Need to check wether my computer is clean

[Quinny]

Hi,Mod Ade Gill recommended i post my problem here.Here's a link to

my previous thread with Ade to explain my problem http://forums.malwarebytes.org/index.php?showtopic=109520

[Elise]

Hello and

We need to see some information about what is happening in your machine. Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.scr
    
  • DDS.pif
    

  [*]Double click on the DDS icon, allow it to run.

  [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

  [*]Notepad will open with the results.

  [*]Follow the instructions that pop up for posting the results.

  [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

[Quinny]

Hi Elise,Thanks for your help.Heres the DDS logfile you asked for.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Neil at 10:37:11 on 2012-05-06

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8106.6431 [GMT 1:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

C:\windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\ProgramData\TVersity\Media Server\MediaServer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\taskhost.exe

C:\windows\system32\taskeng.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe

C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe

C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe

C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\hkcmd.exe

C:\windows\system32\igfxtray.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\igfxpers.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\windows\system32\sppsvc.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe

C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\SysWOW64\ctfmon.exe

C:\windows\system32\igfxsrvc.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = https://www.google.co.uk/

uDefault_Page_URL = hxxp://samsung.msn.com

mStart Page = hxxp://samsung.msn.com

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Adblock Pro: {f385c231-605b-4d8f-aca9-dbff765bbe17} - C:\Program Files (x86)\Adblock Pro\AdblockPro.dll

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &Block This Image (ABP) - C:\Program Files (x86)\Adblock Pro\blockimg.html

IE: Locate Spot on Map by GPS - C:\Program Files (x86)\Opanda\IExif 2.3\IExifMap.htm

IE: Open with KUSO EXIF Viewer - C:\Program Files (x86)\KUSO EXIF Viewer\EXIF.htm

IE: View Exif/GPS/IPTC with IExif - C:\Program Files (x86)\Opanda\IExif 2.3\IExifCom.htm

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - {7685B225-8229-4321-BA13-A24485B0A760} - C:\Program Files (x86)\Adblock Pro\AdblockPro.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{30D7C833-E5FA-4C80-A89C-D88799B00E4D} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{634F58AA-51C2-4F17-94C0-E3E8CAC070A4} : DhcpNameServer = 192.168.42.129

TCP: Interfaces\{B1496528-5631-48D7-94C8-14649ACC7785} : DhcpNameServer = 192.168.43.1

TCP: Interfaces\{B1496528-5631-48D7-94C8-14649ACC7785}\244584572633D223B423E4 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{B1496528-5631-48D7-94C8-14649ACC7785}\244584F6D65684572623D235733525 : DhcpNameServer = 192.168.1.254

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Adblock Pro: {F385C231-605B-4d8f-ACA9-DBFF765BBE17} - C:\Program Files (x86)\Adblock Pro\AdblockPro.dll

BHO-X64: Adblock Pro - No File

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

AppInit_DLLs-X64: C:\windows\SysWOW64\nvinit.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\47p9cgo9.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

.

============= SERVICES / DRIVERS ===============

.

R0 nvpciflt;nvpciflt;C:\windows\system32\DRIVERS\nvpciflt.sys --> C:\windows\system32\DRIVERS\nvpciflt.sys [?]

R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]

R1 aswSnx;aswSnx;C:\windows\system32\drivers\aswSnx.sys --> C:\windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\windows\system32\drivers\aswSP.sys --> C:\windows\system32\drivers\aswSP.sys [?]

R1 CLVirtualDrive;CLVirtualDrive;C:\windows\system32\DRIVERS\CLVirtualDrive.sys --> C:\windows\system32\DRIVERS\CLVirtualDrive.sys [?]

R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2012/02/26 12:36:46];C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-12-29 146928]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-4-21 1136640]

R2 aswFsBlk;aswFsBlk;C:\windows\system32\drivers\aswFsBlk.sys --> C:\windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\windows\system32\drivers\aswMonFlt.sys --> C:\windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-4-19 44768]

R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-30 923984]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-30 1001808]

R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-4-21 134928]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-2-19 161560]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-12 654408]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-11 1997416]

R2 SGDrv;SGDrv;C:\windows\system32\DRIVERS\SGdrv64.sys --> C:\windows\system32\DRIVERS\SGdrv64.sys [?]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-11 363800]

R3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;C:\windows\system32\DRIVERS\AMPPAL.sys --> C:\windows\system32\DRIVERS\AMPPAL.sys [?]

R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\system32\DRIVERS\btmaux.sys --> C:\windows\system32\DRIVERS\btmaux.sys [?]

R3 btmhsf;btmhsf;C:\windows\system32\DRIVERS\btmhsf.sys --> C:\windows\system32\DRIVERS\btmhsf.sys [?]

R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]

R3 iBtFltCoex;iBtFltCoex;C:\windows\system32\DRIVERS\iBtFltCoex.sys --> C:\windows\system32\DRIVERS\iBtFltCoex.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]

R3 LVRS64;Logitech RightSound Filter Driver;C:\windows\system32\DRIVERS\lvrs64.sys --> C:\windows\system32\DRIVERS\lvrs64.sys [?]

R3 LVUVC64;Logitech HD Webcam C270(UVC);C:\windows\system32\DRIVERS\lvuvc64.sys --> C:\windows\system32\DRIVERS\lvuvc64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface ;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 257696]

S3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;C:\windows\system32\DRIVERS\amppal.sys --> C:\windows\system32\DRIVERS\amppal.sys [?]

S3 AmUStor;AM USB Stroage Driver;C:\windows\system32\drivers\AmUStor.SYS --> C:\windows\system32\drivers\AmUStor.SYS [?]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\windows\system32\Drivers\ssadadb.sys --> C:\windows\system32\Drivers\ssadadb.sys [?]

S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-30 1321296]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-29 129976]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\windows\system32\DRIVERS\ssadbus.sys --> C:\windows\system32\DRIVERS\ssadbus.sys [?]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\windows\system32\DRIVERS\ssadmdfl.sys --> C:\windows\system32\DRIVERS\ssadmdfl.sys [?]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\windows\system32\DRIVERS\ssadmdm.sys --> C:\windows\system32\DRIVERS\ssadmdm.sys [?]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\windows\system32\DRIVERS\ssadserd.sys --> C:\windows\system32\DRIVERS\ssadserd.sys [?]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-05-05 21:29:24 -------- d-----w- C:\Users\Neil\AppData\Local\{B6B0D3D5-2F63-449C-9251-72D8B5BA105A}

2012-05-05 18:40:53 -------- d-----w- C:\Users\Neil\AppData\Local\Opera

2012-05-05 13:36:01 -------- d-----w- C:\Users\Neil\AppData\Local\{F5E56417-8242-4F10-87B2-A94B3D06F2EC}

2012-05-05 08:57:55 -------- d-----w- C:\Users\Neil\AppData\Local\{8B1A73E7-D3F7-4C22-BE74-8E5F83F0A13F}

2012-05-04 12:09:07 -------- d-----w- C:\Users\Neil\AppData\Local\{70E83A7A-0EAA-49DE-9D1C-37021BF50BD0}

2012-05-04 12:08:46 -------- d-----w- C:\Users\Neil\AppData\Local\{174CA891-5893-4308-BF72-A4688F2DC60A}

2012-05-04 09:22:28 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AAD7C4EF-9408-425A-A3AD-0B295044C022}\mpengine.dll

2012-05-03 14:28:06 -------- d-----w- C:\Users\Neil\AppData\Local\{98EE3782-08CD-4D64-8982-8F7F8646A87E}

2012-05-03 09:10:23 -------- d-----w- C:\Users\Neil\AppData\Local\{4925557D-5D29-4B17-90E0-EEB1DCCA2F34}

