Solved tagging system cashtitan - having trouble removing

[Resolved] tagging system cashtitan - having trouble removing

I'm new to this bbs as came across a few threads helping to remove the 'tagging system cashtitan' but it appears there's no general fix for this (for me anyway) and I need some help with this one.

I have read all the information on the welcome screen and hopefully I have adhered to all the required steps.

I noticed the 'tagging system cashtitan' in my installed programs list and cannot uninstall it as it asks for a passcode, then does nothing if I enter the right code (passcode for uninstall was extremely sus anyway!) SO far I've tried Avast Scan (my only installed AV), and run the DDS and have 2 logs results contained in this post.

I'd appreciate any help.



DDS (Ver_10-03-17.01) - NTFSx86
Run by Dean at 20:51:09.78 on Mon 30/08/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.2047.1321 [GMT 10:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Extensis\Extensis Suitcase 11\Bonjour\mDNSResponder.exe
C:\Program Files\Tablet\ISD\ISD_Tablet.exe
C:\Program Files\HPQ\Q Menu\QIcon.exe
C:\Program Files\HPQ\Q Menu\CPQMCSRV.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Direct Folders\df.exe
C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
C:\Program Files\Tablet\ISD\ISD_Tablet.exe
C:\Program Files\Tablet\CalibrationAssistant.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\Explorer.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Users\Dean\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.gmail.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe "
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Q Menu] c:\program files\hpq\q menu\QICON.EXE -QICON
mRun: [hpqMcSrv] "c:\program files\hpq\q menu\CpqMcSrV.exe" /Start
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
StartupFolder: c:\users\dean\appdata\roaming\micros~1\windows\startm~1\programs\startup\direct~1.lnk - c:\program files\direct folders\df.exe
StartupFolder: c:\users\dean\appdata\roaming\micros~1\windows\startm~1\programs\startup\notebo~1.lnk - c:\program files\notebook hardware control\nhc.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\dean\appdata\roaming\mozilla\firefox\profiles\iatc7zq0.default\
FF - prefs.js: browser.startup.homepage - www.gmail.com

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-8-7 294480]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-7 162640]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-7 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-8-7 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-7 40384]
R2 TabletServiceISD;TabletServiceISD;c:\program files\tablet\isd\ISD_Tablet.exe [2010-8-7 4636016]
R3 WISDPen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [2010-8-7 35696]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-7 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-7 40384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-7 1343400]

=============== Created Last 30 ================

2010-08-30 10:08:37 0 d-sh--w- C:\$RECYCLE.BIN
2010-08-30 08:09:41 0 d-----w- c:\users\dean\appdata\roaming\Malwarebytes
2010-08-30 08:09:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-30 08:09:31 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-30 08:09:31 0 d-----w- c:\programdata\Malwarebytes
2010-08-30 08:09:30 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-30 04:18:59 0 d-----w- c:\users\dean\appdata\roaming\SUPERAntiSpyware.com
2010-08-30 04:18:59 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-30 04:18:53 0 d-----w- c:\program files\SUPERAntiSpyware
2010-08-30 03:33:34 98816 ----a-w- c:\windows\sed.exe
2010-08-30 03:33:34 77312 ----a-w- c:\windows\MBR.exe
2010-08-30 03:33:34 256512 ----a-w- c:\windows\PEV.exe
2010-08-30 03:33:34 161792 ----a-w- c:\windows\SWREG.exe
2010-08-24 00:14:21 0 d-----w- C:\_OTM
2010-08-24 00:07:31 17785 ----a-w- C:\MGlogs.zip
2010-08-24 00:07:29 0 d-----w- C:\MGtools
2010-08-23 23:58:22 0 d-----w- c:\programdata\Hewlett-Packard
2010-08-23 14:07:57 73728 ----a-w- c:\windows\system32\nvtuicpl.cpl
2010-08-23 14:07:57 466944 ----a-w- c:\windows\system32\nvshell.dll
2010-08-23 14:07:57 45056 ----a-w- c:\windows\system32\nvmccsrs.dll
2010-08-23 14:07:57 442368 ----a-w- c:\windows\system32\nvappbar.exe
2010-08-23 14:07:57 425984 ----a-w- c:\windows\system32\keystone.exe
2010-08-23 14:07:57 1662976 ----a-w- c:\windows\system32\nvwdmcpl.dll
2010-08-23 14:07:57 1519616 ----a-w- c:\windows\system32\nwiz.exe
2010-08-23 14:07:57 147456 ----a-w- c:\windows\system32\nvcolor.exe
2010-08-23 14:07:57 1466368 ----a-w- c:\windows\system32\nview.dll
2010-08-23 14:07:57 1339392 ----a-w- c:\windows\system32\nvdspsch.exe
2010-08-23 14:07:57 1019904 ----a-w- c:\windows\system32\nvwimg.dll
2010-08-23 13:38:27 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-08-23 13:32:05 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-08-16 14:51:48 0 d-----w- c:\programdata\NOS
2010-08-15 05:06:41 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2010-08-15 05:06:27 0 d-----w- c:\program files\Notebook Hardware Control
2010-08-14 17:34:08 0 d---a-w- c:\programdata\TEMP
2010-08-14 17:31:58 0 d-----w- c:\users\dean\appdata\roaming\Autodesk
2010-08-14 17:31:55 0 d-----w- c:\programdata\Alias
2010-08-14 17:30:47 0 d-----w- c:\program files\Autodesk
2010-08-13 09:56:45 0 d-----w- c:\users\dean\Favourite Apps
2010-08-13 09:51:34 322 ----a-w- c:\users\dean\LWHUB9.CFG
2010-08-13 09:50:58 4111 ----a-w- c:\users\dean\LWM9.CFG
2010-08-13 09:50:58 172087 ----a-w- c:\users\dean\LWEXT9.CFG
2010-08-13 09:49:22 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-08-13 09:49:22 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-08-13 09:49:21 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-08-13 09:49:19 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-13 09:49:18 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-08-13 09:49:17 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-13 09:49:17 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-13 09:49:16 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-13 09:49:02 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-13 09:49:02 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-13 09:48:56 978432 ----a-w- c:\windows\system32\wininet.dll
2010-08-13 09:48:55 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-13 09:47:39 224256 ----a-w- c:\windows\system32\schannel.dll
2010-08-13 09:47:28 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-08-13 09:44:04 0 d-----w- c:\program files\NewTek
2010-08-09 09:28:02 0 d-----w- c:\users\dean\appdata\roaming\Extensis
2010-08-09 09:28:02 0 d-----w- c:\programdata\Extensis
2010-08-09 09:26:26 0 d-----w- c:\program files\Extensis
2010-08-09 09:19:56 0 d-----w- c:\programdata\ALM
2010-08-09 07:21:16 0 d-----w- c:\users\dean\Fonts
2010-08-09 05:47:28 0 d-----w- c:\users\dean\My Artwork
2010-08-09 05:25:24 0 d-----w- c:\users\dean\appdata\roaming\Direct Folders
2010-08-09 05:25:03 0 d-----w- c:\program files\Direct Folders
2010-08-09 05:20:56 0 d-----w- c:\users\dean\Projects
2010-08-09 05:09:27 0 d-----w- c:\users\dean\Icons
2010-08-07 20:20:23 0 d-----w- c:\windows\Panther
2010-08-07 14:39:23 0 d-----w- c:\windows\tiinst
2010-08-07 11:12:26 0 d-----w- c:\programdata\FLEXnet
2010-08-07 10:51:16 0 d-----w- c:\program files\common files\Control Panels
2010-08-07 10:49:25 0 d-----w- c:\program files\Bonjour
2010-08-07 10:48:33 0 d-----w- c:\programdata\Adobe
2010-08-07 10:43:25 0 d-----w- c:\program files\common files\Macrovision Shared
2010-08-07 09:17:32 0 d-----w- c:\program files\RocketDock
2010-08-07 09:07:16 294480 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-08-07 09:07:12 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-07 09:05:03 0 d-----w- c:\programdata\Alwil Software
2010-08-07 09:04:36 47386 ----a-w- c:\windows\system32\dvzensplkltcku.exe
2010-08-07 09:00:53 0 d-----w- c:\program files\Xmarks
2010-08-07 08:25:04 0 d-----w- c:\users\dean\Stationery
2010-08-07 07:23:37 0 d-----w- c:\windows\system32\Wat
2010-08-07 06:39:30 0 d-----w- c:\programdata\nView_Profiles
2010-08-07 06:27:01 0 d-----w- c:\users\dean\appdata\roaming\WTablet
2010-08-07 06:26:52 495616 ----a-w- c:\windows\system32\Wintab32.dll
2010-08-07 06:26:51 656240 ----a-w- c:\windows\system32\ISD_Tablet.dll
2010-08-07 06:24:50 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2010-08-07 06:24:43 14120 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2010-08-07 06:24:27 35696 ----a-w- c:\windows\system32\drivers\wisdpen.sys
2010-08-07 06:24:21 0 d-----w- c:\program files\Tablet
2010-08-07 06:18:51 0 d-----w- c:\program files\uTorrent
2010-08-07 06:18:19 0 d-----w- c:\users\dean\appdata\roaming\uTorrent
2010-08-07 05:54:30 180224 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-08-07 05:40:21 0 d-----w- c:\programdata\hpqwmi
2010-08-07 05:40:19 0 d-----w- c:\program files\HPQ
2010-08-07 05:27:26 0 d-sh--w- c:\windows\Installer
2010-08-07 05:18:04 0 d-----w- c:\windows\nview
2010-08-07 05:08:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-08-07 05:08:34 0 d-----w- C:\SWSetup
2010-08-07 03:26:32 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-08-07 03:25:13 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-08-07 03:25:13 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-08-07 03:25:13 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-08-07 03:25:13 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-08-07 03:25:13 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-08-07 03:20:24 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-07 03:16:58 34816 ----a-w- c:\windows\system32\msasn1.dll
2010-08-07 03:16:58 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-08-07 03:16:57 84480 ----a-w- c:\windows\system32\mciavi32.dll
2010-08-07 03:16:57 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-08-07 03:16:57 1328640 ----a-w- c:\windows\system32\quartz.dll
2010-08-07 03:16:56 91648 ----a-w- c:\windows\system32\avifil32.dll
2010-08-07 03:16:56 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-08-07 03:16:56 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-08-07 03:16:56 22016 ----a-w- c:\windows\system32\msyuv.dll
2010-08-07 03:16:56 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-08-07 03:16:56 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-08-07 03:16:55 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-08-07 03:14:17 132608 ----a-w- c:\windows\system32\cabview.dll
2010-08-07 03:14:14 2048 ----a-w- c:\windows\system32\tzres.dll
2010-08-07 03:13:51 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-08-07 03:13:51 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-08-07 03:13:51 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-08-07 03:13:07 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-08-07 03:13:07 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-08-07 03:13:07 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-08-07 03:03:11 0 d-----w- c:\users\dean\Archive
2010-08-07 02:47:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-08-07 02:36:51 713888 ----a-w- c:\windows\system32\PerfStringBackup.INI
2010-08-07 02:35:59 0 d-----w- c:\windows\system32\wbem\Performance

