Jump to content


Photo
- - - - -

You need to update your version of media player


  • This topic is locked This topic is locked
6 replies to this topic

#1 garryd

garryd

    New Member

  • Members
  • Pip
  • 3 posts

Posted 15 July 2013 - 09:23 AM

Problem:  After leaving Firefox open for an extended period, a webpage will appear with the following message: “You need to update your version of media player.”

 

The URL for this webpage is:  http://big.deluxefor...nm=ilmernzkvtaz

 

I’ve followed the steps on Malwarebytes “I’m infected – What do I do now?” page using Malwarebytes Pro, but it did not find/solve any problems.

 

I ran the DDS application and have included the two text files with this post:

 

DDS.text

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16635  BrowserJavaVersion: 10.25.2

Run by Garry O. Dent at 8:40:20 on 2013-07-15

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.32726.21768 [GMT -5:00]

.

AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\Common Files\SPBA\upeksvr.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

E:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe

C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe

C:\Windows\SysWOW64\atashost.exe

C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe

C:\Program Files (x86)\ArcGIS\License10.1\bin\ARCGIS.exe

C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe

C:\Windows\system32\hasplms.exe

C:\Windows\system32\IProsetMonitor.exe

C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe

C:\Windows\SysWOW64\NLSSRV32.EXE

C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe

c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

e:\Program Files (x86)\Spiceworks\bin\spiceworks.exe

C:\Windows\system32\svchost.exe -k imgsvc

E:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe

C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe

C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

E:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\Program Files (x86)\MegaRAID Storage Manager\Framework\VivaldiFramework.exe

e:\Program Files (x86)\Spiceworks\httpd\bin\spiceworks-httpd.exe

E:\Program Files (x86)\Spiceworks\httpd\bin\spiceworks-httpd.exe

C:\Windows\SysWOW64\cmd.exe

c:\Program Files (x86)\MegaRAID Storage Manager\JRE\bin\javaw.exe

C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe

C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe

C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe

C:\Program Files\GPSoftware\Directory Opus\dopus.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe

E:\Program Files (x86)\LWS\Webcam Software\LWS.exe

c:\Program Files (x86)\MegaRAID Storage Manager\JRE\bin\java.exe

C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe

C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe

C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe

E:\Program Files (x86)\LWS\Webcam Software\CameraHelperShell.exe

C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe

C:\Program Files (x86)\Browny02\BrYNSvc.exe

C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe

E:\Program Files (x86)\Aquarius Soft\PC Big Ben Chimes\BigBenService.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe

C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

C:\Windows\system32\SearchIndexer.exe

E:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE

C:\Windows\sysWOW64\wbem\wmiprvse.exe

C:\PROGRA~2\NITROP~1\PROFES~1\NitroPDF.exe

C:\Program Files (x86)\Common Files\ArcGIS\bin\ArcGISCacheMgr.exe

C:\Windows\splwow64.exe

C:\Program Files (x86)\ArcGIS\Desktop10.1\bin\AppROT.exe

C:\Program Files (x86)\ArcGIS\Desktop10.1\bin\ArcMap.exe

C:\Program Files (x86)\Common Files\ArcGIS\bin\ArcGISConnection.exe

C:\Windows\SysWOW64\cmd.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

C:\Windows\splwow64.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe,

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll

BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll

uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Directory Opus Desktop Dblclk] "C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe" /dblclk

uRun: [Google Update] "C:\Users\Garry O. Dent\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [NUSB3MON] "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [Popup] "c:\Program Files (x86)\MegaRAID Storage Manager\MegaPopup\Popup.exe"

mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [Display] E:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe

mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe"

mRun: [LWS] E:\Program Files (x86)\LWS\Webcam Software\LWS.exe -hide

mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun

mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN

mRun: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"

mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"

mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"

mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe

mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe

mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe

mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [PWRISOVM.EXE] c:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup

dRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

StartupFolder: C:\Users\GARRYO~1.DEN\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DIRECT~1.LNK - C:\Program Files\GPSoftware\Directory Opus\dopus.exe

StartupFolder: C:\Users\GARRYO~1.DEN\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MRI_DI~1\DIRECT~1.LNK - C:\Program Files\GPSoftware\Directory Opus\dopus.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - E:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: EnableShellExecuteHooks = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:28

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: DisableCAD = dword:1

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{D9BEC4A7-EB8B-4859-A771-4BC2F7A7E7FB} : DHCPNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

SEH: Directory Opus Shell Execute Hook - {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll

LSA: Authentication Packages =  msv1_0 wvauth

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe

x64-Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe

x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"

x64-Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet

x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Directory Opus Shell Execute Hook - {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Garry O. Dent\AppData\Roaming\Mozilla\Firefox\Profiles\4a2cfs4o.default-1362741840748\

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll

FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npdf.dll

FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitroie.dll

FF - plugin: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Garry O. Dent\AppData\Local\Citrix\Plugins\94\npappdetector.dll

FF - plugin: C:\Users\Garry O. Dent\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: C:\Users\Garry O. Dent\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Garry O. Dent\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\Garry O. Dent\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - plugin: E:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll

FF - ExtSQL: 2013-05-31 09:20; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

.

============= SERVICES / DRIVERS ===============

.

R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2013-3-12 108832]

R0 percsas2;percsas2;C:\Windows\System32\drivers\percsas2.sys [2013-3-21 51536]

R0 tib;Acronis TIB Manager;C:\Windows\System32\drivers\tib.sys [2013-6-22 1120032]

R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2013-6-22 183224]

R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2013-6-22 161568]

R0 vidsflt;Acronis Disk Storage Filter;C:\Windows\System32\drivers\vidsflt.sys [2013-3-12 117024]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2011-3-10 28504]

R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-6-8 54368]

R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448]

R1 RAMDiskVE;RAMDiskVE;C:\Windows\System32\drivers\RAMDiskVE.sys [2013-6-22 84720]

R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2013-6-22 3783672]

R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2013-3-15 90056]

R2 APC Data Service;APC Data Service;E:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-1-24 21880]

R2 Aquarius Soft PC Big Ben Chimes Pro Service;Aquarius Soft PC Big Ben Chimes Pro Service;E:\Program Files (x86)\Aquarius Soft\PC Big Ben Chimes\BigBenService.exe [2012-9-28 356864]

R2 ArcGIS License Manager;ArcGIS License Manager;C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe [2012-4-20 1408904]

R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2012-10-31 133944]

R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -r [?]

R2 EmbassyService;EmbassyService;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [2012-1-17 218504]

R2 hasplms;Sentinel HASP License Manager;C:\Windows\System32\hasplms.exe  -run --> C:\Windows\System32\hasplms.exe  -run [?]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-9-12 189608]

R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2012-5-21 212984]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-9 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-9 701512]

R2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2012-9-5 216072]

R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-4-12 69640]

R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-9 144672]

R2 PDFSFilter;PDFSFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2012-8-23 83224]

R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2012-9-23 145448]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-5-14 3289208]

R2 spiceworks;spiceworks;E:\Program Files (x86)\Spiceworks\bin\spiceworks.exe [2013-2-4 46912]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-31 383264]

R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2013-3-20 7084672]

R2 SynoDrService;SynoDrService;E:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe [2012-6-27 381312]

R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-3 4150112]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-12 2656536]

R2 UsbClientService;UsbClientService;C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [2013-1-25 248704]

R2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2012-1-5 1679872]

R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2013-6-22 367200]

R3 BrSerIb;Brother Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2012-9-6 95344]

R3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSib.sys [2012-9-6 21872]

R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-1-22 266240]

R3 busenum;Synology Virtual USB Hub;C:\Windows\System32\drivers\busenum.sys [2012-8-3 55776]

R3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-9-21 24608]

R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-5-25 29016]

R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-7-25 29528]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2012-9-18 78648]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2012-9-18 15160]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]

R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:\Windows\System32\drivers\LVUVC64.sys [2012-1-18 4763680]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-9 25928]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-11-19 80384]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-11-19 181248]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]

S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]

S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2012-9-30 19032]

S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2012-9-30 9584]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-9 19456]

S3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\Windows\System32\drivers\SNTUSB64.SYS [2008-7-11 58664]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-9 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-9 30208]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-26 1255736]

S3 WvPCR;WvPCR;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [2012-1-16 198144]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

FileExt: .txt: UltraEdit.txt="C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe" "%1"

FileExt: .ini: UltraEdit.ini="C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe" "%1"

.