2012-05-03 09:10:02 -------- d-----w- C:\Users\Neil\AppData\Local\{4A3E8EB1-1E53-4189-8F2C-37ADE0FD5648}

2012-05-03 08:08:10 -------- d-----w- C:\Users\Neil\AppData\Local\{1A7BF56A-749E-4C94-8E39-197E2537CACB}

2012-05-03 08:07:49 -------- d-----w- C:\Users\Neil\AppData\Local\{AA834159-EA3C-4157-8E7B-52851F7E4469}

2012-05-03 08:07:49 -------- d-----w- C:\Users\Neil\AppData\Local\{8C9F2AA4-F666-49D1-B7E7-0582AB32BCA7}

2012-05-02 18:06:21 -------- d-----w- C:\Users\Neil\AppData\Local\{E040B163-938D-4048-9A6A-541C6ED1C695}

2012-05-02 18:06:00 -------- d-----w- C:\Users\Neil\AppData\Local\{12F12409-4FAF-445B-9903-8A13100D969B}

2012-05-02 10:18:11 -------- d-----w- C:\Users\Neil\AppData\Local\{10171DD5-ED02-4E50-8D7C-0F4B4AA13717}

2012-05-02 08:24:23 -------- d-----w- C:\Users\Neil\AppData\Local\{8624CEB1-9384-4BE9-8220-550F0D931C92}

2012-05-01 10:46:52 -------- d-----w- C:\Users\Neil\AppData\Local\{92717703-FAAA-4CB0-850D-AE63611C050A}

2012-05-01 10:46:31 -------- d-----w- C:\Users\Neil\AppData\Local\{978A6B44-E05F-4406-8432-0F4B28F31337}

2012-05-01 09:55:30 -------- d-----w- C:\Users\Neil\AppData\Local\{15FFEF76-F16D-4F0C-9226-68E42C0C06DF}

2012-05-01 08:46:12 -------- d-----w- C:\Users\Neil\AppData\Local\{4F59A07B-2A44-449F-BFE5-68503068181B}

2012-04-30 14:59:07 74344 ----a-w- C:\windows\System32\RtNicProp64.dll

2012-04-30 14:59:07 685672 ----a-w- C:\windows\System32\drivers\Rt64win7.sys

2012-04-30 09:43:07 -------- d-----w- C:\Users\Neil\AppData\Local\{C4AFB9E4-7C8D-4B4D-AA38-993E108EE29A}

2012-04-30 09:42:44 -------- d-----w- C:\Users\Neil\AppData\Local\{C6345EF3-0081-44D6-B350-C2CB310D8F29}

2012-04-30 01:37:32 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

2012-04-29 13:19:15 -------- d-----w- C:\Users\Neil\AppData\Local\{777B50D7-54B9-4FFF-8287-9F168B0386DF}

2012-04-29 13:18:53 -------- d-----w- C:\Users\Neil\AppData\Local\{0A59FE3D-3FAC-4301-ACD9-D7D644C74713}

2012-04-29 10:56:40 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2012-04-29 10:56:34 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-04-29 10:56:34 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-04-28 23:32:48 -------- d-----w- C:\ProgramData\Licenses

2012-04-28 23:31:52 -------- d-----w- C:\Program Files (x86)\Common Files\HDX4

2012-04-28 23:10:08 -------- d-----w- C:\Users\Neil\AppData\Local\{C76769E8-79D9-4620-BADE-AB3E00B65B50}

2012-04-28 23:07:00 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2

2012-04-28 22:58:24 -------- d-----w- C:\Users\Neil\AppData\Local\{F02240EB-4900-495F-AD6D-18D81521D87A}

2012-04-28 09:00:36 -------- d-----w- C:\Users\Neil\AppData\Local\Logitech® Webcam Software

2012-04-28 08:57:23 53248 ----a-r- C:\Users\Neil\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2012-04-28 08:56:41 -------- d-----w- C:\Program Files (x86)\Common Files\LWS

2012-04-28 08:16:43 -------- d-----w- C:\Users\Neil\AppData\Local\{36D223E7-8827-4FD3-9C99-5A23800FD49C}

2012-04-28 08:16:11 -------- d-----w- C:\Users\Neil\AppData\Local\{4ABB0D21-AF9F-4E40-8552-E46460000CDF}

2012-04-27 09:47:57 -------- d-----w- C:\Users\Neil\AppData\Local\{47445596-4435-41A6-83F9-742C464E03C2}

2012-04-27 09:47:35 -------- d-----w- C:\Users\Neil\AppData\Local\{A6724596-5BF0-4886-A782-A269F9D87A47}

2012-04-26 21:43:12 -------- d-----w- C:\Users\Neil\AppData\Local\{B2B0CDEC-03EF-4D56-A6A2-1A4A88AF9EB4}

2012-04-26 21:42:50 -------- d-----w- C:\Users\Neil\AppData\Local\{B3693954-2CFF-4CD2-92B0-00B6D6F7CABB}

2012-04-26 20:45:50 -------- d-----w- C:\Users\Neil\AppData\Local\{7E4F18AA-B73C-436C-8F6A-1BD4C2AA7719}

2012-04-26 20:42:57 -------- d-----w- C:\Users\Neil\AppData\Local\{56A867A2-1B8D-4112-BAC1-8F5E0E1D5614}

2012-04-26 20:42:00 -------- d-----w- C:\windows\en

2012-04-26 20:41:27 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2012-04-26 20:36:54 7450888 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4f2d9e381cd23ec44\bingbarsetup.exe

2012-04-26 20:36:25 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3ff789151cd23ec36\MeshBetaRemover.exe

2012-04-26 20:35:56 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2e6b14681cd23ec28\DSETUP.dll

2012-04-26 20:35:56 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2e6b14681cd23ec28\DXSETUP.exe

2012-04-26 20:35:56 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2e6b14681cd23ec28\dsetup32.dll

2012-04-26 20:35:55 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2e260c801cd23ec27\DSETUP.dll

2012-04-26 20:35:55 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2e260c801cd23ec27\DXSETUP.exe

2012-04-26 20:35:55 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2e260c801cd23ec27\dsetup32.dll

2012-04-26 20:34:59 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

2012-04-26 16:20:33 -------- d-----w- C:\Users\Neil\AppData\Local\LogMeIn Rescue Applet

2012-04-26 14:02:10 -------- d-----w- C:\Users\Neil\AppData\Local\{A0EE8A3A-F140-421C-B511-CA542F3474CB}

2012-04-26 10:56:05 -------- d-----w- C:\Users\Neil\AppData\Local\{8A8E0A59-6CA4-4896-BE7D-248E417DFB34}

2012-04-26 10:20:50 -------- d-----w- C:\Program Files (x86)\Common Files\Motive

2012-04-26 10:20:47 -------- d-----w- C:\Program Files\Common Files\Motive

2012-04-26 10:10:03 -------- d-----w- C:\Users\Neil\AppData\Local\{75796D7F-E4D3-4C19-9DB9-9374AA41F8AE}

2012-04-26 08:24:21 -------- d-----w- C:\Users\Neil\AppData\Local\{1907EE65-63E6-4654-8D76-AD5A0EB377F1}

2012-04-25 22:00:33 -------- d-----w- C:\Users\Neil\AppData\Local\{7CF8799A-92ED-45D6-BADA-F7991617DADA}

2012-04-25 20:32:45 -------- d-----w- C:\Users\Neil\AppData\Local\{3157B5D9-ECD6-434E-A9D6-8D10AC1153BF}

2012-04-25 20:15:00 -------- d-----w- C:\Users\Neil\AppData\Local\{5933BF0B-68B3-43E3-900D-0E5BE4516CEA}

2012-04-25 20:05:51 -------- d-----w- C:\Users\Neil\AppData\Local\{3862B6A4-2642-4574-AC28-6AE90EA44CCE}

