Malware Bites, Avast Free, Tune-Up Utilities, and PC TOOLS Internet Security. tried.
Full Scans, Intelliscans, Boot Time Scans, mentioned folders etc C:windows\system32\services.exe - c:\windows\installer\...\80000064.@ etc all tried.
Avast is giving me the "Win32:Malware-gen" 'infection' "Malware Block" popup regularly every 5-10 mins.
PC Tool Internet Security is giving me the Trojan.Gen and Hacktool.Rootkit quarantined "threat names" again, every 5-10 minutes.
tried every single thing I could think of with no such luck
ATTACHED:
was told to...
"Download OTL to your Desktop
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT"
and post the txt logs (attached)
PLEASE HELP
OTL logfile created on: 6/21/2012 7:30:15 PM - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Earl Brown\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.75 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 49.44% Memory free
7.50 Gb Paging File | 5.18 Gb Available in Paging File | 69.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.18 Gb Total Space | 676.97 Gb Free Space | 73.57% Space Free | Partition Type: NTFS
Drive D: | 11.23 Gb Total Space | 1.37 Gb Free Space | 12.22% Space Free | Partition Type: NTFS
Computer Name: SALES_DIRECTOR | User Name: Earl Brown | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/06/21 16:43:02 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Earl Brown\Downloads\OTL.exe
PRC - [2012/06/13 16:21:32 | 006,534,768 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
PRC - [2012/06/07 03:14:45 | 001,239,576 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/05/17 10:34:36 | 001,168,680 | ---- | M] (Starfield Technologies) -- C:\Program Files (x86)\Workspace\offSyncService.exe
PRC - [2012/05/11 11:13:38 | 002,670,520 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe
PRC - [2012/05/11 11:13:38 | 001,118,648 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
PRC - [2012/05/11 10:07:20 | 000,402,336 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
PRC - [2012/05/11 10:07:14 | 000,071,008 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe
PRC - [2012/05/08 18:21:30 | 000,575,416 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2012/04/01 10:54:48 | 000,034,496 | ---- | M] () -- C:\Program Files (x86)\Workspace\workspaceupdate.exe
PRC - [2012/03/06 18:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/01/01 21:31:42 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\880\g2mstart.exe
PRC - [2012/01/01 21:31:42 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\880\g2mlauncher.exe
PRC - [2012/01/01 21:31:42 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\880\g2mcomm.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/09 12:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011/07/05 10:24:06 | 000,395,528 | ---- | M] (StrikeForce Technologies Inc.) -- C:\Program Files (x86)\SFT\GuardedID\GIDD.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/10/25 15:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2010/10/12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
========== Modules (No Company Name) ==========
MOD - [2012/06/14 03:39:33 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll
MOD - [2012/06/14 03:34:35 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
MOD - [2012/06/14 03:34:28 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll
MOD - [2012/06/14 03:34:26 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/14 03:34:14 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/14 03:34:00 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:33:52 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/14 03:33:48 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/06/13 16:21:33 | 000,104,048 | ---- | M] () -- C:\Program Files (x86)\Constant Guard Protection Suite\IdVaultCore.XmlSerializers.dll
MOD - [2012/06/13 16:19:24 | 000,548,040 | ---- | M] () -- C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.dll
MOD - [2012/06/07 03:14:43 | 000,441,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll
MOD - [2012/06/07 03:14:42 | 003,922,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012/06/07 03:13:27 | 000,553,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\libglesv2.dll
MOD - [2012/06/07 03:13:26 | 000,117,784 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\libegl.dll
MOD - [2012/06/07 03:13:16 | 000,134,696 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012/06/07 03:13:15 | 000,250,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012/06/07 03:13:14 | 002,375,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2012/05/14 19:52:20 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/14 19:51:02 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll
MOD - [2012/05/14 19:51:01 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
MOD - [2012/05/14 19:50:58 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll
MOD - [2012/05/14 19:50:57 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll
MOD - [2012/05/14 19:43:16 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/14 19:42:59 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/14 19:42:29 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ca2eff60beb3ba00a529a2d42dceca22\UIAutomationProvider.ni.dll
MOD - [2012/05/14 19:42:19 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/14 19:42:17 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll
MOD - [2012/05/14 19:42:15 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/14 19:42:12 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/14 19:42:11 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/14 19:42:02 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/04/01 10:54:48 | 000,034,496 | ---- | M] () -- C:\Program Files (x86)\Workspace\workspaceupdate.exe
MOD - [2012/03/06 17:46:58 | 000,603,648 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\aswOtl.dll
MOD - [2011/08/16 10:38:48 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files (x86)\WinRAR\RarExt.dll
MOD - [2010/11/20 22:24:09 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 22:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010/11/20 22:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/10/25 15:13:40 | 002,893,216 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\PDFMaker\Common\AdobePDFMakerX.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/10 18:37:48 | 000,058,208 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\UmOutlookStrings.dll
MOD - [2010/01/10 01:05:06 | 001,040,736 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/06/12 16:32:16 | 000,104,456 | ---- | M] () -- C:\Windows\SysWOW64\EasyHook32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/03/17 18:03:44 | 000,552,832 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2011/02/17 00:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/11 10:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/06/13 16:21:33 | 000,066,160 | ---- | M] (White Sky, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2012/05/17 10:34:36 | 001,168,680 | ---- | M] (Starfield Technologies) [Auto | Running] -- C:\Program Files (x86)\Workspace\offSyncService.exe -- (File Backup)
SRV - [2012/05/11 11:13:38 | 001,118,648 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/05/11 10:07:20 | 000,402,336 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/05/11 10:07:14 | 000,071,008 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2012/05/08 18:21:30 | 000,575,416 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012/03/31 17:15:23 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2012/02/13 16:14:00 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/20 15:05:04 | 002,072,896 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/05/11 11:14:50 | 000,092,896 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctplsg64.sys -- (pctplsg)
DRV:64bit: - [2012/05/11 11:14:26 | 000,251,528 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD)
DRV:64bit: - [2012/05/11 11:08:58 | 000,341,168 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi)
DRV:64bit: - [2012/05/11 10:07:16 | 000,706,776 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TFSysMon)
DRV:64bit: - [2012/05/11 10:07:16 | 000,065,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2012/05/11 10:07:16 | 000,041,968 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2012/05/08 18:21:48 | 000,085,192 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PCTBD64.sys -- (PCTBD)
DRV:64bit: - [2012/04/23 12:36:50 | 000,426,616 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2012/03/06 18:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/03/06 18:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/03/06 18:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/06 18:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/03/06 18:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/03/06 18:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/28 11:43:18 | 001,096,176 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2012/02/28 11:43:12 | 000,453,896 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/05 10:18:38 | 000,029,288 | ---- | M] (StrikeForce Technologies, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gidv2.sys -- (GIDv2)
DRV:64bit: - [2011/05/13 04:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 04:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/05/13 04:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 04:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/01/15 11:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/28 14:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/12/16 17:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/04 08:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/11/04 08:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/05/11 10:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/11 09:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 10:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/10/20 11:48:16 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{88F17A70-7C89-46BA-92BA-7E28C3DBA39C}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{88F17A70-7C89-46BA-92BA-7E28C3DBA39C}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.xfinity.c...insDate04162012
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\URLSearchHook: {df96f37a-accd-42b5-bd3d-629c0895e2b0} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GGHP_enUS445
IE - HKCU\..\SearchScopes\{88F17A70-7C89-46BA-92BA-7E28C3DBA39C}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-re...&ver=4.0.0.1550
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-06-20 14:00:14&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.xfinit...art_tech_search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.xfinity.c...nsDate04162012"