=============== Created Last 30 ================

.

2013-07-14 09:24:31        76232    ----a-w-                C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{03A17261-BE53-4B37-9DE7-127AC361278B}\offreg.dll

2013-07-12 08:36:09        9552976                ----a-w-                C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{03A17261-BE53-4B37-9DE7-127AC361278B}\mpengine.dll

2013-07-10 09:38:36        9216       ----a-w-                C:\Program Files (x86)\Windows Defender\MpAsDesc.dll

2013-07-10 09:37:58        1643520                ----a-w-                C:\Windows\System32\DWrite.dll

2013-07-10 09:37:58        1247744                ----a-w-                C:\Windows\SysWow64\DWrite.dll

2013-07-09 07:01:02        --------   d-----w-                C:\Temp

2013-07-09 07:00:54        --------   d-----w-                C:\Users\Garry O. Dent\AppData\Local\Dell

2013-07-06 14:19:28        --------   d-----w-                C:\ProgramData\FNP

2013-07-06 14:19:14        --------   d-----w-                C:\ProgramData\Synology

2013-07-05 20:02:17        --------   d-----w-                C:\Program Files (x86)\DataEast

2013-07-05 15:25:25        --------   d-----w-                C:\Users\Garry O. Dent\AppData\Local\Macromedia

2013-06-25 13:53:06        --------   d-----w-                C:\ProgramData\GlarySoft

2013-06-25 13:51:42        --------   d-----w-                C:\Program Files (x86)\Glary Utilities 3

2013-06-25 13:48:19        --------   d-----w-                C:\Users\Garry O. Dent\AppData\Roaming\GlarySoft

2013-06-25 13:48:19        --------   d-----w-                C:\Program Files (x86)\Glary Utilities

2013-06-22 22:10:54        367200  ----a-w-                C:\Windows\System32\drivers\afcdp.sys

2013-06-22 22:10:48        183224  ----a-w-                C:\Windows\System32\drivers\tib_mounter.sys

2013-06-22 22:10:48        1120032                ----a-w-                C:\Windows\System32\drivers\tib.sys

2013-06-22 22:10:48        --------   d-----w-                C:\Users\Garry O. Dent\AppData\Roaming\AAB7F0AB-323E-4C7F-BE23-D6407A102AE1

2013-06-22 22:10:47        161568  ----a-w-                C:\Windows\System32\drivers\vididr.sys

2013-06-22 21:39:30        84720    ----a-w-                C:\Windows\System32\drivers\RAMDiskVE.sys

2013-06-22 21:39:27        --------   d-----w-                C:\Users\Garry O. Dent\AppData\Local\Dataram_Corporation

2013-06-22 21:39:25        --------   d-----w-                C:\Program Files (x86)\RAMDisk

.

==================== Find3M  ====================

.

2013-06-22 22:10:51        1462560                ----a-w-                C:\Windows\System32\drivers\tdrpman.sys

2013-06-22 22:10:46        117024  ----a-w-                C:\Windows\System32\drivers\vidsflt.sys

2013-06-22 22:10:44        233760  ----a-w-                C:\Windows\System32\drivers\snapman.sys

2013-06-22 22:10:43        108832  ----a-w-                C:\Windows\System32\drivers\fltsrv.sys

2013-06-18 09:41:29        54368    ----a-w-                C:\Windows\System32\drivers\kltdi.sys

2013-06-13 02:48:23        867240  ----a-w-                C:\Windows\SysWow64\npDeployJava1.dll

2013-06-13 02:48:17        789416  ----a-w-                C:\Windows\SysWow64\deployJava1.dll

2013-06-13 02:47:57        96168    ----a-w-                C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-06-11 23:43:37        1767936                ----a-w-                C:\Windows\SysWow64\wininet.dll

2013-06-11 23:43:00        2877440                ----a-w-                C:\Windows\SysWow64\jscript9.dll

2013-06-11 23:42:58        61440    ----a-w-                C:\Windows\SysWow64\iesetup.dll

2013-06-11 23:42:58        109056  ----a-w-                C:\Windows\SysWow64\iesysprep.dll

2013-06-11 23:26:20        2241024                ----a-w-                C:\Windows\System32\wininet.dll

2013-06-11 23:25:16        3958784                ----a-w-                C:\Windows\System32\jscript9.dll

2013-06-11 23:25:13        67072    ----a-w-                C:\Windows\System32\iesetup.dll

2013-06-11 23:25:13        136704  ----a-w-                C:\Windows\System32\iesysprep.dll

2013-06-11 22:51:45        71680    ----a-w-                C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-06-11 22:50:58        89600    ----a-w-                C:\Windows\System32\RegisterIEPKEYs.exe

2013-06-11 22:44:10        71048    ----a-w-                C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-11 22:44:10        692104  ----a-w-                C:\Windows\SysWow64\FlashPlayerApp.exe

2013-06-09 07:03:00        0              ----a-w-                C:\Windows\invcol.tmp

2013-06-07 03:22:18        2706432                ----a-w-                C:\Windows\System32\mshtml.tlb

2013-06-07 02:37:52        2706432                ----a-w-                C:\Windows\SysWow64\mshtml.tlb

2013-06-05 03:34:27        3153920                ----a-w-                C:\Windows\System32\win32k.sys

2013-06-04 06:00:13        624128  ----a-w-                C:\Windows\System32\qedit.dll

2013-06-04 04:53:07        509440  ----a-w-                C:\Windows\SysWow64\qedit.dll

2013-05-31 14:19:26        715038  ----a-w-                C:\Windows\unins000.exe

2013-05-13 05:51:01        184320  ----a-w-                C:\Windows\System32\cryptsvc.dll

2013-05-13 05:51:00        1464320                ----a-w-                C:\Windows\System32\crypt32.dll

2013-05-13 05:51:00        139776  ----a-w-                C:\Windows\System32\cryptnet.dll

2013-05-13 05:50:40        52224    ----a-w-                C:\Windows\System32\certenc.dll

2013-05-13 04:45:55        140288  ----a-w-                C:\Windows\SysWow64\cryptsvc.dll

2013-05-13 04:45:55        1160192                ----a-w-                C:\Windows\SysWow64\crypt32.dll

2013-05-13 04:45:55        103936  ----a-w-                C:\Windows\SysWow64\cryptnet.dll

2013-05-13 03:43:55        1192448                ----a-w-                C:\Windows\System32\certutil.exe

2013-05-13 03:08:10        903168  ----a-w-                C:\Windows\SysWow64\certutil.exe

2013-05-13 03:08:06        43008    ----a-w-                C:\Windows\SysWow64\certenc.dll

2013-05-10 05:49:27        30720    ----a-w-                C:\Windows\System32\cryptdlg.dll

2013-05-10 03:20:54        24576    ----a-w-                C:\Windows\SysWow64\cryptdlg.dll