2012-04-25 17:10:12 -------- d-----w- C:\Users\Neil\AppData\Local\{839BAE80-98FF-4B60-9064-A92C9BE2A143}

2012-04-25 17:07:26 -------- d-----w- C:\Users\Neil\AppData\Local\{10423369-AF70-4EFC-9464-CD3499D6B674}

2012-04-25 15:20:07 -------- d-----w- C:\Program Files (x86)\Microsoft

2012-04-25 15:18:53 -------- d-----w- C:\Users\Neil\AppData\Local\Windows Live

2012-04-25 14:38:24 -------- d-----w- C:\Users\Neil\AppData\Local\{8C001536-D9FB-4DF6-997B-5952C8E43A2A}

2012-04-25 14:38:14 -------- d-----w- C:\Users\Neil\AppData\Local\{4E3EE9EF-DC88-4CB6-824F-42AB024388FA}

2012-04-25 12:59:01 -------- d-----w- C:\Users\Neil\AppData\Local\{95359A50-0131-4A78-A6F7-FF475F231E62}

2012-04-25 12:58:51 -------- d-----w- C:\Users\Neil\AppData\Local\{C70A67A1-C5F7-41C5-ACCA-5E4DE13F5059}

2012-04-25 12:58:19 -------- d-----w- C:\Users\Neil\AppData\Local\{0CAE1857-FB44-474F-8483-A1052E426380}

2012-04-25 12:57:56 -------- d-----w- C:\Users\Neil\AppData\Local\{752445FE-2490-4FD3-B3A5-DB8C903C95D0}

2012-04-25 12:55:15 -------- d-----w- C:\Users\Neil\AppData\Local\{DED70750-1526-4276-B2AA-013D0C0D155C}

2012-04-25 12:54:54 -------- d-----w- C:\Users\Neil\AppData\Local\{55974075-863F-4D3B-A00C-503A6EC87D99}

2012-04-25 11:47:09 -------- d-----w- C:\Users\Neil\AppData\Local\{84ABB32F-5C26-4913-9895-E422027185BD}

2012-04-25 11:46:47 -------- d-----w- C:\Users\Neil\AppData\Local\{FCD74860-9488-415E-8798-842E05F60DA2}

2012-04-25 08:27:12 -------- d-----w- C:\Users\Neil\AppData\Local\{7DCF7709-5814-4575-BDA8-4FB918437532}

2012-04-25 08:26:50 -------- d-----w- C:\Users\Neil\AppData\Local\{3AB11883-2058-45CF-A954-2BE581F5824C}

2012-04-24 21:55:17 -------- d-----w- C:\Users\Neil\AppData\Local\{6AA8F7BD-970C-4380-8CA8-F749363DD8B7}

2012-04-24 21:54:55 -------- d-----w- C:\Users\Neil\AppData\Local\{11A055DF-854F-486C-BDD1-8C23A4CCCBB6}

2012-04-24 21:05:09 -------- d-----w- C:\Users\Neil\AppData\Local\{E4B3F5F1-D3A8-465A-8BE0-E00C572D4D6D}

2012-04-24 21:04:59 -------- d-----w- C:\Users\Neil\AppData\Local\{3064BDB5-3BA4-4328-B022-D6C2F0584A14}

2012-04-24 19:29:51 -------- d-----w- C:\Users\Neil\AppData\Local\{FC7470D1-FDA0-4641-A14A-A0C884129C0C}

2012-04-24 18:56:19 -------- d-----w- C:\Users\Neil\AppData\Local\{B07912BB-0D49-4882-AEBF-C8650E34D380}

2012-04-24 18:44:25 -------- d-----w- C:\Users\Neil\AppData\Local\{A20D9BFE-037C-4884-815C-0CFFDE8EF5B8}

2012-04-24 18:37:50 -------- d-----w- C:\Users\Neil\AppData\Local\{1B32DA9A-8DA7-414F-A47C-24E780FB55B4}

2012-04-24 18:37:40 -------- d-----w- C:\Users\Neil\AppData\Local\{1F725B3D-04D3-4F05-9346-E1DD1A392774}

2012-04-24 18:35:05 -------- d-----w- C:\Users\Neil\AppData\Local\{2A845298-518F-4D9F-BD00-7EC74BA3E83E}

2012-04-24 18:34:44 -------- d-----w- C:\Users\Neil\AppData\Local\{82928FAD-1DA5-463A-896E-D592444617D8}

2012-04-24 15:44:02 -------- d-----w- C:\Users\Neil\AppData\Local\{6AE99BA2-D7AA-4391-9E02-97CC267D7E0E}

2012-04-24 15:38:59 -------- d-----w- C:\Users\Neil\Tracing

2012-04-24 15:36:02 -------- d-----w- C:\Users\Neil\AppData\Local\{98C44735-5196-4BB1-BA5F-9B3B1EA83B1D}

2012-04-24 15:35:53 -------- d-----w- C:\Users\Neil\AppData\Local\{14BBB50E-1C70-4EAE-A40A-B4531A21EC6D}

2012-04-24 15:05:53 -------- d-----w- C:\Users\Neil\AppData\Local\{2BACEA08-DB47-45A3-AECB-C9049ED538B2}

2012-04-24 14:42:49 -------- d-----w- C:\Users\Neil\AppData\Local\{540407FE-8C53-431E-9876-ED72AADC8577}

2012-04-24 07:44:09 -------- d-----w- C:\Users\Neil\AppData\Local\{7825BD4A-3BF0-4D7A-B0C8-194C7D8F0AFA}

2012-04-23 20:47:01 -------- d-----w- C:\Users\Neil\AppData\Local\{00629B15-885C-4CEA-B42C-DD0112CAB19F}

2012-04-23 08:49:07 -------- d-----w- C:\windows\Downloaded Installations

2012-04-23 08:47:39 -------- d-----w- C:\ProgramData\Contents

2012-04-23 08:47:39 -------- d-----w- C:\ProgramData\Cocoa

2012-04-23 08:35:22 -------- d-----w- C:\Users\Neil\AppData\Local\{E5653C19-781A-4A8C-9C10-4C737F3232E4}

2012-04-22 14:26:30 -------- d-----w- C:\Users\Neil\AppData\Local\{E0DEA8CF-5801-4132-B743-ACC602D1FEF9}

2012-04-22 12:17:29 -------- d-----w- C:\Users\Neil\AppData\Local\{EDFC0F21-4EF1-4DE1-A986-41F998136492}

2012-04-22 10:43:23 -------- d-----w- C:\Users\Neil\AppData\Local\{A538198B-128E-4C54-B2D0-844E74A2ECB6}

2012-04-22 10:43:02 -------- d-----w- C:\Users\Neil\AppData\Local\{1A483AAE-3343-4052-A8E4-14AF0373A50A}

2012-04-21 21:40:20 -------- d-----w- C:\Users\Neil\AppData\Local\{2B6C1F14-12E3-41CB-AD7D-95AB10CF655F}

2012-04-21 19:47:26 -------- d-----w- C:\Users\Neil\AppData\Local\{A6884E4D-A8D5-4A6E-98E0-1C67BC6A39BA}

2012-04-21 18:37:33 -------- d-----w- C:\Users\Neil\AppData\Local\{729422CF-C7B0-4708-B88B-81EF59B6F4B1}

2012-04-21 12:33:40 -------- d-----w- C:\Users\Neil\AppData\Local\{4C94D428-C3EC-47E2-8E40-4B40CD23EB03}

2012-04-21 10:45:56 -------- d-----w- C:\Users\Neil\AppData\Local\{27E4A266-6B49-4A7D-82E1-F33A942BDB87}

2012-04-20 18:25:04 -------- d-----w- C:\Users\Neil\AppData\Local\{AA5C1D8D-0606-495B-8F20-E76F2DEFF56A}

