ComboFix 12-06-21.03 - Earl Brown 06/22/2012  10:41:11.1.2 - x64
Running from: c:\users\Earl Brown\Desktop\ComboFix.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\CouponAlert_2pEI
c:\users\Earl Brown\g2mdlhlpx.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected 
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe 
.
.
(((((((((((((((((((((((((   Files Created from 2012-05-22 to 2012-06-22  )))))))))))))))))))))))))))))))
.
.
2012-06-22 15:49 . 2012-06-22 15:49	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-21 21:45 . 2012-06-21 21:45	--------	d-----w-	C:\_OTL
2012-06-21 20:46 . 2011-10-20 20:05	34624	----a-w-	c:\windows\system32\TURegOpt.exe
2012-06-21 20:46 . 2011-10-20 20:04	25920	----a-w-	c:\windows\system32\authuitu.dll
2012-06-21 20:46 . 2011-10-20 20:04	21312	----a-w-	c:\windows\SysWow64\authuitu.dll
2012-06-21 20:46 . 2012-06-21 20:46	--------	d-----w-	c:\users\Earl Brown\AppData\Roaming\TuneUp Software
2012-06-21 20:46 . 2012-06-21 20:46	--------	d-----w-	c:\program files (x86)\TuneUp Utilities 2012
2012-06-21 20:45 . 2012-06-21 20:47	--------	d-----w-	c:\programdata\TuneUp Software
2012-06-21 20:45 . 2012-06-21 20:45	--------	d-sh--w-	c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-21 20:14 . 2012-06-21 20:14	--------	d-----w-	c:\users\Earl Brown\AppData\Roaming\DriverCure
2012-06-21 20:14 . 2012-06-21 20:14	--------	d-----w-	c:\users\Earl Brown\AppData\Roaming\SpeedyPC Software
2012-06-21 20:13 . 2012-06-21 20:50	--------	d-----w-	c:\programdata\SpeedyPC Software
2012-06-21 20:13 . 2012-06-21 20:13	--------	d-----w-	c:\program files (x86)\SpeedyPC Software
2012-06-21 15:33 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-21 15:33 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-21 15:33 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-21 15:33 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-21 15:32 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-21 15:32 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-21 15:32 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-21 15:31 . 2012-06-02 20:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-21 15:31 . 2012-06-02 20:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-20 19:03 . 2012-03-06 23:02	53080	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-06-20 19:02 . 2012-03-06 23:04	819032	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-06-20 19:02 . 2012-03-06 23:15	258520	----a-w-	c:\windows\system32\aswBoot.exe
2012-06-20 18:49 . 2012-03-06 23:01	24408	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-06-20 18:49 . 2012-03-06 23:04	337240	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-06-20 18:49 . 2010-06-28 20:33	28752	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2012-06-20 18:49 . 2012-03-06 23:01	59224	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-06-20 18:49 . 2012-03-06 23:01	69976	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-06-20 18:48 . 2012-03-06 23:15	41184	----a-w-	c:\windows\avastSS.scr
2012-06-20 18:48 . 2012-03-06 23:15	201352	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-06-20 18:47 . 2012-06-20 18:47	--------	d-----w-	c:\programdata\Alwil Software
2012-06-20 18:47 . 2012-06-20 18:47	--------	d-----w-	c:\program files\Alwil Software
2012-06-20 18:34 . 2012-06-20 18:34	181000	----a-w-	c:\windows\system32\drivers\pctplfw64.sys
2012-06-20 18:34 . 2012-06-20 18:34	123808	----a-w-	c:\windows\system32\drivers\pctNdis-PacketFilter64.sys
2012-06-20 17:40 . 2012-06-20 17:40	--------	d-----w-	c:\users\Earl Brown\AppData\Local\Threat Expert
2012-06-20 17:37 . 2012-05-11 15:07	706776	--s---w-	c:\windows\system32\drivers\TfSysMon.sys
2012-06-20 17:37 . 2012-05-11 15:07	65664	--s---w-	c:\windows\system32\drivers\TfFsMon.sys
2012-06-20 17:37 . 2012-05-11 15:07	41968	--s---w-	c:\windows\system32\drivers\TfNetMon.sys
2012-06-20 17:36 . 2012-05-08 23:21	85192	----a-w-	c:\windows\system32\drivers\PCTBD64.sys
2012-06-20 17:36 . 2012-05-08 23:21	767928	----a-w-	c:\windows\BDTSupport.dll
2012-06-20 17:36 . 2012-05-08 23:21	149432	----a-w-	c:\windows\SGDetectionTool.dll
2012-06-20 17:36 . 2012-05-08 23:21	2267064	----a-w-	c:\windows\PCTBDCore.dll