==================== Find3M ====================

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 20:51:40.98 ===============





UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 7/08/2010 12:31:11 PM
System Uptime: 30/08/2010 6:07:07 PM (2 hours ago)

Motherboard: Hewlett-Packard | | 08B0
Processor: Intel(R) Pentium(R) M processor 1000MHz | U49 | 1000/100mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 128 GiB total, 78.292 GiB free.
D: is Removable

==== Disabled Device Manager Items =============

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: SD-CARD
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_IDE#DISKSD-CARD_________________________________________#6&F46746&0&0.0.0#
Manufacturer: Microsoft
Name: NIKON D40
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_IDE#DISKSD-CARD_________________________________________#6&F46746&0&0.0.0#
Service: WUDFRd

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.3.4
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
µTorrent
Autodesk SketchBookPro 2010 R1
avast! Pro Antivirus
Direct Folders
Extensis Suitcase 11.0.1
ISD Tablet
LightWave 3D 9.6
Malwarebytes' Anti-Malware
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.8)
Notebook Hardware Control 2.0 Pre-Release-06 Bugfix
NVIDIA Drivers
PCI 1620 Cardbus Controller and Software
PCI1620 Ultramedia Controller
PDF Settings
Q Menu 2.10 A2
RocketDock 1.3.5
SUPERAntiSpyware
Tagging System Cashtitan
WinRAR archiver
Xmarks for IE

==== Event Viewer Messages From Past Week ========

30/08/2010 8:04:14 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
30/08/2010 6:08:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
30/08/2010 6:05:26 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
30/08/2010 6:05:25 PM, Error: pcmcia [9] - The PCMCIA controller encountered an error powering up the inserted device.
29/08/2010 6:53:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.
28/08/2010 4:21:25 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

==== End Of File ===========================

 

Thanks very much Broni.

I have done exactly as instructed and have included the contents of my MWB, gmer, and MBRcheck log in this reply. Thanks.




Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4532

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/09/2010 10:06:07 AM
mbam-log-2010-09-03 (10-06-07).txt

Scan type: Quick scan
Objects scanned: 130057
Time elapsed: 9 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-03 10:33:21
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Dean\AppData\Local\Temp\kgliraoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwAlpcSendWaitReceivePort [0x89B141FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateEvent [0x89B13ACA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateEventPair [0x89B13B4E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateIoCompletion [0x89B13CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateMutant [0x89B139C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateSection [0x89B13BCA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateSemaphore [0x89B13A48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwCreateTimer [0x89B13C6A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwLoadDriver [0x89B11EA2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenEvent [0x89B13B10]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenEventPair [0x89B13B8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenIoCompletion [0x89B13D2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenMutant [0x89B13A0A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenSection [0x89B13C20]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenSemaphore [0x89B13A8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwOpenTimer [0x89B13CAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwQueryObject [0x89B129C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwReplyWaitReceivePort [0x89B14674]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwReplyWaitReceivePortEx [0x89B141B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwSetSystemInformation [0x89B11F10]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/ALWIL Software) ZwShutdownSystem [0x89B1204C]

INT 0x30 \SystemRoot\system32\halacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82825CA4
INT 0x38 \SystemRoot\system32\halacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82816C6C

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x8F9084FE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 828718E9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 828913D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 1403 828986D0 4 Bytes [FA, 41, B1, 89] {CLI ; INC ECX; MOV CL, 0x89}
.text ntoskrnl.exe!KeRemoveQueueEx + 1467 82898734 8 Bytes [CA, 3A, B1, 89, 4E, 3B, B1, ...] {RETF 0xb13a; MOV [ESI+0x3b], ECX; MOV CL, 0x89}
.text ntoskrnl.exe!KeRemoveQueueEx + 1473 82898740 4 Bytes JMP 3989B13C
.text ntoskrnl.exe!KeRemoveQueueEx + 148F 8289875C 4 Bytes [C6, 39, B1, 89]
.text ntoskrnl.exe!KeRemoveQueueEx + 14B7 82898784 8 Bytes [CA, 3B, B1, 89, 48, 3A, B1, ...] {RETF 0xb13b; MOV [EAX+0x3a], ECX; MOV CL, 0x89}
.text ...
.text C:\Windows\system32\DRIVERS\nv4_mini.sys section is writeable [0x8F951340, 0x10695F, 0xF8000020]
init C:\Windows\system32\drivers\tiumfwl.sys entry point in "init" section [0x8FB9DF00]
.text C:\Windows\System32\nv4_disp.dll section is writeable [0x8B000300, 0x236DE0, 0xF8000020]
.text peauth.sys 8CE23C9D 28 Bytes [C4, B4, 1D, 24, 43, 84, AD, ...]
.text peauth.sys 8CE23CC1 28 Bytes [C4, B4, 1D, 24, 43, 84, AD, ...]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\System32\rundll32.exe[2824] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75415E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2824] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75415E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2824] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75415E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2824] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75415E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2824] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75415E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3388] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75415E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3388] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75415E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3388] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75415E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3388] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75415E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\ACPI_HAL \Device\00000049 halacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\BTHUSB \Device\00000076 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000078 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0020e0818646
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0020e0818646 (not active ControlSet)

---- EOF - GMER 1.0.15 ----




MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 204):
0x8283C000 \SystemRoot\system32\ntoskrnl.exe
0x82814000 \SystemRoot\system32\halacpi.dll
0x80BB9000 \SystemRoot\system32\kdcom.dll
0x8902E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x890A6000 \SystemRoot\system32\PSHED.dll
0x890B7000 \SystemRoot\system32\BOOTVID.dll
0x890BF000 \SystemRoot\system32\CLFS.SYS
0x89101000 \SystemRoot\system32\CI.dll
0x891AC000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8921D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8922B000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x89273000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8927C000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x89284000 \SystemRoot\system32\DRIVERS\pci.sys
0x892AE000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x892B9000 \SystemRoot\System32\drivers\partmgr.sys
0x892CA000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x892D2000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x892DD000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x892ED000 \SystemRoot\System32\drivers\volmgrx.sys
0x89338000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8933F000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8934D000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x8937B000 \SystemRoot\System32\drivers\mountmgr.sys
0x89391000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8939A000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x893BD000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x893C6000 \SystemRoot\system32\drivers\fltmgr.sys
0x89000000 \SystemRoot\system32\drivers\fileinfo.sys
0x89406000 \SystemRoot\System32\Drivers\Ntfs.sys
0x89535000 \SystemRoot\System32\Drivers\msrpc.sys
0x89560000 \SystemRoot\System32\Drivers\ksecdd.sys
0x89573000 \SystemRoot\System32\Drivers\cng.sys
0x895D0000 \SystemRoot\System32\drivers\pcw.sys
0x895DE000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x895E7000 \SystemRoot\system32\drivers\ndis.sys
0x8969E000 \SystemRoot\system32\drivers\NETIO.SYS
0x896DC000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8982B000 \SystemRoot\System32\drivers\tcpip.sys
0x89974000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x899A5000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x899AE000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x899ED000 \SystemRoot\System32\Drivers\spldr.sys
0x899F5000 \SystemRoot\System32\drivers\rdyboost.sys
0x89A22000 \SystemRoot\System32\Drivers\mup.sys
0x89A32000 \SystemRoot\System32\drivers\hwpolicy.sys
0x89A3A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x89A6C000 \SystemRoot\system32\DRIVERS\disk.sys
0x89A7D000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x89AA2000 \SystemRoot\system32\DRIVERS\agp440.sys
0x89B03000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x89B4F000 \SystemRoot\System32\Drivers\Null.SYS
0x89B56000 \SystemRoot\System32\Drivers\Beep.SYS
0x89B5D000 \SystemRoot\System32\drivers\vga.sys
0x89B69000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x89B8A000 \SystemRoot\System32\drivers\watchdog.sys
0x89B97000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x89B9F000 \SystemRoot\system32\drivers\rdpencdd.sys
0x89BA7000 \SystemRoot\system32\drivers\rdprefmp.sys
0x89BAF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x89BBA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x89BC8000 \SystemRoot\system32\DRIVERS\tdx.sys
0x89BDF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x89BEA000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x89701000 \SystemRoot\system32\drivers\afd.sys
0x89BF4000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8975B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x89BF9000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x89800000 \SystemRoot\system32\DRIVERS\pacer.sys
0x89AE4000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8978D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x89AF2000 \SystemRoot\system32\DRIVERS\termdd.sys
0x897A0000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8981F000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8F808000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F849000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F853000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F85D000 \SystemRoot\System32\drivers\discache.sys
0x8F869000 \SystemRoot\system32\drivers\csc.sys
0x8F8CD000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F8E5000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8F8F3000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8F91A000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8F93B000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8F94D000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F951000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0x8FA91000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8FA9C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8FAE7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8FAF6000 \SystemRoot\system32\DRIVERS\w70n51.sys
0x8FB9B000 \SystemRoot\system32\drivers\tiumfwl.sys
0x8FBA1000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0x8FBB2000 \SystemRoot\system32\DRIVERS\serial.sys
0x8FBCC000 \SystemRoot\system32\DRIVERS\wisdpen.sys
0x8FBD4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8FBE7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x897C2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8FBEE000 \SystemRoot\system32\DRIVERS\CPQBttn.sys
0x8E42B000 \SystemRoot\system32\drivers\smwdm.sys
0x8E461000 \SystemRoot\system32\drivers\portcls.sys
0x8E490000 \SystemRoot\system32\drivers\drmk.sys
0x8E4A9000 \SystemRoot\system32\drivers\ks.sys
0x8E4DD000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8E5E3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8E5E5000 \SystemRoot\system32\drivers\modem.sys
0x8E5F2000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8E5FB000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x8E608000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0x8E60B000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8E61D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8E635000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8E640000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8E662000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8E67A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8E691000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8E6A8000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x8E6B2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E6BF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E6CC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8E6CE000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E6DC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E720000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8E72C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8E737000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0x8E73F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8E750000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8E767000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8E772000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x8E784000 \SystemRoot\System32\Drivers\bthport.sys
0x8E400000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x8E7E8000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x897DA000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x900F0000 \SystemRoot\System32\win32k.sys
0x8E7F5000 \SystemRoot\System32\drivers\Dxapi.sys
0x90340000 \SystemRoot\System32\drivers\dxg.sys
0x8FBF1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x8B3D0000 \SystemRoot\System32\TSDDD.dll
0x8B000000 \SystemRoot\System32\nv4_disp.dll
0x90000000 \SystemRoot\System32\ATMFD.DLL
0x89AB2000 \SystemRoot\System32\Drivers\fastfat.SYS
0x89011000 \SystemRoot\System32\Drivers\crashdmp.sys
0x897F5000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8901E000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8CC04000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x8CC15000 \SystemRoot\system32\drivers\luafv.sys
0x8CC30000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x8CC47000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x8CC4A000 \SystemRoot\system32\drivers\WudfPf.sys
0x8CC64000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8CC74000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8CCBA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8CCCA000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8CCDD000 \SystemRoot\system32\drivers\HTTP.sys
0x8CD62000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8CD7B000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8CD8D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8CDB0000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8CDEB000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8CE1E000 \SystemRoot\system32\drivers\peauth.sys
0x8CEB5000 \SystemRoot\System32\Drivers\secdrv.SYS
0x8CEBF000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x8CEE0000 \SystemRoot\System32\drivers\tcpipreg.sys
0x8CEED000 \SystemRoot\System32\DRIVERS\srv2.sys
0x8CF3C000 \SystemRoot\System32\DRIVERS\srv.sys
0x8CFB6000 \??\C:\Users\Dean\AppData\Local\Temp\kgliraoc.sys
0x773A0000 \Windows\System32\ntdll.dll
0x47C10000 \Windows\System32\smss.exe
0x775E0000 \Windows\System32\apisetschema.dll
0x00BF0000 \Windows\System32\autochk.exe
0x77200000 \Windows\System32\setupapi.dll
0x77570000 \Windows\System32\shlwapi.dll
0x77560000 \Windows\System32\lpk.dll
0x77550000 \Windows\System32\nsi.dll
0x77170000 \Windows\System32\clbcatq.dll
0x774F0000 \Windows\System32\difxapi.dll
0x770A0000 \Windows\System32\msctf.dll
0x77080000 \Windows\System32\imm32.dll
0x77040000 \Windows\System32\ws2_32.dll
0x774E0000 \Windows\System32\psapi.dll
0x76FB0000 \Windows\System32\oleaut32.dll
0x76E50000 \Windows\System32\ole32.dll
0x76DD0000 \Windows\System32\comdlg32.dll
0x76D80000 \Windows\System32\gdi32.dll
0x76130000 \Windows\System32\shell32.dll
0x760E0000 \Windows\System32\Wldap32.dll
0x760B0000 \Windows\System32\imagehlp.dll
0x75EB0000 \Windows\System32\iertutil.dll
0x75D70000 \Windows\System32\urlmon.dll
0x75CC0000 \Windows\System32\rpcrt4.dll
0x75BE0000 \Windows\System32\kernel32.dll
0x75B10000 \Windows\System32\user32.dll
0x75A10000 \Windows\System32\wininet.dll
0x75960000 \Windows\System32\msvcrt.dll
0x758C0000 \Windows\System32\usp10.dll
0x758A0000 \Windows\System32\sechost.dll
0x75800000 \Windows\System32\advapi32.dll
0x757F0000 \Windows\System32\normaliz.dll
0x757C0000 \Windows\System32\wintrust.dll
0x756A0000 \Windows\System32\crypt32.dll
0x75650000 \Windows\System32\KernelBase.dll
0x755C0000 \Windows\System32\comctl32.dll
0x755A0000 \Windows\System32\devobj.dll
0x75570000 \Windows\System32\cfgmgr32.dll
0x75560000 \Windows\System32\msasn1.dll