FF - prefs.js..keyword.URL: "http://isearch.avg.c...0:14&sap=ku&q="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Users\Earl Brown\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off64: C:\Users\Earl Brown\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Users\Earl Brown\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe64: C:\Users\Earl Brown\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/08 23:35:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/03/17 11:27:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\ [2012/06/20 12:36:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/06/20 14:02:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/15 00:21:53 | 000,000,000 | ---D | M]
[2012/04/01 10:55:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Earl Brown\AppData\Roaming\Mozilla\Extensions
[2012/05/17 13:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
[2012/06/20 14:02:20 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
File not found (No name found) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.7
[2012/05/17 13:03:37 | 000,000,000 | ---D | M] (XFINITY Constant Guard Protection Suite) -- C:\PROGRAMDATA\WHITE SKY, INC\ID VAULT\XPCOM11
[2012/03/12 23:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/20 13:59:54 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/03/12 23:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/16 11:58:04 | 000,001,692 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\comcast.xml
[2012/03/12 23:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Online Storage plug-in (Enabled) = C:\Users\Earl Brown\AppData\Roaming\Mozilla\plugins\npoff.dll
CHR - plugin: Workspace Webmail plug-in 1.0.20.42 (Enabled) = C:\Users\Earl Brown\AppData\Roaming\Mozilla\plugins\npwbe.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: avast! WebRep = C:\Users\Earl Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Earl Brown\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
O1 HOSTS File: ([2011/12/31 14:41:21 | 000,006,895 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com #192.150.22.22
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com #192.150.14.21
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com #192.150.18.247
O1 - Hosts: 127.0.0.1 3dns-5.adobe.com #192.150.22.46
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com #192.150.11.30
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com #192.150.11.247
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com #192.150.22.30
O1 - Hosts: 127.0.0.1 adobe.activate.com #69.175.22.26
O1 - Hosts: 127.0.0.1 activate.adobe.com #192.150.22.40
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com #192.150.22.40
O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com #192.150.22.40
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com #192.150.22.40
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com #192.150.14.69
O1 - Hosts: 127.0.0.1 ereg.adobe.com #192.150.18.103
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com #192.150.18.63
O1 - Hosts: 127.0.0.1 ereg.wip4.adobe.com #192.150.18.103
O1 - Hosts: 127.0.0.1 practivate.adobe.com #192.150.18.54
O1 - Hosts: 127.0.0.1 www.wip3.adobe.com #192.150.8.60
O1 - Hosts: 127.0.0.1 www.wip4.adobe.com #192.150.18.200
O1 - Hosts: 127.0.0.1 www.adobeereg.com #75.125.24.83
O1 - Hosts: 127.0.0.1 adobeereg.com #207.66.2.10
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com #192.150.14.174
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip30.adobe.com #192.150.8.30
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip31.adobe.com #192.150.8.31
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip32.adobe.com #192.150.8.32
O1 - Hosts: 93 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Constant Guard Protection Suite (COM)) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.1.613.0\NativeBHO.dll (WhiteSky)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe (StrikeForce Technologies Inc.)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Desktop Software] C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [EPSON NX230 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLA.EXE /FU "C:\Users\EARLBR~1\AppData\Local\Temp\E_S781A.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [GoToMeeting] C:\Program Files (x86)\Citrix\GoToMeeting\880\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKCU..\Run: [Starfield Updater] C:\Program Files (x86)\Workspace\workspaceupdate.exe ()
O4 - Startup: C:\Users\Earl Brown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = C:\Users\Earl Brown\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe (Leader Technologies/Epson)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEDFEE0E-DEFA-4E24-B6BD-FC81CC523E52}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\hpsf.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\lightscribecontrolpanel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\lslauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\softwareupdate.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\hpsf.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\lightscribecontrolpanel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\lslauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\softwareupdate.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{57fc85f2-3041-11e1-ba07-78acc0b3b71b}\Shell - "" = AutoRun
O33 - MountPoints2\{57fc85f2-3041-11e1-ba07-78acc0b3b71b}\Shell\AutoRun\command - "" = K:\autorun.exe
O33 - MountPoints2\{57fc85f2-3041-11e1-ba07-78acc0b3b71b}\Shell\directx\command - "" = K:\DirectX9\dxsetup.exe
O33 - MountPoints2\{57fc85f2-3041-11e1-ba07-78acc0b3b71b}\Shell\setup\command - "" = K:\setup.exe
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\autorun.exe
O33 - MountPoints2\M\Shell\phone\command - "" = M:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
System Restore Service not available.