2012-06-20 17:36 . 2012-05-08 23:21	1681336	----a-w-	c:\windows\PCTBDRes.dll
2012-06-20 17:35 . 2012-05-11 16:09	145432	----a-w-	c:\windows\system32\drivers\pctwfpfilter64.sys
2012-06-20 17:35 . 2012-05-11 16:08	341168	----a-w-	c:\windows\system32\drivers\pctgntdi64.sys
2012-06-20 17:35 . 2012-05-11 16:13	14776	----a-w-	c:\windows\system32\drivers\pctBTFix64.sys
2012-06-20 17:35 . 2012-05-11 16:14	92896	----a-w-	c:\windows\system32\drivers\pctplsg64.sys
2012-06-20 17:35 . 2012-06-20 17:35	--------	d-----w-	c:\program files (x86)\PC Tools
2012-06-20 17:32 . 2012-02-28 16:43	1096176	----a-w-	c:\windows\system32\drivers\pctEFA64.sys
2012-06-20 17:32 . 2012-02-28 16:43	453896	----a-w-	c:\windows\system32\drivers\pctDS64.sys
2012-06-20 17:32 . 2012-04-23 17:36	426616	----a-w-	c:\windows\system32\drivers\PCTCore64.sys
2012-06-20 17:32 . 2012-06-20 18:34	--------	d-----w-	c:\program files (x86)\Common Files\PC Tools
2012-06-20 17:32 . 2012-05-11 16:14	251528	----a-w-	c:\windows\system32\drivers\PCTSD64.sys
2012-06-20 17:24 . 2012-06-20 17:37	--------	d-----w-	c:\programdata\PC Tools
2012-06-20 17:24 . 2012-06-20 17:24	--------	d-----w-	c:\users\Earl Brown\AppData\Roaming\TestApp
2012-06-20 15:46 . 2012-06-20 15:46	--------	d-----w-	c:\windows\en
2012-06-20 15:39 . 2012-06-20 15:39	19736	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-20 15:34 . 2012-06-20 15:34	15712	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\291dfa991cd4efa02\MeshBetaRemover.exe
2012-06-20 15:34 . 2012-06-20 15:34	89944	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\285bb9301cd4efa01\DSETUP.dll
2012-06-20 15:34 . 2012-06-20 15:34	537432	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\285bb9301cd4efa01\DXSETUP.exe
2012-06-20 15:34 . 2012-06-20 15:34	1801048	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\285bb9301cd4efa01\dsetup32.dll
2012-06-14 05:26 . 2009-12-09 05:00	464384	----a-w-	c:\windows\system32\esxw2ud.dll
2012-06-14 05:26 . 2009-10-16 05:00	13824	----a-w-	c:\windows\system32\esxcdev.dll
2012-06-14 05:26 . 2009-10-16 05:00	132560	----a-w-	c:\windows\system32\esdevapp.exe
2012-06-14 05:24 . 2012-06-14 05:24	--------	d-----w-	c:\users\Earl Brown\AppData\Roaming\Epson
2012-06-14 05:19 . 2012-06-14 05:19	--------	d-----w-	c:\users\Earl Brown\AppData\Roaming\Leadertech
2012-06-14 05:04 . 2012-06-14 05:04	--------	d-----w-	c:\program files (x86)\Epson America Inc
2012-06-14 05:03 . 2001-09-05 08:18	225280	----a-w-	c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-06-14 05:03 . 2001-09-05 08:14	176128	----a-w-	c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2012-06-14 05:03 . 2001-09-05 08:13	32768	----a-w-	c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2012-06-14 05:03 . 2001-09-05 08:18	77824	----a-w-	c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2012-06-14 05:03 . 2004-03-16 18:05	614532	----a-w-	c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe
2012-06-14 05:03 . 2012-06-14 05:03	--------	d-----w-	c:\program files\EPSON
2012-06-14 05:00 . 2012-06-14 05:00	--------	d-----w-	c:\program files (x86)\Epson Software
2012-06-14 04:45 . 2012-06-14 05:00	--------	d-----w-	c:\program files (x86)\epson
2012-06-14 04:39 . 2012-06-14 04:39	--------	d-----w-	c:\program files\Common Files\EPSON
2012-06-14 04:39 . 2012-06-14 05:27	--------	d-----w-	c:\programdata\EPSON
2012-06-14 04:39 . 2008-11-11 23:00	118784	----a-w-	c:\windows\system32\E_ILMHLA.DLL
2012-06-14 04:39 . 2009-09-30 23:01	88064	----a-w-	c:\windows\system32\E_IBCBHLA.DLL
2012-06-14 04:26 . 2012-04-26 05:41	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-14 04:26 . 2012-04-26 05:41	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-06-14 04:26 . 2012-04-26 05:34	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-06-14 04:25 . 2012-05-04 11:06	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-06-14 04:25 . 2012-05-04 10:03	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 04:25 . 2012-05-04 10:03	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 04:25 . 2012-05-15 01:32	3146752	----a-w-	c:\windows\system32\win32k.sys
2012-06-14 04:25 . 2012-04-28 03:55	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-13 15:59 . 2012-06-13 15:59	--------	d-----w-	c:\programdata\Card Scanning Solutions