Processes (total 51):
0 System Idle Process
4 System
248 C:\Windows\System32\smss.exe
348 csrss.exe
396 C:\Windows\System32\wininit.exe
408 csrss.exe
448 C:\Windows\System32\winlogon.exe
484 C:\Windows\System32\services.exe
500 C:\Windows\System32\lsass.exe
508 C:\Windows\System32\lsm.exe
620 C:\Windows\System32\svchost.exe
704 C:\Windows\System32\svchost.exe
756 C:\Windows\System32\svchost.exe
872 C:\Windows\System32\svchost.exe
912 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\svchost.exe
1200 C:\Windows\System32\wisptis.exe
1272 C:\Windows\System32\svchost.exe
1336 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1580 C:\Windows\System32\spoolsv.exe
1624 C:\Windows\System32\svchost.exe
1720 C:\Program Files\Extensis\Extensis Suitcase 11\Bonjour\mDNSResponder.exe
1844 C:\Program Files\Tablet\ISD\ISD_Tablet.exe
1192 C:\Windows\System32\svchost.exe
2412 C:\Windows\System32\taskhost.exe
2488 C:\Windows\System32\dwm.exe
2504 C:\Windows\explorer.exe
2528 C:\Windows\System32\wisptis.exe
2536 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
2784 C:\Program Files\HPQ\Q Menu\QIcon.exe
2792 C:\Program Files\HPQ\Q Menu\CPQMCSRV.exe
2800 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2824 C:\Windows\System32\rundll32.exe
2832 C:\Program Files\RocketDock\RocketDock.exe
2848 C:\Program Files\Direct Folders\df.exe
2948 C:\Program Files\HPQ\Shared\hpqwmi.exe
3028 C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
3040 C:\Program Files\Tablet\ISD\ISD_Tablet.exe
3048 C:\Program Files\Tablet\CalibrationAssistant.exe
3188 WmiPrvSE.exe
3388 C:\Windows\System32\rundll32.exe
3580 C:\Windows\System32\SearchIndexer.exe
3772 C:\Program Files\Windows Media Player\wmpnetwk.exe
3920 C:\Windows\System32\svchost.exe
2464 C:\Windows\System32\svchost.exe
2236 C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
2084 C:\Windows\System32\wuauclt.exe
3328 C:\Windows\System32\audiodg.exe
2936 C:\Users\Dean\Desktop\MBRCheck.exe
3884 C:\Windows\System32\conhost.exe
2896 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVE-00UYT0, Rev: 01.04A01

Size Device Name MBR Status
--------------------------------------------
127 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

 

Thanks, I was pretty impressed with the MalwareBytes report but all the other stuff goes over my head I'm afraid!

ComboFix log below...

Thanks Broni.


ComboFix 10-09-03.01 - Dean 04/09/2010 10:05:05.3.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.2047.1540 [GMT 10:00]
Running from: c:\users\Dean\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-08-04 to 2010-09-04 )))))))))))))))))))))))))))))))
.