2013-05-08 06:39:01        1910632                ----a-w-                C:\Windows\System32\drivers\tcpip.sys

2013-05-06 06:03:49        1887744                ----a-w-                C:\Windows\System32\WMVDECOD.DLL

2013-05-06 04:56:35        1620480                ----a-w-                C:\Windows\SysWow64\WMVDECOD.DLL

2013-05-02 07:06:08        278800  ------w- C:\Windows\System32\MpSigStub.exe

2013-04-26 05:51:36        751104  ----a-w-                C:\Windows\System32\win32spl.dll

2013-04-26 04:55:21        492544  ----a-w-                C:\Windows\SysWow64\win32spl.dll

2013-04-25 23:30:32        1505280                ----a-w-                C:\Windows\SysWow64\d3d11.dll

2013-04-22 11:47:24        178448  ----a-w-                C:\Windows\System32\drivers\kneps.sys

2013-04-22 11:47:23        90208    ----a-w-                C:\Windows\System32\drivers\klflt.sys

2013-04-17 07:02:06        1230336                ----a-w-                C:\Windows\SysWow64\WindowsCodecs.dll

2013-04-17 06:24:46        1424384                ----a-w-                C:\Windows\System32\WindowsCodecs.dll

.

============= FINISH:  8:40:29.69 ===============

 

Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 9/22/2012 5:16:56 AM

System Uptime: 7/13/2013 8:56:03 PM (36 hours ago)

.

Motherboard: Dell Inc. |  | 0PTTT9

Processor: Intel® Xeon® CPU E5-1620 0 @ 3.60GHz | CPU 1 | 3601/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 238 GiB total, 118.729 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 699 GiB total, 384.731 GiB free.

F: is Removable

G: is Removable

H: is CDROM ()

I: is Removable

J: is Removable

K: is Removable

L: is FIXED (FAT32) - 4 GiB total, 0.765 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP212: 7/9/2013 2:01:24 AM - Dell Updates

RP213: 7/9/2013 5:41:11 AM - Windows Update

RP214: 7/10/2013 6:23:57 AM - Windows Update

RP215: 7/13/2013 12:00:15 AM - Windows Backup

RP216: 7/13/2013 3:39:55 PM - Windows Update

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop 7.0

Amazon MP3 Downloader 1.0.17

Aquarius Soft PC Big Ben Chimes Pro 1.1

ArcGIS 10.1 for Desktop

ArcGIS 10.1 License Manager

Audacity 2.0.3

Belarc Advisor 8.3

Bentley View (V 08.05.02.35) - 1

BioAPI Framework

BlueView

Brother MFL-Pro Suite MFC-J835DW

Bulk Download Application 1.0.4

CameraHelperMsi

CCleaner

Contents

Corel PaintShop Pro X4

Corel VideoStudio Pro X5

Corpscon 6.0.1

Custom

D3DX10

DataView

DC-Bass Source 1.3.0

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell Client System Update

Dell Data Protection | Access

Dell Edoc Viewer

DellAccess

DHTML Editing Component

DirectVobSub 2.40.4209

DivX Setup

e-Sword

EMBASSY Client Core

EPSON WorkForce 845 Series Printer Uninstall

erLT

EZ CD Audio Converter (64-bit)

ffdshow v1.1.4399 [2012-03-22]

FileZilla Client 3.6.0.2

Flash Player Pro V5.4

Gemalto

Glary Utilities 2.49.0.1600

Glary Utilities PRO 3 (v3.6.0.125)

Global Mapper 8

Google Chrome

Google Earth

Google Talk Plugin

Google Update Helper

GoToMeeting 5.5.0.1133

GPL Ghostscript

GPSoftware Directory Opus

HP Designjet 500-800 series FUU

HP Designjet 800 Printer Series

HP Web Registration

ICA

ImgBurn

Intel® Control Center

Intel® Identity Protection Technology 1.2.27.0

Intel® Management Engine Components

Intel® Network Connections 16.8.45.00

IPM_PSP_COM

IPM_VS_Pro

IrfanView (remove only)

ISCOM

Java 7 Update 25

Java Auto Updater

join.me

Junk Mail filter update

Kaspersky Anti-Virus 2013

Lagarith Lossless Codec (1.3.27)

LAME v3.99.3 (for Windows)

Logitech SetPoint 6.50

Logitech Vid HD

Logitech Webcam Software

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Malwarebytes Anti-Malware version 1.75.0.1300

MediaInfo 0.7.63

MegaRAID Storage Manager v12.05.03.0000

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2010 Primary Interop Assemblies

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

MiniTool Partition Wizard Home Edition 7.8

Mozilla Firefox 22.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2758694)

NameWiz

NewSoft CD Labeler

Nitro Pro 7

Nmap 5.61-Spiceworks

novaPDF Professional Desktop 7.7 printer

NTRU TCG Software Stack

Nuance PaperPort 12

Nuance PDF Viewer Plus

NVIDIA 3D Vision Controller Driver 296.70

NVIDIA 3D Vision Driver 307.83

NVIDIA Control Panel 307.83

NVIDIA Graphics Driver 307.83

NVIDIA HD Audio Driver 1.3.18.0

NVIDIA Install Application

NVIDIA nView 136.53

NVIDIA Stereoscopic 3D Driver

OpenSource Flash Video Splitter 1.0.0.5

PaperPort Image Printer 64-bit

PC-CCID

PDSView 3.3

PerfectDisk 12.5 Professional

PETRA

PowerChute Personal Edition 3.0.2

PowerDesk 6

PowerISO

PowerTools 9.1 - Standalone

Preboot Manager

Private Information Manager

PSPPContent

PSPPHelp

PSPPro64

Python 2.1

Python 2.1 combined Win32 extensions

RAMDisk

Realtek High Definition Audio Driver

RedistSysFiles

Renesas Electronics USB 3.0 Host Controller Driver

Scansoft PDF Professional

SeaTools for Windows

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Sentinel HASP Run-time

Sentinel System Driver Installer 7.5.1

Setup

Share

Share64

Skype Click to Call

Skype™ 6.3

SmartSound Common Data

SmartSound Quicktracks 5

SPBA 5.9

Spiceworks

Surfer 11

Synology Assistant (remove only)

Synology Data Replicator  3

TeamViewer 8

toolkit32for64bit

TotalCADConverter

TractBuilder Tools for ArcGIS

True Image 2013

Trusted Drive Manager

UltraEdit 14.20

Update for Codec Pack

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2836939)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Upek Touchchip Fingerprint Reader

VC80CRTRedist - 8.0.50727.6195

VideoSpirit Pro 1.79

Visual Studio Tools for the Office system 3.0 Runtime

VSClassic

VSHelp

VSPro

Wave Crypto Runtime 2.0.7.0 x86

Wave Infrastructure Installer

Wave Support Software Installer

WebEx

Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Encoder 9 Series

WinPcap 4.1.2-Spiceworks

WinZip 14.5

XPS Annotator 1.22

XTools Pro 10.0

Xvid Video Codec

.

==== Event Viewer Messages From Past Week ========

.

7/13/2013 8:56:46 PM, Error: Service Control Manager [7001]  - The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error:  The operation completed successfully.

7/13/2013 8:56:46 PM, Error: Microsoft-Windows-TaskScheduler [413]  - Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.

7/13/2013 3:21:20 PM, Error: Service Control Manager [7034]  - The APC UPS Service service terminated unexpectedly.  It has done this 1 time(s).

.

==== End Of File ===========================



#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,405 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 15 July 2013 - 09:25 AM

Hello garryd and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#3 garryd

garryd

    New Member

  • Members
  • Pip
  • 3 posts

Posted 15 July 2013 - 10:15 AM

Borislav:

 

Ran ComboFix as directed, but was not able to access Kaspersky, Control Panel or Computer until I rebotted computer manually.  Following this message text is a copy of ComboFix.txt.  Can you tell if the problem has been solved?

