rsglick

June 26, 2012

yes that was the entire message, nothing omitted, that I got inside fiddler

June 26, 2012

That website was in red. I did try going to it and it worked fine. I know the people who are also associated with the site. It also is showing legit websites like microsoft as red.

June 26, 2012

I'm not really sure what I'm supposed to do or copy when I run that program. Do I just run it all the time and look for all the red ones and post them here? Is there a log for it? I'm not really sure what you want me to show you.

June 26, 2012

[Fiddler] The socket connection to www.crazycampground.com failed. A Firewall may be blocking Fiddler's traffic.

ErrorCode: 10013.

An attempt was made to access a socket in a way forbidden by its access permissions 74.208.30.205:80

June 26, 2012

Ok I've installed it. What do I do now?

June 25, 2012

nope it didn't work.

2012/06/25 16:03:30 -0400 JAGS-AWESOME-PC Ronald Glickman IP-BLOCK 74.208.30.205 (Type: outgoing, Port: 53610, Process: chrome.exe)

2012/06/25 16:04:11 -0400 JAGS-AWESOME-PC Ronald Glickman IP-BLOCK 74.208.30.205 (Type: outgoing, Port: 53651, Process: chrome.exe)

2012/06/25 16:04:11 -0400 JAGS-AWESOME-PC Ronald Glickman IP-BLOCK 74.208.30.205 (Type: outgoing, Port: 53652, Process: chrome.exe)

2012/06/25 16:04:11 -0400 JAGS-AWESOME-PC Ronald Glickman IP-BLOCK 74.208.30.205 (Type: outgoing, Port: 53653, Process: chrome.exe)

2012/06/25 16:08:12 -0400 JAGS-AWESOME-PC Ronald Glickman IP-BLOCK 74.208.30.205 (Type: outgoing, Port: 53694, Process: chrome.exe)

2012/06/25 16:08:12 -0400 JAGS-AWESOME-PC Ronald Glickman IP-BLOCK 74.208.30.205 (Type: outgoing, Port: 53695, Process: chrome.exe)

2012/06/25 16:35:27 -0400 JAGS-AWESOME-PC Ronald Glickman IP-BLOCK 74.208.30.205 (Type: outgoing, Port: 54127, Process: chrome.exe)

June 25, 2012

On a side note, I had the freemake video converter plugin for chrome installled. I just uninstalled it so I can see if that was what was doing it. I have no other extensions installed on chrome. I will keep you advised.

June 25, 2012

I'm still getting the IP block message from the same IP.

2012/06/25 11:41:42 -0400 JAGS-AWESOME-PC Ronald Glickman IP-BLOCK 74.208.30.205 (Type: outgoing, Port: 50805, Process: chrome.exe)

2012/06/25 11:41:42 -0400 JAGS-AWESOME-PC Ronald Glickman IP-BLOCK 74.208.30.205 (Type: outgoing, Port: 50817, Process: chrome.exe)

2012/06/25 13:28:58 -0400 JAGS-AWESOME-PC Ronald Glickman IP-BLOCK 74.208.30.205 (Type: outgoing, Port: 51419, Process: chrome.exe)

2012/06/25 13:29:38 -0400 JAGS-AWESOME-PC Ronald Glickman IP-BLOCK 74.208.30.205 (Type: outgoing, Port: 51424, Process: chrome.exe)

June 24, 2012

I haven't got the IP block message as of yet. It was sporadic at best. I will watch it closely and if I get more I will post back. Either way I will wait a week or so, if I don't get anymore IP blocks from that same IP I will have to consider it fixed.

June 24, 2012

I fully uninstalled firefox and chrome. I have run CCleaner to make sure it was out of my registry. I have just installed chrome only.