2010-09-04 00:16 . 2010-09-04 00:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-04 00:16 . 2010-09-04 00:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-04 00:01 . 2010-09-04 00:02 -------- d-----w- C:\32788R22FWJFW
2010-08-30 13:54 . 2010-08-30 14:10 -------- d-----w- c:\program files\NVTray
2010-08-30 08:09 . 2010-08-30 08:09 -------- d-----w- c:\users\Dean\AppData\Roaming\Malwarebytes
2010-08-30 08:09 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-30 08:09 . 2010-08-30 08:09 -------- d-----w- c:\programdata\Malwarebytes
2010-08-30 08:09 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-30 08:09 . 2010-08-30 08:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-30 04:20 . 2010-08-30 04:20 63488 ----a-w- c:\users\Dean\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-30 04:20 . 2010-08-30 04:20 52224 ----a-w- c:\users\Dean\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-30 04:20 . 2010-08-30 04:20 117760 ----a-w- c:\users\Dean\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-30 04:18 . 2010-08-30 04:18 -------- d-----w- c:\users\Dean\AppData\Roaming\SUPERAntiSpyware.com
2010-08-30 04:18 . 2010-08-30 04:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-30 04:18 . 2010-08-30 04:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-24 00:14 . 2010-08-24 00:14 -------- d-----w- C:\_OTM
2010-08-24 00:07 . 2010-08-24 00:08 17785 ----a-w- C:\MGlogs.zip
2010-08-24 00:07 . 2010-08-30 03:26 -------- d-----w- C:\MGtools
2010-08-23 23:58 . 2010-08-23 23:58 -------- d-----w- c:\programdata\Hewlett-Packard
2010-08-23 23:58 . 2009-07-14 01:15 280064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll
2010-08-23 14:07 . 2005-12-18 22:56 45056 ----a-w- c:\windows\system32\nvmccsrs.dll
2010-08-23 14:07 . 2005-12-18 22:56 442368 ----a-w- c:\windows\system32\nvappbar.exe
2010-08-23 14:07 . 2005-12-18 22:56 425984 ----a-w- c:\windows\system32\keystone.exe
2010-08-23 14:07 . 2005-12-18 22:56 1662976 ----a-w- c:\windows\system32\nvwdmcpl.dll
2010-08-23 14:07 . 2005-12-18 22:56 147456 ----a-w- c:\windows\system32\nvcolor.exe
2010-08-23 14:07 . 2005-12-18 22:56 1339392 ----a-w- c:\windows\system32\nvdspsch.exe
2010-08-23 14:07 . 2005-12-18 22:56 1019904 ----a-w- c:\windows\system32\nvwimg.dll
2010-08-23 13:38 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-08-23 13:32 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-08-23 13:31 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-08-23 13:31 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll
2010-08-23 13:31 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-08-23 13:31 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-08-23 13:31 . 2010-01-18 23:29 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-08-23 13:31 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-08-23 13:31 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-08-23 13:31 . 2010-01-18 23:29 369152 ----a-w- c:\windows\system32\secproc.dll
2010-08-23 13:31 . 2010-01-18 23:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-08-23 13:31 . 2010-01-18 23:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-08-23 13:31 . 2010-01-18 23:28 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-08-23 13:31 . 2010-01-18 23:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-08-16 14:56 . 2010-08-16 14:56 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-16 14:52 . 2010-08-16 14:52 77184 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-08-16 14:51 . 2010-08-17 04:20 -------- d-----w- c:\programdata\NOS
2010-08-15 05:15 . 2010-08-15 05:15 -------- d-----w- c:\users\Dean\AppData\Local\Mozilla
2010-08-15 05:06 . 2010-08-30 14:09 -------- d-----w- c:\program files\Notebook Hardware Control
2010-08-14 17:31 . 2010-08-14 17:31 -------- d-----w- c:\users\Dean\AppData\Roaming\Autodesk
2010-08-14 17:31 . 2010-08-14 17:34 -------- d-----w- c:\programdata\Alias
2010-08-14 17:30 . 2010-08-14 17:30 -------- d-----w- c:\program files\Autodesk
2010-08-13 09:56 . 2010-08-17 01:26 -------- d-----w- c:\users\Dean\Favourite Apps
2010-08-13 09:49 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-08-13 09:49 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-08-13 09:49 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-08-13 09:49 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-13 09:49 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-08-13 09:49 . 2010-06-22 02:47 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-13 09:49 . 2010-06-22 02:47 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-13 09:49 . 2010-06-22 02:47 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-13 09:49 . 2010-06-19 06:33 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-13 09:49 . 2010-06-19 06:33 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-13 09:48 . 2010-06-30 06:25 978432 ----a-w- c:\windows\system32\wininet.dll
2010-08-13 09:47 . 2010-06-16 05:48 224256 ----a-w- c:\windows\system32\schannel.dll
2010-08-13 09:47 . 2010-06-19 04:07 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-08-13 09:44 . 2010-08-13 09:44 -------- d-----w- c:\program files\NewTek
2010-08-09 19:40 . 2010-08-09 19:40 -------- d-----w- c:\users\Dean\AppData\Local\Apps
2010-08-09 09:28 . 2010-08-10 03:19 -------- d-----w- c:\programdata\Extensis
2010-08-09 09:28 . 2010-08-09 09:28 -------- d-----w- c:\users\Dean\AppData\Roaming\Extensis
2010-08-09 09:26 . 2010-08-09 09:26 -------- d-----w- c:\program files\Extensis
2010-08-09 09:19 . 2010-08-09 09:19 -------- d-----w- c:\programdata\ALM
2010-08-09 08:28 . 2010-08-09 08:29 -------- d-----w- c:\users\Dean\AppData\Local\Microsoft Games
2010-08-09 07:21 . 2010-08-09 07:46 -------- d-----w- c:\users\Dean\Fonts
2010-08-09 05:47 . 2010-08-09 06:02 -------- d-----w- c:\users\Dean\My Artwork
2010-08-09 05:25 . 2010-08-09 05:32 -------- d-----w- c:\users\Dean\AppData\Roaming\Direct Folders
2010-08-09 05:25 . 2010-08-09 05:25 -------- d-----w- c:\program files\Direct Folders
2010-08-09 05:20 . 2010-08-20 09:50 -------- d-----w- c:\users\Dean\Projects
2010-08-09 05:09 . 2010-08-09 05:20 -------- d-----w- c:\users\Dean\Icons
2010-08-07 20:20 . 2010-08-07 02:31 -------- d-----w- c:\windows\Panther
2010-08-07 14:39 . 2010-08-07 14:39 -------- d-----w- c:\windows\tiinst
2010-08-07 11:12 . 2010-08-07 11:12 -------- d-----w- c:\programdata\FLEXnet
2010-08-07 11:09 . 2010-08-16 15:01 -------- d-----w- c:\users\Dean\AppData\Local\Adobe
2010-08-07 10:51 . 2010-08-07 10:51 -------- d-----w- c:\program files\Common Files\Control Panels
2010-08-07 10:49 . 2010-08-07 10:49 -------- d-----w- c:\program files\Bonjour
2010-08-07 10:45 . 2010-08-07 10:45 -------- d-----w- c:\windows\system32\Macromed
2010-08-07 10:43 . 2010-08-07 10:43 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-08-07 10:40 . 2010-08-16 15:00 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-07 09:17 . 2010-08-07 09:17 -------- d-----w- c:\program files\RocketDock
2010-08-07 09:07 . 2010-03-09 12:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-07 09:07 . 2010-03-09 12:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-07 09:07 . 2010-03-09 12:14 294480 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2010-08-07 09:07 . 2010-03-09 12:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-07 09:07 . 2010-03-09 12:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-07 09:07 . 2010-03-09 12:08 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-07 09:05 . 2010-08-07 09:05 915 ----a-w- c:\users\Deanxplore.exe
2010-08-07 09:05 . 2010-03-09 12:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-08-07 09:05 . 2010-03-09 12:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-07 09:05 . 2010-08-07 09:05 -------- d-----w- c:\programdata\Alwil Software
2010-08-07 09:05 . 2010-08-07 09:05 -------- d-----w- c:\program files\Alwil Software
2010-08-07 09:04 . 2010-08-07 09:04 47386 ----a-w- c:\windows\system32\dvzensplkltcku.exe
2010-08-07 09:00 . 2010-08-07 09:02 -------- d-----w- c:\users\Dean\AppData\Local\Xmarks
2010-08-07 09:00 . 2010-08-07 09:00 -------- d-----w- c:\program files\Xmarks
2010-08-07 08:25 . 2010-08-09 05:16 -------- d-----w- c:\users\Dean\Stationery
2010-08-07 07:23 . 2010-08-07 07:23 -------- d-----w- c:\windows\system32\Wat
2010-08-07 06:50 . 2010-08-07 06:50 -------- d-----w- c:\program files\Intel
2010-08-07 06:39 . 2010-08-07 06:39 -------- d-----w- c:\programdata\nView_Profiles
2010-08-07 06:27 . 2010-08-07 06:27 -------- d-----w- c:\users\Dean\AppData\Roaming\WTablet
2010-08-07 06:26 . 2010-07-26 00:02 495616 ----a-w- c:\windows\system32\Wintab32.dll
2010-08-07 06:26 . 2010-07-26 00:05 656240 ----a-w- c:\windows\system32\ISD_Tablet.dll
2010-08-07 06:24 . 2007-02-16 01:12 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2010-08-07 06:24 . 2009-09-21 06:29 14120 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2010-08-07 06:24 . 2010-06-14 02:08 35696 ----a-w- c:\windows\system32\drivers\wisdpen.sys
2010-08-07 06:24 . 2010-08-07 09:54 -------- d-----w- c:\program files\Tablet
2010-08-07 06:18 . 2010-08-07 06:18 -------- d-----w- c:\program files\uTorrent
2010-08-07 06:18 . 2010-08-09 05:27 -------- d-----w- c:\users\Dean\AppData\Roaming\uTorrent
2010-08-07 05:56 . 2005-12-18 22:56 180224 ----a-w- c:\windows\system32\nvudisp.exe
2010-08-07 05:54 . 2005-12-19 02:56 180224 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-08-07 05:53 . 2005-12-18 22:56 573440 ----a-w- c:\windows\system32\nvhwvid.dll
2010-08-07 05:53 . 2005-12-18 22:56 35840 ----a-w- c:\windows\system32\nvcodins.dll
2010-08-07 05:53 . 2005-12-18 22:56 35840 ----a-w- c:\windows\system32\nvcod.dll
2010-08-07 05:53 . 2005-12-18 22:56 286720 ----a-w- c:\windows\system32\nvnt4cpl.dll
2010-08-07 05:53 . 2005-12-18 22:56 229376 ----a-w- c:\windows\system32\nvmccs.dll
2010-08-07 05:53 . 2005-12-18 22:56 110592 ----a-w- c:\windows\system32\nvapi.dll
2010-08-07 05:40 . 2010-08-07 05:40 -------- d-----w- c:\programdata\hpqwmi
2010-08-07 05:40 . 2010-08-07 05:40 -------- d-----w- c:\program files\HPQ
2010-08-07 05:28 . 2010-08-07 14:39 -------- d-----w- c:\program files\InstallShield Installation Information
2010-08-07 05:27 . 2010-08-30 14:25 -------- d-sh--w- c:\windows\Installer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-07 03:34 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-08-07 02:47 . 2010-08-07 02:47 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@= "{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE} "
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-03-09 12:11 136704 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock "= "c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2003-09-22 4866048]
"nwiz "= "nview.dll" [2003-09-22 852039]
"Q Menu "= "c:\program files\HPQ\Q Menu\QICON.EXE" [2004-10-05 221184]
"hpqMcSrv "= "c:\program files\HPQ\Q Menu\CpqMcSrV.exe" [2004-10-04 53248]
"avast5 "= "c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-03-09 2769336]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2003-09-22 49152]

c:\users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Direct Folders.lnk - c:\program files\Direct Folders\df.exe [2010-8-9 272896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 0 (0x0)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)
"PromptOnSecureDesktop "= 0 (0x0)

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-07 1343400]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-03-09 51792]
S2 TabletServiceISD;TabletServiceISD;c:\program files\Tablet\ISD\ISD_Tablet.exe [2010-07-26 4636016]
S3 WISDPen;Wacom Penabled MiniDriver;c:\windows\system32\DRIVERS\wisdpen.sys [2010-06-14 35696]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gmail.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\iatc7zq0.default\
FF - prefs.js: browser.startup.homepage - www.gmail.com

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3279766536-3841788633-2161062014-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\L*i*n*k*s* \3D]
"Order "=hex:08,00,00,00,02,00,00,00,02,13,00,00,01,00,00,00,26,00,00,00,62,00,
00,00,25,00,00,00,54,00,31,00,00,00,00,00,00,fd,96,ed,10,00,7e,46,41,56,45,\

[HKEY_USERS\S-1-5-21-3279766536-3841788633-2161062014-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\L*i*n*k*s* \3D\Lighting]
"Order "=hex:08,00,00,00,02,00,00,00,c4,00,00,00,01,00,00,00,01,00,00,00,b8,00,
00,00,00,00,00,00,aa,00,32,00,cd,00,00,00,00,f7,71,e8,20,00,4c,49,54,48,4f,\

[HKEY_USERS\S-1-5-21-3279766536-3841788633-2161062014-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\L*i*n*k*s* \3D\Lightwave Sites]
"Order "=hex:08,00,00,00,02,00,00,00,1a,08,00,00,01,00,00,00,10,00,00,00,72,00,
00,00,00,00,00,00,64,00,32,00,cd,00,00,00,00,b6,a4,87,20,00,33,44,57,49,52,\

[HKEY_USERS\S-1-5-21-3279766536-3841788633-2161062014-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\L*i*n*k*s* \3D\Models Meshes]
"Order "=hex:08,00,00,00,02,00,00,00,f0,0a,00,00,01,00,00,00,15,00,00,00,7c,00,
00,00,00,00,00,00,6e,00,32,00,cd,00,00,00,00,3c,d3,d5,20,00,33,44,4d,4f,44,\