========== Files/Folders - Created Within 30 Days ==========
[2012/06/21 16:45:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/21 15:46:56 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012/06/21 15:46:48 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012/06/21 15:46:45 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012/06/21 15:46:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012/06/21 15:46:28 | 000,000,000 | ---D | C] -- C:\Users\Earl Brown\AppData\Roaming\TuneUp Software
[2012/06/21 15:46:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012/06/21 15:45:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012/06/21 15:45:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/06/21 15:14:16 | 000,000,000 | ---D | C] -- C:\Users\Earl Brown\AppData\Roaming\DriverCure
[2012/06/21 15:14:15 | 000,000,000 | ---D | C] -- C:\Users\Earl Brown\AppData\Roaming\SpeedyPC Software
[2012/06/21 15:13:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/06/21 15:13:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
[2012/06/21 10:04:43 | 000,000,000 | ---D | C] -- C:\Users\Earl Brown\AppData\Local\{7025A9DD-CB23-4398-A231-B27EA84C984A}
[2012/06/21 10:04:19 | 000,000,000 | ---D | C] -- C:\Users\Earl Brown\AppData\Local\{86BB5869-0FA0-42FA-9E12-FCC9387CCF02}
[2012/06/20 14:03:05 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/06/20 14:02:26 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/06/20 14:02:25 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/06/20 13:49:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/06/20 13:49:48 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/06/20 13:49:47 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/06/20 13:49:42 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/06/20 13:49:38 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/06/20 13:49:27 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/06/20 13:48:40 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/06/20 13:48:27 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/06/20 13:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2012/06/20 13:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2012/06/20 13:34:57 | 000,181,000 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplfw64.sys
[2012/06/20 13:34:51 | 000,123,808 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdis-PacketFilter64.sys
[2012/06/20 12:58:16 | 000,000,000 | ---D | C] -- C:\Users\Earl Brown\AppData\Local\{286984EE-B56B-40EA-8908-4E7120EC5FC6}
[2012/06/20 12:57:36 | 000,000,000 | ---D | C] -- C:\Users\Earl Brown\AppData\Local\{F57C4881-ECB3-40BB-81BE-5D171D962D46}
[2012/06/20 12:40:30 | 000,000,000 | ---D | C] -- C:\Users\Earl Brown\AppData\Local\Threat Expert
[2012/06/20 12:37:57 | 000,706,776 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys
[2012/06/20 12:37:57 | 000,065,664 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys
[2012/06/20 12:37:57 | 000,041,968 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys
[2012/06/20 12:36:37 | 000,085,192 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTBD64.sys
[2012/06/20 12:36:36 | 002,267,064 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012/06/20 12:36:36 | 001,681,336 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012/06/20 12:36:36 | 000,149,432 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012/06/20 12:35:37 | 000,341,168 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2012/06/20 12:35:37 | 000,145,432 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2012/06/20 12:35:25 | 000,014,776 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctBTFix64.sys
[2012/06/20 12:35:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/06/20 12:35:21 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2012/06/20 12:35:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/06/20 12:32:57 | 001,096,176 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2012/06/20 12:32:57 | 000,453,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2012/06/20 12:32:50 | 000,426,616 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2012/06/20 12:32:48 | 000,251,528 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/06/20 12:32:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/06/20 12:24:05 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/06/20 12:24:04 | 000,000,000 | ---D | C] -- C:\Users\Earl Brown\AppData\Roaming\TestApp