2012-04-20 11:28:37 -------- d-----w- C:\Program Files (x86)\Qimage

2012-04-20 09:45:14 -------- d-----w- C:\Users\Neil\AppData\Local\{4EA268B9-F5C8-4334-87EC-FFBC6B535DBA}

2012-04-19 21:35:09 -------- d-----w- C:\Users\Neil\AppData\Local\{24BE1010-4CC3-428A-934A-4F8023AC45EB}

2012-04-19 21:03:29 53080 ----a-w- C:\windows\System32\drivers\aswRdr2.sys

2012-04-19 21:03:28 819032 ----a-w- C:\windows\System32\drivers\aswSnx.sys

2012-04-19 21:03:28 69976 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys

2012-04-19 21:03:08 41184 ----a-w- C:\windows\avastSS.scr

2012-04-19 21:02:59 -------- d-----w- C:\ProgramData\AVAST Software

2012-04-19 21:02:59 -------- d-----w- C:\Program Files\AVAST Software

2012-04-19 19:47:00 -------- d-----w- C:\Users\Neil\AppData\Local\{DC3DC791-43EA-40BA-9C7C-8CE08D7F84E9}

2012-04-19 17:38:48 -------- d-----w- C:\Users\Neil\AppData\Local\{8EEEF20C-5C55-467D-8F93-B0A50E3DEFEB}

2012-04-19 17:34:17 -------- d-----w- C:\ProgramData\UDL

2012-04-19 16:25:50 -------- d-----w- C:\Users\Neil\AppData\Local\{84673317-0C9A-4A16-A8AD-6965D8469AA3}

2012-04-19 11:09:53 -------- d-----w- C:\Users\Neil\AppData\Local\{564C8933-E875-41FC-9BE3-DC2E9C97CC7B}

2012-04-19 10:32:36 -------- d-----w- C:\Users\Neil\AppData\Local\{0BB83671-C0D3-416C-A692-0AEA4BF19B88}

2012-04-19 09:47:50 -------- d-----w- C:\Users\Neil\AppData\Local\{6C8FB813-3C9B-4066-83CA-5AFBEFD50920}

2012-04-18 18:39:16 -------- d-----w- C:\Users\Neil\AppData\Local\Corel

2012-04-18 18:32:36 -------- d-----w- C:\Program Files (x86)\Corel

2012-04-18 13:39:00 -------- d-----w- C:\Users\Neil\AppData\Local\{A95D3654-E9CB-4738-8DDC-9D78844A538D}

2012-04-17 20:32:33 -------- d-----w- C:\Program Files (x86)\Common Files\Remote Control USB Driver

2012-04-17 18:27:14 -------- d-----w- C:\Users\Neil\AppData\Local\{8B8F00A4-28BF-4D02-BE90-12CD6DAABACA}

2012-04-17 17:04:01 -------- d-----w- C:\Users\Neil\AppData\Local\{0DC4E902-C1E7-4AEF-B1C0-D3EEA57CE60E}

2012-04-17 17:03:40 -------- d-----w- C:\Users\Neil\AppData\Local\{C9CB0EA3-2005-4498-A583-B8DA102AEDB3}

2012-04-17 11:08:20 -------- d-----w- C:\Users\Neil\AppData\Local\{6AD7F766-55B9-49A0-B930-A30A7D512B6E}

2012-04-17 08:29:52 -------- d-----w- C:\Users\Neil\AppData\Local\Google

2012-04-16 21:45:46 -------- d-----w- C:\Users\Neil\AppData\Local\{DB161C92-200A-4AA4-8868-4432E9F5D815}

2012-04-16 21:45:25 -------- d-----w- C:\Users\Neil\AppData\Local\{D7C58A37-4EB6-449C-95A3-AAFCE987E007}

2012-04-16 20:56:48 -------- d-----w- C:\windows\SysWow64\RTCOM

2012-04-16 20:56:02 2605400 ----a-w- C:\windows\System32\WavesGUILib.dll

2012-04-16 20:56:00 518896 ----a-w- C:\windows\System32\SRSTSX64.dll

2012-04-16 20:56:00 211184 ----a-w- C:\windows\System32\SRSTSH64.dll

2012-04-16 20:56:00 155888 ----a-w- C:\windows\System32\SRSWOW64.dll

2012-04-16 20:54:58 728680 ----a-w- C:\windows\System32\DTSBassEnhancementDLL64.dll

2012-04-16 20:54:51 108640 ----a-w- C:\windows\System32\AERTAR64.dll

2012-04-16 20:54:50 202336 ----a-w- C:\windows\System32\AERTAC64.dll

2012-04-16 19:53:50 -------- d-----w- C:\Users\Neil\AppData\Local\{2858E2C8-78A9-45B6-97A0-D3E9AA93BA94}

2012-04-16 19:53:28 -------- d-----w- C:\Users\Neil\AppData\Local\{2B68ABA6-8C35-4B7F-9022-E9F1CC6E83FB}

2012-04-16 18:44:33 -------- d-----w- C:\Users\Neil\AppData\Local\{2ED4C00A-D063-4CA0-9254-39EAC7902383}

2012-04-15 23:02:22 -------- d-----w- C:\Users\Neil\AppData\Local\{65761D51-423D-4E56-A29C-606C35A3A307}

2012-04-15 11:45:46 -------- d-----w- C:\Users\Neil\AppData\Local\{1E8BE961-39A1-48A8-8733-C73B3A2B6EEC}

2012-04-15 08:02:43 -------- d-----w- C:\Users\Neil\AppData\Local\{C10D3C83-635D-4EE8-AF37-2889A14C1FBD}

2012-04-14 16:20:47 -------- d-----w- C:\Users\Neil\AppData\Local\{02814DDF-CCBC-493A-835A-0EB7FB0C330D}

2012-04-14 10:42:50 -------- d-----w- C:\Users\Neil\AppData\Local\{04B9261B-8F46-41EF-858A-C71E048A7330}

2012-04-13 22:44:47 -------- d-----w- C:\Users\Neil\AppData\Local\{24E663A2-3FF1-4E55-8CC0-6CF220539B2A}

2012-04-13 21:21:28 -------- d-----w- C:\Users\Neil\AppData\Local\{3576B152-3A5D-4D37-90B8-17FB0155B74D}

2012-04-13 21:19:27 -------- d-----w- C:\Users\Neil\AppData\Local\{9D33A13C-41B0-47F7-A45A-D6EEB1833848}

2012-04-13 21:17:36 -------- d-----w- C:\Users\Neil\AppData\Local\{E5351436-3E08-472E-BF1A-F1188272E6ED}

2012-04-13 21:17:15 -------- d-----w- C:\Users\Neil\AppData\Local\{DFEAD544-3049-4CF4-8605-EECE11D84194}

2012-04-13 12:24:30 -------- d-----w- C:\Users\Neil\AppData\Local\{8B796367-9BC7-44A2-993B-E250D29C9A66}

2012-04-13 12:24:08 -------- d-----w- C:\Users\Neil\AppData\Local\{45A3B3CC-D1E7-4955-8C4E-A3D4311814CE}

2012-04-13 12:23:07 -------- d-----w- C:\Users\Neil\AppData\Local\{5705A460-8B82-481C-BD7D-F5C7246962EB}

2012-04-13 12:18:27 -------- d-----w- C:\Users\Neil\AppData\Local\{D0CEEF7B-6D2F-46F5-87BF-3031D5D03FCE}

2012-04-13 12:13:13 -------- d-----w- C:\Users\Neil\AppData\Local\{9AA7CBD9-38B0-4111-A5A1-0F882A522A21}

2012-04-13 10:58:15 -------- d-----w- C:\Users\Neil\AppData\Local\{8173C24E-404D-4594-986D-957B6B1DAB55}