[HKEY_USERS\S-1-5-21-3279766536-3841788633-2161062014-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\L*i*n*k*s* \3D\Software]
"Order "=hex:08,00,00,00,02,00,00,00,68,09,00,00,01,00,00,00,14,00,00,00,70,00,
00,00,00,00,00,00,62,00,32,00,cd,00,00,00,00,df,e0,46,20,00,41,39,54,45,43,\

[HKEY_USERS\S-1-5-21-3279766536-3841788633-2161062014-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\L*i*n*k*s* \3D\Textures]
"Order "=hex:08,00,00,00,02,00,00,00,50,0b,00,00,01,00,00,00,15,00,00,00,62,00,
00,00,14,00,00,00,54,00,31,00,00,00,00,00,00,01,d3,a1,10,00,7e,46,41,56,45,\

[HKEY_USERS\S-1-5-21-3279766536-3841788633-2161062014-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\L*i*n*k*s* \3D\Textures\~ FAVES ~]
"Order "=hex:08,00,00,00,02,00,00,00,1a,01,00,00,01,00,00,00,02,00,00,00,78,00,
00,00,00,00,00,00,6a,00,32,00,cd,00,00,00,00,11,02,94,20,00,43,47,54,45,58,\

[HKEY_USERS\S-1-5-21-3279766536-3841788633-2161062014-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\L*i*n*k*s* \3D\Tips Techniques Tutorials]
"Order "=hex:08,00,00,00,02,00,00,00,34,02,00,00,01,00,00,00,04,00,00,00,a0,00,
00,00,00,00,00,00,92,00,32,00,cd,00,00,00,00,91,76,7e,20,00,45,58,50,52,45,\

[HKEY_USERS\S-1-5-21-3279766536-3841788633-2161062014-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\L*i*n*k*s* \3D\~ FAVES ~]
"Order "=hex:08,00,00,00,02,00,00,00,a4,01,00,00,01,00,00,00,04,00,00,00,60,00,
00,00,00,00,00,00,52,00,32,00,cd,00,00,00,00,7d,e5,3d,20,00,46,6c,61,79,2e,\

[HKEY_USERS\S-1-5-21-3279766536-3841788633-2161062014-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\L*i*n*k*s* \Architectural Products]
"Order "=hex:08,00,00,00,02,00,00,00,02,09,00,00,01,00,00,00,12,00,00,00,72,00,
00,00,00,00,00,00,64,00,32,00,cd,00,00,00,00,c5,12,e1,20,00,41,26,4c,57,49,\

[HKEY_USERS\S-1-5-21-3279766536-3841788633-2161062014-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\L*i*n*k*s* \Cool and Funny ****]
"Order "=hex:08,00,00,00,02,00,00,00,b4,08,00,00,01,00,00,00,13,00,00,00,68,00,
00,00,00,00,00,00,5a,00,32,00,cd,00,00,00,00,2e,1b,58,20,00,61,6e,69,42,4f,\

[HKEY_USERS\S-1-5-21-3279766536-3841788633-2161062014-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\L*i*n*k*s* \DVD and CD Covers]
"Order "=hex:08,00,00,00,02,00,00,00,b4,04,00,00,01,00,00,00,0a,00,00,00,72,00,
00,00,00,00,00,00,64,00,32,00,cd,00,00,00,00,bc,9e,4e,20,00,41,4c,4c,43,44,\

[HKEY_USERS\S-1-5-21-3279766536-3841788633-2161062014-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\L*i*n*k*s* \Local and Public Services]
"Order "=hex:08,00,00,00,02,00,00,00,e6,0a,00,00,01,00,00,00,16,00,00,00,78,00,
00,00,00,00,00,00,6a,00,32,00,cd,00,00,00,00,db,f4,b5,20,00,41,55,53,54,52,\

[HKEY_USERS\S-1-5-21-3279766536-3841788633-2161062014-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\L*i*n*k*s* \Online Reference]
"Order "=hex:08,00,00,00,02,00,00,00,3e,02,00,00,01,00,00,00,05,00,00,00,72,00,
00,00,00,00,00,00,64,00,32,00,cd,00,00,00,00,b1,54,89,20,00,47,4f,4f,47,4c,\

[HKEY_USERS\S-1-5-21-3279766536-3841788633-2161062014-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\L*i*n*k*s* \Online Shopping]
"Order "=hex:08,00,00,00,02,00,00,00,b6,09,00,00,01,00,00,00,15,00,00,00,78,00,
00,00,00,00,00,00,6a,00,32,00,cd,00,00,00,00,23,3e,e8,20,00,41,4c,44,49,41,\

[HKEY_USERS\S-1-5-21-3279766536-3841788633-2161062014-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\L*i*n*k*s* \Personal Stuff]
"Order "=hex:08,00,00,00,02,00,00,00,40,0b,00,00,01,00,00,00,18,00,00,00,8a,00,
00,00,00,00,00,00,7c,00,32,00,cd,00,00,00,00,a2,20,0e,20,00,42,4f,58,48,49,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2960)
c:\windows\System32\nView.dll
c:\program files\Direct Folders\hook.dll
.
Completion time: 2010-09-04 10:22:25
ComboFix-quarantined-files.txt 2010-09-04 00:22
ComboFix2.txt 2010-08-30 10:09
ComboFix3.txt 2010-08-30 04:07

Pre-Run: 83,904,049,152 bytes free
Post-Run: 83,879,493,632 bytes free

- - End Of File - - C88A8F6525154023BC4541F7BF8CB396

 

Ok all good, ran OLT as suggested but was quite slow, probably just my machine.OLT.text Log attached. Cheers.

It seems there's a 55000 character restriction so I'll have to split up the OTL report: Part 1: (up untill 'purity check')


OTL logfile created on: 4/09/2010 6:43:42 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Dean\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 127.90 Gb Total Space | 78.22 Gb Free Space | 61.16% Space Free | Partition Type: NTFS
Drive D: | 979.63 Mb Total Space | 759.28 Mb Free Space | 77.51% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEAN-TABLETPC
Current User Name: Dean
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/04 18:36:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Dean\Desktop\OTL.exe
PRC - [2010/07/26 10:05:40 | 004,636,016 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\ISD\ISD_Tablet.exe
PRC - [2010/07/26 10:05:40 | 001,086,320 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
PRC - [2010/07/26 10:05:22 | 000,238,448 | ---- | M] (Wacom Technology, Inc) -- C:\Program Files\Tablet\CalibrationAssistant.exe
PRC - [2010/06/03 21:17:36 | 000,272,896 | ---- | M] (Code Sector Inc.) -- C:\Program Files\Direct Folders\df.exe
PRC - [2010/03/09 22:24:10 | 002,769,336 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/03/09 22:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/10/31 15:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 11:14:46 | 000,334,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
PRC - [2009/07/14 11:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009/07/14 11:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 11:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2004/10/05 17:02:50 | 000,221,184 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HPQ\Q Menu\QIcon.exe
PRC - [2004/10/05 08:59:40 | 000,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HPQ\Q Menu\CPQMCSRV.exe


========== Modules (SafeList) ==========

MOD - [2010/09/04 18:36:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Dean\Desktop\OTL.exe
MOD - [2010/03/09 22:13:20 | 000,134,144 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\snxBorder.dll
MOD - [2010/03/09 22:11:18 | 000,136,704 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\snxPlugins.dll
MOD - [2009/07/14 11:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009/07/14 11:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 11:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 11:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 11:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 11:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 11:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 11:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 11:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 11:15:10 | 000,531,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ddraw.dll
MOD - [2009/07/14 11:15:09 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
MOD - [2009/07/14 11:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 11:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 11:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/14 11:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/05/04 00:18:36 | 000,241,730 | ---- | M] () -- C:\Program Files\Direct Folders\Hook.dll
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
MOD - [2003/09/22 15:10:00 | 000,852,039 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nview.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/07 20:43:25 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/08/07 17:23:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/07/26 10:05:40 | 004,636,016 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\ISD\ISD_Tablet.exe -- (TabletServiceISD)
SRV - [2010/03/09 22:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/03/09 22:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/03/09 22:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/07/14 11:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 11:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 11:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 11:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 11:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 11:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 11:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 11:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 11:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 11:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 11:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 11:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 11:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 11:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 11:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 11:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 11:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 11:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Dean\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/06/14 12:08:56 | 000,035,696 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wisdpen.sys -- (WISDPen)
DRV - [2010/05/11 04:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/09 22:14:20 | 000,294,480 | ---- | M] (ALWIL Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010/03/09 22:12:54 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/03/09 22:12:33 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/03/09 22:09:08 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/03/09 22:08:52 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/03/09 22:08:30 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/02/18 04:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/11 17:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/09/21 16:29:22 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/07/14 11:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 11:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 11:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 11:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 11:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 11:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 11:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 11:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 11:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 11:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 11:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 11:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 11:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 11:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 11:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 11:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 11:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 11:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 11:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 11:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 11:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 11:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 11:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 11:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 11:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 11:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 11:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 11:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 11:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 11:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 11:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 11:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 11:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 11:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 11:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 11:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 11:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 11:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 11:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 11:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 11:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 10:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 10:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 10:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 09:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 09:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 09:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 09:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 09:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 09:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 09:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 09:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 09:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 09:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 09:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 09:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 09:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 09:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 09:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/14 09:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 09:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/14 08:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 08:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/14 08:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/14 08:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/14 08:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/14 08:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/14 08:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 08:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/14 08:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2009/07/14 08:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/14 08:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2007/02/16 11:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006/08/02 14:09:20 | 000,674,560 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\w70n51.sys -- (w70n51) Intel(R)
DRV - [2003/10/14 17:04:00 | 000,009,344 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tiumflt.sys -- (DevUpper)
DRV - [2003/09/22 15:10:00 | 001,375,356 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/02/18 18:02:06 | 000,042,092 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tiumfwl.sys -- (tiumfwl)
DRV - [2002/06/26 17:04:06 | 000,009,600 | ---- | M] (HP Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 D4 D4 23 E3 35 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.gmail.com "
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.8.6

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/15 15:15:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/23 23:18:19 | 000,000,000 | ---D | M]