June 24, 2012

Can I keep my book marks? I have alot I dont want to lose

June 24, 2012

yes and each time it shows chrome.exe at the bottom of the malware message

2012/06/24 07:30:31 -0400 JAGS-AWESOME-PC Ronald Glickman IP-BLOCK 74.208.30.205 (Type: outgoing, Port: 49846, Process: chrome.exe)

2012/06/24 07:31:20 -0400 JAGS-AWESOME-PC Ronald Glickman IP-BLOCK 74.208.30.205 (Type: outgoing, Port: 49869, Process: chrome.exe)

2012/06/24 07:32:08 -0400 JAGS-AWESOME-PC Ronald Glickman IP-BLOCK 74.208.30.205 (Type: outgoing, Port: 49882, Process: chrome.exe)

2012/06/24 07:32:24 -0400 JAGS-AWESOME-PC Ronald Glickman IP-BLOCK 74.208.30.205 (Type: outgoing, Port: 49888, Process: chrome.exe)

2012/06/24 07:34:49 -0400 JAGS-AWESOME-PC Ronald Glickman IP-BLOCK 74.208.30.205 (Type: outgoing, Port: 49968, Process: chrome.exe)

It does it for firefox also.

Also just fyi, I had backed up my C drive onto my E drive as requested by my machine utilities. So I just deleted that off my E drive so now there is no copy of the C drive on my E drive. I'm wondering if all the scans we were doing for the C drive was also scanning the E drive.

June 24, 2012

ok i was able to compress the quarantine subfolder

June 24, 2012

I rebooted and its telling me the same thing.

June 24, 2012

It won't allow me to compress it. I've included a screen shot of the message I'm getting. http://img341.imageshack.us/img341/8600/69687001.jpg

June 24, 2012

Scan of both C drive and E drive completed. I have uploaded an image of it.

http://img846.imageshack.us/img846/6244/29565920.jpg

June 24, 2012

ComboFix 12-06-21.03 - Ronald Glickman 06/22/2012 21:06:37.2.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8102.4619 [GMT -4:00]

Running from: e:\rsg downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Ronald Glickman\AppData\Local\Temp\0fc113bebd3c.tmp

c:\users\Ronald Glickman\AppData\Local\Temp\19d20a6fbc7a.tmp

c:\users\Ronald Glickman\AppData\Local\Temp\445fec56af0e.tmp

c:\users\Ronald Glickman\AppData\Local\Temp\5a07244160fb.tmp

c:\users\Ronald Glickman\AppData\Local\Temp\6e050972a7cc.tmp

c:\users\Ronald Glickman\AppData\Local\Temp\71c12d7a8180.tmp

c:\users\Ronald Glickman\AppData\Local\Temp\71ca0fe59f0c.tmp

c:\users\Ronald Glickman\AppData\Local\Temp\791722b78375.tmp

c:\users\Ronald Glickman\AppData\Local\Temp\ad0f0f8f62a5.tmp

c:\users\Ronald Glickman\AppData\Local\Temp\bceff7d56bff.tmp

c:\users\Ronald Glickman\AppData\Local\Temp\bed204085de1.tmp

c:\users\Ronald Glickman\AppData\Local\Temp\cb08234cf0e7.tmp

c:\users\Ronald Glickman\AppData\Local\Temp\f111f32f3afb.tmp

c:\users\Ronald Glickman\AppData\Local\Temp\f4f018b21319.tmp

c:\users\Ronald Glickman\AppData\Local\Temp\NGC1E9.tmp

c:\users\Ronald Glickman\AppData\Local\Temp\NGC939.tmp

c:\users\Ronald Glickman\AppData\Local\Temp\NGCABE.tmp

c:\users\RONALD~1\AppData\Local\Temp\0fc113bebd3c.tmp

c:\users\RONALD~1\AppData\Local\Temp\19d20a6fbc7a.tmp

c:\users\RONALD~1\AppData\Local\Temp\445fec56af0e.tmp

c:\users\RONALD~1\AppData\Local\Temp\5a07244160fb.tmp

c:\users\RONALD~1\AppData\Local\Temp\6e050972a7cc.tmp

c:\users\RONALD~1\AppData\Local\Temp\71c12d7a8180.tmp

c:\users\RONALD~1\AppData\Local\Temp\71ca0fe59f0c.tmp

c:\users\RONALD~1\AppData\Local\Temp\791722b78375.tmp

c:\users\RONALD~1\AppData\Local\Temp\ad0f0f8f62a5.tmp

c:\users\RONALD~1\AppData\Local\Temp\bceff7d56bff.tmp

c:\users\RONALD~1\AppData\Local\Temp\bed204085de1.tmp

c:\users\RONALD~1\AppData\Local\Temp\cb08234cf0e7.tmp

c:\users\RONALD~1\AppData\Local\Temp\f111f32f3afb.tmp

c:\users\RONALD~1\AppData\Local\Temp\f4f018b21319.tmp

c:\users\RONALD~1\AppData\Local\Temp\NGC1E9.tmp

c:\users\RONALD~1\AppData\Local\Temp\NGC939.tmp

c:\users\RONALD~1\AppData\Local\Temp\NGCABE.tmp

.

