Jump to content

IP Block message help


Recommended Posts

I followed the steps outlined in http://forums.malwarebytes.org/index.php?showtopic=69723

I have a brand new laptop and its been giving him the ip block message from the same ip address since I got the laptop. I currently use Microsoft Security Essentials, windows firewall and malwarebytes. MSE and mbam are fully up to date with the latest signatures.

Here are the dds and attach text documents.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1

Run by Ronald Glickman at 14:50:35 on 2012-06-18

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8102.5302 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\FBAgent.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe

C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\ASUS.SYS\SIONExportService.exe

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\P4G\BatteryLife.exe

C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

C:\Users\Ronald Glickman\AppData\Local\Akamai\netsession_win.exe

C:\Users\Ronald Glickman\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files (x86)\CyberLink\Shared files\brs.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Windows\system32\conhost.exe

C:\Windows\AsScrPro.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

E:\RSG Downloads\Tcpview.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\svchost.exe -k defragsvc

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Page_URL = hxxp://asus.msn.com

mStart Page = hxxp://asus.msn.com

uInternet Settings,ProxyOverride = *.local;<local>

mWinlogon: Userinit=userinit.exe

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

uRun: [Akamai NetSession Interface] "C:\Users\Ronald Glickman\AppData\Local\Akamai\netsession_win.exe"

mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"

mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S

mRun: [sonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"

mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

mRun: [updatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink

\PowerStarter"

mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink

\LabelPrint\2.5"

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink

\Power2Go\6.0"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [<NO NAME>]

mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{1BC833C7-962F-4E56-A43D-9DE390C45F72} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{7C23FEE7-9FE0-46DA-BD38-727B84CEB6E0} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{7C23FEE7-9FE0-46DA-BD38-727B84CEB6E0}\56E6768396E656 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7C23FEE7-9FE0-46DA-BD38-727B84CEB6E0}\56E6768396E65623 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7C27C333-B2F7-41C1-8D14-B1027E4BB7A8} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7C27C333-B2F7-41C1-8D14-B1027E4BB7A8}\56E6768396E656 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7C27C333-B2F7-41C1-8D14-B1027E4BB7A8}\9353E484146544D414E4D25374 : DhcpNameServer = 192.168.2.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO-X64: IESpeakDoc - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

mRun-x64: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"

mRun-x64: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S

mRun-x64: [sonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe

mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun-x64: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"

mRun-x64: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

mRun-x64: [updatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software

\CyberLink\PowerStarter"

mRun-x64: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software

\CyberLink\LabelPrint\2.5"

mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink

\Power2Go\6.0"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [(Default)]

mRun-x64: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"

AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Ronald Glickman\AppData\Roaming\Mozilla\Firefox\Profiles\k2hn4jp8.default\

FF - prefs.js: browser.startup.homepage - hxxp://combatarms.nexon.net/|http://battlelog.battlefield.com/bf3/gate/|http://forums.thecbl.net/ucp.php?mode=login|http://yellowsnowarmy.com/

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

---- FIREFOX POLICIES ----

.

FF - user.js: extensions.autoDisableScopes - 14

.

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]

R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?]

R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]

R1 nvkflt;nvkflt;C:\Windows\system32\DRIVERS\nvkflt.sys --> C:\Windows\system32\DRIVERS\nvkflt.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]

R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]

R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe [2011-9-8 92800]

R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-13 138400]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]

R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-1-14 1839616]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-15 654408]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-6-3 1262400]

R2 Splashtop MDES;Splashtop Meta Data Export Service;C:\ASUS.SYS\SIONExportService.exe [2011-5-10 338208]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]

R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-5-15 2666880]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-11 2655768]

R2 WSWNDA3100v2;WSWNDA3100v2;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2012-6-13 303360]

R3 AiCharger;ASUS Charger Driver;C:\Windows\system32\DRIVERS\AiCharger.sys --> C:\Windows\system32\DRIVERS\AiCharger.sys [?]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]

R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]

R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]

R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 rzdaendpt;%rzdaendpt.SvcDesc%;C:\Windows\system32\DRIVERS\rzdaendpt.sys --> C:\Windows\system32\DRIVERS\rzdaendpt.sys [?]

R3 rzudd;Razer Keyboard Driver;C:\Windows\system32\DRIVERS\rzudd.sys --> C:\Windows\system32\DRIVERS\rzudd.sys [?]

R3 rzvkeyboard;Razer Virtual Keyboard Driver;C:\Windows\system32\DRIVERS\rzvkeyboard.sys --> C:\Windows\system32\DRIVERS\rzvkeyboard.sys [?]

S2 CLKMSVC10_38F51D56;CyberLink Product - 2011/09/11 10:30:41;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-12 241648]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-2 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-10 257224]

S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]

S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]

S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]

S3 CYUSB;Cypress Generic USB Driver;C:\Windows\system32\Drivers\CYUSB.sys --> C:\Windows\system32\Drivers\CYUSB.sys [?]

S3 danewFltr;NewDeathAdder Mouse;C:\Windows\system32\drivers\danew.sys --> C:\Windows\system32\drivers\danew.sys [?]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-2 135664]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-15 129976]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

S3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-6-11 14544]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files (x86)\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-06-18 10:46:07 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC9E530B-6922-4247-BE2C-4384BCF2ABAA}\mpengine.dll

2012-06-17 22:35:18 8955792 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-16 22:16:59 -------- d-----w- C:\Users\Ronald Glickman\AppData\Roaming\MAGIX

2012-06-16 16:24:20 -------- d-----w- C:\Windows\SysWow64\RTCOM

2012-06-16 12:06:45 -------- d-----w- C:\ProgramData\Nexon

2012-06-16 12:02:03 -------- d-----w- C:\Nexon

2012-06-16 12:02:02 -------- d-----w- C:\ProgramData\NexonUS

2012-06-14 10:07:31 -------- d-----w- C:\Program Files\Microsoft IntelliPoint

2012-06-13 18:46:37 -------- d-----w- C:\Users\Ronald Glickman\AppData\Local\Razer

2012-06-13 10:17:16 95544 ----a-w- C:\Windows\System32\bcmwlcoi.dll

2012-06-13 10:17:16 3900928 ----a-w- C:\Windows\System32\bcmihvsrv64.dll

2012-06-13 10:17:16 3566592 ----a-w- C:\Windows\System32\bcmihvui64.dll

2012-06-13 10:17:16 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll

2012-06-13 10:17:16 1256192 ----a-w- C:\Windows\System32\drivers\bcmwlhigh664.sys

2012-06-13 10:17:11 96784 ----a-w- C:\Windows\SysWow64\Packet.dll

2012-06-13 10:17:11 53299 ----a-w- C:\Windows\SysWow64\pthreadVC.dll

2012-06-13 10:17:11 47632 ----a-w- C:\Windows\System32\drivers\npf.sys

2012-06-13 10:17:11 281104 ----a-w- C:\Windows\SysWow64\wpcap.dll

2012-06-13 10:17:09 25056 ----a-w- C:\Windows\System32\drivers\SCMNdisP.sys

2012-06-13 10:17:07 -------- d-----w- C:\Program Files (x86)\NETGEAR

2012-06-12 18:42:47 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-06-12 17:12:24 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins

2012-06-12 17:03:41 -------- d-----w- C:\ProgramData\EA Core

2012-06-12 17:03:40 -------- d-----w- C:\ProgramData\EA Logs

2012-06-12 16:35:59 508264 ----a-w- C:\Windows\System32\d3dx10_36.dll

2012-06-12 16:17:13 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-06-12 16:17:13 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C5DD60F6-F67B-4B8C-AF21-C5E783A93374}\gapaengine.dll

2012-06-12 14:59:20 -------- d-----w- C:\Users\Ronald Glickman\AppData\Roaming\Origin

2012-06-12 14:59:11 -------- d-----w- C:\Users\Ronald Glickman\AppData\Local\Origin

2012-06-12 14:58:56 -------- d-----w- C:\ProgramData\Electronic Arts

2012-06-12 14:58:56 -------- d-----w- C:\Program Files (x86)\Origin Games

2012-06-12 14:58:27 -------- d-----w- C:\Program Files (x86)\Origin

2012-06-12 14:44:56 -------- d-----w- C:\ProgramData\Origin

2012-06-11 21:51:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-06-11 21:51:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-06-11 21:51:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-06-11 21:51:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-06-11 21:51:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-06-11 21:51:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-06-11 21:51:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-06-11 13:34:31 -------- d-----w- C:\Users\Ronald Glickman\AppData\Roaming\OpenOffice.org

2012-06-11 13:22:22 -------- d-----w- C:\Program Files\CCleaner

2012-06-11 11:15:06 -------- d-----w- C:\ProgramData\IObit

2012-06-11 11:15:05 -------- d-----w- C:\Program Files (x86)\IObit

2012-06-10 15:52:25 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-10 15:52:25 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-10 15:21:41 -------- d-----w- C:\Users\Ronald Glickman\AppData\Local\Tipard Studio

2012-06-10 15:19:54 -------- d-----w- C:\ProgramData\Tipard MKV Video Converter

2012-06-10 15:19:54 -------- d-----w- C:\Program Files (x86)\Tipard Studio

2012-06-10 12:55:18 -------- d-----w- C:\Users\Ronald Glickman\AppData\Local\Macromedia

2012-06-08 14:16:22 -------- d-----w- C:\Program Files (x86)\Virtual Magnifying Glass

2012-06-07 21:19:47 -------- d-----w- C:\Users\Ronald Glickman\AppData\Roaming\JPEGsnoop

2012-06-06 13:08:14 -------- d-----w- C:\Users\Ronald Glickman\AppData\Local\TouchStoneSoftware

2012-06-04 23:37:37 67176 ----a-w- C:\Windows\System32\OpenCL.dll

2012-06-04 23:37:37 57960 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2012-06-04 21:59:44 121344 ----a-w- C:\Windows\System32\IntelOpenCL64.dll

2012-06-04 21:59:37 86528 ----a-w- C:\Windows\SysWow64\IntelOpenCL32.dll

2012-06-04 19:14:43 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-06-04 19:13:23 -------- d-----w- C:\Users\Ronald Glickman\AppData\Local\PunkBuster

2012-06-04 18:59:00 -------- d-----w- C:\Program Files (x86)\EA Games

2012-06-04 13:24:49 -------- d-----w- C:\Program Files (x86)\Oracle

2012-06-04 12:55:53 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab

2012-06-03 23:27:28 -------- d-----w- C:\Program Files (x86)\ImageShack Uploader

2012-06-03 18:54:34 85504 ----a-w- C:\Windows\SysWow64\ff_vfw.dll

2012-06-03 18:54:34 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll

2012-06-03 18:54:34 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll

2012-06-03 18:54:32 -------- d-----w- C:\Program Files (x86)\ffdshow

2012-06-03 18:44:47 -------- d-----w- C:\Program Files (x86)\VideoLAN

2012-06-03 15:21:10 210432 ----a-w- C:\Program Files\Windows Sidebar\Shared Gadgets\InstantOn.gadget\InstantOnCOM.dll

2012-06-03 15:21:05 -------- d-----w- C:\Program Files (x86)\Common Files\InstantOn

2012-06-03 04:31:33 249152 ----a-w- C:\Windows\System32\drivers\nvkflt.sys

2012-06-03 04:31:33 1738048 ----a-w- C:\Windows\System32\nvdispco64.dll

2012-06-03 04:31:33 1468224 ----a-w- C:\Windows\System32\nvgenco64.dll

2012-06-03 04:30:32 -------- d-----w- C:\NVIDIA

2012-06-02 06:40:40 -------- d-----w- C:\Users\Ronald Glickman\AppData\Roaming\X-Chat 2

2012-06-02 06:40:37 -------- d-----w- C:\Program Files (x86)\xchat

2012-06-01 23:32:22 -------- d-----w- C:\Program Files (x86)\Moffsoft FreeCalc

2012-06-01 15:44:21 6656 ----a-w- C:\Windows\System32\drivers\hidkmdf.sys

2012-06-01 15:44:21 13312 ----a-w- C:\Windows\System32\drivers\VKbms.sys

2012-06-01 13:00:06 -------- d-----w- C:\Program Files (x86)\CleanUp!

2012-05-31 23:34:01 -------- d-----w- C:\Users\Ronald Glickman\AppData\Local\Akamai

2012-05-31 23:01:50 -------- d-----w- C:\Users\Ronald Glickman\AppData\Local\Diagnostics

2012-05-31 22:13:58 -------- d-----w- C:\ProgramData\WEBREG

2012-05-31 22:10:57 -------- d-----w- C:\Users\Ronald Glickman\AppData\Local\HP

2012-05-31 22:09:58 249856 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfpp092.dll

2012-05-31 22:08:28 -------- d-----w- C:\Program Files (x86)\Yahoo!

2012-05-31 22:06:29 -------- d-----w- C:\Windows\SysWow64\spool

2012-05-31 22:04:57 -------- d-----w- C:\Program Files (x86)\Common Files\HP

2012-05-31 22:04:55 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard

2012-05-31 22:04:38 -------- d-----w- C:\Windows\hpoj4500g510n-z

2012-05-31 22:03:40 902656 ----a-w- C:\Windows\System32\hpwwiax9.dll

2012-05-31 22:03:40 742912 ----a-w- C:\Windows\System32\hpwtscl5.dll

2012-05-31 22:03:40 551424 ----a-w- C:\Windows\System32\hppldcoi.dll

2012-05-31 22:03:40 503296 ----a-w- C:\Windows\System32\hpwvst01.dll

2012-05-31 22:03:32 642360 ----a-w- C:\Windows\System32\hpzids40.dll

2012-05-31 22:03:26 136704 ----a-w- C:\Windows\System32\hpf3l092.dll

2012-05-31 22:02:33 -------- d-----w- C:\Program Files (x86)\HP

2012-05-31 21:54:00 -------- d-----w- C:\Users\Ronald Glickman\AppData\Roaming\FLEXnet

2012-05-31 20:38:51 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-05-31 20:38:03 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2012-05-31 20:37:55 -------- d-----w- C:\Program Files\Microsoft Security Client

2012-05-31 18:42:50 -------- d-----w- C:\Users\Ronald Glickman\AppData\Roaming\TeamViewer

2012-05-31 13:29:03 -------- d-----w- C:\ProgramData\ASUS

2012-05-31 12:40:42 -------- d-----w- C:\Users\Ronald Glickman\AppData\Local\Apple Computer

2012-05-31 12:40:26 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2012-05-31 12:40:26 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll

2012-05-31 12:40:26 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2012-05-31 12:40:17 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2012-05-31 12:40:17 -------- d-----w- C:\Program Files\iTunes

2012-05-31 12:40:17 -------- d-----w- C:\Program Files\iPod

2012-05-31 12:40:17 -------- d-----w- C:\Program Files (x86)\iTunes

2012-05-31 12:39:49 -------- d-----w- C:\Users\Ronald Glickman\AppData\Local\Apple

2012-05-31 12:39:32 -------- d-----w- C:\Program Files\Bonjour

2012-05-31 12:39:32 -------- d-----w- C:\Program Files (x86)\Bonjour

2012-05-31 11:59:15 85504 ----a-w- C:\Windows\SysWow64\DeathAdder64.cpl

2012-05-31 11:59:13 7552 ----a-w- C:\Windows\System32\drivers\vHidDev.sys

2012-05-31 11:59:13 47104 ----a-w- C:\Windows\System32\drivers\CYUSB.sys

2012-05-31 11:59:13 12032 ----a-w- C:\Windows\System32\drivers\danew.sys

2012-05-31 02:36:10 -------- d-----r- C:\Users\Ronald Glickman\Dropbox

2012-05-31 02:34:57 -------- d-----w- C:\Users\Ronald Glickman\AppData\Roaming\Dropbox

2012-05-31 02:14:19 -------- d-----w- C:\Users\Ronald Glickman\AppData\Roaming\Xilisoft

2012-05-31 02:12:38 -------- d-----w- C:\Program Files (x86)\Xilisoft

2012-05-31 01:36:56 -------- d-----w- C:\Users\Ronald Glickman\AppData\Local\{8808B32B-7BD4-4D5A-AB06-F507D29C8031}

2012-05-31 01:36:56 -------- d-----w- C:\Users\Ronald Glickman\AppData\Local\{3296DEF0-9AF7-47D5-8600-F74C74E672F7}

2012-05-30 23:14:39 -------- d-----w- C:\Users\Ronald Glickman\AppData\Roaming\KeePass

2012-05-30 23:13:59 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3

2012-05-30 23:06:27 -------- d-----w- C:\Program Files (x86)\Solveig Multimedia

2012-05-30 23:06:27 -------- d-----w- C:\Program Files (x86)\Common Files\Solveig Multimedia

2012-05-30 23:04:49 -------- d-----w- C:\ProgramData\Freemake

2012-05-30 23:04:41 -------- d-----w- C:\Program Files (x86)\Freemake

2012-05-30 22:40:53 -------- d-----w- C:\Program Files (x86)\WinSCP

2012-05-30 22:28:33 -------- d-----w- C:\Users\Ronald Glickman\AppData\Roaming\TS3Client

2012-05-30 22:26:27 -------- d-----w- C:\Program Files\TeamSpeak 3 Client

2012-05-30 22:17:57 -------- d-----w- C:\Program Files (x86)\KeePass Password Safe 2

2012-05-30 21:54:40 -------- d-----w- C:\Users\Ronald Glickman\AppData\Local\Thunderbird

2012-05-30 21:51:36 -------- d-----w- C:\Users\Ronald Glickman\AppData\Roaming\Malwarebytes

2012-05-30 21:08:22 -------- d-----w- C:\Users\Ronald Glickman\AppData\Local\Adobe

.

==================== Find3M ====================

.

2012-06-18 13:56:55 45056 ----a-w- C:\Windows\SysWow64\acovcnt.exe

2012-06-17 22:54:28 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-06-15 22:52:44 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-06-12 16:36:26 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-05-15 09:29:47 858944 ----a-w- C:\Windows\System32\nv3dappshext.dll

2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll

2012-05-15 09:29:46 55616 ----a-w- C:\Windows\System32\nv3dappshextr.dll

2012-05-15 09:29:46 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll

2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll

2012-05-15 09:29:45 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin

2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll

2012-05-15 06:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2012-05-15 02:50:36 20992 ----a-w- C:\Windows\System32\drivers\rzvkeyboard.sys

2012-05-15 02:50:18 94208 ----a-w- C:\Windows\System32\drivers\rzudd.sys

2012-05-15 02:36:12 142848 ----a-w- C:\Windows\SysWow64\rztouchdll.dll

2012-05-15 02:36:02 354816 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll

2012-05-15 02:36:00 165888 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll

2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-05-08 02:46:02 7168 ----a-w- C:\Windows\System32\drivers\rzkbdhid.sys

2012-05-08 02:46:02 26112 ----a-w- C:\Windows\System32\drivers\rzdaendpt.sys

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 11:00:43 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll

2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-04-04 22:47:08 772504 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-04-04 22:47:02 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-03-21 00:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2012-03-21 00:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

.

============= FINISH: 14:51:07.17 ===============

Here is the attach.txt file

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 5/15/2012 5:58:57 PM

System Uptime: 6/18/2012 2:01:09 PM (0 hours ago)

.

Motherboard: ASUSTeK Computer Inc. | | N75SF

Processor: Intel® Core i7-2670QM CPU @ 2.20GHz | CPU 1 | 2201/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 441 GiB total, 366.735 GiB free.

E: is FIXED (NTFS) - 466 GiB total, 405.428 GiB free.

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet 4500 G510n-z

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Officejet 4500 G510n-z

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: Officejet 4500 G510n-z

Device ID: ROOT\IMAGE\0000

Manufacturer: HP

Name: Officejet 4500 G510n-z

PNP Device ID: ROOT\IMAGE\0000

Service: StillCam

.

==== System Restore Points ===================

.