[2010/08/15 15:15:53 | 000,000,000 | ---D | M] -- C:\Users\Dean\AppData\Roaming\Mozilla\Extensions
[2010/09/03 10:46:14 | 000,000,000 | ---D | M] -- C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\iatc7zq0.default\extensions
[2010/08/30 12:53:24 | 000,000,000 | ---D | M] -- C:\Users\Dean\AppData\Roaming\Mozilla\Firefox\Profiles\iatc7zq0.default\extensions\foxmarks@kei.com
[2010/08/15 15:15:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/23 10:29:54 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/07/23 10:29:54 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/07/23 10:29:54 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/07/23 10:29:54 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/08/30 14:00:23 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [hpqMcSrv] C:\Program Files\HPQ\Q Menu\CpqMcSrV.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Windows\System32\nview.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Q Menu] C:\Program Files\HPQ\Q Menu\QICON.EXE (Hewlett-Packard)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Direct Folders.lnk = C:\Program Files\Direct Folders\df.exe (Code Sector Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Extensis\Extensis Suitcase 11\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/04 18:36:11 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Dean\Desktop\OTL.exe
[2010/09/04 10:22:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/09/04 10:21:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/09/04 10:01:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/09/04 10:01:10 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/08/31 00:21:51 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/08/30 23:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\NVTray
[2010/08/30 18:09:41 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\Malwarebytes
[2010/08/30 18:09:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/30 18:09:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/30 18:09:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/30 18:09:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/30 14:18:59 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\SUPERAntiSpyware.com
[2010/08/30 14:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/08/30 14:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/08/30 13:33:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/08/30 13:33:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/08/30 13:33:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/08/30 13:33:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/30 13:33:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/24 10:14:21 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/08/24 10:07:29 | 000,000,000 | ---D | C] -- C:\MGtools
[2010/08/24 09:58:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2010/08/17 00:56:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/08/17 00:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/08/15 15:15:36 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\Mozilla
[2010/08/15 15:15:36 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\Mozilla
[2010/08/15 15:15:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/08/15 15:06:27 | 000,000,000 | ---D | C] -- C:\Program Files\Notebook Hardware Control
[2010/08/15 03:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/08/15 03:31:58 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\Autodesk
[2010/08/15 03:31:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Alias
[2010/08/15 03:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2010/08/13 19:56:45 | 000,000,000 | ---D | C] -- C:\Users\Dean\Favourite Apps
[2010/08/13 19:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\NewTek
[2010/08/10 16:58:46 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\Macromedia
[2010/08/10 05:40:32 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\Apps
[2010/08/09 19:28:02 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\Extensis
[2010/08/09 19:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Extensis
[2010/08/09 19:26:26 | 000,000,000 | ---D | C] -- C:\Program Files\Extensis
[2010/08/09 19:19:56 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2010/08/09 18:28:41 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\Microsoft Games
[2010/08/09 17:21:16 | 000,000,000 | ---D | C] -- C:\Users\Dean\Fonts
[2010/08/09 16:05:31 | 000,000,000 | ---D | C] -- C:\Users\Dean\Desktop\Monitor Calibration
[2010/08/09 15:47:28 | 000,000,000 | ---D | C] -- C:\Users\Dean\My Artwork
[2010/08/09 15:25:24 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\Direct Folders
[2010/08/09 15:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Direct Folders
[2010/08/09 15:20:56 | 000,000,000 | ---D | C] -- C:\Users\Dean\Projects
[2010/08/09 15:09:27 | 000,000,000 | ---D | C] -- C:\Users\Dean\Icons
[2010/08/09 00:04:15 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\WinRAR
[2010/08/08 06:20:23 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/08/08 00:39:23 | 000,000,000 | ---D | C] -- C:\Windows\tiinst
[2010/08/07 21:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/08/07 21:09:18 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\Adobe
[2010/08/07 20:54:08 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/08/07 20:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Control Panels
[2010/08/07 20:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/07 20:49:12 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\Adobe
[2010/08/07 20:48:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/08/07 20:45:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/08/07 20:44:03 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/08/07 20:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/08/07 20:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/08/07 19:17:32 | 000,000,000 | ---D | C] -- C:\Program Files\RocketDock
[2010/08/07 19:07:17 | 000,162,640 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/08/07 19:07:17 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/08/07 19:07:16 | 000,294,480 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2010/08/07 19:07:16 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/08/07 19:07:15 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/08/07 19:07:12 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/08/07 19:05:09 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010/08/07 19:05:09 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010/08/07 19:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/08/07 19:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/07 19:00:54 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\Xmarks
[2010/08/07 19:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\Xmarks
[2010/08/07 18:25:04 | 000,000,000 | ---D | C] -- C:\Users\Dean\Stationery
[2010/08/07 17:23:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2010/08/07 16:59:34 | 000,000,000 | R--D | C] -- C:\Users\Dean\Documents\Notes
[2010/08/07 16:50:41 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/08/07 16:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\nView_Profiles
[2010/08/07 16:27:01 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\WTablet
[2010/08/07 16:26:52 | 000,495,616 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wintab32.dll
[2010/08/07 16:26:51 | 000,656,240 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\ISD_Tablet.dll
[2010/08/07 16:24:50 | 000,011,312 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacommousefilter.sys
[2010/08/07 16:24:43 | 000,014,120 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacomvhid.sys
[2010/08/07 16:24:27 | 000,035,696 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wisdpen.sys
[2010/08/07 16:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2010/08/07 16:18:51 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/08/07 16:18:19 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\uTorrent
[2010/08/07 15:40:21 | 000,000,000 | ---D | C] -- C:\ProgramData\hpqwmi
[2010/08/07 15:40:19 | 000,000,000 | ---D | C] -- C:\Program Files\HPQ
[2010/08/07 15:28:23 | 000,000,000 | ---D | C] -- C:\Program Files\InstallShield Installation Information
[2010/08/07 15:27:26 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/08/07 15:18:04 | 000,000,000 | ---D | C] -- C:\Windows\nview
[2010/08/07 15:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/08/07 15:08:34 | 000,000,000 | ---D | C] -- C:\SWSetup
[2010/08/07 13:15:37 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\ElevatedDiagnostics
[2010/08/07 13:03:11 | 000,000,000 | ---D | C] -- C:\Users\Dean\Archive
[2010/08/07 12:31:59 | 000,000,000 | R--D | C] -- C:\Users\Dean\Searches
[2010/08/07 12:31:59 | 000,000,000 | -H-D | C] -- C:\Users\Dean\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/08/07 12:31:47 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\Identities
[2010/08/07 12:31:44 | 000,000,000 | R--D | C] -- C:\Users\Dean\Contacts
[2010/08/07 12:31:29 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\VirtualStore
[2010/08/07 12:31:24 | 000,000,000 | -HSD | C] -- C:\Users\Dean\AppData\Local\Temporary Internet Files
[2010/08/07 12:31:24 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Templates
[2010/08/07 12:31:24 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Start Menu
[2010/08/07 12:31:24 | 000,000,000 | -HSD | C] -- C:\Users\Dean\SendTo
[2010/08/07 12:31:24 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Recent
[2010/08/07 12:31:24 | 000,000,000 | -HSD | C] -- C:\Users\Dean\PrintHood
[2010/08/07 12:31:24 | 000,000,000 | -HSD | C] -- C:\Users\Dean\NetHood
[2010/08/07 12:31:24 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Documents\My Videos
[2010/08/07 12:31:24 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Documents\My Pictures
[2010/08/07 12:31:24 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Documents\My Music
[2010/08/07 12:31:24 | 000,000,000 | -HSD | C] -- C:\Users\Dean\My Documents
[2010/08/07 12:31:24 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Local Settings
[2010/08/07 12:31:24 | 000,000,000 | -HSD | C] -- C:\Users\Dean\AppData\Local\History
[2010/08/07 12:31:24 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Cookies
[2010/08/07 12:31:24 | 000,000,000 | -HSD | C] -- C:\Users\Dean\Application Data
[2010/08/07 12:31:24 | 000,000,000 | -HSD | C] -- C:\Users\Dean\AppData\Local\Application Data
[2010/08/07 12:31:23 | 000,000,000 | --SD | C] -- C:\Users\Dean\AppData\Roaming\Microsoft
[2010/08/07 12:31:23 | 000,000,000 | R--D | C] -- C:\Users\Dean\Videos
[2010/08/07 12:31:23 | 000,000,000 | R--D | C] -- C:\Users\Dean\Saved Games
[2010/08/07 12:31:23 | 000,000,000 | R--D | C] -- C:\Users\Dean\Pictures
[2010/08/07 12:31:23 | 000,000,000 | R--D | C] -- C:\Users\Dean\Music
[2010/08/07 12:31:23 | 000,000,000 | R--D | C] -- C:\Users\Dean\Links
[2010/08/07 12:31:23 | 000,000,000 | R--D | C] -- C:\Users\Dean\Favorites
[2010/08/07 12:31:23 | 000,000,000 | R--D | C] -- C:\Users\Dean\Downloads
[2010/08/07 12:31:23 | 000,000,000 | R--D | C] -- C:\Users\Dean\My Documents
[2010/08/07 12:31:23 | 000,000,000 | R--D | C] -- C:\Users\Dean\Desktop
[2010/08/07 12:31:23 | 000,000,000 | -H-D | C] -- C:\Users\Dean\AppData
[2010/08/07 12:31:23 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\Temp
[2010/08/07 12:31:23 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Local\Microsoft
[2010/08/07 12:31:23 | 000,000,000 | ---D | C] -- C:\Users\Dean\AppData\Roaming\Media Center Programs
[2010/08/07 12:31:08 | 000,000,000 | ---D | C] -- C:\Recovery
[2010/08/07 12:24:23 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/08/07 12:21:40 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/08/07 12:21:07 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 90 Days ==========

