I'm getting constant pop-up that Avast file system shield has blocked these two--Malware and Trojan Horse.
The Infection is either "Win32:Malware-gen" or "Win32:Downloader-PKU[Trj] and the Process is "C:\Windows\System32\services.exe"
The Object changes sometimes on the last set of characters but the most of it is C:\Windows\Installer\{de292682-6ec1-8843-3648-40479e37cc8c}\U\80000032.@
Sometimes it ends with u\00000004.@ or u\80000064.@
I ran Malwarbytes Anti-malware which will find one infection but it always comes back on reboot.
I ran OTL and the report is below--not sure what to do next--any assistance would be greatly appreciated---Thanks
OTL logfile created on: 8/8/2012 12:07:55 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Brian\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.99 Gb Total Physical Memory | 6.35 Gb Available Physical Memory | 79.42% Memory free
15.98 Gb Paging File | 12.42 Gb Available in Paging File | 77.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.75 Gb Total Space | 744.44 Gb Free Space | 81.20% Space Free | Partition Type: NTFS
Drive D: | 14.76 Gb Total Space | 2.09 Gb Free Space | 14.14% Space Free | Partition Type: NTFS
Computer Name: BRIAN-PC | User Name: Brian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/08/08 12:06:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
PRC - [2012/07/09 11:32:33 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/06 21:45:24 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2011/06/01 12:42:28 | 000,071,432 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2011/06/01 12:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/06/01 12:16:54 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
PRC - [2010/09/14 19:09:52 | 001,213,848 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/09/09 15:38:16 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2009/08/06 04:08:34 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/07/23 21:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/01/26 16:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/12/04 13:00:20 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/09/30 20:59:26 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
PRC - [2007/11/02 14:52:40 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
PRC - [2005/07/15 17:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
PRC - [2003/04/08 15:42:28 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Belkin\F1U201.401\usbshare.exe
========== Modules (No Company Name) ==========
MOD - [2012/06/14 03:35:09 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d94445e265a23b70882891a257016fc7\System.ServiceProcess.ni.dll
MOD - [2012/06/14 03:35:04 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ec79cacc34b50705e123ce65f3f2f695\System.Web.ni.dll
MOD - [2012/06/14 03:34:38 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\491c25313af536aef12b311ac944b452\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:34:32 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0f0396061385f6e9afd6be0df967c40\System.Drawing.ni.dll
MOD - [2012/02/16 04:25:34 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 04:25:12 | 000,310,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\c9ba9c9f4251a1978433fb8a5b8b0e01\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2012/02/16 04:24:46 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll
MOD - [2012/02/16 04:24:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll
MOD - [2012/02/16 04:24:39 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll
MOD - [2012/01/03 09:45:08 | 000,016,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/13 03:24:07 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d71769228ebe7732ae31ac194fe00ff0\Accessibility.ni.dll
MOD - [2011/10/13 03:23:31 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/06/01 12:46:02 | 000,030,984 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
MOD - [2011/06/01 12:42:24 | 000,108,296 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll
MOD - [2011/06/01 12:16:54 | 000,971,776 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
MOD - [2011/06/01 12:16:54 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
MOD - [2010/09/27 17:32:56 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\Interop.hpqusg.dll
MOD - [2009/08/06 04:08:32 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/07/13 21:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2009/07/13 21:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2008/12/12 18:11:26 | 000,148,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2008/12/12 18:11:26 | 000,097,280 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2008/02/07 10:05:18 | 000,163,840 | ---- | M] () -- C:\Windows\SysWOW64\hppatusg01.dll
MOD - [2007/11/02 14:52:40 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPUsageTracking.dll
MOD - [2007/11/02 14:52:40 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
MOD - [2007/11/02 14:52:38 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPToolkit.dll
MOD - [2007/11/02 14:52:38 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\Enumeration.dll
MOD - [2007/11/02 14:52:22 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPTools.dll
MOD - [2007/11/02 14:52:16 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT\bin\HPStreamsInterface.dll
MOD - [2003/04/08 15:42:28 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Belkin\F1U201.401\usbshare.exe