((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))

.

2012-06-23 01:11 . 2012-06-23 01:11 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-06-23 01:11 . 2012-06-23 01:11 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-23 00:05 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{54DB061F-FB9C-4663-9424-F36FA76DE9DA}\mpengine.dll

2012-06-22 23:05 . 2012-06-22 23:05 955840 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-06-22 23:05 . 2012-06-22 23:05 839096 ----a-w- c:\windows\system32\deployJava1.dll

2012-06-22 23:05 . 2012-06-22 23:05 -------- d-----w- c:\program files\Java

2012-06-22 15:37 . 2012-06-22 15:53 -------- d-----w- c:\users\Ronald Glickman\DoctorWeb

2012-06-22 13:32 . 2012-06-22 13:32 -------- d-----w- c:\programdata\Kaspersky Lab

2012-06-22 12:25 . 2012-06-22 12:25 -------- d-----w- c:\program files (x86)\ESET

2012-06-22 01:34 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-21 19:07 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 19:07 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 19:07 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 19:07 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 19:07 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-21 19:07 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 19:07 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 19:07 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 19:07 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-19 16:31 . 2012-06-19 22:24 -------- d-----w- c:\program files (x86)\Common Files\Steam

2012-06-19 16:31 . 2012-06-22 19:56 -------- d-----w- c:\program files (x86)\Steam

2012-06-16 22:16 . 2012-06-16 22:16 -------- d-----w- c:\users\Ronald Glickman\AppData\Roaming\MAGIX

2012-06-16 16:24 . 2012-06-16 16:24 -------- d-----w- c:\windows\SysWow64\RTCOM

2012-06-16 12:06 . 2012-06-16 12:06 -------- d-----w- c:\programdata\Nexon

2012-06-16 12:02 . 2012-06-16 12:02 -------- d-----w- C:\Nexon

2012-06-14 10:07 . 2012-06-14 10:07 -------- d-----w- c:\program files\Microsoft IntelliPoint

2012-06-13 18:46 . 2012-06-13 18:56 -------- d-----w- c:\program files (x86)\Razer

2012-06-13 18:46 . 2012-06-13 18:46 -------- d-----w- c:\users\Ronald Glickman\AppData\Local\Razer

2012-06-13 18:46 . 2012-06-13 18:46 -------- d-----w- c:\programdata\Razer

2012-06-13 10:17 . 2011-12-12 21:42 1256192 ----a-w- c:\windows\system32\drivers\bcmwlhigh664.sys

2012-06-13 10:17 . 2011-04-19 21:52 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll

2012-06-13 10:17 . 2011-04-19 21:31 3900928 ----a-w- c:\windows\system32\bcmihvsrv64.dll

2012-06-13 10:17 . 2011-04-19 21:31 3566592 ----a-w- c:\windows\system32\bcmihvui64.dll

2012-06-13 10:17 . 2010-06-09 17:11 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll

2012-06-13 10:17 . 2010-02-03 15:20 47632 ----a-w- c:\windows\system32\drivers\npf.sys

2012-06-13 10:17 . 2011-07-22 14:33 25056 ----a-w- c:\windows\system32\drivers\SCMNdisP.sys

2012-06-13 10:17 . 2012-06-13 10:17 -------- d-----w- c:\program files (x86)\NETGEAR

2012-06-12 18:42 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-06-12 17:12 . 2012-06-12 17:12 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins

2012-06-12 17:03 . 2012-06-12 17:03 -------- d-----w- c:\programdata\EA Core

2012-06-12 17:03 . 2012-06-13 17:40 -------- d-----w- c:\programdata\EA Logs

2012-06-12 16:35 . 2007-10-12 19:14 2006552 ----a-w- c:\windows\system32\D3DCompiler_36.dll