RP89: 6/16/2012 12:36:14 PM - Installed ASUS Live Update

RP90: 6/16/2012 12:41:43 PM - Removed ASUS Live Update

RP91: 6/17/2012 6:54:40 AM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

??????? Windows Live Mesh ActiveX ??(????)

??????? Windows Live Mesh ActiveX ???

µTorrent

4500_G510nz_Help

4500G510nz

4500G510nz_Software_Min

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

Adobe Shockwave Player 11.6

Akamai NetSession Interface

Alcor Micro USB Card Reader

Apple Application Support

Apple Software Update

Asmedia ASM104x USB 3.0 Host Controller Driver

ASUS AI Recovery

ASUS FancyStart

ASUS LifeFrame3

ASUS Music Maker

ASUS Splendid Video Enhancement Technology

ASUS USB Charger Plus

ASUS Video Magic

ASUS Virtual Camera

ASUS WebStorage

AsusScr_N5_En

AsusVibe2.0

Atheros Client Installation Program

ATK Package

Battlefield 3™

Battlelog Web Plugins

Bing Bar

BufferChm

CleanUp!

Combat Arms

CyberLink LabelPrint

CyberLink MediaEspresso

CyberLink Power2Go

CyberLink PowerDirector

CyberLink PowerDVD 10

D3DX10

Destinations

DeviceDiscovery

DocMgr

DocProc

Dropbox

ESN Sonar

Fax

ffdshow [rev 3154] [2009-12-09]

Firebird SQL Server - MAGIX Edition

Freemake Video Converter version 3.0.2

Galeria de Fotografias do Windows Live

Galerie de photos Windows Live

Galería fotográfica de Windows Live

Game Booster 3

Google Chrome

Google Update Helper

GPBaseService2

HP Update

HPProductAssistant

HPSSupply

ImageShack Uploader 2.2.0

InstantOn for NB

Intel® Control Center

Intel® Management Engine Components

Intel® OpenCL CPU Runtime

Intel® Processor Graphics

Java Auto Updater

Java 7 Update 4

JavaFX 2.1.0

Junk Mail filter update

KeePass Password Safe 2.19

Malwarebytes Anti-Malware version 1.61.0.1400

MarketResearch

Mesh Runtime

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Moffsoft FreeCalc

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

Mozilla Thunderbird 12.0.1 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Music Now!

NETGEAR WNDA3100v2 wireless USB 2.0 adapter

Nexon Game Manager

Nuance PDF Reader

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

OpenOffice.org 3.4

Origin

PunkBuster Services

QuickTime

Razer Synapse 2.0

Realtek High Definition Audio Driver

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

SmartWebPrinting

SolutionCenter

SolveigMM AVI Trimmer

SonicMaster

Status

swMSM

syncables desktop SE

System Requirements Lab

System Requirements Lab CYRI

System Requirements Lab for Intel

TeamViewer 7

Tipard MKV Video Converter 6.1.12

Toolbox

TrayApp

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Virtual Magnifying Glass v3.5

Visual Studio 2008 x64 Redistributables

VLC media player 2.0.1

WebReg

Windows Live

Windows Live ???

Windows Live ????

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinFlash

WinSCP 4.3.7

XChat 2 (remove only)

Xilisoft Video Converter Ultimate 6

.

==== Event Viewer Messages From Past Week ========

.

6/17/2012 10:01:58 AM, Error: bowser [8003] - The master browser has received a server announcement from the

computer TOSHIBA-USER that believes that it is the master browser for the domain on transport NetBT_Tcpip_

{7C23FEE7-9FE0-46DA-BD38-727B84CEB6E0}. The master browser is stopping or an election is being forced.

6/16/2012 9:55:38 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow

copy storage could not grow due to a user imposed limit.

6/16/2012 12:24:52 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service

failed to start due to the following error: The pipe has been ended.

6/16/2012 11:58:26 AM, Error: Service Control Manager [7031] - The Windows Search service terminated

unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000

milliseconds: Restart the service.

6/16/2012 11:58:26 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with

service-specific error %%-1073473535.

6/14/2012 6:20:25 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows

failed to install the following update with error 0x80070103: Microsoft - Other hardware - HID Non-User Input

Data Filter (KB 911895).

6/14/2012 3:24:00 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address

192.168.2.6 with the system having network hardware address 68-B5-99-54-2F-04. Network operations on this

system may be disrupted as a result.

6/13/2012 6:17:57 AM, Error: Service Control Manager [7030] - The WSWNDA3100v2 service is marked as an

interactive service. However, the system is configured to not allow interactive services. This service may

not function properly.

6/11/2012 9:53:47 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a

corrective action (Restart the service) after the unexpected termination of the Windows Search service, but

this action failed with the following error: An instance of the service is already running.

6/11/2012 8:15:06 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error

trying to update signatures. New Signature Version: Previous Signature Version: 1.127.1702.0

Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com

Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine

Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80244022 Error description: An

unexpected problem occurred while checking for updates. For information on installing or troubleshooting

updates, see Help and Support.

6/11/2012 5:47:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached

while waiting for a transaction response from the eventlog service.

.

==== End Of File ===========================

Link to post
Share on other sites

  • Replies 58
  • Created
  • Last Reply

Top Posters In This Topic

Hi yes I still need assistance. The blocked IP address is 74.208.30.205.

Here is a fresh DDS log file.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1

Run by Ronald Glickman at 11:14:42 on 2012-06-21

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8102.5496 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\FBAgent.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe

C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\ASUS.SYS\SIONExportService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Users\Ronald Glickman\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Users\Ronald Glickman\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

C:\Program Files (x86)\CyberLink\Shared files\brs.exe

C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Windows\AsScrPro.exe

C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Page_URL = hxxp://asus.msn.com

mStart Page = hxxp://asus.msn.com

uInternet Settings,ProxyOverride = *.local;<local>

mWinlogon: Userinit=userinit.exe

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

uRun: [Akamai NetSession Interface] "C:\Users\Ronald Glickman\AppData\Local\Akamai\netsession_win.exe"

mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"

mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S

mRun: [sonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"

mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

mRun: [updatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [<NO NAME>]

mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{1BC833C7-962F-4E56-A43D-9DE390C45F72} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{7C23FEE7-9FE0-46DA-BD38-727B84CEB6E0} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7C23FEE7-9FE0-46DA-BD38-727B84CEB6E0}\56E6768396E656 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7C27C333-B2F7-41C1-8D14-B1027E4BB7A8} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7C27C333-B2F7-41C1-8D14-B1027E4BB7A8}\56E6768396E656 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7C27C333-B2F7-41C1-8D14-B1027E4BB7A8}\9353E484146544D414E4D25374 : DhcpNameServer = 192.168.2.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO-X64: IESpeakDoc - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

mRun-x64: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"

mRun-x64: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S

mRun-x64: [sonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe

mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun-x64: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"

mRun-x64: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

mRun-x64: [updatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun-x64: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [(Default)]

mRun-x64: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"

AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Ronald Glickman\AppData\Roaming\Mozilla\Firefox\Profiles\k2hn4jp8.default\

FF - prefs.js: browser.startup.homepage - hxxp://combatarms.nexon.net/|http://battlelog.battlefield.com/bf3/gate/|http://forums.thecbl.net/ucp.php?mode=login|http://yellowsnowarmy.com/

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

---- FIREFOX POLICIES ----

.

FF - user.js: extensions.autoDisableScopes - 14

.

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]

R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?]

R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]

R1 nvkflt;nvkflt;C:\Windows\system32\DRIVERS\nvkflt.sys --> C:\Windows\system32\DRIVERS\nvkflt.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]

R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]

R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe [2011-9-8 92800]

R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-13 138400]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]

R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-1-14 1839616]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-15 654408]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-6-3 1262400]

R2 Splashtop MDES;Splashtop Meta Data Export Service;C:\ASUS.SYS\SIONExportService.exe [2011-5-10 338208]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]

R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-5-15 2666880]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-11 2655768]

R2 WSWNDA3100v2;WSWNDA3100v2;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2012-6-13 303360]

R3 AiCharger;ASUS Charger Driver;C:\Windows\system32\DRIVERS\AiCharger.sys --> C:\Windows\system32\DRIVERS\AiCharger.sys [?]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]

R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]

R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]

R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 rzdaendpt;%rzdaendpt.SvcDesc%;C:\Windows\system32\DRIVERS\rzdaendpt.sys --> C:\Windows\system32\DRIVERS\rzdaendpt.sys [?]

R3 rzudd;Razer Keyboard Driver;C:\Windows\system32\DRIVERS\rzudd.sys --> C:\Windows\system32\DRIVERS\rzudd.sys [?]

R3 rzvkeyboard;Razer Virtual Keyboard Driver;C:\Windows\system32\DRIVERS\rzvkeyboard.sys --> C:\Windows\system32\DRIVERS\rzvkeyboard.sys [?]

S2 CLKMSVC10_38F51D56;CyberLink Product - 2011/09/11 10:30:41;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-12 241648]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-2 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-10 257224]

S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]

S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh664.sys --> C:\Windows\system32\DRIVERS\bcmwlhigh664.sys [?]

S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]

S3 CYUSB;Cypress Generic USB Driver;C:\Windows\system32\Drivers\CYUSB.sys --> C:\Windows\system32\Drivers\CYUSB.sys [?]

S3 danewFltr;NewDeathAdder Mouse;C:\Windows\system32\drivers\danew.sys --> C:\Windows\system32\drivers\danew.sys [?]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-2 135664]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-15 129976]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

S3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-6-11 14544]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files (x86)\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-06-20 22:20:49 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A1F841FE-B315-4A28-9FA9-A96861402062}\mpengine.dll

2012-06-20 11:27:52 9013136 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-19 16:31:26 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2012-06-19 16:31:25 -------- d-----w- C:\Program Files (x86)\Steam

2012-06-16 22:16:59 -------- d-----w- C:\Users\Ronald Glickman\AppData\Roaming\MAGIX

2012-06-16 16:24:20 -------- d-----w- C:\Windows\SysWow64\RTCOM

2012-06-16 12:06:45 -------- d-----w- C:\ProgramData\Nexon

2012-06-16 12:02:03 -------- d-----w- C:\Nexon

2012-06-16 12:02:02 -------- d-----w- C:\ProgramData\NexonUS

2012-06-14 10:07:31 -------- d-----w- C:\Program Files\Microsoft IntelliPoint

2012-06-13 18:46:37 -------- d-----w- C:\Users\Ronald Glickman\AppData\Local\Razer

2012-06-13 10:17:16 95544 ----a-w- C:\Windows\System32\bcmwlcoi.dll

2012-06-13 10:17:16 3900928 ----a-w- C:\Windows\System32\bcmihvsrv64.dll

2012-06-13 10:17:16 3566592 ----a-w- C:\Windows\System32\bcmihvui64.dll

2012-06-13 10:17:16 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll

2012-06-13 10:17:16 1256192 ----a-w- C:\Windows\System32\drivers\bcmwlhigh664.sys

2012-06-13 10:17:11 96784 ----a-w- C:\Windows\SysWow64\Packet.dll

2012-06-13 10:17:11 53299 ----a-w- C:\Windows\SysWow64\pthreadVC.dll

2012-06-13 10:17:11 47632 ----a-w- C:\Windows\System32\drivers\npf.sys

2012-06-13 10:17:11 281104 ----a-w- C:\Windows\SysWow64\wpcap.dll

2012-06-13 10:17:09 25056 ----a-w- C:\Windows\System32\drivers\SCMNdisP.sys

2012-06-13 10:17:07 -------- d-----w- C:\Program Files (x86)\NETGEAR

2012-06-12 18:42:47 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-06-12 17:12:24 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins

2012-06-12 17:03:41 -------- d-----w- C:\ProgramData\EA Core

2012-06-12 17:03:40 -------- d-----w- C:\ProgramData\EA Logs

2012-06-12 16:35:59 508264 ----a-w- C:\Windows\System32\d3dx10_36.dll

2012-06-12 16:17:13 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-06-12 16:17:13 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C5DD60F6-F67B-4B8C-AF21-C5E783A93374}\gapaengine.dll

2012-06-12 14:59:20 -------- d-----w- C:\Users\Ronald Glickman\AppData\Roaming\Origin

2012-06-12 14:59:11 -------- d-----w- C:\Users\Ronald Glickman\AppData\Local\Origin

2012-06-12 14:58:56 -------- d-----w- C:\ProgramData\Electronic Arts

2012-06-12 14:58:56 -------- d-----w- C:\Program Files (x86)\Origin Games

2012-06-12 14:58:27 -------- d-----w- C:\Program Files (x86)\Origin

2012-06-12 14:44:56 -------- d-----w- C:\ProgramData\Origin

2012-06-11 21:51:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-06-11 21:51:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-06-11 21:51:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-06-11 21:51:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-06-11 21:51:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-06-11 21:51:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-06-11 21:51:09 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-06-11 13:34:31 -------- d-----w- C:\Users\Ronald Glickman\AppData\Roaming\OpenOffice.org

2012-06-11 13:22:22 -------- d-----w- C:\Program Files\CCleaner

2012-06-11 11:15:06 -------- d-----w- C:\ProgramData\IObit

2012-06-11 11:15:05 -------- d-----w- C:\Program Files (x86)\IObit

2012-06-10 15:52:25 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-10 15:52:25 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-10 15:21:41 -------- d-----w- C:\Users\Ronald Glickman\AppData\Local\Tipard Studio

2012-06-10 15:19:54 -------- d-----w- C:\ProgramData\Tipard MKV Video Converter

2012-06-10 15:19:54 -------- d-----w- C:\Program Files (x86)\Tipard Studio

2012-06-10 12:55:18 -------- d-----w- C:\Users\Ronald Glickman\AppData\Local\Macromedia

2012-06-08 14:16:22 -------- d-----w- C:\Program Files (x86)\Virtual Magnifying Glass

2012-06-07 21:19:47 -------- d-----w- C:\Users\Ronald Glickman\AppData\Roaming\JPEGsnoop

2012-06-06 13:08:14 -------- d-----w- C:\Users\Ronald Glickman\AppData\Local\TouchStoneSoftware

2012-06-04 23:37:37 67176 ----a-w- C:\Windows\System32\OpenCL.dll

2012-06-04 23:37:37 57960 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2012-06-04 21:59:44 121344 ----a-w- C:\Windows\System32\IntelOpenCL64.dll

2012-06-04 21:59:37 86528 ----a-w- C:\Windows\SysWow64\IntelOpenCL32.dll

2012-06-04 19:14:43 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-06-04 19:13:23 -------- d-----w- C:\Users\Ronald Glickman\AppData\Local\PunkBuster

2012-06-04 18:59:00 -------- d-----w- C:\Program Files (x86)\EA Games

2012-06-04 13:24:49 -------- d-----w- C:\Program Files (x86)\Oracle

2012-06-04 12:55:53 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab

2012-06-03 23:27:28 -------- d-----w- C:\Program Files (x86)\ImageShack Uploader

2012-06-03 18:54:34 85504 ----a-w- C:\Windows\SysWow64\ff_vfw.dll

2012-06-03 18:54:34 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll

2012-06-03 18:54:34 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll

2012-06-03 18:54:32 -------- d-----w- C:\Program Files (x86)\ffdshow

2012-06-03 18:44:47 -------- d-----w- C:\Program Files (x86)\VideoLAN

2012-06-03 15:21:10 210432 ----a-w- C:\Program Files\Windows Sidebar\Shared Gadgets\InstantOn.gadget\InstantOnCOM.dll

2012-06-03 15:21:05 -------- d-----w- C:\Program Files (x86)\Common Files\InstantOn

2012-06-03 04:31:33 249152 ----a-w- C:\Windows\System32\drivers\nvkflt.sys

2012-06-03 04:31:33 1738048 ----a-w- C:\Windows\System32\nvdispco64.dll

2012-06-03 04:31:33 1468224 ----a-w- C:\Windows\System32\nvgenco64.dll

2012-06-03 04:30:32 -------- d-----w- C:\NVIDIA

2012-06-02 06:40:40 -------- d-----w- C:\Users\Ronald Glickman\AppData\Roaming\X-Chat 2

2012-06-02 06:40:37 -------- d-----w- C:\Program Files (x86)\xchat

2012-06-01 23:32:22 -------- d-----w- C:\Program Files (x86)\Moffsoft FreeCalc

2012-06-01 15:44:21 6656 ----a-w- C:\Windows\System32\drivers\hidkmdf.sys

2012-06-01 15:44:21 13312 ----a-w- C:\Windows\System32\drivers\VKbms.sys

2012-06-01 13:00:06 -------- d-----w- C:\Program Files (x86)\CleanUp!

2012-05-31 23:34:01 -------- d-----w- C:\Users\Ronald Glickman\AppData\Local\Akamai

2012-05-31 23:01:50 -------- d-----w- C:\Users\Ronald Glickman\AppData\Local\Diagnostics

2012-05-31 22:13:58 -------- d-----w- C:\ProgramData\WEBREG

2012-05-31 22:10:57 -------- d-----w- C:\Users\Ronald Glickman\AppData\Local\HP

2012-05-31 22:09:58 249856 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfpp092.dll

2012-05-31 22:08:28 -------- d-----w- C:\Program Files (x86)\Yahoo!

2012-05-31 22:06:29 -------- d-----w- C:\Windows\SysWow64\spool

2012-05-31 22:04:57 -------- d-----w- C:\Program Files (x86)\Common Files\HP

2012-05-31 22:04:55 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard

2012-05-31 22:04:38 -------- d-----w- C:\Windows\hpoj4500g510n-z

2012-05-31 22:03:40 902656 ----a-w- C:\Windows\System32\hpwwiax9.dll

2012-05-31 22:03:40 742912 ----a-w- C:\Windows\System32\hpwtscl5.dll

2012-05-31 22:03:40 551424 ----a-w- C:\Windows\System32\hppldcoi.dll

2012-05-31 22:03:40 503296 ----a-w- C:\Windows\System32\hpwvst01.dll

2012-05-31 22:03:32 642360 ----a-w- C:\Windows\System32\hpzids40.dll

2012-05-31 22:03:26 136704 ----a-w- C:\Windows\System32\hpf3l092.dll

2012-05-31 22:02:33 -------- d-----w- C:\Program Files (x86)\HP

2012-05-31 21:54:00 -------- d-----w- C:\Users\Ronald Glickman\AppData\Roaming\FLEXnet

2012-05-31 20:38:51 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-05-31 20:38:03 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2012-05-31 20:37:55 -------- d-----w- C:\Program Files\Microsoft Security Client

2012-05-31 18:42:50 -------- d-----w- C:\Users\Ronald Glickman\AppData\Roaming\TeamViewer

2012-05-31 13:29:03 -------- d-----w- C:\ProgramData\ASUS

2012-05-31 12:40:42 -------- d-----w- C:\Users\Ronald Glickman\AppData\Local\Apple Computer

2012-05-31 12:40:26 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2012-05-31 12:40:26 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll

2012-05-31 12:40:26 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2012-05-31 12:40:17 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2012-05-31 12:40:17 -------- d-----w- C:\Program Files\iTunes

2012-05-31 12:40:17 -------- d-----w- C:\Program Files\iPod

2012-05-31 12:40:17 -------- d-----w- C:\Program Files (x86)\iTunes

2012-05-31 12:39:49 -------- d-----w- C:\Users\Ronald Glickman\AppData\Local\Apple

2012-05-31 12:39:32 -------- d-----w- C:\Program Files\Bonjour

2012-05-31 12:39:32 -------- d-----w- C:\Program Files (x86)\Bonjour

2012-05-31 11:59:15 85504 ----a-w- C:\Windows\SysWow64\DeathAdder64.cpl

2012-05-31 11:59:13 7552 ----a-w- C:\Windows\System32\drivers\vHidDev.sys

2012-05-31 11:59:13 47104 ----a-w- C:\Windows\System32\drivers\CYUSB.sys

2012-05-31 11:59:13 12032 ----a-w- C:\Windows\System32\drivers\danew.sys

2012-05-31 02:36:10 -------- d-----r- C:\Users\Ronald Glickman\Dropbox

2012-05-31 02:34:57 -------- d-----w- C:\Users\Ronald Glickman\AppData\Roaming\Dropbox

2012-05-31 02:14:19 -------- d-----w- C:\Users\Ronald Glickman\AppData\Roaming\Xilisoft

2012-05-31 02:12:38 -------- d-----w- C:\Program Files (x86)\Xilisoft

2012-05-31 01:36:56 -------- d-----w- C:\Users\Ronald Glickman\AppData\Local\{8808B32B-7BD4-4D5A-AB06-F507D29C8031}

2012-05-31 01:36:56 -------- d-----w- C:\Users\Ronald Glickman\AppData\Local\{3296DEF0-9AF7-47D5-8600-F74C74E672F7}

2012-05-30 23:14:39 -------- d-----w- C:\Users\Ronald Glickman\AppData\Roaming\KeePass

2012-05-30 23:13:59 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3

2012-05-30 23:06:27 -------- d-----w- C:\Program Files (x86)\Solveig Multimedia

2012-05-30 23:06:27 -------- d-----w- C:\Program Files (x86)\Common Files\Solveig Multimedia

2012-05-30 23:04:49 -------- d-----w- C:\ProgramData\Freemake

2012-05-30 23:04:41 -------- d-----w- C:\Program Files (x86)\Freemake

2012-05-30 22:40:53 -------- d-----w- C:\Program Files (x86)\WinSCP

2012-05-30 22:28:33 -------- d-----w- C:\Users\Ronald Glickman\AppData\Roaming\TS3Client

2012-05-30 22:26:27 -------- d-----w- C:\Program Files\TeamSpeak 3 Client

2012-05-30 22:17:57 -------- d-----w- C:\Program Files (x86)\KeePass Password Safe 2

2012-05-30 21:54:40 -------- d-----w- C:\Users\Ronald Glickman\AppData\Local\Thunderbird

2012-05-30 21:51:36 -------- d-----w- C:\Users\Ronald Glickman\AppData\Roaming\Malwarebytes

2012-05-30 21:08:22 -------- d-----w- C:\Users\Ronald Glickman\AppData\Local\Adobe

.