 

ComboFix 13-07-14.01 - Garry O. Dent 07/15/2013   9:37.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.32726.22220 [GMT -5:00]
Running from: c:\users\Garry O. Dent\Downloads\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Garry O. Dent\AppData\Roaming\JomCap.dll
c:\users\Garry O. Dent\ResourceReader.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\regobj.dll
c:\windows\SysWow64\smtp.ocx
c:\windows\SysWow64\win.ini
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-15 to 2013-07-15  )))))))))))))))))))))))))))))))
.
.
2013-07-12 08:36 . 2013-06-12 03:08    9552976    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{03A17261-BE53-4B37-9DE7-127AC361278B}\mpengine.dll
2013-07-10 11:30 . 2013-07-10 11:30    --------    d-----w-    c:\users\Default\AppData\Local\Microsoft Help
2013-07-10 09:38 . 2013-05-27 05:50    1011712    ----a-w-    c:\program files\Windows Defender\MpSvc.dll
2013-07-10 09:37 . 2013-04-09 23:34    1247744    ----a-w-    c:\windows\SysWow64\DWrite.dll
2013-07-10 09:37 . 2013-04-02 22:51    1643520    ----a-w-    c:\windows\system32\DWrite.dll
2013-07-09 07:01 . 2013-07-09 07:01    --------    d-----w-    C:\Temp
2013-07-09 07:00 . 2013-07-09 07:00    --------    d-----w-    c:\users\Garry O. Dent\AppData\Local\Dell
2013-07-08 11:31 . 2013-07-08 11:31    --------    d-----w-    c:\users\Garry O. Dent\AppData\Roaming\DivX
2013-07-06 14:19 . 2013-07-06 14:19    --------    d-----w-    c:\programdata\FNP
2013-07-06 14:19 . 2013-07-06 14:19    --------    d-----w-    c:\programdata\Synology
2013-07-05 20:02 . 2013-07-05 20:02    --------    d-----w-    c:\program files (x86)\DataEast
2013-07-05 15:25 . 2013-07-05 15:25    --------    d-----w-    c:\users\Garry O. Dent\AppData\Local\Macromedia
2013-06-25 13:53 . 2013-06-25 13:53    --------    d-----w-    c:\programdata\GlarySoft
2013-06-25 13:51 . 2013-07-05 14:59    --------    d-----w-    c:\program files (x86)\Glary Utilities 3
2013-06-25 13:48 . 2013-06-25 13:51    --------    d-----w-    c:\users\Garry O. Dent\AppData\Roaming\GlarySoft
2013-06-25 13:48 . 2013-06-25 13:48    --------    d-----w-    c:\program files (x86)\Glary Utilities
2013-06-22 22:10 . 2013-06-22 22:10    367200    ----a-w-    c:\windows\system32\drivers\afcdp.sys
2013-06-22 22:10 . 2013-06-22 22:10    183224    ----a-w-    c:\windows\system32\drivers\tib_mounter.sys
2013-06-22 22:10 . 2013-06-22 22:10    1120032    ----a-w-    c:\windows\system32\drivers\tib.sys
2013-06-22 22:10 . 2013-06-22 22:10    --------    d-----w-    c:\users\Garry O. Dent\AppData\Roaming\AAB7F0AB-323E-4C7F-BE23-D6407A102AE1
2013-06-22 22:10 . 2013-06-22 22:10    161568    ----a-w-    c:\windows\system32\drivers\vididr.sys
2013-06-22 21:39 . 2013-06-22 21:39    84720    ----a-w-    c:\windows\system32\drivers\RAMDiskVE.sys
2013-06-22 21:39 . 2013-06-22 21:41    --------    d-----w-    c:\users\Garry O. Dent\AppData\Local\Dataram_Corporation
2013-06-22 21:39 . 2013-06-22 21:41    --------    d-----w-    c:\program files (x86)\RAMDisk
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-10 11:27 . 2012-09-24 01:26    78185248    ----a-w-    c:\windows\system32\MRT.exe
2013-06-22 22:10 . 2013-03-13 03:54    1462560    ----a-w-    c:\windows\system32\drivers\tdrpman.sys
2013-06-22 22:10 . 2013-03-13 03:54    117024    ----a-w-    c:\windows\system32\drivers\vidsflt.sys
2013-06-22 22:10 . 2013-03-13 03:54    233760    ----a-w-    c:\windows\system32\drivers\snapman.sys
2013-06-22 22:10 . 2013-03-13 03:54    108832    ----a-w-    c:\windows\system32\drivers\fltsrv.sys
2013-06-18 09:41 . 2012-06-08 16:38    54368    ----a-w-    c:\windows\system32\drivers\kltdi.sys
2013-06-14 08:52 . 2013-06-14 08:52    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-06-14 08:51 . 2013-06-14 08:51    42776    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-06-14 08:51 . 2013-06-14 08:51    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-06-13 02:48 . 2012-10-23 16:25    867240    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-06-13 02:48 . 2012-10-23 16:25    789416    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-06-13 02:47 . 2013-03-05 11:50    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-11 22:44 . 2012-09-12 19:23    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 22:44 . 2012-09-12 19:23    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-09 07:03 . 2013-06-09 07:03    0    ----a-w-    c:\windows\invcol.tmp
2013-05-31 14:19 . 2013-05-31 14:19    715038    ----a-w-    c:\windows\unins000.exe
2013-05-15 19:51 . 2010-06-24 16:33    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-13 05:51 . 2013-06-12 03:20    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 03:20    1464320    ----a-w-    c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 03:20    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 03:20    52224    ----a-w-    c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 03:20    1160192    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 03:20    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 03:20    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 03:20    1192448    ----a-w-    c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 03:20    903168    ----a-w-    c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 03:20    43008    ----a-w-    c:\windows\SysWow64\certenc.dll
2013-05-11 02:54 . 2013-05-11 02:54    40960    ----a-r-    c:\users\Garry O. Dent\AppData\Roaming\Microsoft\Installer\{F776F120-FB16-472B-B9FC-61C25FC6A202}\PDSViewProgram_6338817DA90249DC9D65027E6B13E991.exe