[2012/06/20 10:46:36 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/06/20 10:26:31 | 000,000,000 | ---D | C] -- C:\Users\Earl Brown\AppData\Local\{FB90854D-3861-4693-9314-86E6F261217A}
[2012/06/20 10:26:11 | 000,000,000 | ---D | C] -- C:\Users\Earl Brown\AppData\Local\{7260DD52-4CCD-4EB9-824A-A470BA99E3D7}
[2012/06/18 21:29:02 | 000,000,000 | ---D | C] -- C:\Users\Earl Brown\AppData\Local\{6FCA7DE9-409C-430E-9F01-E13EEB4E2EA5}
[2012/06/15 09:28:48 | 000,000,000 | ---D | C] -- C:\Users\Earl Brown\AppData\Local\{05CB96FB-3C4D-4E9F-B45A-605B612E10FE}
[2012/06/14 17:19:02 | 000,000,000 | ---D | C] -- C:\Users\Earl Brown\AppData\Local\{23DB8587-3E50-4C87-82CC-65B14A00CF89}
[2012/06/14 17:18:12 | 000,000,000 | ---D | C] -- C:\Users\Earl Brown\AppData\Local\{9D0819F2-096B-4237-A967-3D38236131E6}
[2012/06/14 11:54:12 | 000,000,000 | ---D | C] -- C:\Users\Earl Brown\AppData\Local\{040F2A8A-5F36-4D97-B71D-9C92ED4363FA}
[2012/06/14 11:53:48 | 000,000,000 | ---D | C] -- C:\Users\Earl Brown\AppData\Local\{B3AA9A0F-76B8-415C-A9FF-AC1D118EA799}
[2012/06/14 09:43:52 | 000,000,000 | ---D | C] -- C:\Users\Earl Brown\AppData\Local\{8FE29416-25EB-4A8F-BC75-5966D41068AB}
[2012/06/14 09:43:31 | 000,000,000 | ---D | C] -- C:\Users\Earl Brown\AppData\Local\{CA0FF188-1971-423A-8D76-926C9076448C}
[2012/06/14 00:24:08 | 000,000,000 | ---D | C] -- C:\Users\Earl Brown\AppData\Roaming\Epson
[2012/06/14 00:19:57 | 000,000,000 | ---D | C] -- C:\Users\Earl Brown\AppData\Roaming\Leadertech
[2012/06/14 00:04:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson America Inc
[2012/06/14 00:03:24 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON
[2012/06/14 00:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2012/06/14 00:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2012/06/14 00:00:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2012/06/13 23:45:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2012/06/13 23:39:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2012/06/13 23:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2012/06/13 11:22:07 | 000,000,000 | ---D | C] -- C:\Users\Earl Brown\AppData\Local\{230F8022-D076-46D0-BEA8-0993C2C34670}
[2012/06/13 11:21:30 | 000,000,000 | ---D | C] -- C:\Users\Earl Brown\AppData\Local\{B331DEC1-D019-4DD9-ADB7-76CD1C6BDA1B}
[2012/06/13 10:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Card Scanning Solutions
[2012/06/13 10:59:01 | 000,000,000 | ---D | C] -- C:\Users\Earl Brown\AppData\Local\DocuCap
[2012/06/13 10:07:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ePadLink
[2012/06/13 10:06:05 | 000,000,000 | ---D | C] -- C:\Users\Earl Brown\AppData\Local\Downloaded Installations
[2012/05/28 12:28:53 | 000,000,000 | ---D | C] -- C:\Users\Earl Brown\AppData\Local\{4F6AB454-1157-4648-AD1D-3AA76FDC0967}
[2012/05/28 12:27:54 | 000,000,000 | ---D | C] -- C:\Users\Earl Brown\AppData\Local\{0DF6A74C-E8B6-4F7F-87EE-5A10EAB265DE}
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/06/21 19:31:17 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/21 19:31:17 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/21 19:23:39 | 002,063,122 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/06/21 19:20:40 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/21 19:20:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/21 19:19:53 | 3019,329,536 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/21 19:17:03 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/21 15:46:40 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2012/06/21 15:46:40 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012/06/21 14:55:19 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForEarl Brown.job
[2012/06/21 14:40:08 | 000,000,003 | ---- | M] () -- C:\Windows\Twain001.Mtx
[2012/06/21 14:39:59 | 000,000,156 | ---- | M] () -- C:\Windows\Twunk001.MTX
[2012/06/20 19:25:35 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/20 18:46:34 | 000,016,268 | ---- | M] () -- C:\Users\Earl Brown\Desktop\bookmark.htm