2012-06-12 16:17 . 2012-05-31 20:38 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-06-12 16:17 . 2012-05-31 20:38 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C5DD60F6-F67B-4B8C-AF21-C5E783A93374}\gapaengine.dll

2012-06-12 14:59 . 2012-06-12 15:00 -------- d-----w- c:\users\Ronald Glickman\AppData\Roaming\Origin

2012-06-12 14:59 . 2012-06-12 14:59 -------- d-----w- c:\users\Ronald Glickman\AppData\Local\Origin

2012-06-12 14:58 . 2012-06-12 17:03 -------- d-----w- c:\programdata\Electronic Arts

2012-06-12 14:58 . 2012-06-12 16:11 -------- d-----w- c:\program files (x86)\Origin Games

2012-06-12 14:58 . 2012-06-12 15:00 -------- d-----w- c:\program files (x86)\Origin

2012-06-12 14:44 . 2012-06-12 17:03 -------- d-----w- c:\programdata\Origin

2012-06-11 21:51 . 2012-06-11 21:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-06-11 21:51 . 2012-06-11 21:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-06-11 21:51 . 2012-06-11 21:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-06-11 21:51 . 2012-06-11 21:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-06-11 21:51 . 2012-06-11 21:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-06-11 21:51 . 2012-06-11 21:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-06-11 21:51 . 2012-06-11 21:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-06-11 21:50 . 2012-06-11 21:51 -------- d-----w- c:\program files (x86)\QuickTime

2012-06-11 13:34 . 2012-06-11 13:34 -------- d-----w- c:\users\Ronald Glickman\AppData\Roaming\OpenOffice.org

2012-06-11 13:22 . 2012-06-11 13:22 -------- d-----w- c:\program files\CCleaner

2012-06-11 11:15 . 2012-06-11 11:15 -------- d-----w- c:\programdata\IObit

2012-06-11 11:15 . 2012-06-11 11:15 -------- d-----w- c:\program files (x86)\IObit

2012-06-10 15:52 . 2012-06-10 15:52 -------- d-----w- c:\programdata\McAfee

2012-06-10 15:52 . 2012-06-16 22:26 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-10 15:52 . 2012-06-16 22:26 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-10 15:21 . 2012-06-10 15:21 -------- d-----w- c:\users\Ronald Glickman\AppData\Local\Tipard Studio

2012-06-10 15:19 . 2012-06-10 15:19 -------- d-----w- c:\programdata\Tipard MKV Video Converter

2012-06-10 15:19 . 2012-06-10 15:19 -------- d-----w- c:\program files (x86)\Tipard Studio

2012-06-10 12:55 . 2012-06-10 12:55 -------- d-----w- c:\users\Ronald Glickman\AppData\Local\Macromedia

2012-06-08 14:16 . 2012-06-08 14:16 -------- d-----w- c:\program files (x86)\Virtual Magnifying Glass

2012-06-07 21:19 . 2012-06-18 03:01 -------- d-----w- c:\users\Ronald Glickman\AppData\Roaming\JPEGsnoop

2012-06-06 13:08 . 2012-06-06 13:08 -------- d-----w- c:\users\Ronald Glickman\AppData\Local\TouchStoneSoftware

2012-06-04 23:37 . 2011-05-28 04:29 67176 ----a-w- c:\windows\system32\OpenCL.dll

2012-06-04 23:37 . 2011-05-28 04:29 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-06-04 21:59 . 2012-03-11 06:17 121344 ----a-w- c:\windows\system32\IntelOpenCL64.dll

2012-06-04 21:59 . 2012-03-11 06:09 86528 ----a-w- c:\windows\SysWow64\IntelOpenCL32.dll

2012-06-04 19:14 . 2012-06-21 00:03 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-06-04 19:13 . 2012-06-12 17:13 -------- d-----w- c:\users\Ronald Glickman\AppData\Local\PunkBuster

2012-06-04 18:59 . 2012-06-04 18:59 -------- d-----w- c:\program files (x86)\EA Games

2012-06-04 13:25 . 2012-06-04 13:25 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-06-04 13:24 . 2012-06-04 13:24 -------- d-----w- c:\program files (x86)\Oracle

2012-06-04 12:55 . 2012-06-08 11:26 -------- d-----w- c:\program files (x86)\SystemRequirementsLab