2012-04-13 09:49:12 -------- d-----w- C:\Users\Neil\AppData\Local\{A159FC8E-98C9-44F0-9C56-4673F0016B12}

2012-04-13 08:58:45 -------- d-----w- C:\Users\Neil\AppData\Local\{EA8BEEBC-92BE-4976-8061-9F81FBAB0360}

2012-04-12 17:46:09 -------- d-----w- C:\Users\Neil\AppData\Roaming\NCH Software

2012-04-12 17:46:08 -------- d-----w- C:\Program Files (x86)\NCH Software

2012-04-12 17:46:07 -------- d-----w- C:\Program Files (x86)\Portable

2012-04-12 14:53:55 -------- d-----w- C:\Users\Neil\AppData\Local\{76AB5BFC-F2B8-46C7-B52D-AF5B9B3B01E5}

2012-04-12 08:52:29 -------- d-----w- C:\Users\Neil\AppData\Local\{E032F03C-6913-40D6-9FDB-F891FE8883AB}

2012-04-12 02:00:32 81408 ----a-w- C:\windows\System32\imagehlp.dll

2012-04-12 02:00:32 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys

2012-04-12 02:00:32 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll

2012-04-12 02:00:31 5120 ----a-w- C:\windows\SysWow64\wmi.dll

2012-04-12 02:00:31 5120 ----a-w- C:\windows\System32\wmi.dll

2012-04-12 02:00:31 220672 ----a-w- C:\windows\System32\wintrust.dll

2012-04-12 02:00:31 172544 ----a-w- C:\windows\SysWow64\wintrust.dll

2012-04-11 10:38:44 -------- d-----w- C:\Users\Neil\AppData\Local\{90656F0D-09BC-4FAB-BFC1-804EE1431A93}

2012-04-10 10:38:29 -------- d-----w- C:\Users\Neil\AppData\Local\{05119AD7-C838-427E-9090-26847C94F132}

2012-04-10 09:34:28 -------- d-----w- C:\Users\Neil\AppData\Local\{22622585-BAE8-4A6A-A3F1-74CA860B1389}

2012-04-10 08:26:18 8721272 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

2012-04-10 08:21:06 8992632 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

2012-04-09 21:35:39 -------- d-----w- C:\Users\Neil\AppData\Local\{75363B47-1C71-41AD-AC15-FABA2E4E5085}

2012-04-09 20:59:59 -------- d-----w- C:\Users\Neil\AppData\Local\{2D54F2B1-BE47-4C99-B034-AC6B7BB225FE}

2012-04-09 18:52:08 -------- d-----w- C:\Users\Neil\AppData\Local\{5F6C29DD-B8D7-40DE-BD21-104803567B54}

2012-04-09 14:24:48 -------- d-----w- C:\Program Files (x86)\ImTOO

2012-04-09 14:18:31 -------- d-----w- C:\Users\Neil\AppData\Local\Intel

2012-04-09 11:32:52 -------- d-----w- C:\Users\Neil\AppData\Local\{4CE4E024-DFDC-4D87-8EE1-DFE24470EB65}

2012-04-09 08:24:42 -------- d-----w- C:\Users\Neil\AppData\Local\{67CAEC90-1FCE-4EC2-80B4-DDEE383EC4E6}

2012-04-08 19:59:26 -------- d-----w- C:\Users\Neil\AppData\Local\{500DF8C7-29D8-44D9-A114-793C927A261D}

2012-04-08 18:26:01 -------- d-----w- C:\Users\Neil\AppData\Local\{E3F59BA9-61A3-4E49-8B7A-6C1961C7144D}

2012-04-08 08:41:35 -------- d-----w- C:\Users\Neil\AppData\Local\{EA439918-DF6D-4F06-BA2D-2FC7150CEB2B}

2012-04-07 21:12:44 -------- d-----w- C:\Users\Neil\AppData\Local\{AC074FC8-AE7F-4561-97E9-E30F297439DC}

2012-04-07 08:54:29 -------- d-----w- C:\Users\Neil\AppData\Local\{60C47F98-5E35-4067-9B91-F9BF71F862CD}

2012-04-06 20:00:01 -------- d-----w- C:\Users\Neil\AppData\Local\{696BAB43-5560-4DA5-9426-F24B81DEC41E}

2012-04-06 19:51:24 -------- d-----w- C:\Users\Neil\AppData\Local\{41DC049D-2ADD-49A8-820B-30A514B6BCB5}

2012-04-06 19:49:05 -------- d-----w- C:\Users\Neil\AppData\Local\{F41DDE7A-7D56-46FB-A51D-F6C13F26A705}

2012-04-06 15:30:08 -------- d-----w- C:\Users\Neil\AppData\Local\{324260CA-D9CA-49C0-81FA-28820987E770}

2012-04-06 13:45:35 -------- d-----w- C:\Users\Neil\AppData\Local\{2415530C-0B45-41B5-A391-8C6334C36E9D}

2012-04-06 13:43:58 -------- d-----w- C:\Users\Neil\AppData\Local\{D1B3ECA9-42D5-4078-94C1-65778621DBCC}

2012-04-06 13:41:16 -------- d-----w- C:\Users\Neil\AppData\Local\{038200CE-38A9-43D2-A6DE-FCD957BFC4D6}

2012-04-06 13:37:37 -------- d-----w- C:\Users\Neil\AppData\Local\{80BE3ADA-98A2-48E7-B278-1C443D169E22}

2012-04-06 13:23:06 -------- d-----w- C:\Users\Neil\AppData\Local\{10D5B68D-052E-4597-AEF4-045078F61A09}

2012-04-06 12:52:15 -------- dc-h--w- C:\ProgramData\{16996CC6-7043-45AD-9C8D-A784409115E4}

2012-04-06 12:52:08 -------- dc-h--w- C:\ProgramData\{AB404F93-CDCE-40D9-8D4E-8606C84D368C}

.

==================== Find3M ====================

.

2012-05-05 11:04:17 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-05 11:04:17 419488 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-05-05 11:04:01 8744608 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-30 01:37:26 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll

2012-04-23 08:47:20 106496 ----a-w- C:\windows\SysWow64\ATL71.DLL

2012-04-10 17:02:28 18960 ----a-w- C:\windows\System32\drivers\LNonPnP.sys

2012-04-04 14:56:40 24904 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-03-27 16:03:36 4015592 ----a-w- C:\windows\System32\drivers\RTKVHD64.sys

2012-03-26 23:42:14 138360 ----a-w- C:\windows\SysWow64\drivers\AnyDVD.sys

2012-03-26 23:42:14 138360 ----a-w- C:\windows\System32\drivers\AnyDVD.sys

2012-03-21 14:55:16 2886656 ----a-w- C:\windows\System32\RCoRes64.dat

2012-03-20 09:47:20 3608680 ----a-w- C:\windows\System32\RtkAPO64.dll

2012-03-19 18:01:20 102504 ----a-w- C:\windows\System32\RCoInstII64.dll

2012-03-17 18:57:42 103784 ----a-w- C:\Users\Neil\GoToAssistDownloadHelper.exe

2012-03-16 22:15:21 637848 ----a-w- C:\windows\SysWow64\npdeployJava1.dll

2012-03-16 20:02:54 107552 ----a-w- C:\windows\System32\RTNUninst64.dll

2012-03-16 15:25:58 2670696 ----a-w- C:\windows\System32\RtPgEx64.dll

2012-03-13 10:21:10 1251432 ----a-w- C:\windows\System32\RTCOM64.dll

2012-03-12 19:56:40 947472 ----a-w- C:\windows\SysWow64\msjava.dll

2012-03-08 17:37:20 302448 ----a-w- C:\windows\WLXPGSS.SCR

2012-03-07 10:09:28 824424 ----a-w- C:\windows\System32\RtkApi64.dll

2012-03-06 06:53:37 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-03-06 05:59:47 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2012-03-06 05:59:41 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-02-26 12:34:33 505128 ----a-w- C:\windows\SysWow64\msvcp71.dll

2012-02-26 12:34:33 353576 ----a-w- C:\windows\SysWow64\msvcr71.dll

2012-02-26 12:34:33 29480 ----a-w- C:\windows\SysWow64\msxml3a.dll

2012-02-23 09:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe

2012-02-21 13:26:00 2528832 ----a-w- C:\windows\System32\FMAPO64.dll

2012-02-17 14:54:52 396632 ----a-w- C:\windows\System32\MaxxVolumeSDAPO.dll

2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll

2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys

2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys

2012-02-13 23:05:28 8363864 ----a-w- C:\windows\System32\MaxxAudioRealtek.dll

2012-02-13 21:35:54 978776 ----a-w- C:\windows\System32\MaxxAudioAPOShell64.dll

2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll

.