[2012/06/20 14:02:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/06/20 13:49:50 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/06/20 13:34:57 | 000,181,000 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctplfw64.sys
[2012/06/20 13:34:51 | 000,123,808 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdis-PacketFilter64.sys
[2012/06/20 13:14:07 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSALES_DIRECTOR$.job
[2012/06/20 13:00:23 | 000,002,209 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
[2012/06/20 13:00:21 | 000,002,191 | ---- | M] () -- C:\Users\Public\Desktop\Constant Guard.lnk
[2012/06/20 12:37:17 | 000,002,253 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Internet Security.lnk
[2012/06/19 11:03:44 | 002,116,190 | ---- | M] () -- C:\Users\Earl Brown\Desktop\Fury WIN BIG Artwork.pdf
[2012/06/19 11:00:12 | 000,951,199 | ---- | M] () -- C:\Users\Earl Brown\Desktop\Gross Busters Big Event Menu.pdf
[2012/06/15 10:34:27 | 000,000,290 | ---- | M] () -- C:\Users\Earl Brown\Desktop\Users.CSV
[2012/06/14 13:05:47 | 000,000,000 | ---- | M] () -- C:\Windows\EEventManager.INI
[2012/06/14 10:46:21 | 003,805,882 | ---- | M] () -- C:\Users\Earl Brown\Desktop\Fury WIN BIG A10159 Artwork.PDF
[2012/06/14 03:29:20 | 005,227,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/14 03:08:09 | 000,796,800 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/14 03:08:09 | 000,663,010 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/14 03:08:09 | 000,121,878 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/14 00:28:59 | 000,000,088 | ---- | M] () -- C:\Windows\ENX230.ini
[2012/06/14 00:26:40 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012/06/14 00:20:34 | 000,001,221 | ---- | M] () -- C:\Users\Earl Brown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
[2012/06/14 00:00:08 | 000,000,000 | ---- | M] () -- C:\Windows\Twunk002.MTX
[2012/06/13 10:46:45 | 000,000,463 | -H-- | M] () -- C:\Users\Earl Brown\Documents\mwf_config
[2012/06/11 22:19:23 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/06/21 15:46:40 | 000,002,215 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2012/06/21 15:46:40 | 000,002,189 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012/06/21 15:46:39 | 000,002,201 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012/06/21 14:40:37 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{5d1ee843-9c65-4e49-d01a-d265dba2c1d0}\U\00000008.@
[2012/06/20 18:46:34 | 000,016,268 | ---- | C] () -- C:\Users\Earl Brown\Desktop\bookmark.htm
[2012/06/20 13:49:50 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/06/20 13:49:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/06/20 12:37:17 | 000,002,253 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Internet Security.lnk
[2012/06/20 12:36:37 | 000,767,928 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012/06/20 12:36:36 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip
[2012/06/20 12:36:36 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2012/06/20 12:36:36 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2012/06/20 12:36:36 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2012/06/19 11:00:07 | 000,951,199 | ---- | C] () -- C:\Users\Earl Brown\Desktop\Gross Busters Big Event Menu.pdf
[2012/06/19 10:59:30 | 002,116,190 | ---- | C] () -- C:\Users\Earl Brown\Desktop\Fury WIN BIG Artwork.pdf
[2012/06/15 10:34:26 | 000,000,290 | ---- | C] () -- C:\Users\Earl Brown\Desktop\Users.CSV
[2012/06/14 13:05:47 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012/06/14 00:26:40 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012/06/14 00:20:34 | 000,001,221 | ---- | C] () -- C:\Users\Earl Brown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
[2012/06/14 00:00:08 | 000,000,156 | ---- | C] () -- C:\Windows\Twunk001.MTX
[2012/06/14 00:00:08 | 000,000,003 | ---- | C] () -- C:\Windows\Twain001.Mtx
[2012/06/14 00:00:08 | 000,000,000 | ---- | C] () -- C:\Windows\Twunk002.MTX
[2012/06/13 23:43:44 | 000,000,088 | ---- | C] () -- C:\Windows\ENX230.ini
[2012/06/13 11:21:47 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForSALES_DIRECTOR$.job
[2012/06/13 10:46:45 | 000,000,463 | -H-- | C] () -- C:\Users\Earl Brown\Documents\mwf_config