2012-06-04 12:55 . 2012-06-08 11:26 -------- d-----w- c:\users\Ronald Glickman\AppData\Roaming\SystemRequirementsLab

2012-06-03 23:27 . 2012-06-03 23:27 -------- d-----w- c:\program files (x86)\ImageShack Uploader

2012-06-03 18:54 . 2011-11-08 14:18 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll

2012-06-03 18:54 . 2011-11-08 14:18 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll

2012-06-03 18:54 . 2009-12-05 23:42 85504 ----a-w- c:\windows\SysWow64\ff_vfw.dll

2012-06-03 18:54 . 2012-06-03 18:54 -------- d-----w- c:\program files (x86)\ffdshow

2012-06-03 18:45 . 2012-06-22 20:42 -------- d-----w- c:\users\Ronald Glickman\AppData\Roaming\vlc

2012-06-03 18:44 . 2012-06-03 18:44 -------- d-----w- c:\program files (x86)\VideoLAN

2012-06-03 15:21 . 2011-09-16 15:28 210432 ----a-w- c:\program files\Windows Sidebar\Shared Gadgets\InstantOn.gadget\InstantOnCOM.dll

2012-06-03 15:21 . 2012-06-03 15:21 -------- d-----w- c:\program files (x86)\Common Files\InstantOn

2012-06-03 04:31 . 2012-05-15 10:48 249152 ----a-w- c:\windows\system32\drivers\nvkflt.sys

2012-06-03 04:31 . 2012-05-15 10:48 1738048 ----a-w- c:\windows\system32\nvdispco64.dll

2012-06-03 04:31 . 2012-05-15 10:48 1468224 ----a-w- c:\windows\system32\nvgenco64.dll

2012-06-03 04:30 . 2012-06-03 04:30 -------- d-----w- C:\NVIDIA

2012-06-02 06:40 . 2012-06-08 21:59 -------- d-----w- c:\users\Ronald Glickman\AppData\Roaming\X-Chat 2

2012-06-02 06:40 . 2012-06-02 06:40 -------- d-----w- c:\program files (x86)\xchat

2012-06-01 23:32 . 2012-06-01 23:32 -------- d-----w- c:\program files (x86)\Moffsoft FreeCalc

2012-06-01 15:44 . 2010-10-01 04:16 13312 ----a-w- c:\windows\system32\drivers\VKbms.sys

2012-06-01 15:44 . 2010-09-30 00:45 6656 ----a-w- c:\windows\system32\drivers\hidkmdf.sys

2012-06-01 13:00 . 2012-06-01 13:00 -------- d-----w- c:\program files (x86)\CleanUp!

2012-05-31 23:34 . 2012-06-22 18:16 -------- d-----w- c:\users\Ronald Glickman\AppData\Local\Akamai

2012-05-31 23:01 . 2012-05-31 23:01 -------- d-----w- c:\users\Ronald Glickman\AppData\Local\Diagnostics

2012-05-31 22:13 . 2012-05-31 22:13 -------- d-----w- c:\programdata\WEBREG

2012-05-31 22:10 . 2012-06-07 23:46 -------- d-----w- c:\users\Ronald Glickman\AppData\Roaming\HP

2012-05-31 22:10 . 2012-05-31 22:10 -------- d-----w- c:\users\Ronald Glickman\AppData\Local\HP

2012-05-31 22:09 . 2009-06-09 05:48 249856 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfpp092.dll

2012-05-31 22:08 . 2012-05-31 22:08 -------- d-----w- c:\users\Ronald Glickman\AppData\Roaming\Yahoo!

2012-05-31 22:08 . 2012-06-10 12:35 -------- d-----w- c:\program files (x86)\Yahoo!