2012-06-13 15:59 . 2012-06-13 16:07	--------	d-----w-	c:\users\Earl Brown\AppData\Local\DocuCap
2012-06-13 15:07 . 2012-06-13 15:07	--------	d-----w-	c:\program files (x86)\ePadLink
2012-06-13 15:06 . 2012-06-13 15:06	--------	d-----w-	c:\users\Earl Brown\AppData\Local\Downloaded Installations
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-20 15:26 . 2012-04-05 21:57	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-20 15:26 . 2011-08-16 06:05	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-08 22:47 . 2012-06-20 17:36	3488	----a-w-	c:\windows\UDB.zip
2012-05-08 22:47 . 2012-06-20 17:36	131	----a-w-	c:\windows\IDB.zip
2012-05-04 21:57 . 2012-04-16 17:57	8769696	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-31 22:15 . 2012-03-31 22:16	8192	----a-w-	c:\windows\SysWow64\srvany.exe
2012-03-30 11:35 . 2012-05-14 14:32	1918320	----a-w-	c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-16 39408]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-06-20 2736128]
"GoToMeeting"="c:\program files (x86)\Citrix\GoToMeeting\880\g2mstart.exe" [2012-01-02 39816]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-01-16 717696]
"Starfield Updater"="c:\program files (x86)\Workspace\workspaceupdate.exe" [2012-04-01 34496]
"Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
"WLSync"="c:\program files (x86)\Windows Live\Mesh\WLSync.exe" [2012-03-08 1449824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
.
c:\users\Earl Brown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Epson all-in-one Registration.lnk - c:\users\Earl Brown\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe [2011-3-22 2561024]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2012-6-13 6534768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-16 136176]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-16 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-05-11 402336]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-03-17 552832]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
R4 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 GIDv2;GIDv2; [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-05-08 575416]
S2 File Backup;File Backup Service;c:\program files (x86)\Workspace\offSyncService.exe [2012-05-17 1168680]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-06-13 66160]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-10-20 2072896]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-20 11856]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IPNAT
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 21:05	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 15:26	435976	----a-w-	c:\program files (x86)\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-16 06:23]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-16 06:23]
.
2012-06-22 c:\windows\Tasks\HPCeeScheduleForEarl Brown.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-06-20 c:\windows\Tasks\HPCeeScheduleForSALES_DIRECTOR$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15	135408	----a-w-	c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-05-25 10:12	1308432	----a-w-	c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-05-25 10:12	1308432	----a-w-	c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.xfinity.com/?cid=insDate04162012
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Earl Brown\AppData\Roaming\Mozilla\Firefox\Profiles\hvaus281.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.xfinity.com/?cid=insDate04162012
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bd81f2976-dd20-4800-9da7-5982b36138e4%7D&mid=203ee30391b347d0a905a9e586575ee8-b0365588bc5a209e495bbcd5715a461f165662b3&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2012-06-20%2014%3A00%3A14&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{df96f37a-accd-42b5-bd3d-629c0895e2b0} - (no file)
WebBrowser-{DF96F37A-ACCD-42B5-BD3D-629C0895E2B0} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Completion time: 2012-06-22  10:57:07 - machine was rebooted
ComboFix-quarantined-files.txt  2012-06-22 15:57
.
Pre-Run: 773,923,831,808 bytes free
Post-Run: 773,543,284,736 bytes free
.
- - End Of File - - DFC0A13459DE007EEE3DA8D475246A4F