02/11 15:05:04 | 000,001,797 | ---- | M] () -- C:\Users\Public\Desktop\SeaMonkey.lnk
[2012/02/11 14:40:51 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/11 14:30:02 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/02/11 14:30:02 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/11 14:13:45 | 000,002,078 | ---- | M] () -- C:\Users\earl.homepc\Desktop\Google Chrome.lnk
[2012/02/11 14:13:45 | 000,002,040 | ---- | M] () -- C:\Users\earl.homepc\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/11 11:39:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012/02/08 14:09:15 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/02/02 18:01:01 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForearl.job
[2012/01/27 12:12:47 | 000,001,732 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/01/17 14:50:43 | 000,257,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/16 09:33:38 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/01/16 09:33:15 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll

========== Files Created - No Company Name ==========

[2012/02/11 21:53:50 | 000,064,092 | ---- | C] () -- C:\Users\earl.homepc\Desktop\SAME WARNING.jpg
[2012/02/11 17:00:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/11 17:00:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/11 17:00:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/11 17:00:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/11 17:00:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/11 15:05:02 | 000,001,821 | ---- | C] () -- C:\Users\earl.homepc\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[2012/02/11 15:05:02 | 000,001,797 | ---- | C] () -- C:\Users\Public\Desktop\SeaMonkey.lnk
[2012/02/11 14:40:51 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/11 14:30:02 | 000,001,835 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/11 11:39:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012/02/08 14:09:15 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/02/01 13:53:19 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/01 13:53:18 | 000,000,878 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/27 12:12:47 | 000,001,732 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/01/27 12:11:34 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/01/16 09:33:38 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2008/11/13 02:35:04 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/11/13 02:35:04 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2008/11/13 02:19:40 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/11/13 02:19:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 000,257,768 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2012/01/01 12:03:01 | 000,000,000 | ---D | M] -- C:\Users\earl.homepc\AppData\Roaming\PictureMover
[2012/01/09 11:04:21 | 000,000,000 | ---D | M] -- C:\Users\earl.homepc\AppData\Roaming\Titanium Gears
[2012/02/11 22:05:29 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

learninmypc · Feb 12, 2012

OTL Extras logfile created on: 2/11/2012 10:08:01 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\earl.homepc\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 87.38% Memory free
5.95 Gb Paging File | 5.74 Gb Available in Paging File | 96.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.63 Gb Total Space | 161.15 Gb Free Space | 72.71% Space Free | Partition Type: NTFS
Drive D: | 11.25 Gb Total Space | 1.54 Gb Free Space | 13.68% Space Free | Partition Type: NTFS
Drive F: | 955.52 Mb Total Space | 693.25 Mb Free Space | 72.55% Space Free | Partition Type: FAT

Computer Name: HOMEPC | User Name: earl | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FE225A10-ABBB-4AAE-BD4D-D9243F1ACC8E}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19506BDB-4EA7-491F-E8AB-E97109FDB296}" = muvee Reveal
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.2.3456
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2CD352BA-1F8A-4302-B972-2529E82A5679}" = Microsoft Live Search Toolbar
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{48BF4489-0C58-4E80-BB17-94A673CE310A}" = HP Demo
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5BD0CB24-11AF-4BA8-A198-38D25257C656}" = LightScribe Template Labeler
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{64B9E2F5-558E-4C56-B419-A1679518F6E7}" = HP Customer Experience Enhancements
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1" = AppGraffiti
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}" = Google Earth
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{C34C7BE6-51B7-4DE5-A341-F4AA684EC594}" = ASPCA Tri Reminder by We-Care.com v4.0.13.5
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{c6c214df-2922-4809-94aa-f4d67d4451ec}" = Music Oasis
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D6457EF0-34B7-4DD9-94F0-E6CD6D02E6CC}" = Community Smartbar
"{DA9DAC64-C947-47BA-B411-8A1959B177CF}" = LightScribe System Software 1.14.25.1
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"RealPlayer 15.0" = RealPlayer
"SeaMonkey (2.7.1)" = SeaMonkey (2.7.1)
"WildTangent hp Master Uninstall" = My HP Games
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/11/2012 4:28:02 PM | Computer Name = homepc | Source = WinMgmt | ID = 10
Description =