2012-05-31 22:06 . 2012-05-31 22:06 -------- d-----w- c:\programdata\HP Product Assistant

2012-05-31 22:06 . 2012-05-31 22:06 -------- d-----w- c:\windows\SysWow64\spool

2012-05-31 22:04 . 2012-05-31 22:04 -------- d-----w- c:\program files (x86)\Common Files\HP

2012-05-31 22:04 . 2012-05-31 22:04 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard

2012-05-31 22:04 . 2012-05-31 22:04 -------- d-----w- c:\windows\hpoj4500g510n-z

2012-05-31 22:03 . 2009-05-26 17:32 902656 ----a-w- c:\windows\system32\hpwwiax9.dll

2012-05-31 22:03 . 2009-05-26 17:32 742912 ----a-w- c:\windows\system32\hpwtscl5.dll

2012-05-31 22:03 . 2009-05-26 17:32 503296 ----a-w- c:\windows\system32\hpwvst01.dll

2012-05-31 22:03 . 2009-05-18 21:51 551424 ----a-w- c:\windows\system32\hppldcoi.dll

2012-05-31 22:03 . 2009-05-21 13:14 642360 ----a-w- c:\windows\system32\hpzids40.dll

2012-05-31 22:03 . 2009-06-09 05:48 136704 ----a-w- c:\windows\system32\hpf3l092.dll

2012-05-31 22:02 . 2012-05-31 22:07 -------- d-----w- c:\program files (x86)\HP

2012-05-31 22:00 . 2012-05-31 22:11 -------- d-----w- c:\programdata\HP

2012-05-31 21:54 . 2012-05-31 21:54 -------- d-----w- c:\users\Ronald Glickman\AppData\Roaming\FLEXnet

2012-05-31 20:38 . 2012-01-31 12:44 279656 ------w- c:\windows\system32\MpSigStub.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-23 00:08 . 2011-09-11 17:24 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe

2012-05-15 21:59 . 2010-06-24 18:33 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-05-15 10:48 . 2011-09-11 17:06 949056 ----a-w- c:\windows\system32\nvumdshimx.dll

2012-05-15 10:48 . 2011-09-11 17:06 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2012-05-15 10:48 . 2011-09-11 17:06 246592 ----a-w- c:\windows\system32\nvinitx.dll

2012-05-15 10:48 . 2011-09-11 17:06 202048 ----a-w- c:\windows\SysWow64\nvinit.dll

2012-05-15 10:48 . 2011-09-11 17:06 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-05-15 10:48 . 2011-09-11 17:06 2741568 ----a-w- c:\windows\system32\nvapi64.dll

2012-05-15 10:48 . 2011-09-11 17:06 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-05-15 09:29 . 2011-05-27 13:38 889664 ----a-w- c:\windows\system32\nvvsvc.exe

2012-05-15 09:29 . 2011-05-27 13:38 858944 ----a-w- c:\windows\system32\nv3dappshext.dll

2012-05-15 09:29 . 2011-05-27 16:38 63296 ----a-w- c:\windows\system32\nvshext.dll

2012-05-15 09:29 . 2011-05-27 13:38 55616 ----a-w- c:\windows\system32\nv3dappshextr.dll

2012-05-15 09:29 . 2011-05-27 13:38 2561856 ----a-w- c:\windows\system32\nvsvcr.dll

2012-05-15 09:29 . 2011-05-27 13:38 118080 ----a-w- c:\windows\system32\nvmctray.dll

2012-05-15 09:29 . 2011-05-27 16:38 2621723 ----a-w- c:\windows\system32\nvcoproc.bin

2012-05-15 09:29 . 2011-05-27 13:38 3149632 ----a-w- c:\windows\system32\nvsvc64.dll

2012-05-15 09:28 . 2011-05-27 13:38 6151488 ----a-w- c:\windows\system32\nvcpl.dll

2012-05-15 06:21 . 2012-05-15 06:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-05-15 02:50 . 2012-05-15 02:50 20992 ----a-w- c:\windows\system32\drivers\rzvkeyboard.sys

2012-05-15 02:50 . 2012-05-15 02:50 94208 ----a-w- c:\windows\system32\drivers\rzudd.sys

2012-05-15 02:36 . 2012-05-15 02:36 142848 ----a-w- c:\windows\SysWow64\rztouchdll.dll

2012-05-15 02:36 . 2012-05-15 02:36 354816 ----a-w- c:\windows\SysWow64\rzdevicedll.dll

2012-05-15 02:36 . 2012-05-15 02:36 165888 ----a-w- c:\windows\SysWow64\rzaudiodll.dll

2012-05-08 02:46 . 2012-05-08 02:46 7168 ----a-w- c:\windows\system32\drivers\rzkbdhid.sys

2012-05-08 02:46 . 2012-05-08 02:46 26112 ----a-w- c:\windows\system32\drivers\rzdaendpt.sys