2013-05-11 02:54 . 2013-05-11 02:54    40960    ----a-r-    c:\users\Garry O. Dent\AppData\Roaming\Microsoft\Installer\{F776F120-FB16-472B-B9FC-61C25FC6A202}\ARPPRODUCTICON.exe
2013-05-11 02:54 . 2013-05-11 02:54    237611    ----a-r-    c:\users\Garry O. Dent\AppData\Roaming\Microsoft\Installer\{F776F120-FB16-472B-B9FC-61C25FC6A202}\PDSView2_48DC80084DC64DA298E99B349A1D79C7.exe
2013-05-10 05:49 . 2013-06-12 03:20    30720    ----a-w-    c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 03:20    24576    ----a-w-    c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 03:20    1910632    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-05-02 07:06 . 2010-11-21 03:27    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-26 05:51 . 2013-06-12 03:20    751104    ----a-w-    c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-12 03:20    492544    ----a-w-    c:\windows\SysWow64\win32spl.dll
2013-04-25 23:30 . 2013-06-12 03:20    1505280    ----a-w-    c:\windows\SysWow64\d3d11.dll
2013-04-22 11:47 . 2012-08-13 23:24    620128    ----a-w-    c:\windows\system32\drivers\klif.sys
2013-04-22 11:47 . 2012-08-13 21:49    178448    ----a-w-    c:\windows\system32\drivers\kneps.sys
2013-04-22 11:47 . 2012-08-13 23:24    90208    ----a-w-    c:\windows\system32\drivers\klflt.sys
2013-04-17 07:02 . 2013-06-12 03:20    1230336    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24 . 2013-06-12 03:20    1424384    ----a-w-    c:\windows\system32\WindowsCodecs.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Directory Opus Desktop Dblclk"="c:\program files\GPSoftware\Directory Opus\dopusrt.exe" [2013-06-14 351344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Popup"="c:\program files (x86)\MegaRAID Storage Manager\MegaPopup\Popup.exe" [2012-03-12 61440]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Display"="e:\program files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe" [2012-01-24 284024]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2012-11-14 356376]
"LWS"="e:\program files (x86)\LWS\Webcam Software\LWS.exe" [2012-09-13 204136]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2012-08-28 143360]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2013-03-28 6365920]
"AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2013-01-10 1103424]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2013-04-15 337432]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
c:\users\Garry O. Dent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Directory Opus (Startup).lnk - c:\program files\GPSoftware\Directory Opus\dopus.exe NOAUTOLISTER STARTUP [2013-6-17 18744920]
.
c:\users\Garry O. Dent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED\
Directory Opus (Startup).lnk - c:\program files\GPSoftware\Directory Opus\dopus.exe NOAUTOLISTER STARTUP [2013-6-17 18744920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-10-1 113664]
APC UPS Status.lnk - e:\program files (x86)\APC\PowerChute Personal Edition\Display.exe [2012-1-24 271736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EE761688-C137-4b04-8FAB-3C9CDF0886F0}"= "c:\program files\GPSoftware\Directory Opus\dopuslib32.dll" [2013-06-14 366672]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       PDBoot.exe\0autocheck autochk *
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\DRIVERS\SNTUSB64.SYS;c:\windows\SYSNATIVE\DRIVERS\SNTUSB64.SYS [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WvPCR;WvPCR;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 percsas2;percsas2;c:\windows\system32\drivers\percsas2.sys;c:\windows\SYSNATIVE\drivers\percsas2.sys [x]
S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 RAMDiskVE;RAMDiskVE;c:\windows\system32\Drivers\RAMDiskVE.sys;c:\windows\SYSNATIVE\Drivers\RAMDiskVE.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 APC Data Service;APC Data Service;e:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe;e:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe [x]
S2 Aquarius Soft PC Big Ben Chimes Pro Service;Aquarius Soft PC Big Ben Chimes Pro Service;e:\program files (x86)\Aquarius Soft\PC Big Ben Chimes\BigBenService.exe;e:\program files (x86)\Aquarius Soft\PC Big Ben Chimes\BigBenService.exe [x]
S2 ArcGIS License Manager;ArcGIS License Manager;c:\program files (x86)\ArcGIS\License10.1\bin\lmgrd.exe;c:\program files (x86)\ArcGIS\License10.1\bin\lmgrd.exe [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe;c:\windows\SysWOW64\atashost.exe [x]
S2 EmbassyService;EmbassyService;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [x]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe  -run;c:\windows\SYSNATIVE\hasplms.exe  -run [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 PDFSFilter;PDFSFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 spiceworks;spiceworks;e:\program files (x86)\Spiceworks\bin\spiceworks.exe service;e:\program files (x86)\Spiceworks\bin\spiceworks.exe service [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 SynoDrService;SynoDrService;e:\program files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe;e:\program files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 UsbClientService;UsbClientService;c:\program files (x86)\Synology\Assistant\UsbClientService.exe;c:\program files (x86)\Synology\Assistant\UsbClientService.exe [x]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys;c:\windows\SYSNATIVE\DRIVERS\busenum.sys [x]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 08:14    1173456    ----a-w-    c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-12 22:44]