[2012/06/13 10:41:00 | 003,805,882 | ---- | C] () -- C:\Users\Earl Brown\Desktop\Fury WIN BIG A10159 Artwork.PDF
[2012/05/14 19:37:23 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{5d1ee843-9c65-4e49-d01a-d265dba2c1d0}\L\00000004.@
[2012/05/14 19:36:49 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{5d1ee843-9c65-4e49-d01a-d265dba2c1d0}\U\00000004.@
[2012/05/14 19:36:49 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{5d1ee843-9c65-4e49-d01a-d265dba2c1d0}\U\000000cb.@
[2012/03/31 17:16:49 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2012/03/13 18:16:30 | 000,004,096 | -H-- | C] () -- C:\Users\Earl Brown\AppData\Local\keyfile3.drm
[2012/01/11 10:39:38 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{5d1ee843-9c65-4e49-d01a-d265dba2c1d0}\@
[2012/01/11 10:39:38 | 000,002,048 | -HS- | C] () -- C:\Users\Earl Brown\AppData\Local\{5d1ee843-9c65-4e49-d01a-d265dba2c1d0}\@
[2012/01/08 13:32:23 | 000,000,288 | -H-- | C] () -- C:\Users\Earl Brown\AppData\Roaming\b0aa5df4d755c86d155bd20c03c50c4194988cc2
[2012/01/08 13:32:23 | 000,000,288 | -H-- | C] () -- C:\ProgramData\b0aa5df4d755c86d155bd20c03c50c4194988cc2
[2012/01/08 13:32:23 | 000,000,064 | -H-- | C] () -- C:\Users\Earl Brown\AppData\Roaming\3cab8a6de5ed842d9d9f01148a6192164816d25f
[2012/01/08 13:32:23 | 000,000,064 | -H-- | C] () -- C:\ProgramData\3cab8a6de5ed842d9d9f01148a6192164816d25f
[2012/01/08 13:27:52 | 000,104,960 | ---- | C] () -- C:\Users\Earl Brown\AppData\Local\UrlManager.exe
[2012/01/08 13:27:52 | 000,001,444 | ---- | C] () -- C:\Users\Earl Brown\AppData\Local\urlManager.xml
[2012/01/08 12:57:22 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2011/12/26 22:22:45 | 000,017,408 | ---- | C] () -- C:\Users\Earl Brown\AppData\Local\WebpageIcons.db
[2011/12/25 20:17:48 | 000,000,000 | ---- | C] () -- C:\Users\Earl Brown\AppData\Local\{6ADD00F9-4521-44C9-B7BA-9FA7F3584952}
[2011/12/25 20:15:51 | 000,000,000 | ---- | C] () -- C:\Users\Earl Brown\AppData\Local\{0E205942-2798-420D-9515-175C815D2E3E}
[2011/12/25 18:57:00 | 000,000,000 | ---- | C] () -- C:\Users\Earl Brown\AppData\Local\{BD3182F4-5558-442A-A672-077A9846832C}
[2011/12/25 18:55:11 | 000,000,000 | ---- | C] () -- C:\Users\Earl Brown\AppData\Local\{448ACF79-CD91-449A-BB95-5F1F882AD9A6}
[2011/12/25 18:33:07 | 000,000,000 | ---- | C] () -- C:\Users\Earl Brown\AppData\Local\{AEA343E6-A9CA-458B-AAC3-C9D333E5F3E7}
[2011/12/22 22:58:56 | 000,121,075 | ---- | C] () -- C:\Windows\hpwins30.dat
[2011/12/22 22:58:56 | 000,000,682 | ---- | C] () -- C:\Windows\hpwmdl30.dat
[2011/11/03 12:59:26 | 000,000,013 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2011/11/03 12:59:26 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2011/11/03 12:59:16 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/11/03 12:59:10 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2011/11/03 12:59:10 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2011/11/03 12:58:52 | 000,000,243 | ---- | C] () -- C:\Windows\Brownie.ini
[2011/06/18 01:12:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/06/18 01:08:00 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/03 23:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/02/11 12:15:43 | 000,776,646 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
========== LOP Check ==========
[2011/12/26 18:51:14 | 000,000,000 | ---D | M] -- C:\Users\Earl Brown\AppData\Roaming\abgx360
[2012/05/16 18:45:06 | 000,000,000 | ---D | M] -- C:\Users\Earl Brown\AppData\Roaming\AVG2012
[2011/12/31 13:25:24 | 000,000,000 | ---D | M] -- C:\Users\Earl Brown\AppData\Roaming\BackToTheBeach
[2012/03/31 19:24:36 | 000,000,000 | ---D | M] -- C:\Users\Earl Brown\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2012/05/16 10:05:46 | 000,000,000 | ---D | M] -- C:\Users\Earl Brown\AppData\Roaming\CVS
[2012/06/21 15:14:16 | 000,000,000 | ---D | M] -- C:\Users\Earl Brown\AppData\Roaming\DriverCure
[2012/06/14 00:24:08 | 000,000,000 | ---D | M] -- C:\Users\Earl Brown\AppData\Roaming\Epson
[2012/03/09 23:13:20 | 000,000,000 | ---D | M] -- C:\Users\Earl Brown\AppData\Roaming\Funambol
[2012/06/21 19:25:09 | 000,000,000 | ---D | M] -- C:\Users\Earl Brown\AppData\Roaming\ID Vault