2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2012-04-04 22:47 . 2012-05-15 22:15 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-04-04 22:47 . 2012-05-15 22:15 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-04-04 19:56 . 2012-05-15 22:19 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-30 11:35 . 2012-05-16 22:10 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((( SnapShot@2012-06-22_00.58.32 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-02-18 20:13 . 2012-06-23 00:09 57462 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-06-23 00:09 42110 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2012-05-15 22:00 . 2012-06-23 00:09 12236 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-953877884-1205063476-829431027-1001_UserData.bin

+ 2012-06-23 00:07 . 2012-06-23 00:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-06-22 00:49 . 2012-06-22 00:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-06-22 00:49 . 2012-06-22 00:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-06-23 00:07 . 2012-06-23 00:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-06-22 23:05 . 2012-06-22 23:05 268720 c:\windows\system32\javaws.exe

+ 2012-06-22 23:05 . 2012-06-22 23:05 189360 c:\windows\system32\javaw.exe

+ 2012-06-22 23:05 . 2012-06-22 23:05 188840 c:\windows\system32\java.exe

+ 2009-07-14 05:01 . 2012-06-23 00:06 502696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-06-22 00:48 502696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-06-22 23:04 . 2012-06-22 23:04 891392 c:\windows\Installer\104132a.msi

- 2012-05-15 22:03 . 2012-06-22 00:48 9729984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-953877884-1205063476-829431027-1001-8192.dat

+ 2012-05-15 22:03 . 2012-06-23 00:06 9729984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-953877884-1205063476-829431027-1001-8192.dat

- 2012-05-15 23:49 . 2012-06-21 23:15 5492268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-953877884-1205063476-829431027-1001-12288.dat

+ 2012-05-15 23:49 . 2012-06-23 00:07 5492268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-953877884-1205063476-829431027-1001-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Ronald Glickman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Ronald Glickman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Ronald Glickman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-02 2018032]

"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]

"SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-10 984400]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"RemoteControl10"="c:\program files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-11-12 75048]

"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-11-24 222504]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2012-05-01 1895424]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2012-05-29 313768]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-2 549040]

FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2012-5-31 12862]

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

NETGEAR WNDA3100v2 Genie.lnk - c:\program files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2012-6-13 8453376]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/09/11 10:30;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-12 241648]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 135664]

R2 WSWNDA3100v2;WSWNDA3100v2;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2011-12-14 303360]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 257224]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]

R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [x]

R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-20 276248]

R3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\Drivers\CYUSB.sys [x]

R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [x]

R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 135664]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

R3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files (x86)\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]

S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]

S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\Common Files\InstantOn\InsOnSrv.exe [2011-09-08 92800]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]

S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-01-14 1839616]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]

S2 Splashtop MDES;Splashtop Meta Data Export Service;c:\asus.sys\SIONExportService.exe [2011-05-10 338208]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]

S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [x]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]

S3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 rzdaendpt;%rzdaendpt.SvcDesc%;c:\windows\system32\DRIVERS\rzdaendpt.sys [x]

S3 rzudd;Razer Keyboard Driver;c:\windows\system32\DRIVERS\rzudd.sys [x]

S3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\DRIVERS\rzvkeyboard.sys [x]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - CLKMDRV10_38F51D56

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 22:26]

.

2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36]

.

2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Ronald Glickman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Ronald Glickman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Ronald Glickman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Ronald Glickman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]

"SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [bU]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;<local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Ronald Glickman\AppData\Roaming\Mozilla\Firefox\Profiles\k2hn4jp8.default\

FF - prefs.js: browser.startup.homepage - hxxp://combatarms.nexon.net/|http://battlelog.battlefield.com/bf3/gate/|http://forums.thecbl.net/ucp.php?mode=login|http://yellowsnowarmy.com/

FF - user.js: extensions.autoDisableScopes - 14

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-06-22 21:12:56

ComboFix-quarantined-files.txt 2012-06-23 01:12

ComboFix2.txt 2012-06-22 01:00

.

Pre-Run: 382,098,587,648 bytes free

Post-Run: 381,901,774,848 bytes free

.

- - End Of File - - 26733B94D1EF8A46D71C0A005273615D

June 23, 2012