.
2013-07-06 c:\windows\Tasks\GlaryInitialize 3.job
- c:\program files (x86)\Glary Utilities 3\Initialize.exe [2013-07-04 08:46]
.
2013-07-15 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2013-06-25 02:59]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-20 19:46]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-20 19:46]
.
2013-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3593448-2607145816-902021984-1001Core.job
- c:\users\Garry O. Dent\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-30 19:46]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3593448-2607145816-902021984-1001UA.job
- c:\users\Garry O. Dent\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-30 19:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2013-03-28 03:37    2818800    ----a-w-    c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2013-03-28 03:37    2818800    ----a-w-    c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2013-03-28 03:37    2818800    ----a-w-    c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-12-08 15:45    139128    ----a-w-    c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-12-08 15:45    139128    ----a-w-    c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtDCpl64.exe" [2011-07-20 2907240]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-12-08 381296]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-10-06 2409272]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2013-02-15 516928]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-02-20 2041192]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}"= "c:\program files\GPSoftware\Directory Opus\dopuslib.dll" [2013-06-14 1409656]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Garry O. Dent\AppData\Roaming\Mozilla\Firefox\Profiles\4a2cfs4o.default-1362741840748\
FF - ExtSQL: 2013-05-31 09:20; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{551A852F-39A6-44A7-9C13-AFBEC9185A9D}"=hex:51,66,7a,6c,4c,1d,38,12,41,86,09,
   51,94,77,c9,01,e3,05,ec,fe,cc,46,1e,89
"{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}"=hex:51,66,7a,6c,4c,1d,38,12,1d,cf,77,
   51,95,a1,d1,09,ee,9c,1f,b7,fe,e1,bb,5b
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{73455575-E40C-433C-9784-C78DC7761455}"=hex:51,66,7a,6c,4c,1d,38,12,1b,56,56,
   77,3e,aa,52,06,e8,92,84,cd,c2,28,50,41
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{AF949550-9094-4807-95EC-D1C317803333}"=hex:51,66,7a,6c,4c,1d,38,12,3e,96,87,
   ab,a6,de,69,0d,ea,fa,92,83,12,de,77,27
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f,
   e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:08,cb,8d,13,14,13,ce,01
.
[HKEY_USERS\S-1-5-21-3593448-2607145816-902021984-1001\Control Panel\International\Time]
@Denied: (A) (Everyone)
"{D19BBFD8-2BE4-4944-9665-108917E02213}"=hex:d8,bf,9b,d1,e4,2b,44,49,96,65,10,
   89,17,e0,22,13,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{4AF85E60-AF5D-495B-A124-7E026610E100}"=hex:60,5e,f8,4a,5d,af,5b,49,a1,24,7e,
   02,66,10,e1,00,41,47,52,3e,5f,25,58,3f,3d,59,45,23,45,25,24,54,5f,39,4c,5e,\
"{EE10C414-9A24-4D5D-B7B8-721382C87876}"=hex:14,c4,10,ee,24,9a,5d,4d,b7,b8,72,
   13,82,c8,78,76,5b,53,55,55,45,25,4c,39,4c,4a,4f,23,5b,5b,56,25,47,39,54,44,\
"{C621CA93-ACEF-4DD3-8E7C-8C40D989F4AE}"=hex:93,ca,21,c6,ef,ac,d3,4d,8e,7c,8c,
   40,d9,89,f4,ae,42,48,42,5f,40,25,4a,32,5f,46,3a,23,44,27,25,50,47,39,58,20,\
"{FBFA0D57-34E0-4889-8DDD-73B46C51324D}"=hex:57,0d,fa,fb,e0,34,89,48,8d,dd,73,
   b4,6c,51,32,4d,55,4c,57,55,4c,25,53,38,41,5d,5a,23,44,23,24,59,42,39,23,53,\
"{5F07894D-6F1B-495C-AEB4-E0DFDFE46727}"=hex:4d,89,07,5f,1b,6f,5c,49,ae,b4,e0,
   df,df,e4,67,27,31,55,53,40,5e,25,30,4e,5d,5b,39,23,5b,52,24,42,59,39,53,51,\
"{EA334061-510E-457A-9D60-E3E3EE790405}"=hex:61,40,33,ea,0e,51,7a,45,9d,60,e3,
   e3,ee,79,04,05,5b,5d,40,4b,44,25,58,33,3c,4e,5b,23,37,5c,27,26,56,39,58,25,\
"{9F187306-49C5-4EE1-B352-6762E229BE00}"=hex:06,73,18,9f,c5,49,e1,4e,b3,52,67,
   62,e2,29,be,00,49,48,4d,40,34,25,3d,5e,3f,5f,4e,23,3b,43,47,58,59,39,40,55,\
"{BBC01DE5-93B8-4612-8162-2A6DD3A4AE5C}"=hex:e5,1d,c0,bb,b8,93,12,46,81,62,2a,
   6d,d3,a4,ae,5c,48,37,5f,53,57,25,4d,3f,4d,5c,4a,23,4b,53,5d,57,50,39,26,5d,\
"{AA09A3F7-827D-4B84-A3A6-4F5FF2A4FB6A}"=hex:f7,a3,09,aa,7d,82,84,4b,a3,a6,4f,
   5f,f2,a4,fb,6a,3b,3d,36,51,55,25,5f,41,38,3f,49,23,41,58,59,41,5d,39,40,58,\
"{729C948B-D336-4ADC-BDD6-8E37199C3D7A}"=hex:8b,94,9c,72,36,d3,dc,4a,bd,d6,8e,
   37,19,9c,3d,7a,4f,31,50,3e,57,25,4e,3e,3e,55,45,23,58,47,24,26,55,39,47,5d,\
"{8A692D41-CB8E-4B2D-8DB1-B0DF171865F1}"=hex:41,2d,69,8a,8e,cb,2d,4b,8d,b1,b0,
   df,17,18,65,f1,44,4e,4d,51,5e,25,5e,33,47,59,46,23,56,43,24,53,4b,39,58,2f,\
"{B46B69FF-A52B-4DA2-AD22-A0148AA44C7E}"=hex:ff,69,6b,b4,2b,a5,a2,4d,ad,22,a0,
   14,8a,a4,4c,7e,52,57,5c,30,41,25,42,5a,53,3e,58,23,49,5d,40,57,4a,39,4c,2f,\
"{F0F495FF-8B9F-489B-8858-FD0A6D097DEB}"=hex:ff,95,f4,f0,9f,8b,9b,48,88,58,fd,
   0a,6d,09,7d,eb,55,46,46,5c,3f,25,3f,47,53,59,3f,23,59,4a,47,45,20,39,26,41,\
"{E8BA74D3-1F42-42CE-9C5A-8FAFF6E80788}"=hex:d3,74,ba,e8,42,1f,ce,42,9c,5a,8f,
   af,f6,e8,07,88,56,54,33,52,42,25,4b,5d,53,5b,46,23,45,5e,49,2a,52,39,59,40,\
"{01CBD72A-E287-4936-A068-38D87314C613}"=hex:2a,d7,cb,01,87,e2,36,49,a0,68,38,
   d8,73,14,c6,13,49,50,51,4c,51,25,31,52,4f,4d,4f,23,39,48,5a,50,43,39,47,42,\
"{2F700208-B937-4E96-A671-0F8555BBD3D5}"=hex:08,02,70,2f,37,b9,96,4e,a6,71,0f,
   85,55,bb,d3,d5,50,40,55,4b,55,25,41,5d,5d,44,59,23,3b,41,56,42,5e,39,46,51,\
"{23BAC515-F401-4931-9E5A-61452BCF7C3A}"=hex:15,c5,ba,23,01,f4,31,49,9e,5a,61,