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/05/16 00:24:10 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/06 21:45:24 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2011/06/01 12:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/05/04 17:10:32 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/12/08 22:51:08 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/09/30 20:59:26 | 000,192,512 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe -- (HPBtnSrv)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/03 12:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 12:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 12:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 12:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 12:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/03 12:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/08 23:00:20 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2010/02/05 00:20:28 | 000,013,824 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HP8107.sys -- (HP8107Fltr)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 10:00:00 | 000,116,752 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/06/13 01:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 16:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/06/10 16:35:02 | 000,244,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1q60x64.sys -- (e1qexpress)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/16 01:02:04 | 005,957,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2008/12/18 16:30:58 | 000,098,656 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2008/12/12 18:05:18 | 000,033,072 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2008/12/12 18:05:18 | 000,031,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2008/12/04 08:48:52 | 000,407,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{8FD0129F-8D6E-4EE4-9F08-D2C36A8F9BAC}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{F17666AB-12C0-477A-B6AD-625ED9CF490C}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8FD0129F-8D6E-4EE4-9F08-D2C36A8F9BAC}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE - HKLM\..\SearchScopes\{F17666AB-12C0-477A-B6AD-625ED9CF490C}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {26180AC2-1343-4125-9552-7FA46439FD3B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{26180AC2-1343-4125-9552-7FA46439FD3B}: "URL" = http://www.google.co...1I7ADFA_enUS478
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{8FD0129F-8D6E-4EE4-9F08-D2C36A8F9BAC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{EB40EEE6-3427-4809-A7AB-9629F83C4E5E}: "URL" = http://websearch.ask...7-99417D688ED0
IE - HKCU\..\SearchScopes\{F17666AB-12C0-477A-B6AD-625ED9CF490C}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Brian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
Hosts file not found
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe ()
O4:64bit: - HKLM..\Run: [HPUsageTracking] "\HP UT\bin\hppusg.exe" "\HP UT" File not found
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files (x86)\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe ()
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} https://www.hpwindow...PProdDetect.cab (HP Product Detection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://hockeycam.cam...activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F748035-6FBF-4CC5-AC43-F31883B6C40E}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96B65D71-13C0-453E-ABE6-ACD96080A6BF}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\bwaterscene.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\bwaterscene.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/08/08 12:06:38 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
[2012/07/25 14:09:58 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/07/13 10:20:32 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/09 17:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/09 17:57:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[3103 C:\Windows\Installer\{de292682-6ec1-8843-3648-40479e37cc8c}\U\*.tmp files -> C:\Windows\Installer\{de292682-6ec1-8843-3648-40479e37cc8c}\U\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/08/08 12:07:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/08 12:06:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
[2012/08/08 11:56:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At24.job
[2012/08/08 11:56:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At23.job
[2012/08/08 10:56:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At22.job
[2012/08/08 10:56:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At21.job
[2012/08/08 10:04:07 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At8.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At6.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At48.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At4.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At20.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At2.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At18.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At16.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At14.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At12.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At10.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At9.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At7.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At5.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At47.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At3.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At19.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At17.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At15.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At13.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At11.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/08/08 10:04:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/07 22:56:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At46.job