[2012/04/19 13:00:13 | 000,000,000 | ---D | M] -- C:\Users\Earl Brown\AppData\Roaming\iHostStudio
[2011/12/23 10:20:26 | 000,000,000 | ---D | M] -- C:\Users\Earl Brown\AppData\Roaming\ImgBurn
[2012/01/08 13:32:23 | 000,000,000 | ---D | M] -- C:\Users\Earl Brown\AppData\Roaming\iSpring Solutions
[2012/06/14 00:19:57 | 000,000,000 | ---D | M] -- C:\Users\Earl Brown\AppData\Roaming\Leadertech
[2012/04/28 14:12:56 | 000,000,000 | ---D | M] -- C:\Users\Earl Brown\AppData\Roaming\mjusbsp
[2012/06/21 15:14:15 | 000,000,000 | ---D | M] -- C:\Users\Earl Brown\AppData\Roaming\SpeedyPC Software
[2012/06/20 12:24:04 | 000,000,000 | ---D | M] -- C:\Users\Earl Brown\AppData\Roaming\TestApp
[2012/03/10 16:13:41 | 000,000,000 | ---D | M] -- C:\Users\Earl Brown\AppData\Roaming\Thunderbird
[2012/06/21 15:46:28 | 000,000,000 | ---D | M] -- C:\Users\Earl Brown\AppData\Roaming\TuneUp Software
[2012/06/21 14:58:16 | 000,000,000 | ---D | M] -- C:\Users\Earl Brown\AppData\Roaming\uTorrent
[2012/02/12 21:08:33 | 000,000,000 | ---D | M] -- C:\Users\Earl Brown\AppData\Roaming\WildTangentv1002
[2011/09/21 18:59:13 | 000,000,000 | ---D | M] -- C:\Users\Earl Brown\AppData\Roaming\WinBatch
[2012/01/08 23:41:56 | 000,000,000 | ---D | M] -- C:\Users\Earl Brown\AppData\Roaming\Wondershare Video Converter Ultimate
[2012/02/29 09:34:27 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
< MD5 for: SERVICES >
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
< MD5 for: SERVICES.ASFX >
[2010/10/25 15:15:46 | 000,000,230 | ---- | M] () MD5=2577B66F38E0DEA25F328DA4A0FED322 -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\fr_FR\Services\Services.asfx
[2010/10/25 15:15:46 | 000,000,231 | ---- | M] () MD5=9F2731666F5771CC5C1E4EEDC8FB8607 -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\Services\Services.asfx
< MD5 for: SERVICES.CFG >
[2011/06/06 12:55:30 | 000,584,045 | ---- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2010/10/25 15:13:46 | 000,032,633 | ---- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Services\Services.cfg
< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=014A9CB92514E27C0107614DF764BC06 -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 02:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010/11/21 02:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
< MD5 for: SERVICES.HTML >
[2002/02/09 20:36:20 | 000,007,001 | ---- | M] () MD5=114A8D6737DE1F714201BAFCD9387BF8 -- C:\Users\Earl Brown\Downloads\Adobe Dreamweaver CS3 + 150 Dreamweaver Templates [RH]\ADWCS3+150DWTP_[RH]\Adobe Dreamweaver CS3 + 150 Dreamweaver Templates\150 Dreamweaver Templates\53\services.html
[2003/01/03 01:20:34 | 000,001,371 | ---- | M] () MD5=8DF193F21B36BF0938EAD649B161DF07 -- C:\Users\Earl Brown\Downloads\Adobe Dreamweaver CS3 + 150 Dreamweaver Templates [RH]\ADWCS3+150DWTP_[RH]\Adobe Dreamweaver CS3 + 150 Dreamweaver Templates\150 Dreamweaver Templates\605\brain\services.html
< MD5 for: SERVICES.JPG >
[2002/02/09 19:39:52 | 000,006,058 | ---- | M] () MD5=AF2BE61285F5F455AD4E5DA659344354 -- C:\Users\Earl Brown\Downloads\Adobe Dreamweaver CS3 + 150 Dreamweaver Templates [RH]\ADWCS3+150DWTP_[RH]\Adobe Dreamweaver CS3 + 150 Dreamweaver Templates\150 Dreamweaver Templates\53\images\services.jpg
< MD5 for: SERVICES.LNK >
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
< MD5 for: SERVICES.MOF >
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
< MD5 for: SERVICES.MSC >
[2010/11/21 02:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010/11/21 02:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 02:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 02:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
< MD5 for: SERVICES.PTXML >
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
< MD5 for: SERVICES.TICO >
[2009/09/25 14:00:00 | 000,002,038 | ---- | M] () MD5=D669B1B2EBE288A61680C3C863828D28 -- C:\Program Files (x86)\TuneUp Utilities 2012\data\services.tico
< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 64 bytes -> C:\ProgramData:iSpring Suite 6
@Alternate Data Stream - 288 bytes -> C:\ProgramData:iSpring Pro 6
@Alternate Data Stream - 204 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 200 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
< End of report >