============= FINISH: 10:38:14.52 ===============

[Elise]

Hello again,

COMBOFIX

---------------

Please download ComboFix from one of these locations:

• 
  

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Combofix.exe and follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

[Quinny]

Here's the combofix logfile

ComboFix 12-05-06.01 - Neil 06/05/2012 11:47:38.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8106.6186 [GMT 1:00]

Running from: c:\users\Neil\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

ADS - windows: deleted 320 bytes in 2 streams.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\users\Neil\GoToAssistDownloadHelper.exe

c:\windows\security\Database\tmp.edb

c:\windows\SysWow64\muzapp.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-04-06 to 2012-05-06 )))))))))))))))))))))))))))))))

.

.

2012-05-06 10:53 . 2012-05-06 10:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-05-06 10:52 . 2012-05-06 10:52 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AAD7C4EF-9408-425A-A3AD-0B295044C022}\offreg.dll

2012-05-05 18:40 . 2012-05-05 18:40 -------- d-----w- c:\users\Neil\AppData\Local\Opera

2012-05-05 18:40 . 2012-05-05 21:35 -------- d-----w- c:\program files (x86)\Opera

2012-05-04 09:22 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AAD7C4EF-9408-425A-A3AD-0B295044C022}\mpengine.dll

2012-04-30 14:59 . 2012-03-16 20:02 74344 ----a-w- c:\windows\system32\RtNicProp64.dll

2012-04-30 14:59 . 2012-03-16 20:02 685672 ----a-w- c:\windows\system32\drivers\Rt64win7.sys

2012-04-30 01:39 . 2012-04-30 01:39 -------- d-----w- c:\users\Neil\AppData\Roaming\SystemRequirementsLab

2012-04-30 01:37 . 2012-04-30 01:37 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-04-30 01:37 . 2012-04-30 01:37 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

2012-04-29 10:56 . 2012-04-29 10:56 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-04-29 10:56 . 2012-04-29 10:56 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-04-29 10:56 . 2012-04-29 10:56 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-04-28 23:32 . 2012-04-28 23:32 -------- d-----w- c:\programdata\Licenses

2012-04-28 23:31 . 2012-04-28 23:31 -------- d-----w- c:\program files (x86)\Common Files\HDX4

2012-04-28 23:07 . 2012-04-28 23:07 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2

2012-04-28 09:00 . 2012-04-28 09:00 -------- d-----w- c:\users\Neil\AppData\Local\Logitech® Webcam Software

2012-04-28 08:57 . 2012-04-28 08:57 53248 ----a-r- c:\users\Neil\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2012-04-28 08:56 . 2012-04-28 08:56 -------- d-----w- c:\program files (x86)\Common Files\LWS

2012-04-27 20:48 . 2012-04-27 20:48 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-04-26 20:42 . 2012-04-26 20:42 -------- d-----w- c:\windows\en

2012-04-26 20:41 . 2012-04-26 20:41 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

2012-04-26 20:40 . 2012-04-26 20:41 -------- d-----w- c:\program files (x86)\Windows Live

2012-04-26 20:40 . 2012-04-26 20:40 -------- d-----w- c:\program files\Windows Live

2012-04-26 20:34 . 2012-04-26 20:34 -------- d-----w- c:\program files (x86)\Common Files\Windows Live

2012-04-26 16:20 . 2012-04-26 17:26 -------- d-----w- c:\users\Neil\AppData\Local\LogMeIn Rescue Applet

2012-04-26 10:22 . 2012-04-26 10:22 -------- d-----w- c:\users\Neil\AppData\Roaming\Motive

2012-04-26 10:20 . 2012-04-26 17:25 -------- d-----w- c:\programdata\Motive

2012-04-26 10:20 . 2012-04-26 17:25 -------- d-----w- c:\program files (x86)\Common Files\Motive

2012-04-26 10:20 . 2012-04-26 17:25 -------- d-----w- c:\program files\Common Files\Motive

2012-04-25 15:20 . 2012-04-25 15:20 -------- d-----w- c:\program files (x86)\Microsoft

2012-04-25 15:18 . 2012-05-04 12:09 -------- d-----w- c:\users\Neil\AppData\Local\Windows Live

2012-04-24 15:38 . 2012-04-25 15:09 -------- d-----w- c:\users\Neil\Tracing

2012-04-23 08:49 . 2012-04-23 08:49 -------- d-----w- c:\windows\Downloaded Installations

2012-04-23 08:47 . 2012-04-23 08:47 -------- d-----w- c:\programdata\Contents

2012-04-23 08:47 . 2012-04-23 08:47 -------- d-----w- c:\programdata\Cocoa

2012-04-21 16:13 . 2012-04-28 10:45 -------- d-----w- c:\program files (x86)\Logitech

2012-04-20 11:28 . 2012-04-20 11:28 -------- d-----w- c:\program files (x86)\Qimage

2012-04-19 21:03 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-04-19 21:03 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-04-19 21:03 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-04-19 21:03 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe

2012-04-19 21:03 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-04-19 21:03 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-04-19 21:03 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-04-19 21:03 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr

2012-04-19 21:03 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-04-19 21:02 . 2012-04-19 21:02 -------- d-----w- c:\programdata\AVAST Software

2012-04-19 21:02 . 2012-04-19 21:02 -------- d-----w- c:\program files\AVAST Software

2012-04-19 17:34 . 2012-04-19 17:34 -------- d-----w- c:\programdata\UDL

2012-04-18 18:39 . 2012-04-18 18:39 -------- d-----w- c:\users\Neil\AppData\Local\Corel

2012-04-18 18:32 . 2012-04-18 18:32 -------- d-----w- c:\program files (x86)\Corel

2012-04-17 20:32 . 2012-04-19 20:43 -------- d-----w- c:\program files (x86)\Common Files\Remote Control USB Driver

2012-04-17 08:29 . 2012-04-19 22:08 -------- d-----w- c:\program files (x86)\Google

2012-04-17 08:29 . 2012-04-18 12:48 -------- d-----w- c:\users\Neil\AppData\Local\Google

2012-04-16 20:56 . 2012-04-16 20:56 -------- d-----w- c:\windows\SysWow64\RTCOM

2012-04-16 20:56 . 2012-02-21 18:45 2605400 ----a-w- c:\windows\system32\WavesGUILib.dll

2012-04-16 20:56 . 2009-11-24 08:55 518896 ----a-w- c:\windows\system32\SRSTSX64.dll

2012-04-16 20:56 . 2009-11-24 08:55 211184 ----a-w- c:\windows\system32\SRSTSH64.dll

2012-04-16 20:56 . 2009-11-24 08:55 155888 ----a-w- c:\windows\system32\SRSWOW64.dll