[2012/08/07 22:56:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At45.job
[2012/08/07 21:56:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At44.job
[2012/08/07 21:56:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At43.job
[2012/08/07 21:03:22 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At42.job
[2012/08/07 21:03:22 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At40.job
[2012/08/07 21:03:22 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At41.job
[2012/08/07 21:03:22 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At39.job
[2012/08/07 18:56:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At38.job
[2012/08/07 18:56:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At37.job
[2012/08/07 17:56:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At36.job
[2012/08/07 17:56:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At35.job
[2012/08/07 16:56:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At34.job
[2012/08/07 16:56:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At33.job
[2012/08/07 15:56:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At32.job
[2012/08/07 15:56:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At31.job
[2012/08/07 15:20:07 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At30.job
[2012/08/07 15:20:07 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At28.job
[2012/08/07 15:20:07 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\At26.job
[2012/08/07 15:20:07 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At29.job
[2012/08/07 15:20:07 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At27.job
[2012/08/07 15:20:07 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At25.job
[2012/08/06 18:57:58 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/06 18:57:58 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/06 16:21:15 | 2140,528,639 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/27 16:59:57 | 001,085,882 | ---- | M] () -- C:\Users\Brian\Desktop\HE Apology.pdf
[2012/07/27 14:54:00 | 000,000,036 | ---- | M] () -- C:\Users\Brian\AppData\Local\housecall.guid.cache
[2012/07/25 14:09:58 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/07/21 12:31:12 | 000,581,331 | ---- | M] () -- C:\Users\Brian\Desktop\HE Letter.pdf
[2012/07/16 12:34:03 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/13 11:42:46 | 000,336,484 | ---- | M] () -- C:\Users\Brian\Desktop\How_ISO_works_photography_cheat_sheet.jpg
[2012/07/12 09:12:12 | 000,001,139 | ---- | M] () -- C:\Users\Brian\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/07/12 03:20:32 | 000,489,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/12 03:18:44 | 645,355,371 | ---- | M] () -- C:\Windows\MEMORY.DMP
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/08/06 16:22:49 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{de292682-6ec1-8843-3648-40479e37cc8c}\U\80000064.@
[2012/07/27 17:00:53 | 001,085,882 | ---- | C] () -- C:\Users\Brian\Desktop\HE Apology.pdf
[2012/07/27 16:12:00 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{de292682-6ec1-8843-3648-40479e37cc8c}\U\00000008.@
[2012/07/27 14:54:00 | 000,000,036 | ---- | C] () -- C:\Users\Brian\AppData\Local\housecall.guid.cache
[2012/07/27 13:44:28 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{de292682-6ec1-8843-3648-40479e37cc8c}\L\00000004.@
[2012/07/25 14:07:54 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{de292682-6ec1-8843-3648-40479e37cc8c}\U\000000cb.@
[2012/07/21 12:32:03 | 000,581,331 | ---- | C] () -- C:\Users\Brian\Desktop\HE Letter.pdf
[2012/07/13 11:42:45 | 000,336,484 | ---- | C] () -- C:\Users\Brian\Desktop\How_ISO_works_photography_cheat_sheet.jpg
[2012/07/09 17:57:01 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/09 17:09:38 | 000,129,737 | ---- | C] () -- C:\Users\Brian\Documents\S_fence (2).JPG
[2012/07/09 17:08:52 | 000,129,737 | ---- | C] () -- C:\Users\Brian\Documents\S_fence.JPG
[2012/03/26 10:57:35 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Icons
[2012/03/26 10:54:21 | 000,000,000 | ---- | C] () -- C:\ProgramData\Clips
[2012/02/06 21:45:30 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\HDREfexProFC32.dll
[2012/01/11 09:59:09 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{de292682-6ec1-8843-3648-40479e37cc8c}\@
[2012/01/11 09:59:09 | 000,002,048 | -HS- | C] () -- C:\Users\Brian\AppData\Local\{de292682-6ec1-8843-3648-40479e37cc8c}\@
[2011/11/26 23:05:04 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\N2BMLre6S.com.b
[2011/11/26 23:02:44 | 000,000,112 | ---- | C] () -- C:\ProgramData\58q7uu.dat
[2011/10/17 16:54:55 | 000,004,608 | ---- | C] () -- C:\Users\Brian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/20 13:34:50 | 024,804,015 | ---- | C] () -- C:\Users\Brian\NBC Best.rtf
[2010/11/03 22:29:58 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Database
[2010/11/03 22:29:58 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Dance Kit
[2010/11/03 22:29:58 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Dance
[2010/11/03 22:29:58 | 000,000,268 | RH-- | C] () -- C:\Users\Brian\AppData\Roaming\Core Data Application
[2010/11/03 22:29:58 | 000,000,268 | RH-- | C] () -- C:\Users\Brian\AppData\Roaming\Contextual Menu Items
[2010/11/03 22:29:58 | 000,000,268 | RH-- | C] () -- C:\Users\Brian\AppData\Roaming\Contents