Error - 2/11/2012 4:41:02 PM | Computer Name = homepc | Source = WinMgmt | ID = 10
Description =

Error - 2/11/2012 4:52:20 PM | Computer Name = homepc | Source = WinMgmt | ID = 10
Description =

Error - 2/11/2012 4:53:43 PM | Computer Name = homepc | Source = Windows Search Service | ID = 3013
Description =

Error - 2/11/2012 5:01:53 PM | Computer Name = homepc | Source = EventSystem | ID = 4609
Description =

Error - 2/11/2012 5:02:52 PM | Computer Name = homepc | Source = WinMgmt | ID = 10
Description =

Error - 2/11/2012 6:00:22 PM | Computer Name = homepc | Source = WinMgmt | ID = 10
Description =

Error - 2/11/2012 6:37:39 PM | Computer Name = homepc | Source = WinMgmt | ID = 10
Description =

Error - 2/11/2012 7:21:31 PM | Computer Name = homepc | Source = WinMgmt | ID = 10
Description =

Error - 2/11/2012 7:33:01 PM | Computer Name = homepc | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 2/12/2012 1:43:43 AM | Computer Name = homepc | Source = Service Control Manager | ID = 7026
Description =

Error - 2/12/2012 1:50:08 AM | Computer Name = homepc | Source = HTTP | ID = 15016
Description =

Error - 2/12/2012 1:51:49 AM | Computer Name = homepc | Source = Service Control Manager | ID = 7026
Description =

Error - 2/12/2012 2:07:31 AM | Computer Name = homepc | Source = DCOM | ID = 10005
Description =

Error - 2/12/2012 2:07:38 AM | Computer Name = homepc | Source = DCOM | ID = 10005
Description =

Error - 2/12/2012 2:07:40 AM | Computer Name = homepc | Source = DCOM | ID = 10005
Description =

Error - 2/12/2012 2:07:42 AM | Computer Name = homepc | Source = DCOM | ID = 10005
Description =

Error - 2/12/2012 2:07:42 AM | Computer Name = homepc | Source = DCOM | ID = 10005
Description =

Error - 2/12/2012 2:08:23 AM | Computer Name = homepc | Source = Service Control Manager | ID = 7001
Description =

Error - 2/12/2012 2:08:23 AM | Computer Name = homepc | Source = Service Control Manager | ID = 7026
Description =

< End of report >

Broni · Feb 12, 2012

No.
Re-run the fix (my reply #27) from safe mode.

Going to bed.
I'll check on you tomorrow

learninmypc · Feb 12, 2012

OK. See you tomorrow. Thank you.

learninmypc · Feb 12, 2012

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3556668068-2155704131-84744496-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Linkury Chrome Smartbar not found.
File C:\Users\earl.homepc\AppData\Local\Linkury\Application\Linkury.exe not found.
Registry value HKEY_USERS\S-1-5-21-3556668068-2155704131-84744496-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: earl
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: earl.homepc
->Temp folder emptied: 32392 bytes
->Temporary Internet Files folder emptied: 43251 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: earl
->Java cache emptied: 0 bytes

User: earl.homepc
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: earl
->Flash cache emptied: 0 bytes

User: earl.homepc
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 02112012_224108

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Broni · Feb 12, 2012

Still having same pop-up?

learninmypc · Feb 12, 2012

The only pop up I'm getting now is from Avast. I'll attach a screen shot shortly

Broni · Feb 12, 2012

Run this fix from safe mode....

Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
O4 - HKCU..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKCU..\Run: [Linkury Chrome Smartbar] C:\Users\earl.homepc\AppData\Local\Linkury\Application\Linkury.exe ()

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.

learninmypc · Feb 12, 2012

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\InstallIQUpdater deleted successfully.
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Linkury Chrome Smartbar not found.
File C:\Users\earl.homepc\AppData\Local\Linkury\Application\Linkury.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: earl
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: earl.homepc
->Temp folder emptied: 37724 bytes
->Temporary Internet Files folder emptied: 43251 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 7431723 bytes
->Flash cache emptied: 1557 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 64092 bytes

Total Files Cleaned = 7.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: earl
->Java cache emptied: 0 bytes

User: earl.homepc
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: earl
->Flash cache emptied: 0 bytes

User: earl.homepc
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 02122012_111506

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Broni · Feb 12, 2012

How are things now?

learninmypc · Feb 12, 2012

OTL logfile created on: 2/12/2012 11:19:37 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\earl.homepc\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 70.17% Memory free
5.95 Gb Paging File | 5.12 Gb Available in Paging File | 86.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.63 Gb Total Space | 158.35 Gb Free Space | 71.45% Space Free | Partition Type: NTFS
Drive D: | 11.25 Gb Total Space | 1.54 Gb Free Space | 13.68% Space Free | Partition Type: NTFS
Drive F: | 955.52 Mb Total Space | 693.20 Mb Free Space | 72.55% Space Free | Partition Type: FAT

Computer Name: HOMEPC | User Name: earl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/11 17:46:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\earl.homepc\Desktop\OTL.exe
PRC - [2012/01/16 09:33:12 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/11/28 10:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2008/10/28 22:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/09 07:58:56 | 000,075,008 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
PRC - [2008/09/08 15:12:40 | 000,430,080 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\PictureMover\Bin\PictureMover.exe
PRC - [2007/04/18 07:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/23 10:12:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2012/01/22 14:55:57 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll
MOD - [2012/01/22 14:45:06 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.ni.dll
MOD - [2012/01/22 14:45:06 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fdbb4d76b37aada9010c49a6e09da067\System.Transactions.ni.dll
MOD - [2012/01/22 14:45:06 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.Wrapper.dll
MOD - [2012/01/22 14:44:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2012/01/22 14:44:45 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2012/01/22 14:44:29 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2012/01/22 14:44:16 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2012/01/22 14:43:46 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll
MOD - [2012/01/22 14:43:30 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll
MOD - [2012/01/22 14:43:19 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll
MOD - [2012/01/22 14:42:48 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll
MOD - [2012/01/22 14:42:27 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll
MOD - [2012/01/22 14:42:23 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2012/01/22 14:42:09 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2008/10/17 09:39:18 | 000,032,768 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008/10/17 09:32:58 | 000,007,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008/10/17 09:32:54 | 000,057,344 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008/10/17 09:32:48 | 000,118,784 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008/10/17 09:32:46 | 000,010,240 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008/10/17 09:32:26 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008/10/17 09:32:26 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008/10/17 09:32:26 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2008/09/08 15:20:54 | 001,703,936 | ---- | M] () -- C:\Users\earl.homepc\AppData\Roaming\PictureMover\EN-US\Presentation.dll
MOD - [2008/09/08 15:11:56 | 003,870,720 | ---- | M] () -- C:\Users\earl.homepc\AppData\Roaming\PictureMover\Bin\Core.dll
MOD - [2008/07/27 10:22:54 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2008/07/27 10:03:15 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/07/27 10:03:15 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2008/01/20 18:24:29 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2011/11/28 09:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 09:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 09:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 09:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 09:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 09:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/09/26 22:51:00 | 007,478,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/09/10 04:48:20 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/09/10 04:46:22 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/09/04 03:34:34 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/08/01 04:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/21 08:12:50 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/07/21 08:12:22 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/05/22 01:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid=80273&lng=en
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://isearch.whitesmoke.com/?q={searchTerms}&babsrc=home&s=web&as=0&isid=9860
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\npctrl.1.0.30716.0.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\earl.homepc\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\earl.homepc\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/21 14:35:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.7.1\extensions\\Components: C:\Program Files\SeaMonkey\components [2012/02/11 15:05:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.7.1\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins

[2012/02/11 15:05:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\earl.homepc\AppData\Roaming\mozilla\Extensions
[2012/02/11 23:03:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\earl.homepc\AppData\Roaming\mozilla\SeaMonkey\Profiles\574a9a2d.default\extensions
[2012/02/11 23:03:19 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\earl.homepc\AppData\Roaming\mozilla\SeaMonkey\Profiles\574a9a2d.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2012/02/11 15:08:53 | 000,000,000 | ---D | M] (WOT) -- C:\Users\earl.homepc\AppData\Roaming\mozilla\SeaMonkey\Profiles\574a9a2d.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
() (No name found) -- C:\USERS\EARL.HOMEPC\APPDATA\ROAMING\MOZILLA\SEAMONKEY\PROFILES\574A9A2D.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\EARL.HOMEPC\APPDATA\ROAMING\MOZILLA\SEAMONKEY\PROFILES\574A9A2D.DEFAULT\EXTENSIONS\{F13B157F-B174-47E7-A34D-4815DDFDFEB8}.XPI
() (No name found) -- C:\USERS\EARL.HOMEPC\APPDATA\ROAMING\MOZILLA\SEAMONKEY\PROFILES\574A9A2D.DEFAULT\EXTENSIONS\INSPECTOR@MOZILLA.ORG.XPI

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\earl\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\earl\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\earl\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\earl\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\npctrl.1.0.30716.0.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\earl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\earl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Users\earl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 184.16.33.54
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1C57204-5091-4C47-8EED-2FA742EAA100}: DhcpNameServer = 192.168.1.1 184.16.33.54
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\earl.homepc\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\earl.homepc\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/11 22:33:16 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/02/11 22:28:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/11 19:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/11 17:46:52 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\earl.homepc\Desktop\OTL.exe
[2012/02/11 17:26:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/11 17:09:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/11 17:00:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/11 17:00:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/11 17:00:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/11 17:00:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/11 17:00:07 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/11 17:00:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/11 15:05:36 | 000,000,000 | ---D | C] -- C:\Users\earl.homepc\AppData\Roaming\Mozilla
[2012/02/11 15:05:36 | 000,000,000 | ---D | C] -- C:\Users\earl.homepc\AppData\Local\Mozilla
[2012/02/11 15:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey
[2012/02/11 15:05:00 | 000,000,000 | ---D | C] -- C:\Program Files\SeaMonkey
[2012/02/11 14:40:56 | 000,000,000 | ---D | C] -- C:\Users\earl.homepc\AppData\Roaming\Malwarebytes
[2012/02/11 14:40:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/11 14:40:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/11 14:40:49 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/11 14:40:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/11 14:30:02 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/02/11 14:30:02 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/02/11 14:30:02 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/02/11 14:30:02 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/02/11 14:30:02 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/02/11 14:30:02 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/02/11 14:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/02/11 14:29:20 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/02/11 14:29:19 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/02/11 14:29:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/02/11 14:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/02/11 11:40:26 | 000,000,000 | ---D | C] -- C:\Users\earl.homepc\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/11 11:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/02/08 14:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/02/01 13:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/01/27 12:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/01/27 12:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/01/27 12:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/01/27 12:11:36 | 000,000,000 | ---D | C] -- C:\Users\earl.homepc\AppData\Local\Apple
[2012/01/27 12:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/01/27 12:11:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/01/25 15:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti
[2012/01/25 15:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\AppGraffiti
[2012/01/23 09:58:35 | 000,000,000 | ---D | C] -- C:\Users\earl.homepc\AppData\Roaming\RealNetworks
[2012/01/20 15:18:00 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2012/01/16 09:33:51 | 000,000,000 | ---D | C] -- C:\Users\earl.homepc\AppData\Local\Real
[2012/01/16 09:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/01/16 09:33:15 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2012/01/16 09:33:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2012/01/16 09:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2012/01/16 09:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012/01/16 09:33:00 | 000,000,000 | ---D | C] -- C:\Users\earl.homepc\AppData\Roaming\Real
[2012/01/15 15:30:10 | 000,000,000 | ---D | C] -- C:\Users\earl.homepc\AppData\Roaming\Media Player Classic
[2012/01/15 03:02:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell

========== Files - Modified Within 30 Days ==========

[2012/02/12 11:23:32 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/12 11:23:32 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/12 11:16:28 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/12 11:16:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/12 11:16:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/12 11:16:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/12 11:16:13 | 3085,406,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/12 11:05:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3556668068-2155704131-84744496-1000UA.job
[2012/02/12 10:58:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/12 10:39:46 | 000,042,366 | ---- | M] () -- C:\Users\earl.homepc\Desktop\AVAST POP UP.jpg
[2012/02/11 22:33:16 | 216,587,330 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/11 17:46:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\earl.homepc\Desktop\OTL.exe
[2012/02/11 16:05:00 | 000,000,866 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3556668068-2155704131-84744496-1000Core.job
[2012/02/11 15:05:04 | 000,001,821 | ---- | M] () -- C:\Users\earl.homepc\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[2012/02/11 15:05:04 | 000,001,797 | ---- | M] () -- C:\Users\Public\Desktop\SeaMonkey.lnk
[2012/02/11 14:40:51 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/11 14:30:02 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/02/11 14:30:02 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/11 14:13:45 | 000,002,078 | ---- | M] () -- C:\Users\earl.homepc\Desktop\Google Chrome.lnk
[2012/02/11 14:13:45 | 000,002,040 | ---- | M] () -- C:\Users\earl.homepc\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/11 11:39:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012/02/08 14:09:15 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/02/02 18:01:01 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForearl.job
[2012/01/27 12:12:47 | 000,001,732 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/01/17 14:50:43 | 000,257,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/16 09:33:38 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/01/16 09:33:15 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll

========== Files Created - No Company Name ==========

[2012/02/12 11:16:13 | 3085,406,208 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/12 10:39:46 | 000,042,366 | ---- | C] () -- C:\Users\earl.homepc\Desktop\AVAST POP UP.jpg
[2012/02/11 22:32:55 | 216,587,330 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/11 17:00:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/11 17:00:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/11 17:00:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/11 17:00:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/11 17:00:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/11 15:05:02 | 000,001,821 | ---- | C] () -- C:\Users\earl.homepc\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[2012/02/11 15:05:02 | 000,001,797 | ---- | C] () -- C:\Users\Public\Desktop\SeaMonkey.lnk
[2012/02/11 14:40:51 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/11 14:30:02 | 000,001,835 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/11 11:39:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012/02/08 14:09:15 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/02/01 13:53:19 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/01 13:53:18 | 000,000,878 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/27 12:12:47 | 000,001,732 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/01/27 12:11:34 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/01/16 09:33:38 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2008/11/13 02:35:04 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/11/13 02:35:04 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2008/11/13 02:19:40 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/11/13 02:19:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 000,257,768 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2012/01/01 12:03:01 | 000,000,000 | ---D | M] -- C:\Users\earl.homepc\AppData\Roaming\PictureMover
[2012/01/09 11:04:21 | 000,000,000 | ---D | M] -- C:\Users\earl.homepc\AppData\Roaming\Titanium Gears
[2012/02/12 11:11:22 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

learninmypc · Feb 12, 2012

No more Avast pop up. Thank you

Broni · Feb 12, 2012

Good job

Good luck and stay safe

learninmypc · Feb 12, 2012

Thank you. I'm going to install the other programs I think I previously mentioned.
SpywareBlaster, Spybot S&D.

Broni · Feb 12, 2012

You're very welcome

learninmypc · Feb 15, 2012

Broni, the owner of the pc wanted me to tell you "thank you very much".:grinthumb

Broni · Feb 15, 2012

The owner is very welcome

TechSpot

[Solved] Recovery Console vs clean up on Vista

learninmypc TechSpot Enthusiast

learninmypc TechSpot Enthusiast

Broni Malware Annihilator

learninmypc TechSpot Enthusiast

learninmypc TechSpot Enthusiast

Broni Malware Annihilator

learninmypc TechSpot Enthusiast

Broni Malware Annihilator

learninmypc TechSpot Enthusiast

Broni Malware Annihilator

learninmypc TechSpot Enthusiast

learninmypc TechSpot Enthusiast

Broni Malware Annihilator

learninmypc TechSpot Enthusiast

Broni Malware Annihilator

learninmypc TechSpot Enthusiast

Broni Malware Annihilator