2012-04-16 20:54 . 2011-05-31 08:42 728680 ----a-w- c:\windows\system32\DTSBassEnhancementDLL64.dll

2012-04-16 20:54 . 2012-03-08 10:47 108640 ----a-w- c:\windows\system32\AERTAR64.dll

2012-04-16 20:54 . 2012-03-08 10:47 202336 ----a-w- c:\windows\system32\AERTAC64.dll

2012-04-12 17:46 . 2012-04-12 17:46 -------- d-----w- c:\users\Neil\AppData\Roaming\NCH Software

2012-04-12 17:46 . 2012-04-12 17:46 -------- d-----w- c:\programdata\NCH Software

2012-04-12 17:46 . 2012-04-12 17:46 -------- d-----w- c:\program files (x86)\NCH Software

2012-04-12 17:46 . 2012-04-12 17:46 -------- d-----w- c:\program files (x86)\Portable

2012-04-12 02:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-12 02:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-12 02:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-12 02:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-12 02:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-12 02:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-12 02:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-10 08:26 . 2012-04-10 08:26 8721272 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

2012-04-10 08:21 . 2012-04-10 08:21 8992632 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

2012-04-09 14:24 . 2012-04-09 14:24 -------- d-----w- c:\program files (x86)\ImTOO

2012-04-09 14:18 . 2012-04-09 14:18 -------- d-----w- c:\users\Neil\AppData\Local\Intel

2012-04-06 12:52 . 2012-04-06 12:52 -------- dc-h--w- c:\programdata\{16996CC6-7043-45AD-9C8D-A784409115E4}

2012-04-06 12:52 . 2012-04-06 12:52 -------- dc-h--w- c:\programdata\{AB404F93-CDCE-40D9-8D4E-8606C84D368C}

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-05 11:04 . 2012-04-04 08:05 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-05 11:04 . 2012-02-19 00:31 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-05 11:04 . 2012-04-04 09:04 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-30 01:37 . 2012-02-19 14:22 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-04-26 20:40 . 2011-03-28 17:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-04-23 08:49 . 2012-02-21 02:19 61440 ----a-r- c:\users\Neil\AppData\Roaming\Microsoft\Installer\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}\ARPPRODUCTICON.exe

2012-04-23 08:47 . 2003-03-19 12:05 106496 ----a-w- c:\windows\SysWow64\ATL71.DLL

2012-04-10 17:02 . 2012-02-19 01:53 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2012-04-04 14:56 . 2012-02-18 23:50 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-26 23:42 . 2012-03-26 23:42 138360 ----a-w- c:\windows\SysWow64\drivers\AnyDVD.sys

2012-03-26 23:42 . 2012-03-26 23:42 138360 ----a-w- c:\windows\system32\drivers\AnyDVD.sys

2012-03-16 22:15 . 2012-03-16 22:15 637848 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-03-16 20:02 . 2011-10-11 03:53 107552 ----a-w- c:\windows\system32\RTNUninst64.dll

2012-03-12 19:56 . 2012-03-12 19:56 947472 ----a-w- c:\windows\SysWow64\msjava.dll

2012-03-08 17:37 . 2012-03-08 17:37 302448 ----a-w- c:\windows\WLXPGSS.SCR

2012-03-03 19:19 . 2012-02-20 16:02 57344 ----a-r- c:\users\Neil\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe

2012-02-26 12:34 . 2011-10-11 05:01 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll

2012-02-26 12:34 . 2011-10-11 05:01 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll

2012-02-26 12:34 . 2011-10-11 05:01 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-02-23 09:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-20 16:41 . 2012-02-20 16:41 49152 ----a-r- c:\users\Neil\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe

2012-02-20 16:41 . 2012-02-20 16:41 335872 ----a-r- c:\users\Neil\AppData\Roaming\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe

2012-02-17 06:38 . 2012-03-14 09:06 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-14 09:06 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-14 09:06 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-14 09:06 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-10 06:36 . 2012-03-14 09:07 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-14 09:07 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Neil\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Neil\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Neil\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

R3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]

R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-29 129976]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys [x]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2012/02/26 12:36];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-12-29 11:26 146928]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]

S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-04 1997416]

S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys [x]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-16 363800]

S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]

S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]

S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 11:04]

.

2012-05-05 c:\windows\Tasks\GlaryInitialize.job

- c:\program files (x86)\Glary Utilities\initialize.exe [2012-02-19 20:06]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Neil\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Neil\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Neil\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Neil\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://www.google.co.uk/

mStart Page = hxxp://samsung.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Block This Image (ABP) - c:\program files (x86)\Adblock Pro\blockimg.html

IE: Locate Spot on Map by GPS - c:\program files (x86)\Opanda\IExif 2.3\IExifMap.htm

IE: Open with KUSO EXIF Viewer - c:\program files (x86)\KUSO EXIF Viewer\EXIF.htm

IE: View Exif/GPS/IPTC with IExif - c:\program files (x86)\Opanda\IExif 2.3\IExifCom.htm

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\47p9cgo9.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]

"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-05-06 11:55:58

ComboFix-quarantined-files.txt 2012-05-06 10:55

.

Pre-Run: 532,978,921,472 bytes free

Post-Run: 532,377,149,440 bytes free

.

- - End Of File - - 960D9E674E782BF44D7B224396117A59

[Elise]

I don't see anything wrong here,, what actual problems with your computer are you still experiencing?

[Quinny]

So thats good news.My problem was after a full malwarebytes scan it picked up

this pup "pup hacktool.VBhideproc".

I went to have it checked out on the fp forum and Ade said indeed it was a fp.

Then after that i traced it back to roaming and it was inside a folder called 2 4

Then Ade told me it was program called bitcoinminer and if i had'nt installed it to get

my machine checked out by you.

Well i never installed it,and after a bit of googling i discovered that bitcoinminer was a really dodgy

virus program so i deleted the 2 4 folder in roaming and checked every where else for it,but it only resided

in the 2 4 folder.I don't know how it got installed in the first place.

[Quinny]

Laptop is running fine,but Ade said it's best to err on caution and have it checked out being as i

did'nt install bitcoinminer.

[Elise]

Better safe than sorry. I see really no evidence of BitCoinMiner here fortunately.

Can you please rerun DDS and post me attach.txt (no need for DDS.txt).

Also, please launch MBAM, update it and run a full scan. Post me the resulting log.

[Quinny]

Here's MBAM log and DDS attach.txt.

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.06.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Neil :: NEIL-PC [administrator]

Protection: Enabled

06/05/2012 13:46:02

mbam-log-2012-05-06 (13-46-02).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 435830

Time elapsed: 50 minute(s), 27 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 19/02/2012 06:14:09

System Uptime: 06/05/2012 10:31:18 (0 hours ago)

.

Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | 300E4A/300E5A/300E7A

Processor: Intel® Core i5-2430M CPU @ 2.40GHz | CPU | 2401/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 576 GiB total, 497.082 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}

Description: CD-ROM Drive

Device ID: IDE\CDROMTSSTCORP_CDDVDW_SN-208AB________________SC00____\4&106157CD&0&0.1.0

Manufacturer: (Standard CD-ROM drives)

Name: TSSTcorp CDDVDW SN-208AB

PNP Device ID: IDE\CDROMTSSTCORP_CDDVDW_SN-208AB________________SC00____\4&106157CD&0&0.1.0

Service: cdrom

.

==== System Restore Points ===================

.

RP201: 03/05/2012 15:44:08 - Installed Splash PRO EX

RP202: 04/05/2012 10:22:07 - Windows Update

RP203: 06/05/2012 10:22:17 - Removed SimplyGoodPictures

.

==== Installed Programs ======================

.