==================== Find3M ====================

.

2012-06-21 00:03:23 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-06-20 23:35:19 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-06-20 20:48:28 45056 ----a-w- C:\Windows\SysWow64\acovcnt.exe

2012-06-12 16:36:26 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-05-15 09:29:47 858944 ----a-w- C:\Windows\System32\nv3dappshext.dll

2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll

2012-05-15 09:29:46 55616 ----a-w- C:\Windows\System32\nv3dappshextr.dll

2012-05-15 09:29:46 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll

2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll

2012-05-15 09:29:45 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin

2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll

2012-05-15 06:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2012-05-15 02:50:36 20992 ----a-w- C:\Windows\System32\drivers\rzvkeyboard.sys

2012-05-15 02:50:18 94208 ----a-w- C:\Windows\System32\drivers\rzudd.sys

2012-05-15 02:36:12 142848 ----a-w- C:\Windows\SysWow64\rztouchdll.dll

2012-05-15 02:36:02 354816 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll

2012-05-15 02:36:00 165888 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll

2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-05-08 02:46:02 7168 ----a-w- C:\Windows\System32\drivers\rzkbdhid.sys

2012-05-08 02:46:02 26112 ----a-w- C:\Windows\System32\drivers\rzdaendpt.sys

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 11:00:43 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll

2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-04-04 22:47:08 772504 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-04-04 22:47:02 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

============= FINISH: 11:15:31.75 ===============

Link to post
Share on other sites

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please uninstall µTorrent, because of our rules:

http://forums.malwarebytes.org/index.php?showtopic=97700

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • OTL log with Extras.txt

Link to post
Share on other sites

I have to split the posts. It wouldn't allow me to add all 3 because it said it was too long. So this one will be the malware log and my next post will include the otl and extras text.

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.21.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Ronald Glickman :: JAGS-AWESOME-PC [administrator]

Protection: Enabled

6/21/2012 12:57:25 PM

mbam-log-2012-06-21 (12-57-25).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 233826

Time elapsed: 2 minute(s), 6 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

OTL logfile created on: 6/21/2012 1:05:48 PM - Run 1

OTL by OldTimer - Version 3.2.50.0 Folder = E:\RSG Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 5.82 Gb Available Physical Memory | 73.53% Memory free

15.82 Gb Paging File | 13.28 Gb Available in Paging File | 83.92% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 440.76 Gb Total Space | 359.15 Gb Free Space | 81.48% Space Free | Partition Type: NTFS

Drive E: | 465.75 Gb Total Space | 405.43 Gb Free Space | 87.05% Space Free | Partition Type: NTFS

Computer Name: JAGS-AWESOME-PC | User Name: Ronald Glickman | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/21 13:00:16 | 000,596,992 | ---- | M] (OldTimer Tools) -- E:\RSG Downloads\OTL.exe

PRC - [2012/06/12 12:36:26 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2012/05/29 18:21:44 | 000,313,768 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

PRC - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012/05/08 00:31:08 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Ronald Glickman\AppData\Local\Akamai\netsession_win.exe

PRC - [2012/04/29 15:22:36 | 000,400,344 | ---- | M] (Mozilla Messaging) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/03/19 07:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

PRC - [2011/12/14 17:55:40 | 008,453,376 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe

PRC - [2011/12/14 17:53:44 | 000,303,360 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe

PRC - [2011/09/11 13:22:26 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe

PRC - [2011/09/08 14:48:32 | 000,100,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe

PRC - [2011/09/08 14:48:30 | 000,092,800 | ---- | M] (ASUS) -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe

PRC - [2011/06/17 20:19:54 | 000,502,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe

PRC - [2011/05/30 16:48:16 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe

PRC - [2011/05/30 13:48:18 | 000,082,944 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

PRC - [2011/05/10 18:55:40 | 000,338,208 | -H-- | M] (Splashtop Inc.) -- C:\ASUS.SYS\SIONExportService.exe

PRC - [2011/03/13 13:59:18 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

PRC - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

PRC - [2011/01/25 14:32:28 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

PRC - [2011/01/14 18:41:58 | 001,839,616 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

PRC - [2010/11/23 21:31:56 | 000,965,728 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

PRC - [2010/11/12 03:24:12 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe

PRC - [2010/10/07 17:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

PRC - [2010/10/06 00:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010/10/06 00:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/08/17 17:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

PRC - [2010/07/10 01:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe

PRC - [2010/02/03 03:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

PRC - [2009/12/15 13:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

PRC - [2009/11/02 17:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

PRC - [2009/06/19 13:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

PRC - [2009/06/19 13:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

PRC - [2009/06/15 20:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

PRC - [2009/05/05 19:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

PRC - [2008/12/22 20:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

PRC - [2008/08/14 00:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/13 23:55:04 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll

MOD - [2012/06/13 23:53:16 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\79ac99fe5274fb82ffcff2c15f71854c\System.Runtime.DurableInstancing.ni.dll

MOD - [2012/06/13 23:53:16 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\bb97517e4ca64e02282fca24612ce8ad\SMDiagnostics.ni.dll

MOD - [2012/06/13 23:53:15 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll

MOD - [2012/06/13 23:53:13 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\4837a5c6204d53e7aa4f7dd94b98207c\System.Xml.Linq.ni.dll

MOD - [2012/06/13 23:52:54 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll

MOD - [2012/06/13 19:15:25 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll

MOD - [2012/06/13 19:15:12 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll

MOD - [2012/06/13 19:15:10 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll

MOD - [2012/06/13 19:15:03 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll

MOD - [2012/06/13 19:15:01 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll

MOD - [2012/06/13 19:15:01 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll

MOD - [2012/06/13 19:14:58 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll

MOD - [2012/06/13 19:13:38 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll

MOD - [2012/06/13 19:13:36 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll

MOD - [2012/06/13 19:13:29 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll

MOD - [2012/06/13 19:13:22 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll

MOD - [2012/04/29 15:22:24 | 000,021,976 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll

MOD - [2012/04/29 15:22:23 | 000,162,776 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll

MOD - [2012/04/29 15:22:20 | 001,952,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll

MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/12/14 17:55:40 | 008,453,376 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe

MOD - [2011/12/14 10:43:04 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll

MOD - [2011/06/08 23:24:50 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll

MOD - [2011/05/30 13:48:14 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll

MOD - [2009/11/02 17:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

MOD - [2009/11/02 17:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2011/01/25 17:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)

SRV:64bit: - [2010/11/29 18:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel®

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/06/19 12:31:59 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/06/16 18:26:55 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/06/12 12:36:26 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012/04/20 21:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/03/19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel®

SRV - [2012/03/19 07:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2011/12/14 17:53:44 | 000,303,360 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100v2)

SRV - [2011/09/08 14:48:30 | 000,092,800 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe -- (ASUS InstantOn)

SRV - [2011/05/10 18:55:40 | 000,338,208 | -H-- | M] (Splashtop Inc.) [Auto | Running] -- C:\ASUS.SYS\SIONExportService.exe -- (Splashtop MDES)

SRV - [2011/03/13 13:59:18 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)

SRV - [2011/03/13 13:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)

SRV - [2011/03/02 00:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)

SRV - [2011/01/14 18:41:58 | 001,839,616 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)

SRV - [2010/11/12 18:24:12 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)

SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2010/10/06 00:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2010/10/06 00:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/12/15 13:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)

SRV - [2009/06/15 20:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/08/07 13:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/15 06:48:00 | 000,249,152 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt)

DRV:64bit: - [2012/05/15 06:48:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)

DRV:64bit: - [2012/05/14 22:50:36 | 000,020,992 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzvkeyboard.sys -- (rzvkeyboard)

DRV:64bit: - [2012/05/14 22:50:18 | 000,094,208 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)

DRV:64bit: - [2012/05/07 22:46:02 | 000,026,112 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzdaendpt.sys -- (rzdaendpt)

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/03/19 16:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/12/12 17:42:00 | 001,256,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)

DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2011/08/01 15:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)

DRV:64bit: - [2011/07/22 10:33:48 | 000,025,056 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)

DRV:64bit: - [2011/06/27 01:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)

DRV:64bit: - [2011/05/05 08:32:56 | 001,439,792 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2011/04/25 23:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011/03/18 01:36:18 | 000,074,840 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)

DRV:64bit: - [2011/03/13 13:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)

DRV:64bit: - [2011/03/13 13:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)

DRV:64bit: - [2011/03/13 13:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)

DRV:64bit: - [2011/03/13 13:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)

DRV:64bit: - [2011/03/13 13:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)

DRV:64bit: - [2011/03/13 13:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)

DRV:64bit: - [2011/03/13 13:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/25 20:42:18 | 000,016,768 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)

DRV:64bit: - [2011/01/27 13:23:38 | 000,385,512 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)

DRV:64bit: - [2011/01/27 13:23:36 | 000,125,416 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)

DRV:64bit: - [2010/11/29 18:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)

DRV:64bit: - [2010/11/20 09:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 07:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 07:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®

DRV:64bit: - [2010/10/01 00:16:34 | 000,013,312 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)

DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2010/08/24 05:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)

DRV:64bit: - [2010/03/23 16:37:34 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr)

DRV:64bit: - [2010/02/03 11:20:32 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)

DRV:64bit: - [2009/12/21 21:50:00 | 000,007,552 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vHidDev.sys -- (vhidmini)

DRV:64bit: - [2009/08/10 15:25:32 | 000,047,104 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CYUSB.sys -- (CYUSB)

DRV:64bit: - [2009/07/20 05:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/06/10 16:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/05/23 20:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV - [2010/11/01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)

DRV - [2010/07/26 16:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/07/02 20:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-953877884-1205063476-829431027-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com

IE - HKU\S-1-5-21-953877884-1205063476-829431027-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com

IE - HKU\S-1-5-21-953877884-1205063476-829431027-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKU\S-1-5-21-953877884-1205063476-829431027-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT

IE - HKU\S-1-5-21-953877884-1205063476-829431027-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-953877884-1205063476-829431027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-953877884-1205063476-829431027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKU\S-1-5-21-953877884-1205063476-829431027-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com

IE - HKU\S-1-5-21-953877884-1205063476-829431027-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com/

IE - HKU\S-1-5-21-953877884-1205063476-829431027-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-953877884-1205063476-829431027-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-953877884-1205063476-829431027-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://combatarms.nexon.net/|http://battlelog.battlefield.com/bf3/gate/|http://forums.thecbl.net/ucp.php?mode=login|http://yellowsnowarmy.com/"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/05/30 19:04:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/31 18:08:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/11 17:51:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/11 17:51:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/31 18:08:05 | 000,000,000 | ---D | M]

[2012/05/15 18:43:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ronald Glickman\AppData\Roaming\Mozilla\Extensions

[2012/06/17 11:55:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ronald Glickman\AppData\Roaming\Mozilla\Firefox\Profiles\k2hn4jp8.default\extensions

[2012/05/15 18:15:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/04/20 21:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Ronald Glickman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

CHR - Extension: YouTube = C:\Users\Ronald Glickman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Adblock Plus (Beta) = C:\Users\Ronald Glickman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\

CHR - Extension: Google Search = C:\Users\Ronald Glickman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Freemake Video Converter = C:\Users\Ronald Glickman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\

CHR - Extension: Auto HD For YouTube = C:\Users\Ronald Glickman\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak\2.5.5_0\

CHR - Extension: Stop Autoplay for YouTube. = C:\Users\Ronald Glickman\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgdfnbpkmkkdhgidgcpdkgpdlfjcgnnh\0.11.5.24_0\

CHR - Extension: Gmail = C:\Users\Ronald Glickman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)

O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)

O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found

O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [synAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)

O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)

O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)

O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)

O4 - HKLM..\Run: [bDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)

O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)

O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd)

O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [sonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus)

O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-953877884-1205063476-829431027-1000..\Run: [Akamai NetSession Interface] C:\Users\Ronald Glickman\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)

O4 - HKU\S-1-5-21-953877884-1205063476-829431027-1000..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)

O4 - HKU\S-1-5-21-953877884-1205063476-829431027-1000..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-953877884-1205063476-829431027-1001..\Run: [Akamai NetSession Interface] C:\Users\Ronald Glickman\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)

O4 - HKU\S-1-5-21-953877884-1205063476-829431027-1001..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-953877884-1205063476-829431027-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-953877884-1205063476-829431027-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-953877884-1205063476-829431027-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0

O7 - HKU\S-1-5-21-953877884-1205063476-829431027-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0

O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found

O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.1)

O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BC833C7-962F-4E56-A43D-9DE390C45F72}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C23FEE7-9FE0-46DA-BD38-727B84CEB6E0}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C27C333-B2F7-41C1-8D14-B1027E4BB7A8}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/21 12:37:59 | 000,000,000 | R--D | C] -- C:\Users\Ronald Glickman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

[2012/06/19 12:31:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam

[2012/06/19 12:31:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

[2012/06/19 12:31:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam

[2012/06/18 21:53:44 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\Desktop\Malwarebytes

[2012/06/16 18:17:00 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\Documents\MAGIX_ASUS Music Maker

[2012/06/16 18:17:00 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\Documents\MAGIX downloads

[2012/06/16 18:16:59 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Roaming\MAGIX

[2012/06/16 12:24:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM

[2012/06/16 12:23:59 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll

[2012/06/16 12:23:59 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll

[2012/06/16 12:23:58 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll

[2012/06/16 12:23:58 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll

[2012/06/16 12:23:58 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll

[2012/06/16 12:23:56 | 000,220,512 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll

[2012/06/16 12:23:56 | 000,180,048 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFProc64.dll

[2012/06/16 12:23:56 | 000,086,352 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFComm64.dll

[2012/06/16 12:23:56 | 000,083,792 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFSAPO64.dll

[2012/06/16 12:23:56 | 000,082,768 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFHAPO64.dll

[2012/06/16 12:23:56 | 000,082,768 | ---- | C] (Sonic Focus, Inc.) -- C:\Windows\SysNative\SFDAPO64.dll

[2012/06/16 12:23:56 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll

[2012/06/16 12:23:56 | 000,078,176 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll

[2012/06/16 12:23:54 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll

[2012/06/16 12:23:54 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll

[2012/06/16 12:23:54 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll

[2012/06/16 12:23:54 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll

[2012/06/16 12:23:53 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll

[2012/06/16 12:23:53 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll

[2012/06/16 12:23:52 | 002,132,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll

[2012/06/16 12:23:51 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll

[2012/06/16 12:23:42 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll

[2012/06/16 12:23:42 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll

[2012/06/16 12:23:41 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll

[2012/06/16 12:23:40 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll

[2012/06/16 12:23:40 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll

[2012/06/16 12:23:40 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll

[2012/06/16 12:23:40 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll

[2012/06/16 12:23:40 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll

[2012/06/16 12:23:40 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll

[2012/06/16 12:23:40 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll

[2012/06/16 12:23:39 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll

[2012/06/16 12:23:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield

[2012/06/16 08:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon

[2012/06/16 08:02:03 | 000,000,000 | ---D | C] -- C:\Nexon

[2012/06/16 08:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS

[2012/06/14 06:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse

[2012/06/14 06:07:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint

[2012/06/13 14:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer

[2012/06/13 14:46:37 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Local\Razer

[2012/06/13 14:46:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer

[2012/06/13 14:46:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer

[2012/06/13 06:17:11 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysWow64\wpcap.dll

[2012/06/13 06:17:11 | 000,096,784 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysWow64\Packet.dll

[2012/06/13 06:17:11 | 000,047,632 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys

[2012/06/13 06:17:09 | 000,025,056 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\SCMNdisP.sys

[2012/06/13 06:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNDA3100v2 Genie

[2012/06/13 06:17:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NETGEAR

[2012/06/12 13:13:05 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\Documents\Battlefield 3

[2012/06/12 13:12:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins

[2012/06/12 13:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core

[2012/06/12 13:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs

[2012/06/12 12:36:53 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller

[2012/06/12 10:59:20 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Roaming\Origin

[2012/06/12 10:59:11 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Local\Origin

[2012/06/12 10:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin

[2012/06/12 10:58:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games

[2012/06/12 10:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts

[2012/06/12 10:58:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin

[2012/06/12 10:44:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin

[2012/06/11 17:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2012/06/11 17:50:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2012/06/11 09:34:31 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Roaming\OpenOffice.org

[2012/06/11 09:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012/06/11 07:15:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3

[2012/06/11 07:15:06 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit

[2012/06/11 07:15:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit

[2012/06/10 11:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

[2012/06/10 11:21:41 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\Documents\Tipard Studio

[2012/06/10 11:21:41 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Local\Tipard Studio

[2012/06/10 11:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tipard

[2012/06/10 11:19:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tipard Studio

[2012/06/10 11:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Tipard MKV Video Converter

[2012/06/10 08:55:18 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Local\Macromedia

[2012/06/10 08:45:47 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Roaming\Google

[2012/06/08 10:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Magnifying Glass

[2012/06/08 10:16:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Virtual Magnifying Glass

[2012/06/07 17:19:47 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Roaming\JPEGsnoop

[2012/06/06 09:08:14 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Local\TouchStoneSoftware

[2012/06/04 19:37:37 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll

[2012/06/04 19:37:37 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

[2012/06/04 15:13:23 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Local\PunkBuster

[2012/06/04 15:11:05 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\Documents\Battlefield Play4Free

[2012/06/04 14:59:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games

[2012/06/04 09:25:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012/06/04 09:24:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle

[2012/06/04 08:55:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab

[2012/06/04 08:55:45 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Roaming\SystemRequirementsLab

[2012/06/03 19:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageShack Uploader

[2012/06/03 19:27:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImageShack Uploader

[2012/06/03 14:54:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow

[2012/06/03 14:54:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow

[2012/06/03 14:45:12 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Roaming\vlc

[2012/06/03 14:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2012/06/03 14:44:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN

[2012/06/03 11:21:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstantOn

[2012/06/03 00:30:32 | 000,000,000 | ---D | C] -- C:\NVIDIA

[2012/06/02 02:40:40 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Roaming\X-Chat 2

[2012/06/02 02:40:37 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XChat

[2012/06/02 02:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XChat

[2012/06/02 02:40:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\xchat

[2012/06/01 19:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moffsoft FreeCalc

[2012/06/01 19:32:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Moffsoft FreeCalc

[2012/06/01 11:44:21 | 000,013,312 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\VKbms.sys

[2012/06/01 11:44:21 | 000,006,656 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\hidkmdf.sys

[2012/06/01 09:00:11 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!