[2010/11/03 22:29:58 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2010/11/03 22:29:58 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2010/11/03 22:29:58 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2010/11/03 21:53:26 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Conditionals
[2010/11/03 21:53:26 | 000,000,268 | RH-- | C] () -- C:\Users\Brian\AppData\Roaming\Commands
[2010/11/03 21:53:26 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/11/03 21:40:53 | 000,000,268 | RH-- | C] () -- C:\Users\Brian\AppData\Roaming\Hybrid Basic
[2010/11/03 21:36:46 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010/09/22 12:57:31 | 000,072,080 | ---- | C] () -- C:\Users\Brian\g2mdlhlpx.exe
[2009/11/12 13:08:18 | 000,000,000 | ---- | C] () -- C:\Users\Brian\AppData\Roaming\wklnhst.dat
[2009/10/02 23:44:51 | 000,000,094 | ---- | C] () -- C:\Users\Brian\appletfile.props
========== LOP Check ==========
[2011/11/27 00:09:26 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\30CC1
[2011/11/27 15:48:58 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\3C330
[2011/10/17 16:16:40 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\ACD Systems
[2011/11/27 15:49:27 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\AIIBBrzzPNxA1vS
[2012/01/06 15:47:57 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Canon
[2010/01/20 22:56:06 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/26 13:27:04 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\d77ffELL9gTqjCw
[2011/04/21 13:02:54 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\deskPDF
[2011/01/20 20:32:33 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\eFax Messenger
[2010/10/23 12:20:09 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\ePaperPress
[2011/11/26 12:57:05 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\F444pmmG5sQJdE8
[2012/07/26 17:04:22 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\FileZilla
[2011/11/26 12:57:12 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\IHH66dWWK7fL9TX
[2011/01/20 20:33:34 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\j2 Global
[2012/05/16 14:27:34 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Leadertech
[2012/05/16 14:32:24 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Memeo
[2011/10/13 16:43:51 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Nikon
[2010/01/20 22:56:15 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\PictureMover
[2012/05/16 14:32:11 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Seagate
[2011/11/26 13:27:03 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\t77ffRL99TXqjCk
[2010/01/20 22:56:15 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Template
[2011/02/27 17:49:41 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Tific
[2011/11/26 12:57:06 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\tOOONyyxA0uS2iF
[2010/07/20 13:08:27 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\webex
[2011/11/26 12:57:12 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\zuuuvSS2ibF3nGa
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2012/08/08 10:56:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2012/08/08 10:56:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2012/08/08 11:56:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2012/08/08 11:56:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2012/08/07 15:20:07 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At25.job
[2012/08/07 15:20:07 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At26.job
[2012/08/07 15:20:07 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At27.job
[2012/08/07 15:20:07 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At28.job
[2012/08/07 15:20:07 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At29.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2012/08/07 15:20:07 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At30.job
[2012/08/07 15:56:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At31.job
[2012/08/07 15:56:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At32.job
[2012/08/07 16:56:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At33.job
[2012/08/07 16:56:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At34.job
[2012/08/07 17:56:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At35.job
[2012/08/07 17:56:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At36.job
[2012/08/07 18:56:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At37.job
[2012/08/07 18:56:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At38.job
[2012/08/07 21:03:22 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At39.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2012/08/07 21:03:22 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At40.job
[2012/08/07 21:03:22 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At41.job
[2012/08/07 21:03:22 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At42.job
[2012/08/07 21:56:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At43.job
[2012/08/07 21:56:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At44.job
[2012/08/07 22:56:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At45.job
[2012/08/07 22:56:00 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At46.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At47.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At48.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2012/08/08 10:04:05 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2012/08/08 10:04:05 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2012/05/31 09:13:40 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point
< End of report >