   45,2b,cf,7c,3a,40,31,56,3f,45,25,59,48,51,3f,3e,23,37,51,46,2a,27,39,51,24,\
"{C1A59100-2E63-4C04-B53A-247312ECEFDD}"=hex:00,91,a5,c1,63,2e,04,4c,b5,3a,24,
   73,12,ec,ef,dd,48,33,40,54,3f,25,50,40,5a,40,35,23,3b,25,5c,5f,2b,39,4f,45,\
"{3CBD5C3C-16B1-4C33-A345-7AC147B8D615}"=hex:3c,5c,bd,3c,b1,16,33,4c,a3,45,7a,
   c1,47,b8,d6,15,3b,3c,3d,52,41,25,50,4c,45,40,58,23,5b,5d,42,25,50,39,57,43,\
"{9E65E6AD-E8E8-4A8D-9E30-32C72D0C7A2B}"=hex:ad,e6,65,9e,e8,e8,8d,4a,9e,30,32,
   c7,2d,0c,7a,2b,41,31,46,50,30,25,4e,38,3e,39,4e,23,4a,26,5d,40,56,39,51,21,\
"{AF6F2169-04C3-47E3-B7CF-4475AB060F5B}"=hex:69,21,6f,af,c3,04,e3,47,b7,cf,44,
   75,ab,06,0f,5b,45,40,4e,4a,4d,25,42,4b,5f,55,43,23,4a,48,5c,2a,58,39,43,45,\
"{DC26FA15-8E14-4EB0-8112-F8E6C93CCBB3}"=hex:15,fa,26,dc,14,8e,b0,4e,81,12,f8,
   e6,c9,3c,cb,b3,4f,42,3d,42,5d,25,4c,33,4c,46,3e,23,5a,48,5f,44,5d,39,52,58,\
"{C5D93F6D-25DD-413B-BBA7-FEDA0B8229B2}"=hex:6d,3f,d9,c5,dd,25,3b,41,bb,a7,fe,
   da,0b,82,29,b2,5b,31,46,32,45,25,48,33,48,5f,39,23,43,46,5b,5c,46,39,56,5b,\
"{C5987856-98EA-4DC4-AE7E-43EF7891ECE6}"=hex:56,78,98,c5,ea,98,c4,4d,ae,7e,43,
   ef,78,91,ec,e6,52,4f,50,50,46,25,3d,48,3f,38,5d,23,3c,53,50,24,59,39,56,52,\
"{EEF84CB2-F5F5-4ED4-8135-6A0BC6F744CC}"=hex:b2,4c,f8,ee,f5,f5,d4,4e,81,35,6a,
   0b,c6,f7,44,cc,41,48,4b,4d,3e,25,45,5c,47,4d,58,23,47,57,28,43,24,39,5b,41,\
"{808A03B7-DE95-4FE7-9AFC-B78DEAB4CF4A}"=hex:b7,03,8a,80,95,de,e7,4f,9a,fc,b7,
   8d,ea,b4,cf,4a,46,53,49,51,31,25,41,3d,43,49,34,23,3d,5e,23,59,41,39,54,4f,\
"{97174DEA-BB10-45C3-A93B-819ACA6E3841}"=hex:ea,4d,17,97,10,bb,c3,45,a9,3b,81,
   9a,ca,6e,38,41,34,51,33,35,55,25,3e,4b,5d,54,5c,23,43,28,29,2b,5b,39,58,2f,\
"{510E34A7-40F1-45E9-80B7-9DDBC6CC6E6A}"=hex:a7,34,0e,51,f1,40,e9,45,80,b7,9d,
   db,c6,cc,6e,6a,40,51,36,53,41,25,3c,5d,33,5c,4a,23,3b,56,49,20,59,39,5e,25,\
"{2986E12B-47E7-489E-9C81-B2E3D4BF44A1}"=hex:2b,e1,86,29,e7,47,9e,48,9c,81,b2,
   e3,d4,bf,44,a1,31,3c,5f,40,51,25,51,5b,5b,5e,4b,23,57,22,5b,42,59,39,26,47,\
"{EE7F98B3-304B-4743-837F-A7A3EDC362F3}"=hex:b3,98,7f,ee,4b,30,43,47,83,7f,a7,
   a3,ed,c3,62,f3,50,52,30,51,4b,25,4b,39,3c,41,4b,23,47,27,43,46,24,39,52,2e,\
"{023E17E1-713D-4516-8832-05B8E70424ED}"=hex:e1,17,3e,02,3d,71,16,45,88,32,05,
   b8,e7,04,24,ed,4e,3c,4e,40,54,25,50,42,5f,44,54,23,58,26,53,4b,50,39,50,55,\
"{AA28A2E5-D0E2-428C-8EE0-17CE7BDFF55E}"=hex:e5,a2,28,aa,e2,d0,8c,42,8e,e0,17,
   ce,7b,df,f5,5e,31,4a,32,3e,49,25,4a,4f,4c,4d,59,23,38,57,44,56,56,39,57,4c,\
"{6BD44877-798C-47CE-8A79-F55DA449DC4F}"=hex:77,48,d4,6b,8c,79,ce,47,8a,79,f5,
   5d,a4,49,dc,4f,4b,57,43,33,53,25,5c,4d,38,58,3f,23,58,5d,40,59,25,39,59,45,\
"{BB897BBC-5681-444B-8C9F-7102B633A144}"=hex:bc,7b,89,bb,81,56,4b,44,8c,9f,71,
   02,b6,33,a1,44,50,4f,56,40,53,25,43,4b,33,40,4a,23,39,48,49,26,5f,39,26,5b,\
"{2D3E1D56-4C40-4AE0-805E-BE7933053321}"=hex:56,1d,3e,2d,40,4c,e0,4a,80,5e,be,
   79,33,05,33,21,5b,46,54,48,31,25,53,50,47,5f,49,23,39,58,40,5f,56,39,4d,22,\
"{6C9ED8EF-580D-4EBE-9F45-FAA24EEA4F4A}"=hex:ef,d8,9e,6c,0d,58,be,4e,9f,45,fa,
   a2,4e,ea,4f,4a,4f,43,36,45,33,25,4f,53,5b,4f,5d,23,44,54,57,54,43,39,44,5c,\
"{7EB348D2-86FD-4FA3-B17A-BCFBA9436034}"=hex:d2,48,b3,7e,fd,86,a3,4f,b1,7a,bc,
   fb,a9,43,60,34,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"{3B3C3B20-F6B0-4036-BFDF-8225F185B3A5}"=hex:20,3b,3c,3b,b0,f6,36,40,bf,df,82,
   25,f1,85,b3,a5,59,46,4e,33,46,25,4f,39,32,58,45,23,5d,51,5f,45,2b,39,4c,42,\
"{00078498-231E-46BB-845A-70CB1AC3868F}"=hex:98,84,07,00,1e,23,bb,46,84,5a,70,
   cb,1a,c3,86,8f,52,3d,40,4d,41,25,48,3c,4c,5e,4f,23,3b,24,26,59,40,39,5f,2f,\
"{2F02C198-8640-4443-B854-4CEBC2E29BBC}"=hex:98,c1,02,2f,40,86,43,44,b8,54,4c,
   eb,c2,e2,9b,bc,52,4e,4d,51,4c,25,47,38,4d,4a,46,23,3b,25,50,26,47,39,53,4f,\
"{9E9BB2CE-914A-4D5A-A259-D03A1A7EAB60}"=hex:ce,b2,9b,9e,4a,91,5a,4d,a2,59,d0,
   3a,1a,7e,ab,60,55,42,41,4b,44,25,4e,44,47,5b,4f,23,5b,22,5d,25,58,39,4c,42,\
"{31D9F090-B1BE-41C5-8CF4-90FD014B4B87}"=hex:90,f0,d9,31,be,b1,c5,41,8c,f4,90,
   fd,01,4b,4b,87,55,53,57,52,5f,25,59,48,52,3e,40,23,39,29,56,4b,49,39,52,5a,\
"{96031E17-77C4-4E4B-BEE0-61049EE9FE26}"=hex:17,1e,03,96,c4,77,4b,4e,be,e0,61,
   04,9e,e9,fe,26,4d,51,50,33,41,25,3c,5e,3e,49,45,23,5d,40,55,5e,56,39,2d,2f,\
"{82090C9B-8421-4392-A42C-6B83B34EF905}"=hex:9b,0c,09,82,21,84,92,43,a4,2c,6b,
   83,b3,4e,f9,05,36,56,32,3e,40,25,43,46,3e,49,54,23,3b,58,52,48,46,39,44,23,\
"{AA3D4EE3-AE24-4A78-B4B0-25B30B16F1A4}"=hex:e3,4e,3d,aa,24,ae,78,4a,b4,b0,25,
   b3,0b,16,f1,a4,41,57,56,4d,4c,25,5d,33,3f,35,4a,23,37,57,47,48,44,39,4f,25,\
"{1D7F1820-F9A4-46C6-BE3B-DBD1270DC7CC}"=hex:20,18,7f,1d,a4,f9,c6,46,be,3b,db,
   d1,27,0d,c7,cc,46,48,37,3f,46,25,3a,47,5b,5a,38,23,56,26,5b,2a,45,39,4d,5e,\
"{569E995A-7BDA-42F0-A7B9-DD50FD7C8393}"=hex:5a,99,9e,56,da,7b,f0,42,a7,b9,dd,
   50,fd,7c,83,93,46,55,51,45,49,25,5b,4d,47,4a,5d,23,5e,5e,40,51,5f,39,56,24,\
"{E4652E6A-4FB1-431A-BA15-64F9C408A763}"=hex:6a,2e,65,e4,b1,4f,1a,43,ba,15,64,
   f9,c4,08,a7,63,37,42,5c,4e,4a,25,3b,5f,43,47,35,23,39,40,5b,43,47,39,45,5a,\
"{E0514059-C436-4A0E-AD9B-D1E38C329D43}"=hex:59,40,51,e0,36,c4,0e,4a,ad,9b,d1,
   e3,8c,32,9d,43,5b,5e,44,35,52,25,44,4d,4f,3f,39,23,43,52,55,5c,2b,39,59,5e,\
"{B27F7410-DDE5-4B83-9F9A-A1F8F46A2658}"=hex:10,74,7f,b2,e5,dd,83,4b,9f,9a,a1,
   f8,f4,6a,26,58,49,5d,4e,34,4d,25,59,46,5e,49,46,23,48,24,47,2a,5f,39,26,4f,\
"{85CFA6BC-5872-4699-ADE5-BE66036A2DB6}"=hex:bc,a6,cf,85,72,58,99,46,ad,e5,be,
   66,03,6a,2d,b6,56,55,5c,33,30,25,4a,38,41,3a,38,23,5d,5d,5c,55,43,39,45,20,\
.
[HKEY_USERS\S-1-5-21-3593448-2607145816-902021984-1001\Software\Microsoft\Metro\AppCompat]