[2012/06/01 09:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!

[2012/06/01 09:00:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CleanUp!

[2012/05/31 19:34:01 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Local\Akamai

[2012/05/31 19:01:50 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Local\Diagnostics

[2012/05/31 18:13:58 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG

[2012/05/31 18:10:58 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Roaming\HP

[2012/05/31 18:10:57 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Local\HP

[2012/05/31 18:08:30 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Roaming\Yahoo!

[2012/05/31 18:08:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!

[2012/05/31 18:06:46 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant

[2012/05/31 18:06:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool

[2012/05/31 18:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

[2012/05/31 18:04:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP

[2012/05/31 18:04:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard

[2012/05/31 18:04:38 | 000,000,000 | ---D | C] -- C:\Windows\hpoj4500g510n-z

[2012/05/31 18:03:03 | 000,000,000 | -H-D | C] -- C:\Config.Msi

[2012/05/31 18:02:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP

[2012/05/31 18:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\HP

[2012/05/31 17:54:00 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Roaming\FLEXnet

[2012/05/31 16:38:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client

[2012/05/31 16:37:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2012/05/31 14:42:50 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Roaming\TeamViewer

[2012/05/31 09:29:09 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\Documents\ASUS

[2012/05/31 09:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS

[2012/05/31 08:40:42 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Roaming\Apple Computer

[2012/05/31 08:40:42 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Local\Apple Computer

[2012/05/31 08:40:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012/05/31 08:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/05/31 08:40:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2012/05/31 08:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/05/31 08:40:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer

[2012/05/31 08:40:17 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

[2012/05/31 08:39:49 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Local\Apple

[2012/05/31 08:39:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update

[2012/05/31 08:39:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2012/05/31 08:39:32 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2012/05/31 08:39:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2012/05/31 08:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple

[2012/05/31 08:39:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple

[2012/05/31 07:59:15 | 000,085,504 | ---- | C] (Razer USA Ltd.) -- C:\Windows\SysWow64\DeathAdder64.cpl

[2012/05/31 07:59:13 | 000,047,104 | ---- | C] (Cypress Semiconductor) -- C:\Windows\SysNative\drivers\CYUSB.sys

[2012/05/31 07:59:13 | 000,012,032 | ---- | C] (Razer (Asia-Pacific) Pte Ltd) -- C:\Windows\SysNative\drivers\danew.sys

[2012/05/31 07:59:13 | 000,007,552 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\vHidDev.sys

[2012/05/30 22:36:10 | 000,000,000 | R--D | C] -- C:\Users\Ronald Glickman\Dropbox

[2012/05/30 22:35:16 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

[2012/05/30 22:34:57 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Roaming\Dropbox

[2012/05/30 22:14:19 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Roaming\Xilisoft

[2012/05/30 22:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xilisoft

[2012/05/30 22:12:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xilisoft

[2012/05/30 21:36:56 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Local\{8808B32B-7BD4-4D5A-AB06-F507D29C8031}

[2012/05/30 21:36:56 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Local\{3296DEF0-9AF7-47D5-8600-F74C74E672F7}

[2012/05/30 19:14:39 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Roaming\KeePass

[2012/05/30 19:14:12 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4

[2012/05/30 19:13:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3

[2012/05/30 19:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solveig Multimedia

[2012/05/30 19:06:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Solveig Multimedia

[2012/05/30 19:06:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Solveig Multimedia

[2012/05/30 19:04:49 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\Documents\Freemake

[2012/05/30 19:04:49 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake

[2012/05/30 19:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake

[2012/05/30 19:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake

[2012/05/30 19:04:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake

[2012/05/30 18:40:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP

[2012/05/30 18:40:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinSCP

[2012/05/30 18:28:33 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Roaming\TS3Client

[2012/05/30 18:26:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client

[2012/05/30 18:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client

[2012/05/30 18:17:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeePass Password Safe 2

[2012/05/30 17:54:40 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Roaming\Thunderbird

[2012/05/30 17:54:40 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Local\Thunderbird

[2012/05/30 17:54:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird

[2012/05/30 17:51:36 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Roaming\Malwarebytes

[2012/05/30 17:08:22 | 000,000,000 | ---D | C] -- C:\Users\Ronald Glickman\AppData\Local\Adobe

========== Files - Modified Within 30 Days ==========

[2012/06/21 13:07:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/06/21 13:03:10 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx

[2012/06/21 12:37:55 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/06/21 12:37:54 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe

[2012/06/21 12:37:54 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/06/21 12:37:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/06/21 11:39:09 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/21 11:39:09 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/21 11:31:33 | 2076,749,823 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/21 11:21:59 | 000,044,350 | ---- | M] () -- C:\Users\Ronald Glickman\Desktop\keepass.kdbx

[2012/06/20 20:03:23 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2012/06/20 20:03:23 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012/06/20 19:35:19 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2012/06/19 19:35:23 | 000,001,796 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini

[2012/06/16 18:37:38 | 000,797,586 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/06/16 18:37:38 | 000,673,830 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/06/16 18:37:38 | 000,125,966 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/06/16 18:16:49 | 000,002,062 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk

[2012/06/14 06:10:26 | 000,543,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/06/14 06:07:42 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf

[2012/06/14 06:07:40 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf

[2012/06/14 06:06:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf

[2012/06/14 06:06:04 | 000,791,802 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/06/13 14:56:47 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf

[2012/06/13 14:56:27 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzdaendpt_01009.Wdf

[2012/06/13 08:39:56 | 000,002,372 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini

[2012/06/13 06:18:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf

[2012/06/13 06:17:07 | 000,000,946 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk

[2012/06/12 12:36:26 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2012/06/08 17:50:47 | 000,000,600 | ---- | M] () -- C:\Users\Ronald Glickman\AppData\Roaming\winscp.rnd

[2012/06/07 15:09:01 | 000,000,600 | ---- | M] () -- C:\Users\Ronald Glickman\AppData\Local\PUTTY.RND

[2012/06/04 18:02:23 | 000,018,670 | ---- | M] () -- C:\Windows\SysNative\results.xml

[2012/06/03 10:39:25 | 000,000,412 | ---- | M] () -- C:\Users\Ronald Glickman\AppData\Roaming\All CPU Meter_Settings.ini

[2012/05/31 18:10:54 | 000,207,571 | ---- | M] () -- C:\Windows\hpwins28.dat

[2012/05/31 18:06:05 | 000,002,101 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[2012/05/31 16:38:15 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012/05/31 09:28:58 | 000,000,024 | ---- | M] () -- C:\Windows\ATKPF.ini

[2012/05/31 07:56:21 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\Splendid Utility.Lnk

[2012/05/31 07:55:33 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\LifeFrame.lnk

[2012/05/31 07:55:07 | 000,002,617 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk

[2012/05/30 17:54:35 | 000,002,112 | ---- | M] () -- C:\Users\Ronald Glickman\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk

[2012/05/30 16:30:53 | 000,000,000 | ---- | M] () -- C:\WifiInfo.ini.enc

========== Files Created - No Company Name ==========

[2012/06/14 06:07:42 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf

[2012/06/14 06:07:40 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf

[2012/06/14 06:06:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf

[2012/06/13 14:56:47 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf

[2012/06/13 14:56:27 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzdaendpt_01009.Wdf

[2012/06/13 06:18:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf

[2012/06/13 06:17:11 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll

[2012/06/13 06:17:07 | 000,000,946 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk

[2012/06/12 12:36:27 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012/06/12 12:36:27 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2012/06/12 12:36:26 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2012/06/10 11:52:25 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/06/04 15:14:43 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2012/06/03 14:54:34 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2012/06/03 10:39:25 | 000,000,412 | ---- | C] () -- C:\Users\Ronald Glickman\AppData\Roaming\All CPU Meter_Settings.ini

[2012/06/02 16:24:55 | 000,000,600 | ---- | C] () -- C:\Users\Ronald Glickman\AppData\Local\PUTTY.RND

[2012/06/02 16:00:24 | 000,044,350 | ---- | C] () -- C:\Users\Ronald Glickman\Desktop\keepass.kdbx

[2012/05/31 18:07:05 | 000,001,054 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk

[2012/05/31 18:06:05 | 000,002,101 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

[2012/05/31 18:01:24 | 000,207,571 | ---- | C] () -- C:\Windows\hpwins28.dat

[2012/05/31 16:38:15 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif

[2012/05/31 16:38:08 | 000,001,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2012/05/31 16:38:06 | 000,791,802 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/05/31 09:28:58 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini

[2012/05/31 08:39:48 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

[2012/05/31 07:56:21 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\Splendid Utility.Lnk

[2012/05/31 07:55:33 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\LifeFrame.lnk

[2012/05/30 18:40:54 | 000,000,600 | ---- | C] () -- C:\Users\Ronald Glickman\AppData\Roaming\winscp.rnd

[2012/05/30 18:17:57 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk

[2012/05/30 17:54:35 | 000,002,112 | ---- | C] () -- C:\Users\Ronald Glickman\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk

[2012/05/30 17:54:35 | 000,002,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk

[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2012/03/19 16:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2012/03/19 16:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2012/03/19 16:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2012/03/19 15:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

[2011/09/11 13:24:12 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe

[2011/09/11 13:09:14 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll

[2011/07/12 04:14:12 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll

[2011/07/12 04:13:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2011/05/10 18:55:50 | 000,368,400 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll

========== LOP Check ==========

[2012/05/15 18:06:46 | 000,000,000 | ---D | M] -- C:\Users\Ronald Glickman\AppData\Roaming\ASUS WebStorage

[2012/06/12 12:31:41 | 000,000,000 | ---D | M] -- C:\Users\Ronald Glickman\AppData\Roaming\Dropbox

[2012/06/17 23:01:26 | 000,000,000 | ---D | M] -- C:\Users\Ronald Glickman\AppData\Roaming\JPEGsnoop

[2012/06/21 11:22:01 | 000,000,000 | ---D | M] -- C:\Users\Ronald Glickman\AppData\Roaming\KeePass

[2012/06/16 18:16:59 | 000,000,000 | ---D | M] -- C:\Users\Ronald Glickman\AppData\Roaming\MAGIX

[2012/06/11 09:34:31 | 000,000,000 | ---D | M] -- C:\Users\Ronald Glickman\AppData\Roaming\OpenOffice.org

[2012/06/12 11:00:49 | 000,000,000 | ---D | M] -- C:\Users\Ronald Glickman\AppData\Roaming\Origin

[2012/06/08 07:26:24 | 000,000,000 | ---D | M] -- C:\Users\Ronald Glickman\AppData\Roaming\SystemRequirementsLab

[2012/06/09 09:36:42 | 000,000,000 | ---D | M] -- C:\Users\Ronald Glickman\AppData\Roaming\TeamViewer

[2012/05/30 17:58:15 | 000,000,000 | ---D | M] -- C:\Users\Ronald Glickman\AppData\Roaming\Thunderbird

[2012/06/19 13:57:31 | 000,000,000 | ---D | M] -- C:\Users\Ronald Glickman\AppData\Roaming\TS3Client

[2012/06/08 17:59:29 | 000,000,000 | ---D | M] -- C:\Users\Ronald Glickman\AppData\Roaming\X-Chat 2

[2012/05/30 22:14:19 | 000,000,000 | ---D | M] -- C:\Users\Ronald Glickman\AppData\Roaming\Xilisoft

[2012/06/16 12:12:45 | 000,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 6/21/2012 1:05:48 PM - Run 1

OTL by OldTimer - Version 3.2.50.0 Folder = E:\RSG Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 5.82 Gb Available Physical Memory | 73.53% Memory free

15.82 Gb Paging File | 13.28 Gb Available in Paging File | 83.92% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 440.76 Gb Total Space | 359.15 Gb Free Space | 81.48% Space Free | Partition Type: NTFS

Drive E: | 465.75 Gb Total Space | 405.43 Gb Free Space | 87.05% Space Free | Partition Type: NTFS

Computer Name: JAGS-AWESOME-PC | User Name: Ronald Glickman | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-953877884-1205063476-829431027-1001\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\xchat\xchat.exe" = C:\Program Files (x86)\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()

"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)

"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)

"C:\Program Files (x86)\xchat\xchat.exe" = C:\Program Files (x86)\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()

"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)

"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{08881CB6-8178-41FA-9546-ADC379E79ABC}" = rport=445 | protocol=6 | dir=out | app=system |

"{15AB348A-780B-4F23-9118-5F0EA90F89A4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{1A165FF4-80F7-488F-A0ED-2A89D740AF12}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{2CE2C232-DEBE-48D9-BAB6-AFF70DA911C3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{32CA6032-93C4-4472-A793-FC6A795651DE}" = lport=5353 | protocol=17 | dir=in | name=java platform se binary |

"{33CC0BB7-B795-4E0C-BEE9-0742C93AFCCC}" = lport=445 | protocol=6 | dir=in | app=system |

"{3A4FAA2B-241B-4D69-80F0-A276ABDEF16A}" = lport=139 | protocol=6 | dir=in | app=system |

"{4FEE8D53-A363-4496-AFAE-BEF0847EE7A2}" = lport=137 | protocol=17 | dir=in | app=system |

"{58BCF9B8-305E-4284-9A10-499F423B0BB0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{61FA10E2-A1B3-45EB-824B-A185790506BD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{646D53E5-F76D-48E3-B17B-615AC3320D97}" = lport=138 | protocol=17 | dir=in | app=system |

"{7272E7FE-FF8A-4B3D-91CC-03CEDFAD7793}" = lport=2869 | protocol=6 | dir=in | app=system |

"{779DA2BD-ECE8-43F1-AB72-8F7D332E90DD}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

"{86315A17-DE80-44ED-9DB5-8C8C466070A4}" = lport=8182 | protocol=6 | dir=in | name=java platform se binary |

"{A12E764F-DBF9-496F-B0CB-4B1FC68FB501}" = rport=138 | protocol=17 | dir=out | app=system |

"{B837BBA6-BCF2-4848-8421-D7BB660B8272}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{BE780C3D-6F0C-443E-966B-F9128BBD8C1E}" = lport=10243 | protocol=6 | dir=in | app=system |

"{C9A7EBCB-D5B7-4330-9FEC-16BCF3DE9C6A}" = rport=139 | protocol=6 | dir=out | app=system |

"{DA9DE6B9-5CE8-4942-8E68-D89333200F4F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{E6C4EDAC-CE28-4045-9E9B-DAE1837B8EB5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{E7DE1D9F-FCD4-4809-91E0-74513221337B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{EC5036CF-8B62-44C7-8B12-B056C4661D74}" = rport=137 | protocol=17 | dir=out | app=system |

"{EC9848D9-EF0E-4142-B40F-196FC3E2E07B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{F8D05EDA-2419-46AA-9A8A-4D69E76A9116}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

"{FF44AC74-09C5-4765-B3B4-0E5C9DA677A5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{FF611C43-71FE-4888-8EA4-1C2E856ED3A7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{FF8594BD-11E3-4155-BF06-E4A4C073D7CD}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{04AA4273-B12B-46E8-926E-E8947885359E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |

"{07524BB5-0470-4645-BEC0-141E77759517}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |

"{08C250CB-B24E-4035-9C68-2BA38139D784}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |

"{0B8424E1-575C-49EF-9755-57DD89691E75}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |

"{0CEB7F3F-5928-4849-994B-14CEB6DFDBEA}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |

"{0E3D2FBC-EC1E-4C5B-842D-D743DE8544CC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{0FEA39F6-53D7-4049-A70C-F0D4F91943A5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{14C0A3AB-D525-4A4F-94DA-6D68F61706A6}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |

"{1FEBA333-E20B-433A-AC47-31E47671E53D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{2156FA05-828F-4C3C-A055-6261C34F23AF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |

"{2B0A300F-2FA9-4EE6-98F0-44D93A1F0EB4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{2B8687F3-43EA-4CE8-B501-B9EC51168D72}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |

"{2F82578C-399B-4E4A-85AF-42DBB33C3DC2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |

"{31BB1FA7-CBDF-44B0-AC9E-EFF7F1AA5CB9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |

"{3ABBE8B3-C992-4CFD-89DB-8E6B86B6719B}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |

"{3B9BC688-6B72-4087-BFB9-C74E7E8F3D73}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{3DA3815E-6959-4C86-89C7-A8C594BA3092}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{3F5CF452-602F-49A0-9412-F1ED62DF4902}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{43751D33-C41B-4A38-90A9-5E6F79D760F8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{446E40D2-F766-42F9-BF8E-372BCC811E5A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |

"{4A8FF3EA-C64D-48A7-B14B-CC0FDB856147}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |

"{4B124746-11B7-4DC5-89E0-FECC972764FA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |

"{4E4C379B-0340-428C-AC0F-37C75348A2FC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{4F6AE6D8-9596-454E-806C-6130BF656B2E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |

"{50F025E2-C912-4ABF-82F2-89BFE21178AC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |

"{5C205624-DAD8-41EF-AC3C-4261ADCF4328}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{67030B2E-664E-49B3-AF7A-FD811147BD74}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{6D3E63F4-3ABF-40BA-B78C-8245D0ADF89F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |

"{6DFF73FD-6179-43EA-A0C5-92424F20F94C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{74C05B39-2AEA-4F1E-A513-75B05B732B3A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |

"{7604DD66-C6E7-4155-8C70-8F91124E5025}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{76E2DB78-0DAF-4065-A2F0-8A47020E61FD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{78677371-353A-4EBC-95F5-23594C5D7A5B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{78D1BE15-D50A-48E3-9971-42F9223C059C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{791077C2-119B-483E-ACC9-A0ED846C0768}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{791CE223-A4A1-4A0A-BA0F-940AE5BF6CF3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{83001065-7E65-439A-B941-529E4B486ACD}" = dir=in | app=g:\setup\hpznui40.exe |

"{8683EEA9-49C6-48F9-B176-BB2005FB3926}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |

"{86D1135E-A6CF-46C8-9000-29B460D933F7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{8BD183A8-93A8-497B-AA10-219B318ADFC8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{91FE659A-3512-494C-8F94-5D1361D7089E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{92A25976-1FC4-45D3-A869-F0DCE87D4CD1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{97613CBE-0DA2-46E7-83D1-9098D5CA8596}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{9908A41D-3009-49BA-BDC2-6A5312EA8FF9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{9955BA29-CB63-40C2-B679-A938E3C55B93}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |

"{9B0ABAB5-D7D8-4D9A-B848-4A074CC7C529}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |

"{9BABE25B-F87B-46A8-BC70-DA3334CF97F3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{9E24288C-1D9D-4F02-A73E-9D41C3ABE333}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |

"{9E7AA8B3-C13A-46D1-9887-3528B373A7A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{A8DDDED4-B2AE-44F9-A310-B4163468493C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{AA1EF786-42D3-49F3-AAD0-D7FC01BE0961}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{B3ADC66D-4DD3-4819-BFA6-6D8CE2955902}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |

"{B649E8BE-F24C-46DC-BF1D-20814E8C2ED0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |

"{BB9FE636-16E2-4A43-8BBA-98D1FF718010}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{BC9017EC-1FB9-4E09-94A8-11D4519E0F7A}" = protocol=6 | dir=out | app=system |