Acoustica Effects Pack

Adblock Pro 3.4

Adobe AIR

Adobe Audition CS5.5

Adobe Audition CS6

Adobe Encore CS5.1 Library

Adobe Help Manager

Adobe Media Player

Adobe Photoshop CS5

Adobe Photoshop CS6

Adobe Premiere Pro CS5.5

Adobe Premiere Pro CS5.5 Functional Content

Adobe Reader X (10.1.3)

Adobe Story

Agatha Christie - Death on the Nile

Alcor Micro USB Card Reader

AnyDVD

AoA Audio Extractor Platinum

Apple Application Support

Apple Software Update

Audacity 2.0

avast! Free Antivirus

AviSynth 2.5

Bejeweled 2 Deluxe

bl

Build-a-lot

Camera RAW Plug-In for EPSON Creativity Suite

CameraHelperMsi

Canon MP Navigator EX 3.1

Capture NX 2

Chuzzle Deluxe

CloneCD

CloneDVD2

Color Efex Pro 3.0 Complete for Capture NX 2

Color Efex Pro 4

Compatibility Pack for the 2007 Office system

CyberLink Media Suite

CyberLink Media+ Player10

CyberLink MediaShow

CyberLink Power2Go 8

CyberLink PowerDirector

CyberLink PowerDVD 10

D3DX10

DFX for Winamp

Diner Dash 2 Restaurant Rescue

Driver Genius Professional Edition

Dropbox

DxO Optics Pro 7

Easy File Share

Easy Migration

Easy Settings

Easy Software Manager

Easy Support Center 1.0

Epson Print CD

Epson Print Plug-In for Photoshop

Epson Print Plug-In for ViewNX

erLT

Farm Frenzy

FastStone Capture 6.7

FastStone MaxView 2.5

ffdshow v1.1.4305 [2012-02-05]

File Uploader

FocalPoint 2.0.6

Glary Utilities Pro 2.44.0.1450

GoToAssist Corporate

Haali Media Splitter

HDR Efex Pro

ImgBurn

ImTOO DVD Ripper Ultimate

Insaniquarium Deluxe

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Java Auto Updater

Java 6 Update 31

John Deere Drive Green

Junk Mail filter update

KNOWHOW APP CENTRE

KUSO EXIF Viewer

LAME v3.99.3 (for Windows)

Logitech Harmony Remote Software

Logitech Webcam Software

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Multimedia POP

NEF Codec

Nikon Message Center

Nikon Message Center 2

Nikon Transfer

Opanda IExif 2.3

Opera 12.00 beta build 1387

Passport Photo Studio 1.5.1

PDF Settings CS5

PDF Settings CS6

Peggle

Penguins!

Perfect Effects 3

ph

PhotoKit Sharpener 2 Plug-in Module

PhotoPresets with One-Click WOW! for Adobe Camera Raw

PhotoPresets Wow Effects for Adobe Camera Raw

Picture Control Utility

Plants vs. Zombies

Polar Golfer

PxMergeModule

Qimage 30 Day Trial

QuickTime

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Samsung Recovery Solution 5

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Sharpener Pro 3.0

Silver Efex Pro 2

SISShortcut

Skype Click to Call

Skype™ 5.8

Software Launcher

Spin It Again

Splash PRO EX

System Requirements Lab for Intel

theGOOD Uploadr

Topaz Adjust 5

Topaz Adjust 5 (64-bit)

Topaz B&W Effects

Topaz B&W Effects (64-bit)

Topaz Clean 3

Topaz Clean 3 (64-bit)

Topaz DeNoise 5

Topaz DeNoise 5 (64-bit)

Topaz Detail 2

Topaz Detail 2 (64-bit)

Topaz Simplify 3

Topaz Simplify 3 (64-bit)

TVersity Codec Pack 1.7

TVersity Media Server 1.9.7

UnderCoverXP 1.23

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

User Guide

VLC media player 2.0.0

WildTangent Games

WildTangent ORB Game Console

Winamp

Winamp Detector Plug-in

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Xiph.Org Open Codecs 0.85.17777

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

06/05/2012 10:32:26, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

06/05/2012 10:32:26, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

06/05/2012 10:31:53, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom PxHlpa64

05/05/2012 12:44:03, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Neil-PC\Neil SID (S-1-5-21-3229218069-4286818700-2186583130-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

05/05/2012 12:44:03, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Neil-PC\Neil SID (S-1-5-21-3229218069-4286818700-2186583130-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

03/05/2012 12:44:58, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

.

==== End Of File ===========================

[Elise]

Hi, that all looks good! Lets do one last scan to doublecheck.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
   
2. Click the button.
   
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. 
      
   2. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      
   3. Double click on the
      icon on your desktop.
      
      
   4. Check "YES, I accept the Terms of Use."
      
   5. Click the Start button.
      
   6. Accept any security warnings from your browser.
      
   7. Under scan settings, check "Scan Archives" and "Remove found threats"
      
   8. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
        
      • Scan for potentially unsafe applications
        
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

[Quinny]

Here's the eset scan resuly.

C:\Program Files (x86)\©CyberDude\YTD PRO INSTALLER\YouTubeDownloader.exe a variant of Win32/Packed.VProtect.B application cleaned by deleting - quarantined

C:\Users\Neil\Downloads\YTD_PRO.exe a variant of Win32/Packed.VProtect.B application deleted - quarantined

C:\Users\Neil\Downloads\RipBot 1.17\RipBot264v1.17.0.7z Win32/PrcView application deleted - quarantined

C:\Users\Neil\Downloads\RipBot 1.17\Tools\Process\Process.exe Win32/PrcView application cleaned by deleting - quarantined

[Elise]

Those were only leftovers, nothing active.

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean

Please do the following to remove the remaining programs from your PC:

• Delete the tools used during the disinfection:
  • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    

Please read these advices, in order to prevent reinfecting your PC:

1. Install and update the following programs regularly:
   • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
     A comprehensive tutorial and a list of possible firewalls can be found here.
     
   • an AntiVirus Software
     It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
     
   • an Anti-Spyware program
     Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
     SUPERAntiSpyware is another good scanner with high detection and removal rates.
     Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
     
   • Spyware Blaster
     A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
     

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

• Miekies' prevention suggestions
  
• So How did I get infected?
  
• Microsoft - 'Security at home'
  
• Calendar of Updates: See which updates have been released.
  
• How to backup your Data with Cobian Backup:because you never know, when your harddisk might fail :wink:
  
• Commonly Used Freeware Replacements: a nice list of freeware programs in all categories, that are regarded as useful by the users of this forum.
  
• osalt: Find (free) open source alternatives to known commercial software.

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

[Quinny]

When i follow your instructions to remove combofix "Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer"

when i press enter it just opens up the library.

After running combofix i did uninstall it from add and remove and then deleted the exe from the desktop.

[Elise]

Combofix will not show up in Add/Remove programs. Just redownload the exe, right click it and select Rename. Rename it to uninstall.exe and run it like that. That should do the trick.

It is important to uninstall combofix properly as it will reset quite a few important components.

[Quinny]

Got a bit of trouble uninstalling combofix,i followed your instruction and renamed the exe

uninstall.exe but when i click it, it just installs the program and does another scan.

Maybe i made a mistake when i said i uninstalled it from add and rmove.

[Elise]

No, it starts to run, but will tell you then it is uninstalled.

When renaming, be sure you don't add the .exe part; if you right click > select Rename and you don't see "combofix.exe", but only "combofix", change combofix to uninstall, thats all

[Quinny]

Yeah cool that fixed it,i made the mistake of renameing it uninstall exe.

[Elise]

Glad to hear it worked!

If you have no other problems I will request this topic to be closed.

[Quinny]

No other problems.Thanks for all your help over the last couple

of days,it's much appreciated.

Regards Neil

[Elise]

You are most welcome Neil!

[LDTate]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.