[2010/09/04 18:45:39 | 001,572,864 | -HS- | M] () -- C:\Users\Dean\NTUSER.DAT
[2010/09/04 18:39:44 | 000,020,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/04 18:39:44 | 000,020,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/04 18:38:57 | 000,710,770 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/04 18:38:57 | 000,617,794 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/04 18:38:57 | 000,106,806 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/04 18:36:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Dean\Desktop\OTL.exe
[2010/09/04 18:32:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/04 18:32:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/04 18:31:48 | 1609,867,264 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/04 10:33:37 | 006,055,904 | -H-- | M] () -- C:\Users\Dean\AppData\Local\IconCache.db
[2010/09/04 10:17:10 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/09/04 09:55:58 | 003,835,232 | R--- | M] () -- C:\Users\Dean\Desktop\ComboFix.exe
[2010/09/03 11:05:23 | 000,172,087 | ---- | M] () -- C:\Users\Dean\LWEXT9.CFG
[2010/09/03 11:05:23 | 000,009,033 | ---- | M] () -- C:\Users\Dean\LW9.CFG
[2010/09/03 09:55:21 | 000,004,275 | ---- | M] () -- C:\Users\Dean\LWM9.CFG
[2010/08/30 21:14:49 | 000,044,149 | ---- | M] () -- C:\Windows\System32\nvapps.xml
[2010/08/30 20:53:53 | 000,001,813 | ---- | M] () -- C:\Users\Dean\Desktop\Attach.zip
[2010/08/30 19:33:10 | 000,080,384 | ---- | M] () -- C:\Users\Dean\Desktop\MBRCheck.exe
[2010/08/30 14:00:23 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/08/24 10:08:04 | 000,017,785 | ---- | M] () -- C:\MGlogs.zip
[2010/08/24 10:04:53 | 000,000,322 | ---- | M] () -- C:\Users\Dean\LWHUB9.CFG
[2010/08/23 23:18:20 | 000,002,031 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/17 03:02:30 | 000,053,117 | ---- | M] () -- C:\Users\Dean\Desktop\Local_Law_No._2_Service_Adpoted_Feb_2010.pdf
[2010/08/17 02:58:14 | 000,097,811 | ---- | M] () -- C:\Users\Dean\Desktop\Library_Board_Code_of_Conduct__November_2009.pdf
[2010/08/15 16:07:33 | 000,002,222 | ---- | M] () -- C:\Users\Dean\Desktop\Desktop (DINO-PC).lnk
[2010/08/15 15:15:20 | 000,001,960 | ---- | M] () -- C:\Users\Dean\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/15 03:31:57 | 000,002,173 | ---- | M] () -- C:\Users\Dean\Application Data\Microsoft\Internet Explorer\Quick Launch\Autodesk SketchBookPro 2010 R1.lnk
[2010/08/14 19:08:01 | 001,732,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/11 09:37:50 | 000,002,821 | ---- | M] () -- C:\Users\Dean\Documents\Strawman.rtf
[2010/08/09 15:25:05 | 000,000,976 | ---- | M] () -- C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Direct Folders.lnk
[2010/08/07 21:23:01 | 000,057,560 | ---- | M] () -- C:\Users\Dean\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/07 19:07:12 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/08/07 19:05:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/08/07 19:05:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/08/07 19:04:36 | 000,047,386 | ---- | M] () -- C:\Windows\System32\dvzensplkltcku.exe
[2010/08/07 17:52:30 | 000,001,912 | ---- | M] () -- C:\Users\Dean\Desktop\C Drive (DINO-PC).lnk
[2010/08/07 16:18:51 | 000,000,941 | ---- | M] () -- C:\Users\Dean\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/08/07 12:49:08 | 000,001,411 | ---- | M] () -- C:\Users\Dean\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/07 12:47:36 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/08/07 12:41:52 | 000,524,288 | -HS- | M] () -- C:\Users\Dean\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/08/07 12:41:52 | 000,524,288 | -HS- | M] () -- C:\Users\Dean\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/08/07 12:41:52 | 000,065,536 | -HS- | M] () -- C:\Users\Dean\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/08/07 12:31:24 | 000,000,020 | -HS- | M] () -- C:\Users\Dean\ntuser.ini
[2010/08/07 12:26:01 | 000,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/07/26 10:05:32 | 000,656,240 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\ISD_Tablet.dll
[2010/07/26 10:02:42 | 000,495,616 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Wintab32.dll
[2010/06/14 12:08:56 | 000,035,696 | ---- | M] (Wacom Technology) -- C:\Windows\System32\drivers\wisdpen.sys

========== Files Created - No Company Name ==========

[2010/09/03 10:23:27 | 000,293,376 | ---- | C] () -- C:\Users\Dean\Desktop\gmer.exe
[2010/08/30 23:32:24 | 000,009,033 | ---- | C] () -- C:\Users\Dean\LW9.CFG
[2010/08/30 20:53:46 | 000,001,813 | ---- | C] () -- C:\Users\Dean\Desktop\Attach.zip
[2010/08/30 19:33:08 | 000,080,384 | ---- | C] () -- C:\Users\Dean\Desktop\MBRCheck.exe
[2010/08/30 13:33:34 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/08/30 13:33:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/30 13:33:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/30 13:33:34 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/08/30 13:33:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/08/30 13:31:38 | 003,835,232 | R--- | C] () -- C:\Users\Dean\Desktop\ComboFix.exe
[2010/08/24 10:07:31 | 000,017,785 | ---- | C] () -- C:\MGlogs.zip
[2010/08/24 00:07:57 | 001,662,976 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll
[2010/08/24 00:07:57 | 001,339,392 | ---- | C] () -- C:\Windows\System32\nvdspsch.exe
[2010/08/24 00:07:57 | 001,019,904 | ---- | C] () -- C:\Windows\System32\nvwimg.dll
[2010/08/24 00:07:57 | 000,442,368 | ---- | C] () -- C:\Windows\System32\nvappbar.exe
[2010/08/24 00:07:57 | 000,425,984 | ---- | C] () -- C:\Windows\System32\keystone.exe
[2010/08/23 23:18:20 | 000,002,031 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/17 03:02:28 | 000,053,117 | ---- | C] () -- C:\Users\Dean\Desktop\Local_Law_No._2_Service_Adpoted_Feb_2010.pdf
[2010/08/17 02:58:11 | 000,097,811 | ---- | C] () -- C:\Users\Dean\Desktop\Library_Board_Code_of_Conduct__November_2009.pdf
[2010/08/15 15:15:20 | 000,001,960 | ---- | C] () -- C:\Users\Dean\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/15 03:31:56 | 000,002,173 | ---- | C] () -- C:\Users\Dean\Application Data\Microsoft\Internet Explorer\Quick Launch\Autodesk SketchBookPro 2010 R1.lnk
[2010/08/13 19:51:34 | 000,000,322 | ---- | C] () -- C:\Users\Dean\LWHUB9.CFG
[2010/08/13 19:50:58 | 000,172,087 | ---- | C] () -- C:\Users\Dean\LWEXT9.CFG
[2010/08/13 19:50:58 | 000,004,275 | ---- | C] () -- C:\Users\Dean\LWM9.CFG
[2010/08/11 09:11:23 | 000,002,821 | ---- | C] () -- C:\Users\Dean\Documents\Strawman.rtf
[2010/08/09 15:26:04 | 000,000,976 | ---- | C] () -- C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Direct Folders.lnk
[2010/08/07 19:05:38 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/08/07 19:05:38 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/08/07 19:04:36 | 000,047,386 | ---- | C] () -- C:\Windows\System32\dvzensplkltcku.exe
[2010/08/07 18:52:20 | 000,002,222 | ---- | C] () -- C:\Users\Dean\Desktop\Desktop (DINO-PC).lnk
[2010/08/07 17:52:30 | 000,001,912 | ---- | C] () -- C:\Users\Dean\Desktop\C Drive (DINO-PC).lnk
[2010/08/07 16:18:51 | 000,000,941 | ---- | C] () -- C:\Users\Dean\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/08/07 15:56:58 | 000,044,149 | ---- | C] () -- C:\Windows\System32\nvapps.xml
[2010/08/07 15:56:57 | 000,016,356 | ---- | C] () -- C:\Windows\System32\nvdisp.nvu
[2010/08/07 15:53:36 | 000,573,440 | ---- | C] () -- C:\Windows\System32\nvhwvid.dll
[2010/08/07 15:53:36 | 000,286,720 | ---- | C] () -- C:\Windows\System32\nvnt4cpl.dll
[2010/08/07 15:53:36 | 000,110,592 | ---- | C] () -- C:\Windows\System32\nvapi.dll
[2010/08/07 12:49:08 | 000,001,411 | ---- | C] () -- C:\Users\Dean\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/07 12:47:36 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/08/07 12:31:24 | 000,524,288 | -HS- | C] () -- C:\Users\Dean\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/08/07 12:31:24 | 000,524,288 | -HS- | C] () -- C:\Users\Dean\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/08/07 12:31:24 | 000,262,144 | -HS- | C] () -- C:\Users\Dean\ntuser.dat.LOG2
[2010/08/07 12:31:24 | 000,262,144 | -HS- | C] () -- C:\Users\Dean\ntuser.dat.LOG1
[2010/08/07 12:31:24 | 000,065,536 | -HS- | C] () -- C:\Users\Dean\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/08/07 12:31:24 | 000,000,290 | ---- | C] () -- C:\Users\Dean\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/08/07 12:31:24 | 000,000,272 | ---- | C] () -- C:\Users\Dean\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/08/07 12:31:24 | 000,000,020 | -HS- | C] () -- C:\Users\Dean\ntuser.ini
[2010/08/07 12:31:23 | 001,572,864 | -HS- | C] () -- C:\Users\Dean\NTUSER.DAT
[2010/08/07 12:21:07 | 1609,867,264 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/14 09:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2003/02/19 16:20:16 | 000,225,280 | ---- | C] () -- C:\Windows\System32\tifmicon.dll

========== LOP Check ==========

[2010/08/15 03:31:58 | 000,000,000 | ---D | M] -- C:\Users\Dean\AppData\Roaming\Autodesk
[2010/08/09 15:32:50 | 000,000,000 | ---D | M] -- C:\Users\Dean\AppData\Roaming\Direct Folders
[2010/08/09 19:28:25 | 000,000,000 | ---D | M] -- C:\Users\Dean\AppData\Roaming\Extensis
[2010/08/09 15:27:41 | 000,000,000 | ---D | M] -- C:\Users\Dean\AppData\Roaming\uTorrent
[2009/07/14 14:53:46 | 000,023,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

 

...and the last bit of the OTL log with one line of overlap: (purity check)


========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/11 07:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/09/04 10:22:25 | 000,021,105 | ---- | M] () -- C:\ComboFix.txt
[2009/06/11 07:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/09/04 18:31:48 | 1609,867,264 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/07 19:05:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/08/24 10:08:04 | 000,017,785 | ---- | M] () -- C:\MGlogs.zip
[2010/08/07 19:05:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/09/04 18:32:03 | 2146,492,416 | -HS- | M] () -- C:\pagefile.sys
[2010/08/30 18:22:44 | 000,000,385 | ---- | M] () -- C:\rkill.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2009/07/14 11:15:26 | 000,280,064 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzppw71.dll
[2009/07/14 11:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2009/07/14 11:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2009/07/14 14:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 14:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 14:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 14:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >


< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 11:16:18 | 000,489,472 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\user32.dll /md5 >
[2009/07/14 11:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2009/07/14 11:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2009/07/14 11:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\System32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:C8B8CEBD

< End of report >

 

here is the extras log:


OTL Extras logfile created on: 4/09/2010 6:43:42 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Dean\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 127.90 Gb Total Space | 78.22 Gb Free Space | 61.16% Space Free | Partition Type: NTFS
Drive D: | 979.63 Mb Total Space | 759.28 Mb Free Space | 77.51% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEAN-TABLETPC
Current User Name: Dean
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{3F9B2FD2-1C83-4401-9967-C3636638E958}" = Adobe SING CS3
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7451C9B5-3E10-4E59-AD37-AB7438D84288}" = Extensis Suitcase 11.0.1
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{84EF5641-174A-4755-A744-6B33B0CD8D2A}" = PCI1620 Ultramedia Controller
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E590A51C-4303-4A28-99DB-799FE1E25E0D}" = Xmarks for IE
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F8236DB8-CF1E-476B-A718-0ADBDBD97863}" = Autodesk SketchBookPro 2010 R1
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5" = Adobe InDesign CS3
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"avast5" = avast! Pro Antivirus
"DirectFoldersAppID_is1" = Direct Folders
"dvzensplkltcku" = Tagging System Cashtitan
"InstallShield_{84EF5641-174A-4755-A744-6B33B0CD8D2A}" = PCI 1620 Cardbus Controller and Software
"ISD Tablet Driver" = ISD Tablet
"LightWave 3D 9.6 9.6" = LightWave 3D 9.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Drivers" = NVIDIA Drivers
"Q Menu" = Q Menu 2.10 A2
"RocketDock_is1" = RocketDock 1.3.5
"uTorrent" = µTorrent
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/08/2010 11:09:42 AM | Computer Name = Dean-TabletPC | Source = Application Error | ID = 1000
Description = Faulting application name: CLE.exe, version: 0.0.0.0, time stamp:
0x4a320a3b Faulting module name: CLE.exe, version: 0.0.0.0, time stamp: 0x4a320a3b
Exception
code: 0xc0000005 Fault offset: 0x0001ffbf Faulting process id: 0xf30 Faulting application
start time: 0x01cb3bc1b50c2770 Faulting application path: C:\Program Files\CLE\CLE.exe
Faulting
module path: C:\Program Files\CLE\CLE.exe Report Id: f6dfd1d0-a7b5-11df-8daa-0020e0818646

Error - 14/08/2010 11:16:26 AM | Computer Name = Dean-TabletPC | Source = Application Error | ID = 1000
Description = Faulting application name: CLE.exe, version: 0.0.0.0, time stamp:
0x4a320a3b Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp:
0x4a5bdadb Exception code: 0xc0000005 Fault offset: 0x000054f3 Faulting process id:
0x130 Faulting application start time: 0x01cb3bc2fab84b20 Faulting application path:
C:\Program Files\CLE\CLE.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: e7817020-a7b6-11df-8daa-0020e0818646

Error - 14/08/2010 11:20:10 AM | Computer Name = Dean-TabletPC | Source = Application Error | ID = 1000
Description = Faulting application name: CLE.exe, version: 0.0.0.0, time stamp:
0x4a320a3b Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp:
0x4a5bdadb Exception code: 0xc0000005 Fault offset: 0x000054f3 Faulting process id:
0xe94 Faulting application start time: 0x01cb3bc3b0f64550 Faulting application path:
C:\Program Files\CLE\CLE.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 6cf5d3a0-a7b7-11df-8daa-0020e0818646

Error - 14/08/2010 11:58:46 AM | Computer Name = Dean-TabletPC | Source = Application Error | ID = 1000
Description = Faulting application name: CLE.exe, version: 0.0.0.0, time stamp:
0x4a320a3b Faulting module name: CLE.exe, version: 0.0.0.0, time stamp: 0x4a320a3b
Exception
code: 0xc0000005 Fault offset: 0x0001ffbf Faulting process id: 0x728 Faulting application
start time: 0x01cb3bc96f17f960 Faulting application path: C:\Program Files\CLE\CLE.exe
Faulting
module path: C:\Program Files\CLE\CLE.exe Report Id: d191c830-a7bc-11df-8712-0020e0818646

Error - 14/08/2010 12:00:31 PM | Computer Name = Dean-TabletPC | Source = Application Error | ID = 1000
Description = Faulting application name: CLE.exe, version: 0.0.0.0, time stamp:
0x4a320a3b Faulting module name: CLE.exe, version: 0.0.0.0, time stamp: 0x4a320a3b
Exception
code: 0xc0000005 Fault offset: 0x0001ffbf Faulting process id: 0x4cc Faulting application
start time: 0x01cb3bc9ce9c1990 Faulting application path: C:\Program Files\CLE\CLE.exe
Faulting
module path: C:\Program Files\CLE\CLE.exe Report Id: 100a7a60-a7bd-11df-8712-0020e0818646

Error - 14/08/2010 1:02:21 PM | Computer Name = Dean-TabletPC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Users\Dean\Desktop\ArtRage
Studio Pro 3.0.6\ArtRage Studio Pro 3.0.6\Patch\ArtRage Studio Pro Demo.exe ".Error
in manifest or policy file "C:\Users\Dean\Desktop\ArtRage Studio Pro 3.0.6\ArtRage
Studio Pro 3.0.6\Patch\ArtRage Studio Pro Demo.exe" on line 2. Multiple requestedPrivileges
elements are not allowed in manifest.

Error - 15/08/2010 12:50:16 AM | Computer Name = Dean-TabletPC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Users\Dean\Icons\Misc
Icons\syncappw.exe ". Dependent Assembly Microsoft.Windows.Common-Controls,language= "* ",processorArchitecture= "amd64 ",publicKeyToken= "6595b64144ccf1df ",type= "Win32 ",version= "6.0.0.0 "
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 16/08/2010 10:09:18 PM | Computer Name = Dean-TabletPC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16450,
time stamp: 0x4aeba271 Faulting module name: nvcpl.dll_unloaded, version: 0.0.0.0,
time stamp: 0x43a71f90 Exception code: 0xc0000005 Fault offset: 0x0c06d140 Faulting
process id: 0x81c Faulting application start time: 0x01cb3da99e8d10a0 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: nvcpl.dll Report Id: 70cea3d0-a9a4-11df-8f0e-0020e0818646

Error - 23/08/2010 9:23:23 AM | Computer Name = Dean-TabletPC | Source = Application Error | ID = 1000
Description = Faulting application name: rundll32.exe_nvwdmcpl.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bc637 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00530057 Faulting process id:
0x3c0 Faulting application start time: 0x01cb42c635d33f90 Faulting application path:
C:\Windows\System32\rundll32.exe Faulting module path: unknown Report Id: 9a30f5a0-aeb9-11df-a1c2-0020e0818646

Error - 2/09/2010 8:03:33 PM | Computer Name = Dean-TabletPC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

[ System Events ]
Error - 30/08/2010 7:17:55 AM | Computer Name = Dean-TabletPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 30/08/2010 8:29:14 AM | Computer Name = Dean-TabletPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 30/08/2010 9:27:52 AM | Computer Name = Dean-TabletPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 30/08/2010 9:38:39 PM | Computer Name = Dean-TabletPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 2/09/2010 7:47:59 PM | Computer Name = Dean-TabletPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 3/09/2010 7:50:19 PM | Computer Name = Dean-TabletPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 3/09/2010 8:04:41 PM | Computer Name = Dean-TabletPC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 3/09/2010 8:17:03 PM | Computer Name = Dean-TabletPC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/09/2010 4:32:31 AM | Computer Name = Dean-TabletPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 4/09/2010 4:32:52 AM | Computer Name = Dean-TabletPC | Source = WMPNetworkSvc | ID = 866300
Description =


< End of report >

 

Ok this is interesting.. the Kaspersky online virus check reached 13% then froze my system. I tried this twice with Firefox and once with Explorer; same result each time. I took a screengrab with my iphone but can't attach it to this reply. Perhaps if you email me I could send it you you by some other means. It froze at this point of the scan (perhaps this helps):

Scanning thumbnails-installer.msi
Path C:\Program Files\Xmarks\IE Extension

Everything else went without a hitch. Here are the 2 logs as requested (OTL and Security check;



All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
ADS C:\ProgramData\TEMP:C8B8CEBD deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Dean
->Temp folder emptied: 47266 bytes
->Temporary Internet Files folder emptied: 107727 bytes
->Java cache emptied: 1853 bytes
->FireFox cache emptied: 41929889 bytes
->Flash cache emptied: 756 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 40.00 mb


[EMPTYFLASH]

User: All Users

User: Dean
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 09052010_032325

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...



Results of screen317's Security Check version 0.99.5
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Pro Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 21
Adobe Flash Player 10.1.82.76
Adobe Reader 9.3.4
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

 

Done! report as follows:


C:\Windows\System32\dvzensplkltcku.exe Win32/Adware.CashTitan application



there she is......!

 

I had a problem with that last OTL fix and I'm not sure if I should proceed with the rest. Here's what happened: OTL froze and wouldn't respond so I had to force quit, restart explorer, and run it again. After reboot this is the log...


All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Windows\System32\dvzensplkltcku.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Dean
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3711667 bytes
->Flash cache emptied: 611 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4.00 mb


[EMPTYFLASH]

User: All Users

User: Dean
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 09062010_140916

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...



so... this log says dvzensplkltcku.exe was not found. So to double check I ran ESET again and it returned this:

C:\_OTL\MovedFiles\09062010_140549\C_Windows\System32\dvzensplkltcku.exe Win32/Adware.CashTitan application

So it seems OTL perhaps did move the offending file the first time I ran it before OTL seized.

Not sure where to go from here.
Cheers.

 

p.s. Cashtitan still appears in my programs and features list of installed apps.

 

Awesome

No more cashtitan!! (it was still in my list of installed programs but when I went to uninstall it, windows simply said there was no such program and asked if I wanted to remove it from the list... um, YES!

Last 2 OTL logs attached, Fix and Cleanup;


All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\dvzensplkltcku not found.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Dean
->Temp folder emptied: 1253801 bytes
->Temporary Internet Files folder emptied: 35268 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 63418427 bytes
->Flash cache emptied: 611 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 91399092 bytes

Total Files Cleaned = 149.00 mb


[EMPTYFLASH]

User: All Users

User: Dean
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 09072010_012025

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...



All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Dean
->Temp folder emptied: 1198 bytes
->Temporary Internet Files folder emptied: 35268 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4611266 bytes
->Flash cache emptied: 578 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4.00 mb


[EMPTYFLASH]

User: All Users

User: Dean
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.11.0 log created on 09072010_013313

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Mate I can't say how much I appreciate your help. This site and people such as yourself makes this an invaluable resource and I'm so glad I stumbled across it. When my pay comes through I will be donating to this site and yourself personally. Many many thanks.

p.s. let me know how I can send you something to show my appreciation.

Cheers.