"{C8497D43-8767-4A87-A7C8-E19A4B97119F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{CA4CC334-3D46-4EA3-B5B7-8F0F6AD74EB4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{CB9C6D90-D9EB-489C-A78A-EFF9DE478B2E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{CF28DA4A-6134-45C8-9A9F-DA6DEBE3554A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |

"{D39D55FA-FC92-4C80-A26F-BF589ECF9F2F}" = protocol=17 | dir=in | app=c:\users\ronald glickman\appdata\roaming\dropbox\bin\dropbox.exe |

"{D511EC04-2CFD-41C7-BC6D-0165AACBBEAA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |

"{D77C12A1-E061-4AA0-9D69-8110B605A2CE}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |

"{DCD76BF4-7444-48F5-9A7D-A45DC61E197B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{E0A8FF3F-F8AE-4146-90CC-9D1C060D7440}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |

"{E50871C5-DBCD-4AE8-A71E-97301256BEDD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |

"{E6B0EF51-00A0-4BC8-8249-D6D366A96D6E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{EA5EC2EB-9C6E-4F6F-84BF-99F344A04769}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |

"{EE33A347-A06F-4099-B4DF-DDB357F739FA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{F432C29E-E6D7-4358-85D5-9A8919E9EACE}" = protocol=6 | dir=in | app=c:\users\ronald glickman\appdata\roaming\dropbox\bin\dropbox.exe |

"{F83809EC-9F59-4D6D-A261-7AF8104D24E0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{FB0C720E-B78C-4B62-B879-9DF269934581}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |

"{FB11D36B-CEA1-48CC-89FB-3847AA6A6F9E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"TCP Query User{07A970E3-1499-4ECC-B5B3-E1519666159B}C:\program files (x86)\steam\steamapps\jagjmrg\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\jagjmrg\counter-strike source\hl2.exe |

"TCP Query User{08CFAFA9-5CDF-48C3-8FCE-90AF5389184C}C:\users\ronald glickman\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\ronald glickman\appdata\local\akamai\netsession_win.exe |

"TCP Query User{3086854A-DBB6-4D7C-B759-71ACB23B1A41}C:\users\ronald glickman\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\ronald glickman\appdata\local\akamai\netsession_win.exe |

"TCP Query User{4979C280-79C7-4BC2-955D-E3453B5AF0F6}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"TCP Query User{66884362-BAA2-4BE2-AFB7-0E4C512DE655}C:\program files (x86)\xchat\xchat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xchat\xchat.exe |

"TCP Query User{8E900B3B-A118-4EC8-8EE7-95F472960274}C:\nexon\combat arms\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms\engine.exe |

"UDP Query User{6D88FE9C-F007-4449-96E9-47198EB1BFF9}C:\nexon\combat arms\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms\engine.exe |

"UDP Query User{99934628-E7B8-4851-969E-3598B0CB13DF}C:\users\ronald glickman\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\ronald glickman\appdata\local\akamai\netsession_win.exe |

"UDP Query User{9B147519-7D4F-49BC-AECB-0C05307A9F41}C:\program files (x86)\xchat\xchat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xchat\xchat.exe |

"UDP Query User{BE338BA4-FAA6-44FD-BDA9-C51EA50BA903}C:\users\ronald glickman\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\ronald glickman\appdata\local\akamai\netsession_win.exe |

"UDP Query User{C9B5A671-7D32-4CE6-BDFD-F0C1D69B4E6C}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"UDP Query User{CDC57B98-02CD-4FB2-9487-D940D65D0AED}C:\program files (x86)\steam\steamapps\jagjmrg\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\jagjmrg\counter-strike source\hl2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot

"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources

"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources

"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)

"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety

"{33B98264-A889-4913-A0CA-C364A75032B3}" = ASUS Power4Gear Hybrid

"{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety

"{401C50F6-B443-43EE-8F27-A80DB19B03FD}" = Windows Live Family Safety

"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety

"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer

"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources

"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{911519EB-BD75-4B3B-BD17-BA3747C9B854}" = Windows Live Family Safety

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client

"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64

"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.8.15

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources

"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0

"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support

"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources

"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety

"AsMakeLink" = AsMakeLink

"CCleaner" = CCleaner

"HP Document Manager" = HP Document Manager 2.0

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Smart Web Printing" = HP Smart Web Printing 4.5

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 13.0

"HPOCR" = OCR Software by I.R.I.S. 13.0

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2

"Microsoft Security Client" = Microsoft Security Essentials

"Shop for HP Supplies" = Shop for HP Supplies

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"WinRAR archiver" = WinRAR 4.11 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common

"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack

"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology

"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = SonicMaster

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0C976EC5-842F-4313-B2AB-EDDBCCD3A222}" = System Requirements Lab

"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail

"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0

"{0E1FE502-7536-4155-BBC6-7BE8E465DE08}" = Firebird SQL Server - MAGIX Edition

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live

"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan

"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0

"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch

"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3

"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery

"{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger

"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail

"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java 7 Update 4

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common

"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger

"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart

"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE

"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack

"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common

"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery

"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min

"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer

"{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}" = NETGEAR WNDA3100v2 wireless USB 2.0 adapter

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax

"{4555BB9E-E715-4260-A178-E8EFD2B653E3}" = Alcor Micro USB Card Reader

"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live

"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack

"{51071D66-D034-4239-94E0-723FCA10B6FE}" = OpenOffice.org 3.4

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh

"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz

"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker

"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項

"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources

"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting

"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help

"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker

"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker

"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for NB

"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail

"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™

"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh

"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库

"{7C6A4E35-5EEE-426A-A7BF-EA95CDC54DEA}" = Music Now!

"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8BCD7AE7-F713-4D50-BAB9-7839B9386870}" = ImageShack Uploader 2.2.0

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker

"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail

"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)

"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status

"{AECA3622-E634-4A55-A696-70A511CBE06E}" = ASUS USB Charger Plus

"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader

"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX

"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker

"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp

"{DD47370C-E0F1-407F-9DB0-3FF98907F1BC}" = ASUS Music Maker

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources

"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso

"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver

"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer

"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources

"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live

"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera

"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心

"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{F992409C-9D10-4AE2-BAEB-B5409AD3785E}" = 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文)

"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"AmUStor" = Alcor Micro USB Card Reader

"Asus Vibe2.0" = AsusVibe2.0

"ASUS WebStorage" = ASUS WebStorage

"AsusScr_N5_En" = AsusScr_N5_En

"Battlelog Web Plugins" = Battlelog Web Plugins

"CleanUp!" = CleanUp!

"Combat Arms" = Combat Arms

"ENTERPRISE" = Microsoft Office Enterprise 2007

"ESN Sonar-0.70.4" = ESN Sonar

"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]

"Freemake Video Converter_is1" = Freemake Video Converter version 3.0.2

"Game Booster_is1" = Game Booster 3

"Google Chrome" = Google Chrome

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"InstallShield_{7C6A4E35-5EEE-426A-A7BF-EA95CDC54DEA}" = Music Now!

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10

"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso

"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.19

"MAGIX_MSI_mm17_silver_asus" = ASUS Music Maker

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"MoffFreeCalc_is1" = Moffsoft FreeCalc

"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)

"Mozilla Thunderbird 12.0.1 (x86 en-US)" = Mozilla Thunderbird 12.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Origin" = Origin

"PunkBusterSvc" = PunkBuster Services

"SolveigMM AVI Trimmer 2.0.1204.27" = SolveigMM AVI Trimmer

"Steam App 240" = Counter-Strike: Source

"TeamViewer 7" = TeamViewer 7

"Tipard MKV Video Converter_is1" = Tipard MKV Video Converter 6.1.12

"Virtual Magnifying Glass_is1" = Virtual Magnifying Glass v3.5

"VLC media player" = VLC media player 2.0.1

"WinLiveSuite" = Windows Live Essentials

"winscp3_is1" = WinSCP 4.3.7

"xchat" = XChat 2 (remove only)

"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate 6

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-953877884-1205063476-829431027-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Akamai" = Akamai NetSession Interface

"Dropbox" = Dropbox

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-953877884-1205063476-829431027-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Akamai" = Akamai NetSession Interface

"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 6/15/2012 10:12:41 PM | Computer Name = Jags-Awesome-PC | Source = Application Error | ID = 1000

Description = Faulting application name: Engine.exe, version: 0.0.0.0, time stamp:

0x4fd800ca Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception

code: 0xc0000005 Fault offset: 0x0a28038e Faulting process id: 0x2ac0 Faulting application

start time: 0x01cd4b645faa41af Faulting application path: C:\Nexon\Combat Arms\Engine.exe

Faulting

module path: unknown Report Id: c008437e-b758-11e1-a167-742f68b88ccc

Error - 6/16/2012 8:35:34 AM | Computer Name = Jags-Awesome-PC | Source = Application Error | ID = 1000

Description = Faulting application name: Engine.exe, version: 0.0.0.0, time stamp:

0x4fd800ca Faulting module name: nmconew.dll_unloaded, version: 0.0.0.0, time stamp:

0x4f335f47 Exception code: 0xc0000005 Fault offset: 0x21d10c2d Faulting process id:

0x1afc Faulting application start time: 0x01cd4bb8550929d0 Faulting application path:

C:\Nexon\Combat Arms\Engine.exe Faulting module path: nmconew.dll Report Id: c4304f6b-b7af-11e1-a167-742f68b88ccc

Error - 6/16/2012 11:58:25 AM | Computer Name = Jags-Awesome-PC | Source = ESENT | ID = 455

Description = Windows (916) Windows: Error -1811 occurred while opening logfile

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00039.log.

Error - 6/16/2012 11:58:25 AM | Computer Name = Jags-Awesome-PC | Source = Windows Search Service | ID = 9000

Description =

Error - 6/16/2012 11:58:25 AM | Computer Name = Jags-Awesome-PC | Source = Windows Search Service | ID = 7040

Description =

Error - 6/16/2012 11:58:25 AM | Computer Name = Jags-Awesome-PC | Source = Windows Search Service | ID = 7042

Description =

Error - 6/16/2012 11:58:25 AM | Computer Name = Jags-Awesome-PC | Source = Windows Search Service | ID = 9002

Description =

Error - 6/16/2012 11:58:25 AM | Computer Name = Jags-Awesome-PC | Source = Windows Search Service | ID = 3029

Description =

Error - 6/16/2012 11:58:26 AM | Computer Name = Jags-Awesome-PC | Source = Windows Search Service | ID = 3029

Description =

Error - 6/16/2012 11:58:26 AM | Computer Name = Jags-Awesome-PC | Source = Windows Search Service | ID = 3028

Description =

Error - 6/16/2012 11:58:26 AM | Computer Name = Jags-Awesome-PC | Source = Windows Search Service | ID = 3058

Description =

Error - 6/16/2012 11:58:26 AM | Computer Name = Jags-Awesome-PC | Source = Windows Search Service | ID = 7010

Description =

[ System Events ]

Error - 6/14/2012 6:08:29 AM | Computer Name = Jags-Awesome-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80070103: Microsoft - Other hardware - HID Non-User Input Data Filter

(KB 911895).

Error - 6/14/2012 6:20:10 AM | Computer Name = Jags-Awesome-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80070103: Microsoft - Other hardware - HID Non-User Input Data Filter

(KB 911895).

Error - 6/14/2012 6:20:25 AM | Computer Name = Jags-Awesome-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80070103: Microsoft - Other hardware - HID Non-User Input Data Filter

(KB 911895).

Error - 6/14/2012 3:24:00 PM | Computer Name = Jags-Awesome-PC | Source = Tcpip | ID = 4199

Description = The system detected an address conflict for IP address 192.168.2.6

with the system having network hardware address 68-B5-99-54-2F-04. Network operations

on this system may be disrupted as a result.

Error - 6/16/2012 9:55:38 AM | Computer Name = Jags-Awesome-PC | Source = volsnap | ID = 393252

Description = The shadow copies of volume C: were aborted because the shadow copy

storage could not grow due to a user imposed limit.

Error - 6/16/2012 11:58:26 AM | Computer Name = Jags-Awesome-PC | Source = Service Control Manager | ID = 7024

Description = The Windows Search service terminated with service-specific error

%%-1073473535.

Error - 6/16/2012 11:58:26 AM | Computer Name = Jags-Awesome-PC | Source = Service Control Manager | ID = 7031

Description = The Windows Search service terminated unexpectedly. It has done this

1 time(s). The following corrective action will be taken in 30000 milliseconds:

Restart the service.

Error - 6/16/2012 12:24:52 PM | Computer Name = Jags-Awesome-PC | Source = Service Control Manager | ID = 7000

Description = The NVIDIA Update Service Daemon service failed to start due to the

following error: %%109

Error - 6/17/2012 10:01:58 AM | Computer Name = Jags-Awesome-PC | Source = bowser | ID = 8003

Description =

Error - 6/17/2012 8:31:59 PM | Computer Name = Jags-Awesome-PC | Source = BROWSER | ID = 8032

Description =

< End of report >

Link to post
Share on other sites

Step 1

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :files
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Step 2

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

In your next reply, post the following log files:

  • OTL Fix log
  • ComboFix log

Link to post
Share on other sites

All processes killed

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

E:\RSG Downloads\cmd.bat deleted successfully.

E:\RSG Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Ronald Glickman

->Temp folder emptied: 81089898 bytes

->Temporary Internet Files folder emptied: 1244779 bytes

->Java cache emptied: 2532185 bytes

->FireFox cache emptied: 55077723 bytes

->Google Chrome cache emptied: 27887516 bytes

->Flash cache emptied: 623 bytes

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 49784 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 160.00 mb

System Restore Service not available.

OTL by OldTimer - Version 3.2.50.0 log created on 06212012_202217

Files\Folders moved on Reboot...

File\Folder C:\Users\Ronald Glickman\AppData\Local\Temp\etilqs_neQahL5ZnGzFZUG not found!

C:\Users\Ronald Glickman\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

ComboFix 12-06-21.02 - Ronald Glickman 06/21/2012 20:43:02.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8102.5935 [GMT -4:00]

Running from: c:\users\Ronald Glickman\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\wpcap.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_NPF

.

.

((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))

.

.

2012-06-21 19:07 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 19:07 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 19:07 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 19:07 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 19:07 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-21 19:07 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 19:07 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 19:07 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 19:07 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-21 15:23 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C72CF2CB-A2BC-4E6D-93DF-E4E75C196380}\mpengine.dll

2012-06-20 22:20 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-19 16:31 . 2012-06-19 22:24 -------- d-----w- c:\program files (x86)\Common Files\Steam

2012-06-19 16:31 . 2012-06-21 19:43 -------- d-----w- c:\program files (x86)\Steam

2012-06-16 22:16 . 2012-06-16 22:16 -------- d-----w- c:\users\Ronald Glickman\AppData\Roaming\MAGIX

2012-06-16 16:24 . 2012-06-16 16:24 -------- d-----w- c:\windows\SysWow64\RTCOM

2012-06-16 12:06 . 2012-06-16 12:06 -------- d-----w- c:\programdata\Nexon

2012-06-16 12:02 . 2012-06-16 12:02 -------- d-----w- C:\Nexon

2012-06-14 10:07 . 2012-06-14 10:07 -------- d-----w- c:\program files\Microsoft IntelliPoint

2012-06-13 18:46 . 2012-06-13 18:56 -------- d-----w- c:\program files (x86)\Razer

2012-06-13 18:46 . 2012-06-13 18:46 -------- d-----w- c:\users\Ronald Glickman\AppData\Local\Razer

2012-06-13 18:46 . 2012-06-13 18:46 -------- d-----w- c:\programdata\Razer

2012-06-13 10:17 . 2011-12-12 21:42 1256192 ----a-w- c:\windows\system32\drivers\bcmwlhigh664.sys

2012-06-13 10:17 . 2011-04-19 21:52 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll

2012-06-13 10:17 . 2011-04-19 21:31 3900928 ----a-w- c:\windows\system32\bcmihvsrv64.dll

2012-06-13 10:17 . 2011-04-19 21:31 3566592 ----a-w- c:\windows\system32\bcmihvui64.dll

2012-06-13 10:17 . 2010-06-09 17:11 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll

2012-06-13 10:17 . 2010-02-03 15:20 47632 ----a-w- c:\windows\system32\drivers\npf.sys

2012-06-13 10:17 . 2011-07-22 14:33 25056 ----a-w- c:\windows\system32\drivers\SCMNdisP.sys

2012-06-13 10:17 . 2012-06-13 10:17 -------- d-----w- c:\program files (x86)\NETGEAR

2012-06-12 18:42 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-06-12 17:12 . 2012-06-12 17:12 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins

2012-06-12 17:03 . 2012-06-12 17:03 -------- d-----w- c:\programdata\EA Core

2012-06-12 17:03 . 2012-06-13 17:40 -------- d-----w- c:\programdata\EA Logs

2012-06-12 16:35 . 2007-10-12 19:14 2006552 ----a-w- c:\windows\system32\D3DCompiler_36.dll

2012-06-12 16:17 . 2012-05-31 20:38 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-06-12 16:17 . 2012-05-31 20:38 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C5DD60F6-F67B-4B8C-AF21-C5E783A93374}\gapaengine.dll

2012-06-12 14:59 . 2012-06-12 15:00 -------- d-----w- c:\users\Ronald Glickman\AppData\Roaming\Origin

2012-06-12 14:59 . 2012-06-12 14:59 -------- d-----w- c:\users\Ronald Glickman\AppData\Local\Origin

2012-06-12 14:58 . 2012-06-12 17:03 -------- d-----w- c:\programdata\Electronic Arts

2012-06-12 14:58 . 2012-06-12 16:11 -------- d-----w- c:\program files (x86)\Origin Games

2012-06-12 14:58 . 2012-06-12 15:00 -------- d-----w- c:\program files (x86)\Origin

2012-06-12 14:44 . 2012-06-12 17:03 -------- d-----w- c:\programdata\Origin

2012-06-11 21:51 . 2012-06-11 21:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-06-11 21:51 . 2012-06-11 21:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-06-11 21:51 . 2012-06-11 21:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-06-11 21:51 . 2012-06-11 21:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-06-11 21:51 . 2012-06-11 21:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-06-11 21:51 . 2012-06-11 21:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-06-11 21:51 . 2012-06-11 21:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-06-11 21:50 . 2012-06-11 21:51 -------- d-----w- c:\program files (x86)\QuickTime

2012-06-11 13:34 . 2012-06-11 13:34 -------- d-----w- c:\users\Ronald Glickman\AppData\Roaming\OpenOffice.org

2012-06-11 13:22 . 2012-06-11 13:22 -------- d-----w- c:\program files\CCleaner

2012-06-11 11:15 . 2012-06-11 11:15 -------- d-----w- c:\programdata\IObit

2012-06-11 11:15 . 2012-06-11 11:15 -------- d-----w- c:\program files (x86)\IObit

2012-06-10 15:52 . 2012-06-10 15:52 -------- d-----w- c:\programdata\McAfee

2012-06-10 15:52 . 2012-06-16 22:26 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-10 15:52 . 2012-06-16 22:26 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-10 15:21 . 2012-06-10 15:21 -------- d-----w- c:\users\Ronald Glickman\AppData\Local\Tipard Studio

2012-06-10 15:19 . 2012-06-10 15:19 -------- d-----w- c:\programdata\Tipard MKV Video Converter

2012-06-10 15:19 . 2012-06-10 15:19 -------- d-----w- c:\program files (x86)\Tipard Studio

2012-06-10 12:55 . 2012-06-10 12:55 -------- d-----w- c:\users\Ronald Glickman\AppData\Local\Macromedia

2012-06-08 14:16 . 2012-06-08 14:16 -------- d-----w- c:\program files (x86)\Virtual Magnifying Glass