@Denied: (A) (Everyone)
"{96031E17-77C4-4E4B-BEE0-61049EE9FE26}"=hex:17,1e,03,96,c4,77,4b,4e,be,e0,61,
   04,9e,e9,fe,26,4d,51,50,33,41,25,3c,5e,3e,49,45,23,5d,40,55,5e,56,39,2d,2f,\
"{82090C9B-8421-4392-A42C-6B83B34EF905}"=hex:9b,0c,09,82,21,84,92,43,a4,2c,6b,
   83,b3,4e,f9,05,36,56,32,3e,40,25,43,46,3e,49,54,23,3b,58,52,48,46,39,44,23,\
"{AA3D4EE3-AE24-4A78-B4B0-25B30B16F1A4}"=hex:e3,4e,3d,aa,24,ae,78,4a,b4,b0,25,
   b3,0b,16,f1,a4,41,57,56,4d,4c,25,5d,33,3f,35,4a,23,37,57,47,48,44,39,4f,25,\
"{1D7F1820-F9A4-46C6-BE3B-DBD1270DC7CC}"=hex:20,18,7f,1d,a4,f9,c6,46,be,3b,db,
   d1,27,0d,c7,cc,46,48,37,3f,46,25,3a,47,5b,5a,38,23,56,26,5b,2a,45,39,4d,5e,\
"{569E995A-7BDA-42F0-A7B9-DD50FD7C8393}"=hex:5a,99,9e,56,da,7b,f0,42,a7,b9,dd,
   50,fd,7c,83,93,46,55,51,45,49,25,5b,4d,47,4a,5d,23,5e,5e,40,51,5f,39,56,24,\
"{E4652E6A-4FB1-431A-BA15-64F9C408A763}"=hex:6a,2e,65,e4,b1,4f,1a,43,ba,15,64,
   f9,c4,08,a7,63,37,42,5c,4e,4a,25,3b,5f,43,47,35,23,39,40,5b,43,47,39,45,5a,\
"{E0514059-C436-4A0E-AD9B-D1E38C329D43}"=hex:59,40,51,e0,36,c4,0e,4a,ad,9b,d1,
   e3,8c,32,9d,43,5b,5e,44,35,52,25,44,4d,4f,3f,39,23,43,52,55,5c,2b,39,59,5e,\
"{B27F7410-DDE5-4B83-9F9A-A1F8F46A2658}"=hex:10,74,7f,b2,e5,dd,83,4b,9f,9a,a1,
   f8,f4,6a,26,58,49,5d,4e,34,4d,25,59,46,5e,49,46,23,48,24,47,2a,5f,39,26,4f,\
"{85CFA6BC-5872-4699-ADE5-BE66036A2DB6}"=hex:bc,a6,cf,85,72,58,99,46,ad,e5,be,
   66,03,6a,2d,b6,56,55,5c,33,30,25,4a,38,41,3a,38,23,5d,5d,5c,55,43,39,45,20,\
.
[HKEY_USERS\S-1-5-21-3593448-2607145816-902021984-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\DlgInfo]
@Denied: (A) (Everyone)
"{82090C9B-8421-4392-A42C-6B83B34EF905}"=hex:9b,0c,09,82,21,84,92,43,a4,2c,6b,
   83,b3,4e,f9,05,36,56,32,3e,40,25,43,46,3e,49,54,23,3b,58,52,48,46,39,44,23,\
"{AA3D4EE3-AE24-4A78-B4B0-25B30B16F1A4}"=hex:e3,4e,3d,aa,24,ae,78,4a,b4,b0,25,
   b3,0b,16,f1,a4,41,57,56,4d,4c,25,5d,33,3f,35,4a,23,37,57,47,48,44,39,4f,25,\
"{1D7F1820-F9A4-46C6-BE3B-DBD1270DC7CC}"=hex:20,18,7f,1d,a4,f9,c6,46,be,3b,db,
   d1,27,0d,c7,cc,46,48,37,3f,46,25,3a,47,5b,5a,38,23,56,26,5b,2a,45,39,4d,5e,\
"{569E995A-7BDA-42F0-A7B9-DD50FD7C8393}"=hex:5a,99,9e,56,da,7b,f0,42,a7,b9,dd,
   50,fd,7c,83,93,46,55,51,45,49,25,5b,4d,47,4a,5d,23,5e,5e,40,51,5f,39,56,24,\
"{E4652E6A-4FB1-431A-BA15-64F9C408A763}"=hex:6a,2e,65,e4,b1,4f,1a,43,ba,15,64,
   f9,c4,08,a7,63,37,42,5c,4e,4a,25,3b,5f,43,47,35,23,39,40,5b,43,47,39,45,5a,\
"{E0514059-C436-4A0E-AD9B-D1E38C329D43}"=hex:59,40,51,e0,36,c4,0e,4a,ad,9b,d1,
   e3,8c,32,9d,43,5b,5e,44,35,52,25,44,4d,4f,3f,39,23,43,52,55,5c,2b,39,59,5e,\
"{B27F7410-DDE5-4B83-9F9A-A1F8F46A2658}"=hex:10,74,7f,b2,e5,dd,83,4b,9f,9a,a1,
   f8,f4,6a,26,58,49,5d,4e,34,4d,25,59,46,5e,49,46,23,48,24,47,2a,5f,39,26,4f,\
"{85CFA6BC-5872-4699-ADE5-BE66036A2DB6}"=hex:bc,a6,cf,85,72,58,99,46,ad,e5,be,
   66,03,6a,2d,b6,56,55,5c,33,30,25,4a,38,41,3a,38,23,5d,5d,5c,55,43,39,45,20,\
.
[HKEY_USERS\S-1-5-21-3593448-2607145816-902021984-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\tif*S@Ä~Ô]
"0"=hex:14,00,1f,58,0d,1a,2c,f0,21,be,50,43,88,b0,73,67,fc,96,ef,3c,b7,00,00,
   00,b1,00,bb,af,93,3b,a3,00,04,00,00,00,00,00,45,00,00,00,31,53,50,53,30,f1,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
e:\program files (x86)\APC\PowerChute Personal Edition\mainserv.exe
c:\program files (x86)\ArcGIS\License10.1\bin\ARCGIS.exe
c:\windows\system32\hasplms.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
e:\program files (x86)\Spiceworks\bin\spiceworks.exe
c:\program files (x86)\MegaRAID Storage Manager\Framework\VivaldiFramework.exe
e:\program files (x86)\Spiceworks\httpd\bin\spiceworks-httpd.exe
c:\program files (x86)\MegaRAID Storage Manager\JRE\bin\javaw.exe
e:\program files (x86)\Spiceworks\httpd\bin\spiceworks-httpd.exe
c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-07-15  09:47:10 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-15 14:47
.
Pre-Run: 130,106,744,832 bytes free
Post-Run: 129,630,871,552 bytes free
.
- - End Of File - - D046773D50110F0C0647E549CE920376
5C616939100B85E558DA92B899A0FC36
 



#4 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,405 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 15 July 2013 - 10:17 AM

I think so. :)

One additional scan, please:

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#5 garryd

garryd

    New Member

  • Members
  • Pip
  • 3 posts

Posted 15 July 2013 - 12:18 PM

I did as you directed - ESET found/cleaned 4 threats - see below.  See anything interesting?  What's next?

 

C:\Users\Garry O. Dent\Downloads\CodecPack.exe    Win32/InstallCore.BN application    cleaned by deleting - quarantined
C:\Users\Garry O. Dent\Downloads\CPP-ProductKeyFinder.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Users\Garry O. Dent\Downloads\MediaInfo_GUI_0.7.63_Windows.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Users\Garry O. Dent\Downloads\Upgrade.exe    a variant of Win32/AirAdInstaller.A application    cleaned by deleting - quarantined
 



#6 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,405 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 15 July 2013 - 12:24 PM

See anything interesting?


Yes and you? If you noticed everything is in the download folder, which means that you even get them downloaded. This means that you should be more careful what you download.

What's next?


Tell me how are things now.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#7 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,183 posts
  • Gender:Male
  • Location:US

Posted 23 July 2013 - 01:39 AM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users