2012-06-07 21:19 . 2012-06-18 03:01 -------- d-----w- c:\users\Ronald Glickman\AppData\Roaming\JPEGsnoop

2012-06-06 13:08 . 2012-06-06 13:08 -------- d-----w- c:\users\Ronald Glickman\AppData\Local\TouchStoneSoftware

2012-06-04 23:37 . 2011-05-28 04:29 67176 ----a-w- c:\windows\system32\OpenCL.dll

2012-06-04 23:37 . 2011-05-28 04:29 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-06-04 21:59 . 2012-03-11 06:17 121344 ----a-w- c:\windows\system32\IntelOpenCL64.dll

2012-06-04 21:59 . 2012-03-11 06:09 86528 ----a-w- c:\windows\SysWow64\IntelOpenCL32.dll

2012-06-04 19:14 . 2012-06-21 00:03 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-06-04 19:13 . 2012-06-12 17:13 -------- d-----w- c:\users\Ronald Glickman\AppData\Local\PunkBuster

2012-06-04 18:59 . 2012-06-04 18:59 -------- d-----w- c:\program files (x86)\EA Games

2012-06-04 13:25 . 2012-06-04 13:25 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-06-04 13:24 . 2012-06-04 13:24 -------- d-----w- c:\program files (x86)\Oracle

2012-06-04 12:55 . 2012-06-08 11:26 -------- d-----w- c:\program files (x86)\SystemRequirementsLab

2012-06-04 12:55 . 2012-06-08 11:26 -------- d-----w- c:\users\Ronald Glickman\AppData\Roaming\SystemRequirementsLab

2012-06-03 23:27 . 2012-06-03 23:27 -------- d-----w- c:\program files (x86)\ImageShack Uploader

2012-06-03 18:54 . 2011-11-08 14:18 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll

2012-06-03 18:54 . 2011-11-08 14:18 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll

2012-06-03 18:54 . 2009-12-05 23:42 85504 ----a-w- c:\windows\SysWow64\ff_vfw.dll

2012-06-03 18:54 . 2012-06-03 18:54 -------- d-----w- c:\program files (x86)\ffdshow

2012-06-03 18:45 . 2012-06-21 23:14 -------- d-----w- c:\users\Ronald Glickman\AppData\Roaming\vlc

2012-06-03 18:44 . 2012-06-03 18:44 -------- d-----w- c:\program files (x86)\VideoLAN

2012-06-03 15:21 . 2011-09-16 15:28 210432 ----a-w- c:\program files\Windows Sidebar\Shared Gadgets\InstantOn.gadget\InstantOnCOM.dll

2012-06-03 15:21 . 2012-06-03 15:21 -------- d-----w- c:\program files (x86)\Common Files\InstantOn

2012-06-03 04:31 . 2012-05-15 10:48 249152 ----a-w- c:\windows\system32\drivers\nvkflt.sys

2012-06-03 04:31 . 2012-05-15 10:48 1738048 ----a-w- c:\windows\system32\nvdispco64.dll

2012-06-03 04:31 . 2012-05-15 10:48 1468224 ----a-w- c:\windows\system32\nvgenco64.dll

2012-06-03 04:30 . 2012-06-03 04:30 -------- d-----w- C:\NVIDIA

2012-06-02 06:40 . 2012-06-08 21:59 -------- d-----w- c:\users\Ronald Glickman\AppData\Roaming\X-Chat 2

2012-06-02 06:40 . 2012-06-02 06:40 -------- d-----w- c:\program files (x86)\xchat

2012-06-01 23:32 . 2012-06-01 23:32 -------- d-----w- c:\program files (x86)\Moffsoft FreeCalc

2012-06-01 15:44 . 2010-10-01 04:16 13312 ----a-w- c:\windows\system32\drivers\VKbms.sys

2012-06-01 15:44 . 2010-09-30 00:45 6656 ----a-w- c:\windows\system32\drivers\hidkmdf.sys

2012-06-01 13:00 . 2012-06-01 13:00 -------- d-----w- c:\program files (x86)\CleanUp!

2012-05-31 23:34 . 2012-05-31 23:34 -------- d-----w- c:\users\Ronald Glickman\AppData\Local\Akamai

2012-05-31 23:01 . 2012-05-31 23:01 -------- d-----w- c:\users\Ronald Glickman\AppData\Local\Diagnostics

2012-05-31 22:13 . 2012-05-31 22:13 -------- d-----w- c:\programdata\WEBREG

2012-05-31 22:10 . 2012-06-07 23:46 -------- d-----w- c:\users\Ronald Glickman\AppData\Roaming\HP

2012-05-31 22:10 . 2012-05-31 22:10 -------- d-----w- c:\users\Ronald Glickman\AppData\Local\HP

2012-05-31 22:09 . 2009-06-09 05:48 249856 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfpp092.dll

2012-05-31 22:08 . 2012-05-31 22:08 -------- d-----w- c:\users\Ronald Glickman\AppData\Roaming\Yahoo!

2012-05-31 22:08 . 2012-06-10 12:35 -------- d-----w- c:\program files (x86)\Yahoo!

2012-05-31 22:06 . 2012-05-31 22:06 -------- d-----w- c:\programdata\HP Product Assistant

2012-05-31 22:06 . 2012-05-31 22:06 -------- d-----w- c:\windows\SysWow64\spool

2012-05-31 22:04 . 2012-05-31 22:04 -------- d-----w- c:\program files (x86)\Common Files\HP

2012-05-31 22:04 . 2012-05-31 22:04 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard

2012-05-31 22:04 . 2012-05-31 22:04 -------- d-----w- c:\windows\hpoj4500g510n-z

2012-05-31 22:03 . 2009-05-26 17:32 902656 ----a-w- c:\windows\system32\hpwwiax9.dll

2012-05-31 22:03 . 2009-05-26 17:32 742912 ----a-w- c:\windows\system32\hpwtscl5.dll

2012-05-31 22:03 . 2009-05-26 17:32 503296 ----a-w- c:\windows\system32\hpwvst01.dll

2012-05-31 22:03 . 2009-05-18 21:51 551424 ----a-w- c:\windows\system32\hppldcoi.dll

2012-05-31 22:03 . 2009-05-21 13:14 642360 ----a-w- c:\windows\system32\hpzids40.dll

2012-05-31 22:03 . 2009-06-09 05:48 136704 ----a-w- c:\windows\system32\hpf3l092.dll

2012-05-31 22:02 . 2012-05-31 22:07 -------- d-----w- c:\program files (x86)\HP

2012-05-31 22:00 . 2012-05-31 22:11 -------- d-----w- c:\programdata\HP

2012-05-31 21:54 . 2012-05-31 21:54 -------- d-----w- c:\users\Ronald Glickman\AppData\Roaming\FLEXnet

2012-05-31 20:38 . 2012-01-31 12:44 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-05-31 20:38 . 2012-05-31 20:38 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-05-31 20:37 . 2012-05-31 20:38 -------- d-----w- c:\program files\Microsoft Security Client

2012-05-31 18:42 . 2012-06-09 13:36 -------- d-----w- c:\users\Ronald Glickman\AppData\Roaming\TeamViewer

2012-05-31 13:29 . 2012-05-31 13:29 -------- d-----w- c:\programdata\ASUS

2012-05-31 12:40 . 2012-05-31 12:41 -------- d-----w- c:\users\Ronald Glickman\AppData\Roaming\Apple Computer

2012-05-31 12:40 . 2012-05-31 12:40 -------- d-----w- c:\users\Ronald Glickman\AppData\Local\Apple Computer

2012-05-31 12:40 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-05-31 12:39 . 2012-05-31 12:39 -------- d-----w- c:\programdata\Apple

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-22 00:58 . 2011-09-11 17:24 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe

2012-05-15 21:59 . 2010-06-24 18:33 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-05-15 10:48 . 2011-09-11 17:06 949056 ----a-w- c:\windows\system32\nvumdshimx.dll

2012-05-15 10:48 . 2011-09-11 17:06 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2012-05-15 10:48 . 2011-09-11 17:06 246592 ----a-w- c:\windows\system32\nvinitx.dll

2012-05-15 10:48 . 2011-09-11 17:06 202048 ----a-w- c:\windows\SysWow64\nvinit.dll

2012-05-15 10:48 . 2011-09-11 17:06 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-05-15 10:48 . 2011-09-11 17:06 2741568 ----a-w- c:\windows\system32\nvapi64.dll

2012-05-15 10:48 . 2011-09-11 17:06 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-05-15 09:29 . 2011-05-27 13:38 889664 ----a-w- c:\windows\system32\nvvsvc.exe

2012-05-15 09:29 . 2011-05-27 13:38 858944 ----a-w- c:\windows\system32\nv3dappshext.dll

2012-05-15 09:29 . 2011-05-27 16:38 63296 ----a-w- c:\windows\system32\nvshext.dll

2012-05-15 09:29 . 2011-05-27 13:38 55616 ----a-w- c:\windows\system32\nv3dappshextr.dll

2012-05-15 09:29 . 2011-05-27 13:38 2561856 ----a-w- c:\windows\system32\nvsvcr.dll

2012-05-15 09:29 . 2011-05-27 13:38 118080 ----a-w- c:\windows\system32\nvmctray.dll

2012-05-15 09:29 . 2011-05-27 16:38 2621723 ----a-w- c:\windows\system32\nvcoproc.bin

2012-05-15 09:29 . 2011-05-27 13:38 3149632 ----a-w- c:\windows\system32\nvsvc64.dll

2012-05-15 09:28 . 2011-05-27 13:38 6151488 ----a-w- c:\windows\system32\nvcpl.dll

2012-05-15 06:21 . 2012-05-15 06:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-05-15 02:50 . 2012-05-15 02:50 20992 ----a-w- c:\windows\system32\drivers\rzvkeyboard.sys

2012-05-15 02:50 . 2012-05-15 02:50 94208 ----a-w- c:\windows\system32\drivers\rzudd.sys

2012-05-15 02:36 . 2012-05-15 02:36 142848 ----a-w- c:\windows\SysWow64\rztouchdll.dll

2012-05-15 02:36 . 2012-05-15 02:36 354816 ----a-w- c:\windows\SysWow64\rzdevicedll.dll

2012-05-15 02:36 . 2012-05-15 02:36 165888 ----a-w- c:\windows\SysWow64\rzaudiodll.dll

2012-05-08 02:46 . 2012-05-08 02:46 7168 ----a-w- c:\windows\system32\drivers\rzkbdhid.sys

2012-05-08 02:46 . 2012-05-08 02:46 26112 ----a-w- c:\windows\system32\drivers\rzdaendpt.sys

2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2012-04-04 22:47 . 2012-05-15 22:15 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-04-04 22:47 . 2012-05-15 22:15 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-04-04 19:56 . 2012-05-15 22:19 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-30 11:35 . 2012-05-16 22:10 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Ronald Glickman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Ronald Glickman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Ronald Glickman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]

"Akamai NetSession Interface"="c:\users\Ronald Glickman\AppData\Local\Akamai\netsession_win.exe" [2012-05-08 3331872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-02 2018032]

"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]

"SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-10 984400]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"RemoteControl10"="c:\program files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-11-12 75048]

"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-11-24 222504]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2012-05-01 1895424]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2012-05-29 313768]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-2 549040]

FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2012-5-31 12862]

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

NETGEAR WNDA3100v2 Genie.lnk - c:\program files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2012-6-13 8453376]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/09/11 10:30;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-12 241648]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 135664]

R2 WSWNDA3100v2;WSWNDA3100v2;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2011-12-14 303360]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 257224]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]

R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [x]

R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-20 276248]

R3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\Drivers\CYUSB.sys [x]

R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [x]

R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 135664]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

R3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files (x86)\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]

S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]

S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\Common Files\InstantOn\InsOnSrv.exe [2011-09-08 92800]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]

S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-01-14 1839616]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]

S2 Splashtop MDES;Splashtop Meta Data Export Service;c:\asus.sys\SIONExportService.exe [2011-05-10 338208]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]

S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [x]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 rzdaendpt;%rzdaendpt.SvcDesc%;c:\windows\system32\DRIVERS\rzdaendpt.sys [x]

S3 rzudd;Razer Keyboard Driver;c:\windows\system32\DRIVERS\rzudd.sys [x]

S3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\DRIVERS\rzvkeyboard.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - CLKMDRV10_38F51D56

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 22:26]

.

2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36]

.

2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Ronald Glickman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Ronald Glickman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Ronald Glickman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Ronald Glickman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]

"combofix"="c:\combofix\CF19788.3XE" [2010-11-20 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;<local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Ronald Glickman\AppData\Roaming\Mozilla\Firefox\Profiles\k2hn4jp8.default\

FF - prefs.js: browser.startup.homepage - hxxp://combatarms.nexon.net/|http://battlelog.battlefield.com/bf3/gate/|http://forums.thecbl.net/ucp.php?mode=login|http://yellowsnowarmy.com/

FF - user.js: extensions.autoDisableScopes - 14

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Common Files\InstantOn\InsOnWMI.exe

c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe

c:\program files (x86)\ASUS\Splendid\ACMON.exe

c:\windows\SysWOW64\ACEngSvr.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

.

**************************************************************************

.

Completion time: 2012-06-21 21:00:59 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-22 01:00

.

Pre-Run: 384,356,057,088 bytes free

Post-Run: 383,717,744,640 bytes free

.

- - End Of File - - CBDFF4F2DFED2A4040F76D22AAEE2198

Link to post
Share on other sites

I ran the otl fix and the combofix last night and they were posted already. I just got that same ip block message for the same ip this morning

2012/06/22 06:39:31 -0400 JAGS-AWESOME-PC Ronald Glickman MESSAGE Starting protection

2012/06/22 06:39:33 -0400 JAGS-AWESOME-PC Ronald Glickman MESSAGE Protection started successfully

2012/06/22 06:39:36 -0400 JAGS-AWESOME-PC Ronald Glickman MESSAGE Starting IP protection

2012/06/22 06:39:37 -0400 JAGS-AWESOME-PC Ronald Glickman MESSAGE IP Protection started successfully

2012/06/22 06:40:24 -0400 JAGS-AWESOME-PC Ronald Glickman IP-BLOCK 74.208.30.205 (Type: outgoing, Port: 49332, Process: chrome.exe)

2012/06/22 06:41:13 -0400 JAGS-AWESOME-PC Ronald Glickman IP-BLOCK 74.208.30.205 (Type: outgoing, Port: 49339, Process: chrome.exe)

2012/06/22 06:47:41 -0400 JAGS-AWESOME-PC Ronald Glickman IP-BLOCK 74.208.30.205 (Type: outgoing, Port: 49447, Process: chrome.exe)

2012/06/22 06:48:29 -0400 JAGS-AWESOME-PC Ronald Glickman IP-BLOCK 74.208.30.205 (Type: outgoing, Port: 49458, Process: chrome.exe)

Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Thanks!

Step 1

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Step 2

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • aswMBR log
  • Kaspersky AVP log

Link to post
Share on other sites

Kaspersky AVP log was nothing there. I clicked on the Detected Threats buttons as you instructed and the Save button was greyed out, not allowing me to save anything because it didn't detect anything.

aswMBR.log is as follows.....

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-06-22 11:20:55

-----------------------------

11:20:55.560 OS Version: Windows x64 6.1.7601 Service Pack 1

11:20:55.560 Number of processors: 8 586 0x2A07

11:20:55.560 ComputerName: JAGS-AWESOME-PC UserName: Ronald Glickman

11:20:59.726 Initialize success

11:21:35.631 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

11:21:35.631 Disk 0 Vendor: ST950042 0002 Size: 476940MB BusType: 3

11:21:35.631 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2

11:21:35.631 Disk 1 Vendor: ST950042 0002 Size: 476940MB BusType: 3

11:21:35.647 Disk 0 MBR read successfully

11:21:35.662 Disk 0 MBR scan

11:21:35.662 Disk 0 Windows 7 default MBR code

11:21:35.662 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048

11:21:35.678 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 451337 MB offset 52430848

11:21:35.693 Disk 0 scanning C:\Windows\system32\drivers

11:21:41.731 Service scanning

11:21:54.179 Modules scanning

11:21:54.179 Disk 0 trace - called modules:

11:21:54.273 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll

11:21:54.273 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008126790]

11:21:54.601 3 CLASSPNP.SYS[fffff88001dbb43f] -> nt!IofCallDriver -> [0xfffffa8007bc9550]

11:21:54.601 5 ACPI.sys[fffff88000f427a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007bd0050]

11:21:54.601 Scan finished successfully

11:22:07.845 Disk 0 MBR has been saved successfully to "C:\Users\Ronald Glickman\Desktop\MBR.dat"

11:22:07.892 The log file has been saved successfully to "C:\Users\Ronald Glickman\Desktop\aswMBR.txt"

Link to post
Share on other sites

That's good!

Step 1

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Step 2

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

In your next reply, post the following log files:

  • MiniToolBox log
  • Farbar Service Scanner log

Link to post
Share on other sites

MiniToolBox by Farbar Version: 09-06-2012

Ran by Ronald Glickman (administrator) on 22-06-2012 at 11:30:02

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.

No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection (Connected)

Atheros AR9002WB-1NG Wireless Network Adapter = Wireless Network Connection (Media disconnected)

Bluetooth Device (Personal Area Network) = Bluetooth Network Connection 2 (Media disconnected)

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

reset

set global

popd

# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : Jags-Awesome-PC

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Bluetooth Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #2

Physical Address. . . . . . . . . : 74-2F-68-B8-8C-CC

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)

Physical Address. . . . . . . . . : 14-DA-E9-66-23-F1

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::6511:f4b0:8d4c:6b6f%14(Preferred)

IPv4 Address. . . . . . . . . . . : 192.168.2.9(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Lease Obtained. . . . . . . . . . : Friday, June 22, 2012 8:14:14 AM

Lease Expires . . . . . . . . . . : Saturday, June 23, 2012 8:14:14 AM

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DHCPv6 IAID . . . . . . . . . . . : 387242729

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-FE-A1-03-74-2F-68-B9-58-7D

DNS Servers . . . . . . . . . . . : 192.168.2.1

NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Atheros AR9002WB-1NG Wireless Network Adapter

Physical Address. . . . . . . . . : 74-2F-68-B9-58-7D

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{1BC833C7-962F-4E56-A43D-9DE390C45F72}:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft ISATAP Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:245e:3c28:b4ba:2f4d(Preferred)

Link-local IPv6 Address . . . . . : fe80::245e:3c28:b4ba:2f4d%18(Preferred)

Default Gateway . . . . . . . . . : ::

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: UnKnown

Address: 192.168.2.1

Name: google.com

Addresses: 2607:f8b0:4006:801::1000

74.125.226.206

74.125.226.201

74.125.226.197

74.125.226.198

74.125.226.194

74.125.226.196

74.125.226.199

74.125.226.193

74.125.226.200

74.125.226.192

74.125.226.195

Pinging google.com [173.194.43.8] with 32 bytes of data:

Reply from 173.194.43.8: bytes=32 time=38ms TTL=54

Reply from 173.194.43.8: bytes=32 time=40ms TTL=54

Ping statistics for 173.194.43.8:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 38ms, Maximum = 40ms, Average = 39ms

Server: UnKnown

Address: 192.168.2.1

Name: yahoo.com

Addresses: 98.139.183.24

209.191.122.70

72.30.38.140

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=301ms TTL=50

Reply from 98.139.183.24: bytes=32 time=287ms TTL=50

Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 287ms, Maximum = 301ms, Average = 294ms

Server: UnKnown

Address: 192.168.2.1

Name: bleepingcomputer.com

Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time=2ms TTL=128

Reply from 127.0.0.1: bytes=32 time=1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 1ms, Maximum = 2ms, Average = 1ms

===========================================================================

Interface List

17...74 2f 68 b8 8c cc ......Bluetooth Device (Personal Area Network) #2

14...14 da e9 66 23 f1 ......Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)

11...74 2f 68 b9 58 7d ......Atheros AR9002WB-1NG Wireless Network Adapter

1...........................Software Loopback Interface 1

20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter

18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

===========================================================================

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.9 20

127.0.0.0 255.0.0.0 On-link 127.0.0.1 306

127.0.0.1 255.255.255.255 On-link 127.0.0.1 306

127.255.255.255 255.255.255.255 On-link 127.0.0.1 306

192.168.2.0 255.255.255.0 On-link 192.168.2.9 276

192.168.2.9 255.255.255.255 On-link 192.168.2.9 276

192.168.2.255 255.255.255.255 On-link 192.168.2.9 276

224.0.0.0 240.0.0.0 On-link 127.0.0.1 306

224.0.0.0 240.0.0.0 On-link 192.168.2.9 276

255.255.255.255 255.255.255.255 On-link 127.0.0.1 306

255.255.255.255 255.255.255.255 On-link 192.168.2.9 276

===========================================================================

Persistent Routes:

None

IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination Gateway

18 58 ::/0 On-link

1 306 ::1/128 On-link

18 58 2001::/32 On-link

18 306 2001:0:4137:9e76:245e:3c28:b4ba:2f4d/128

On-link

14 276 fe80::/64 On-link

18 306 fe80::/64 On-link

18 306 fe80::245e:3c28:b4ba:2f4d/128

On-link

14 276 fe80::6511:f4b0:8d4c:6b6f/128

On-link

1 306 ff00::/8 On-link

18 306 ff00::/8 On-link

14 276 ff00::/8 On-link

===========================================================================

Persistent Routes:

None

========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)

Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)

Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)

Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)

Catalog5 10 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)

Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)

x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)

x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)

x64-Catalog5 09 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)

x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:

==================

Error: (06/22/2012 09:31:54 AM) (Source: Application Error) (User: )

Description: Faulting application name: sidebar.exe, version: 6.1.7601.17514, time stamp: 0x4ce7a1c7

Faulting module name: InstantOnCOM.dll, version: 1.0.0.1, time stamp: 0x4e72c267

Exception code: 0xc0000417

Fault offset: 0x0000000000013c68

Faulting process id: 0x1240

Faulting application start time: 0xsidebar.exe0

Faulting application path: sidebar.exe1

Faulting module path: sidebar.exe2

Report Id: sidebar.exe3

Error: (06/22/2012 09:06:49 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/22/2012 00:13:01 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 8003

Error: (06/22/2012 00:13:01 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 8003

Error: (06/22/2012 00:13:01 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/22/2012 00:13:00 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 7005

Error: (06/22/2012 00:13:00 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 7005

Error: (06/22/2012 00:13:00 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/22/2012 00:12:59 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 6006

Error: (06/22/2012 00:12:59 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 6006

System errors:

=============

Error: (06/21/2012 08:49:31 PM) (Source: Service Control Manager) (User: )

Description: The Windows Defender service terminated with the following error:

%%126

Error: (06/21/2012 08:48:31 PM) (Source: Service Control Manager) (User: )

Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/21/2012 08:48:26 PM) (Source: Service Control Manager) (User: )

Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/21/2012 08:48:01 PM) (Source: Application Popup) (User: )

Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/21/2012 08:46:11 PM) (Source: Service Control Manager) (User: )

Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/21/2012 08:41:52 PM) (Source: Service Control Manager) (User: )

Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/21/2012 08:41:52 PM) (Source: Service Control Manager) (User: )

Description: The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).

Error: (06/21/2012 08:22:17 PM) (Source: Service Control Manager) (User: )

Description: The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/20/2012 04:12:31 PM) (Source: Tcpip) (User: )

Description: The system detected an address conflict for IP address 192.168.2.5 with the system

having network hardware address 68-B5-99-54-2F-04. Network operations on this system may

be disrupted as a result.

Error: (06/19/2012 00:32:07 PM) (Source: Service Control Manager) (User: )

Description: The Steam Client Service service failed to start due to the following error:

%%1053

Microsoft Office Sessions:

=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)

??????? Windows Live Mesh ActiveX ??(????) (Version: 15.4.5722.2)

??????? Windows Live Mesh ActiveX ??? (Version: 15.4.5722.2)

4500_G510nz_Help (Version: 000.0.439.000)

4500G510nz (Version: 000.0.439.000)

4500G510nz_Software_Min (Version: 000.0.423.000)

64 Bit HP CIO Components Installer (Version: 6.2.1)

Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)

Adobe Flash Player 11 Plugin (Version: 11.3.300.257)

Adobe Reader X (10.1.3) (Version: 10.1.3)

Adobe Shockwave Player 11.6 (Version: 11.6.5.635)

Akamai NetSession Interface

Alcor Micro USB Card Reader (Version: 1.2.0117.08443)

Apple Application Support (Version: 2.1.7)

Apple Mobile Device Support (Version: 5.1.1.4)

Apple Software Update (Version: 2.1.3.127)

AsMakeLink

Asmedia ASM104x USB 3.0 Host Controller Driver (Version: 1.6.3.0)

ASUS AI Recovery (Version: 1.0.13)

ASUS FancyStart (Version: 1.1.0)

ASUS LifeFrame3 (Version: 3.0.22)

ASUS Music Maker (Version: 17.0.2.22)

ASUS Power4Gear Hybrid (Version: 1.1.45)

ASUS Splendid Video Enhancement Technology (Version: 1.02.0033)

ASUS USB Charger Plus (Version: 2.0.2)

ASUS Video Magic (Version: 6.0.4710)

ASUS Virtual Camera (Version: 1.0.21)

ASUS WebStorage (Version: 3.0.84.161)

AsusScr_N5_En (Version: 1.0.0001)

AsusVibe2.0 (Version: 2.0.10.168)

Atheros Client Installation Program (Version: 7.0)

ATK Package (Version: 1.0.0008)

Battlefield 3™ (Version: 1.0.0.0)

Battlelog Web Plugins (Version: 1.122.0)

Bing Bar (Version: 7.0.610.0)

Bluetooth Win7 Suite (64) (Version: 7.2.0.65)

Bonjour (Version: 3.0.0.10)

BufferChm (Version: 130.0.331.000)

CCleaner (Version: 3.19)

CleanUp!

Combat Arms

Counter-Strike: Source

CyberLink LabelPrint (Version: 2.5.1908)

CyberLink MediaEspresso (Version: 6.0.1123_32710)

CyberLink Power2Go (Version: 6.1.3602c)

CyberLink PowerDirector (Version: 8.0.3327)

CyberLink PowerDVD 10 (Version: 10.0.2312.52)

D3DX10 (Version: 15.4.2368.0902)

Destinations (Version: 130.0.0.0)

DeviceDiscovery (Version: 130.0.372.000)

DocMgr (Version: 130.0.000.000)

DocProc (Version: 13.0.0.0)

Dropbox (Version: 1.4.7)

ESET Online Scanner v3

ESN Sonar (Version: 0.70.4)

Fast Boot (Version: 1.0.9)

Fax (Version: 130.0.418.000)

ffdshow [rev 3154] [2009-12-09] (Version: 1.0)

Firebird SQL Server - MAGIX Edition (Version: 2.1.29.0)

Freemake Video Converter version 3.0.2 (Version: 3.0.2)

Galeria de Fotografias do Windows Live (Version: 15.4.3502.0922)

Galerie de photos Windows Live (Version: 15.4.3502.0922)

Galería fotográfica de Windows Live (Version: 15.4.3502.0922)

Game Booster 3 (Version: 3.4)

Google Chrome (Version: 19.0.1084.56)

Google Update Helper (Version: 1.3.21.111)

GPBaseService2 (Version: 130.0.371.000)

HP Customer Participation Program 13.0 (Version: 13.0)

HP Document Manager 2.0 (Version: 2.0)

HP Imaging Device Functions 13.0 (Version: 13.0)

HP Officejet 4500 G510n-z (Version: 13.0)

HP Smart Web Printing 4.5 (Version: 4.5)

HP Solution Center 13.0 (Version: 13.0)

HP Update (Version: 4.000.011.006)

HPProductAssistant (Version: 130.0.371.000)

HPSSupply (Version: 130.0.371.000)

ImageShack Uploader 2.2.0 (Version: 2.2.0)

InstantOn for NB (Version: 2.1.5)

Intel® Control Center (Version: 1.2.1.1007)

Intel® Management Engine Components (Version: 7.0.0.1118)

Intel® OpenCL CPU Runtime

Intel® Processor Graphics (Version: 8.15.10.2696)

Intel® Turbo Boost Technology Monitor 2.0 (Version: 2.1.23.0)

iTunes (Version: 10.6.1.7)

Java Auto Updater (Version: 2.1.6.0)

Java 7 Update 4 (Version: 7.0.40)

JavaFX 2.1.0 (Version: 2.1.0)

Junk Mail filter update (Version: 15.4.3502.0922)

KeePass Password Safe 2.19

Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)

MarketResearch (Version: 130.0.374.000)

Mesh Runtime (Version: 15.4.5722.2)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)

Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)

Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)

Microsoft Security Client (Version: 4.0.1526.0)

Microsoft Security Essentials (Version: 4.0.1526.0)

Microsoft Silverlight (Version: 4.1.10329.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

Moffsoft FreeCalc (Version: 1.1)

Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)

Mozilla Maintenance Service (Version: 12.0)

Mozilla Thunderbird 12.0.1 (x86 en-US) (Version: 12.0.1)

MSVCRT (Version: 15.4.2862.0708)

MSVCRT_amd64 (Version: 15.4.2862.0708)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

Music Now! (Version: 1.0.5.0)

NETGEAR WNDA3100v2 wireless USB 2.0 adapter (Version: 1.03.000)

Network64 (Version: 130.0.374.000)

Network64 (Version: 140.0.221.000)

Nexon Game Manager

Nuance PDF Reader (Version: 6.00.0041)

NVIDIA 3D Vision Driver 301.42 (Version: 301.42)

NVIDIA Control Panel 301.42 (Version: 301.42)

NVIDIA Graphics Driver 301.42 (Version: 301.42)

NVIDIA HD Audio Driver 1.3.16.0 (Version: 1.3.16.0)

NVIDIA Install Application (Version: 2.1002.75.420)

NVIDIA Optimus 1.8.15 (Version: 1.8.15)

NVIDIA PhysX (Version: 9.12.0213)

NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)

NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.0142)

NVIDIA Update 1.8.15 (Version: 1.8.15)

NVIDIA Update Components (Version: 1.8.15)

OCR Software by I.R.I.S. 13.0 (Version: 13.0)

OpenOffice.org 3.4 (Version: 3.4.9590)

Origin (Version: 8.6.0.357)

PunkBuster Services (Version: 0.991)

QuickTime (Version: 7.72.80.56)

Razer Synapse 2.0 (Version: 1.2.16)

Realtek High Definition Audio Driver (Version: 6.0.1.6438)

Scan (Version: 13.0.0.0)

Shop for HP Supplies (Version: 13.0)

SmartWebPrinting (Version: 130.0.373.000)

SolutionCenter (Version: 130.0.373.000)

SolveigMM AVI Trimmer (Version: 2.0.1204.27)

SonicMaster (Version: 1.0.0.4)

Status (Version: 130.0.373.000)

Steam (Version: 1.0.0.0)

swMSM (Version: 12.0.0.1)

Synaptics Pointing Device Driver (Version: 15.3.6.0)

syncables desktop SE (Version: 5.5.746.11492)

System Requirements Lab (Version: 4.5.1.0)

System Requirements Lab CYRI (Version: 4.5.1.0)

System Requirements Lab for Intel (Version: 4.5.5.0)

TeamSpeak 3 Client (Version: 3.0.7)

TeamViewer 7 (Version: 7.0.12979)

Tipard MKV Video Converter 6.1.12

Toolbox (Version: 130.0.648.000)

TrayApp (Version: 130.0.376.000)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Virtual Magnifying Glass v3.5

Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)

VLC media player 2.0.1 (Version: 2.0.1)

WebReg (Version: 130.0.132.017)

Windows Live ??? (Version: 15.4.3502.0922)

Windows Live ???? (Version: 15.4.3502.0922)

Windows Live Communications Platform (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3502.0922)

Windows Live Essentials (Version: 15.4.3508.1109)

Windows Live Family Safety (Version: 15.4.3502.0922)

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)

Windows Live Installer (Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3508.1109)

Windows Live Mail (Version: 15.4.3502.0922)

Windows Live Mesh (Version: 15.4.3502.0922)

Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)

Windows Live Messenger (Version: 15.4.3502.0922)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (Version: 15.4.3502.0922)

Windows Live Photo Common (Version: 15.4.3502.0922)

Windows Live Photo Gallery (Version: 15.4.3502.0922)

Windows Live PIMT Platform (Version: 15.4.3508.1109)

Windows Live Remote Client (Version: 15.4.5722.2)

Windows Live Remote Client Resources (Version: 15.4.5722.2)

Windows Live Remote Service (Version: 15.4.5722.2)

Windows Live Remote Service Resources (Version: 15.4.5722.2)

Windows Live SOXE (Version: 15.4.3502.0922)

Windows Live SOXE Definitions (Version: 15.4.3502.0922)

Windows Live UX Platform (Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)

Windows Live Writer (Version: 15.4.3502.0922)

Windows Live Writer Resources (Version: 15.4.3502.0922)

WinFlash (Version: 2.31.1)

WinRAR 4.11 (64-bit) (Version: 4.11.0)

WinSCP 4.3.7 (Version: 4.3.7)

XChat 2 (remove only)

Xilisoft Video Converter Ultimate 6 (Version: 6.0.3.0416)

========================= Devices: ================================

Name: Officejet 4500 G510n-z

Description: Officejet 4500 G510n-z

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

========================= Memory info: ===================================

Percentage of memory in use: 36%

Total physical RAM: 8102.06 MB

Available physical RAM: 5143.06 MB

Total Pagefile: 16202.31 MB

Available Pagefile: 13043.04 MB

Total Virtual: 4095.88 MB

Available Virtual: 3975.09 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:440.76 GB) (Free:356.82 GB) NTFS

2 Drive e: (DATA) (Fixed) (Total:465.75 GB) (Free:405.29 GB) NTFS

========================= Users: ========================================

User accounts for \\JAGS-AWESOME-PC

Administrator Guest Ronald Glickman

UpdatusUser

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

Farbar Service Scanner Version: 22-06-2012

Ran by Ronald Glickman (administrator) on 22-06-2012 at 11:31:16

Running from "E:\RSG Downloads"

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Link to post
Share on other sites

Download Dr.Web CureIt to the desktop.

  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow drweb_green_arrow.jpg at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    drweb_check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    drweb_move.gif
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Link to post
Share on other sites

netsession_win.exe;c:\users\ronald glickman\appdata\local\akamai;Probably DLOADER.Trojan;Incurable.Moved.; netsession_win.exe;c:\users\ronald glickman\appdata\local\akamai;Probably DLOADER.Trojan;Invalid path to file ; netsession_win.exe;C:\Documents and Settings\Ronald Glickman\AppData\Local\Akamai;Probably DLOADER.Trojan;Invalid path to file ; netsession_win.exe;C:\Documents and Settings\Ronald Glickman\AppData\Local\Application Data\Akamai;Probably DLOADER.Trojan;Invalid path to file ; netsession_win.exe;C:\Documents and Settings\Ronald Glickman\DoctorWeb\Quarantine;Probably DLOADER.Trojan;Incurable.Moved.; netsession_win.exe;C:\Users\Ronald Glickman\AppData\Local\Akamai;Probably DLOADER.Trojan;Invalid path to file ; OTL.exe;E:\RSG Downloads;Trojan.Siggen4.6108;Incurable.Moved.;

Link to post
Share on other sites

javaicon.gifUPDATE JAVA

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:

  1. Please download JavaRa to your desktop.
    • Click the Download button next to Windows Binary (.zip) Version 1.1.6. to download JavaRA and unzip it to its own folder.

[*]Run JavaRa.exe

[*]Pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts.

JavaRa1.png

[*]Open JavaRa.exe again and select Search For Updates.

[*]Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Let me know how are things then.

Link to post
Share on other sites

I just received the IP block message again from the same IP address.

2012/06/22 19:36:03 -0400 JAGS-AWESOME-PC Ronald Glickman IP-BLOCK 74.208.30.205 (Type: outgoing, Port: 56530, Process: chrome.exe)

2012/06/22 19:36:03 -0400 JAGS-AWESOME-PC Ronald Glickman IP-BLOCK 74.208.30.205 (Type: outgoing, Port: 56532, Process: chrome.exe)

Link to post
Share on other sites

ComboFix 12-06-21.03 - Ronald Glickman 06/22/2012 21:06:37.2.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8102.4619 [GMT -4:00]

Running from: e:\rsg downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Ronald Glickman\AppData\Local\Temp\0fc113bebd3c.tmp

c:\users\Ronald Glickman\AppData\Local\Temp\19d20a6fbc7a.tmp

c:\users\Ronald Glickman\AppData\Local\Temp\445fec56af0e.tmp

c:\users\Ronald Glickman\AppData\Local\Temp\5a07244160fb.tmp

c:\users\Ronald Glickman\AppData\Local\Temp\6e050972a7cc.tmp

c:\users\Ronald Glickman\AppData\Local\Temp\71c12d7a8180.tmp

c:\users\Ronald Glickman\AppData\Local\Temp\71ca0fe59f0c.tmp

c:\users\Ronald Glickman\AppData\Local\Temp\791722b78375.tmp

c:\users\Ronald Glickman\AppData\Local\Temp\ad0f0f8f62a5.tmp

c:\users\Ronald Glickman\AppData\Local\Temp\bceff7d56bff.tmp

c:\users\Ronald Glickman\AppData\Local\Temp\bed204085de1.tmp

c:\users\Ronald Glickman\AppData\Local\Temp\cb08234cf0e7.tmp

c:\users\Ronald Glickman\AppData\Local\Temp\f111f32f3afb.tmp

c:\users\Ronald Glickman\AppData\Local\Temp\f4f018b21319.tmp

c:\users\Ronald Glickman\AppData\Local\Temp\NGC1E9.tmp

c:\users\Ronald Glickman\AppData\Local\Temp\NGC939.tmp

c:\users\Ronald Glickman\AppData\Local\Temp\NGCABE.tmp

c:\users\RONALD~1\AppData\Local\Temp\0fc113bebd3c.tmp

c:\users\RONALD~1\AppData\Local\Temp\19d20a6fbc7a.tmp

c:\users\RONALD~1\AppData\Local\Temp\445fec56af0e.tmp

c:\users\RONALD~1\AppData\Local\Temp\5a07244160fb.tmp

c:\users\RONALD~1\AppData\Local\Temp\6e050972a7cc.tmp

c:\users\RONALD~1\AppData\Local\Temp\71c12d7a8180.tmp

c:\users\RONALD~1\AppData\Local\Temp\71ca0fe59f0c.tmp

c:\users\RONALD~1\AppData\Local\Temp\791722b78375.tmp

c:\users\RONALD~1\AppData\Local\Temp\ad0f0f8f62a5.tmp

c:\users\RONALD~1\AppData\Local\Temp\bceff7d56bff.tmp

c:\users\RONALD~1\AppData\Local\Temp\bed204085de1.tmp

c:\users\RONALD~1\AppData\Local\Temp\cb08234cf0e7.tmp

c:\users\RONALD~1\AppData\Local\Temp\f111f32f3afb.tmp

c:\users\RONALD~1\AppData\Local\Temp\f4f018b21319.tmp

c:\users\RONALD~1\AppData\Local\Temp\NGC1E9.tmp

c:\users\RONALD~1\AppData\Local\Temp\NGC939.tmp

c:\users\RONALD~1\AppData\Local\Temp\NGCABE.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))

.

.

2012-06-23 01:11 . 2012-06-23 01:11 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-06-23 01:11 . 2012-06-23 01:11 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-23 00:05 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{54DB061F-FB9C-4663-9424-F36FA76DE9DA}\mpengine.dll

2012-06-22 23:05 . 2012-06-22 23:05 955840 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-06-22 23:05 . 2012-06-22 23:05 839096 ----a-w- c:\windows\system32\deployJava1.dll

2012-06-22 23:05 . 2012-06-22 23:05 -------- d-----w- c:\program files\Java

2012-06-22 15:37 . 2012-06-22 15:53 -------- d-----w- c:\users\Ronald Glickman\DoctorWeb

2012-06-22 13:32 . 2012-06-22 13:32 -------- d-----w- c:\programdata\Kaspersky Lab

2012-06-22 12:25 . 2012-06-22 12:25 -------- d-----w- c:\program files (x86)\ESET

2012-06-22 01:34 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-21 19:07 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 19:07 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 19:07 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 19:07 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 19:07 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-21 19:07 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 19:07 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 19:07 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 19:07 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-19 16:31 . 2012-06-19 22:24 -------- d-----w- c:\program files (x86)\Common Files\Steam

2012-06-19 16:31 . 2012-06-22 19:56 -------- d-----w- c:\program files (x86)\Steam

2012-06-16 22:16 . 2012-06-16 22:16 -------- d-----w- c:\users\Ronald Glickman\AppData\Roaming\MAGIX

2012-06-16 16:24 . 2012-06-16 16:24 -------- d-----w- c:\windows\SysWow64\RTCOM

2012-06-16 12:06 . 2012-06-16 12:06 -------- d-----w- c:\programdata\Nexon

2012-06-16 12:02 . 2012-06-16 12:02 -------- d-----w- C:\Nexon

2012-06-14 10:07 . 2012-06-14 10:07 -------- d-----w- c:\program files\Microsoft IntelliPoint

2012-06-13 18:46 . 2012-06-13 18:56 -------- d-----w- c:\program files (x86)\Razer

2012-06-13 18:46 . 2012-06-13 18:46 -------- d-----w- c:\users\Ronald Glickman\AppData\Local\Razer

2012-06-13 18:46 . 2012-06-13 18:46 -------- d-----w- c:\programdata\Razer

2012-06-13 10:17 . 2011-12-12 21:42 1256192 ----a-w- c:\windows\system32\drivers\bcmwlhigh664.sys

2012-06-13 10:17 . 2011-04-19 21:52 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll

2012-06-13 10:17 . 2011-04-19 21:31 3900928 ----a-w- c:\windows\system32\bcmihvsrv64.dll

2012-06-13 10:17 . 2011-04-19 21:31 3566592 ----a-w- c:\windows\system32\bcmihvui64.dll

2012-06-13 10:17 . 2010-06-09 17:11 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll

2012-06-13 10:17 . 2010-02-03 15:20 47632 ----a-w- c:\windows\system32\drivers\npf.sys

2012-06-13 10:17 . 2011-07-22 14:33 25056 ----a-w- c:\windows\system32\drivers\SCMNdisP.sys

2012-06-13 10:17 . 2012-06-13 10:17 -------- d-----w- c:\program files (x86)\NETGEAR

2012-06-12 18:42 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-06-12 17:12 . 2012-06-12 17:12 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins

2012-06-12 17:03 . 2012-06-12 17:03 -------- d-----w- c:\programdata\EA Core

2012-06-12 17:03 . 2012-06-13 17:40 -------- d-----w- c:\programdata\EA Logs

2012-06-12 16:35 . 2007-10-12 19:14 2006552 ----a-w- c:\windows\system32\D3DCompiler_36.dll

2012-06-12 16:17 . 2012-05-31 20:38 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-06-12 16:17 . 2012-05-31 20:38 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C5DD60F6-F67B-4B8C-AF21-C5E783A93374}\gapaengine.dll

2012-06-12 14:59 . 2012-06-12 15:00 -------- d-----w- c:\users\Ronald Glickman\AppData\Roaming\Origin

2012-06-12 14:59 . 2012-06-12 14:59 -------- d-----w- c:\users\Ronald Glickman\AppData\Local\Origin

2012-06-12 14:58 . 2012-06-12 17:03 -------- d-----w- c:\programdata\Electronic Arts

2012-06-12 14:58 . 2012-06-12 16:11 -------- d-----w- c:\program files (x86)\Origin Games

2012-06-12 14:58 . 2012-06-12 15:00 -------- d-----w- c:\program files (x86)\Origin

2012-06-12 14:44 . 2012-06-12 17:03 -------- d-----w- c:\programdata\Origin

2012-06-11 21:51 . 2012-06-11 21:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-06-11 21:51 . 2012-06-11 21:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-06-11 21:51 . 2012-06-11 21:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-06-11 21:51 . 2012-06-11 21:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-06-11 21:51 . 2012-06-11 21:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-06-11 21:51 . 2012-06-11 21:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-06-11 21:51 . 2012-06-11 21:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-06-11 21:50 . 2012-06-11 21:51 -------- d-----w- c:\program files (x86)\QuickTime

2012-06-11 13:34 . 2012-06-11 13:34 -------- d-----w- c:\users\Ronald Glickman\AppData\Roaming\OpenOffice.org

2012-06-11 13:22 . 2012-06-11 13:22 -------- d-----w- c:\program files\CCleaner

2012-06-11 11:15 . 2012-06-11 11:15 -------- d-----w- c:\programdata\IObit

2012-06-11 11:15 . 2012-06-11 11:15 -------- d-----w- c:\program files (x86)\IObit

2012-06-10 15:52 . 2012-06-10 15:52 -------- d-----w- c:\programdata\McAfee

2012-06-10 15:52 . 2012-06-16 22:26 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-10 15:52 . 2012-06-16 22:26 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-10 15:21 . 2012-06-10 15:21 -------- d-----w- c:\users\Ronald Glickman\AppData\Local\Tipard Studio

2012-06-10 15:19 . 2012-06-10 15:19 -------- d-----w- c:\programdata\Tipard MKV Video Converter

2012-06-10 15:19 . 2012-06-10 15:19 -------- d-----w- c:\program files (x86)\Tipard Studio

2012-06-10 12:55 . 2012-06-10 12:55 -------- d-----w- c:\users\Ronald Glickman\AppData\Local\Macromedia

2012-06-08 14:16 . 2012-06-08 14:16 -------- d-----w- c:\program files (x86)\Virtual Magnifying Glass

2012-06-07 21:19 . 2012-06-18 03:01 -------- d-----w- c:\users\Ronald Glickman\AppData\Roaming\JPEGsnoop

2012-06-06 13:08 . 2012-06-06 13:08 -------- d-----w- c:\users\Ronald Glickman\AppData\Local\TouchStoneSoftware

2012-06-04 23:37 . 2011-05-28 04:29 67176 ----a-w- c:\windows\system32\OpenCL.dll

2012-06-04 23:37 . 2011-05-28 04:29 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-06-04 21:59 . 2012-03-11 06:17 121344 ----a-w- c:\windows\system32\IntelOpenCL64.dll

2012-06-04 21:59 . 2012-03-11 06:09 86528 ----a-w- c:\windows\SysWow64\IntelOpenCL32.dll

2012-06-04 19:14 . 2012-06-21 00:03 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-06-04 19:13 . 2012-06-12 17:13 -------- d-----w- c:\users\Ronald Glickman\AppData\Local\PunkBuster

2012-06-04 18:59 . 2012-06-04 18:59 -------- d-----w- c:\program files (x86)\EA Games

2012-06-04 13:25 . 2012-06-04 13:25 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-06-04 13:24 . 2012-06-04 13:24 -------- d-----w- c:\program files (x86)\Oracle

2012-06-04 12:55 . 2012-06-08 11:26 -------- d-----w- c:\program files (x86)\SystemRequirementsLab

2012-06-04 12:55 . 2012-06-08 11:26 -------- d-----w- c:\users\Ronald Glickman\AppData\Roaming\SystemRequirementsLab

2012-06-03 23:27 . 2012-06-03 23:27 -------- d-----w- c:\program files (x86)\ImageShack Uploader

2012-06-03 18:54 . 2011-11-08 14:18 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll

2012-06-03 18:54 . 2011-11-08 14:18 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll

2012-06-03 18:54 . 2009-12-05 23:42 85504 ----a-w- c:\windows\SysWow64\ff_vfw.dll

2012-06-03 18:54 . 2012-06-03 18:54 -------- d-----w- c:\program files (x86)\ffdshow

2012-06-03 18:45 . 2012-06-22 20:42 -------- d-----w- c:\users\Ronald Glickman\AppData\Roaming\vlc

2012-06-03 18:44 . 2012-06-03 18:44 -------- d-----w- c:\program files (x86)\VideoLAN

2012-06-03 15:21 . 2011-09-16 15:28 210432 ----a-w- c:\program files\Windows Sidebar\Shared Gadgets\InstantOn.gadget\InstantOnCOM.dll

2012-06-03 15:21 . 2012-06-03 15:21 -------- d-----w- c:\program files (x86)\Common Files\InstantOn

2012-06-03 04:31 . 2012-05-15 10:48 249152 ----a-w- c:\windows\system32\drivers\nvkflt.sys

2012-06-03 04:31 . 2012-05-15 10:48 1738048 ----a-w- c:\windows\system32\nvdispco64.dll

2012-06-03 04:31 . 2012-05-15 10:48 1468224 ----a-w- c:\windows\system32\nvgenco64.dll

2012-06-03 04:30 . 2012-06-03 04:30 -------- d-----w- C:\NVIDIA

2012-06-02 06:40 . 2012-06-08 21:59 -------- d-----w- c:\users\Ronald Glickman\AppData\Roaming\X-Chat 2

2012-06-02 06:40 . 2012-06-02 06:40 -------- d-----w- c:\program files (x86)\xchat

2012-06-01 23:32 . 2012-06-01 23:32 -------- d-----w- c:\program files (x86)\Moffsoft FreeCalc

2012-06-01 15:44 . 2010-10-01 04:16 13312 ----a-w- c:\windows\system32\drivers\VKbms.sys

2012-06-01 15:44 . 2010-09-30 00:45 6656 ----a-w- c:\windows\system32\drivers\hidkmdf.sys

2012-06-01 13:00 . 2012-06-01 13:00 -------- d-----w- c:\program files (x86)\CleanUp!

2012-05-31 23:34 . 2012-06-22 18:16 -------- d-----w- c:\users\Ronald Glickman\AppData\Local\Akamai

2012-05-31 23:01 . 2012-05-31 23:01 -------- d-----w- c:\users\Ronald Glickman\AppData\Local\Diagnostics

2012-05-31 22:13 . 2012-05-31 22:13 -------- d-----w- c:\programdata\WEBREG

2012-05-31 22:10 . 2012-06-07 23:46 -------- d-----w- c:\users\Ronald Glickman\AppData\Roaming\HP

2012-05-31 22:10 . 2012-05-31 22:10 -------- d-----w- c:\users\Ronald Glickman\AppData\Local\HP

2012-05-31 22:09 . 2009-06-09 05:48 249856 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfpp092.dll

2012-05-31 22:08 . 2012-05-31 22:08 -------- d-----w- c:\users\Ronald Glickman\AppData\Roaming\Yahoo!

2012-05-31 22:08 . 2012-06-10 12:35 -------- d-----w- c:\program files (x86)\Yahoo!

2012-05-31 22:06 . 2012-05-31 22:06 -------- d-----w- c:\programdata\HP Product Assistant

2012-05-31 22:06 . 2012-05-31 22:06 -------- d-----w- c:\windows\SysWow64\spool

2012-05-31 22:04 . 2012-05-31 22:04 -------- d-----w- c:\program files (x86)\Common Files\HP

2012-05-31 22:04 . 2012-05-31 22:04 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard

2012-05-31 22:04 . 2012-05-31 22:04 -------- d-----w- c:\windows\hpoj4500g510n-z

2012-05-31 22:03 . 2009-05-26 17:32 902656 ----a-w- c:\windows\system32\hpwwiax9.dll

2012-05-31 22:03 . 2009-05-26 17:32 742912 ----a-w- c:\windows\system32\hpwtscl5.dll

2012-05-31 22:03 . 2009-05-26 17:32 503296 ----a-w- c:\windows\system32\hpwvst01.dll

2012-05-31 22:03 . 2009-05-18 21:51 551424 ----a-w- c:\windows\system32\hppldcoi.dll

2012-05-31 22:03 . 2009-05-21 13:14 642360 ----a-w- c:\windows\system32\hpzids40.dll

2012-05-31 22:03 . 2009-06-09 05:48 136704 ----a-w- c:\windows\system32\hpf3l092.dll

2012-05-31 22:02 . 2012-05-31 22:07 -------- d-----w- c:\program files (x86)\HP

2012-05-31 22:00 . 2012-05-31 22:11 -------- d-----w- c:\programdata\HP

2012-05-31 21:54 . 2012-05-31 21:54 -------- d-----w- c:\users\Ronald Glickman\AppData\Roaming\FLEXnet

2012-05-31 20:38 . 2012-01-31 12:44 279656 ------w- c:\windows\system32\MpSigStub.exe

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-23 00:08 . 2011-09-11 17:24 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe

2012-05-15 21:59 . 2010-06-24 18:33 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-05-15 10:48 . 2011-09-11 17:06 949056 ----a-w- c:\windows\system32\nvumdshimx.dll

2012-05-15 10:48 . 2011-09-11 17:06 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2012-05-15 10:48 . 2011-09-11 17:06 246592 ----a-w- c:\windows\system32\nvinitx.dll

2012-05-15 10:48 . 2011-09-11 17:06 202048 ----a-w- c:\windows\SysWow64\nvinit.dll

2012-05-15 10:48 . 2011-09-11 17:06 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-05-15 10:48 . 2011-09-11 17:06 2741568 ----a-w- c:\windows\system32\nvapi64.dll

2012-05-15 10:48 . 2011-09-11 17:06 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-05-15 09:29 . 2011-05-27 13:38 889664 ----a-w- c:\windows\system32\nvvsvc.exe

2012-05-15 09:29 . 2011-05-27 13:38 858944 ----a-w- c:\windows\system32\nv3dappshext.dll

2012-05-15 09:29 . 2011-05-27 16:38 63296 ----a-w- c:\windows\system32\nvshext.dll

2012-05-15 09:29 . 2011-05-27 13:38 55616 ----a-w- c:\windows\system32\nv3dappshextr.dll

2012-05-15 09:29 . 2011-05-27 13:38 2561856 ----a-w- c:\windows\system32\nvsvcr.dll

2012-05-15 09:29 . 2011-05-27 13:38 118080 ----a-w- c:\windows\system32\nvmctray.dll

2012-05-15 09:29 . 2011-05-27 16:38 2621723 ----a-w- c:\windows\system32\nvcoproc.bin

2012-05-15 09:29 . 2011-05-27 13:38 3149632 ----a-w- c:\windows\system32\nvsvc64.dll

2012-05-15 09:28 . 2011-05-27 13:38 6151488 ----a-w- c:\windows\system32\nvcpl.dll

2012-05-15 06:21 . 2012-05-15 06:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-05-15 02:50 . 2012-05-15 02:50 20992 ----a-w- c:\windows\system32\drivers\rzvkeyboard.sys

2012-05-15 02:50 . 2012-05-15 02:50 94208 ----a-w- c:\windows\system32\drivers\rzudd.sys

2012-05-15 02:36 . 2012-05-15 02:36 142848 ----a-w- c:\windows\SysWow64\rztouchdll.dll

2012-05-15 02:36 . 2012-05-15 02:36 354816 ----a-w- c:\windows\SysWow64\rzdevicedll.dll

2012-05-15 02:36 . 2012-05-15 02:36 165888 ----a-w- c:\windows\SysWow64\rzaudiodll.dll

2012-05-08 02:46 . 2012-05-08 02:46 7168 ----a-w- c:\windows\system32\drivers\rzkbdhid.sys

2012-05-08 02:46 . 2012-05-08 02:46 26112 ----a-w- c:\windows\system32\drivers\rzdaendpt.sys

2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2012-04-04 22:47 . 2012-05-15 22:15 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-04-04 22:47 . 2012-05-15 22:15 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-04-04 19:56 . 2012-05-15 22:19 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-30 11:35 . 2012-05-16 22:10 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-06-22_00.58.32 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-02-18 20:13 . 2012-06-23 00:09 57462 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-06-23 00:09 42110 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2012-05-15 22:00 . 2012-06-23 00:09 12236 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-953877884-1205063476-829431027-1001_UserData.bin

+ 2012-06-23 00:07 . 2012-06-23 00:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-06-22 00:49 . 2012-06-22 00:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-06-22 00:49 . 2012-06-22 00:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-06-23 00:07 . 2012-06-23 00:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-06-22 23:05 . 2012-06-22 23:05 268720 c:\windows\system32\javaws.exe

+ 2012-06-22 23:05 . 2012-06-22 23:05 189360 c:\windows\system32\javaw.exe

+ 2012-06-22 23:05 . 2012-06-22 23:05 188840 c:\windows\system32\java.exe

+ 2009-07-14 05:01 . 2012-06-23 00:06 502696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-06-22 00:48 502696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-06-22 23:04 . 2012-06-22 23:04 891392 c:\windows\Installer\104132a.msi

- 2012-05-15 22:03 . 2012-06-22 00:48 9729984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-953877884-1205063476-829431027-1001-8192.dat

+ 2012-05-15 22:03 . 2012-06-23 00:06 9729984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-953877884-1205063476-829431027-1001-8192.dat

- 2012-05-15 23:49 . 2012-06-21 23:15 5492268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-953877884-1205063476-829431027-1001-12288.dat

+ 2012-05-15 23:49 . 2012-06-23 00:07 5492268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-953877884-1205063476-829431027-1001-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Ronald Glickman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Ronald Glickman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Ronald Glickman\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-02 2018032]

"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]

"SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-10 984400]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"RemoteControl10"="c:\program files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-11-12 75048]

"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-11-24 222504]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2012-05-01 1895424]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2012-05-29 313768]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-2 549040]

FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2012-5-31 12862]

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

NETGEAR WNDA3100v2 Genie.lnk - c:\program files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2012-6-13 8453376]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/09/11 10:30;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-12 241648]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 135664]

R2 WSWNDA3100v2;WSWNDA3100v2;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2011-12-14 303360]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 257224]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]

R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [x]

R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-20 276248]

R3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\Drivers\CYUSB.sys [x]

R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [x]

R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 135664]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

R3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files (x86)\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]

S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]

S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\Common Files\InstantOn\InsOnSrv.exe [2011-09-08 92800]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]

S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-01-14 1839616]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]

S2 Splashtop MDES;Splashtop Meta Data Export Service;c:\asus.sys\SIONExportService.exe [2011-05-10 338208]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]

S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [x]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]

S3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 rzdaendpt;%rzdaendpt.SvcDesc%;c:\windows\system32\DRIVERS\rzdaendpt.sys [x]

S3 rzudd;Razer Keyboard Driver;c:\windows\system32\DRIVERS\rzudd.sys [x]

S3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\DRIVERS\rzvkeyboard.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - CLKMDRV10_38F51D56

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 22:26]

.

2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36]

.

2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Ronald Glickman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Ronald Glickman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Ronald Glickman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Ronald Glickman\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]

"SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [bU]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;<local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Ronald Glickman\AppData\Roaming\Mozilla\Firefox\Profiles\k2hn4jp8.default\

FF - prefs.js: browser.startup.homepage - hxxp://combatarms.nexon.net/|http://battlelog.battlefield.com/bf3/gate/|http://forums.thecbl.net/ucp.php?mode=login|http://yellowsnowarmy.com/

FF - user.js: extensions.autoDisableScopes - 14

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-06-22 21:12:56

ComboFix-quarantined-files.txt 2012-06-23 01:12

ComboFix2.txt 2012-06-22 01:00

.

Pre-Run: 382,098,587,648 bytes free

Post-Run: 381,901,774,848 bytes free

.

- - End Of File - - 26733B94D1EF8A46D71C0A005273615D

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"=-
"Razer Synapse"=-
"KeePass 2 PreLoad"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.