[jogibso1]

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-20 11:24:53
-----------------------------
11:24:53.433 OS Version: Windows 5.1.2600 Service Pack 3
11:24:53.433 Number of processors: 4 586 0x2505
11:24:53.433 ComputerName: NG00158029 UserName: jeh46727
11:24:54.527 Initialize success
11:26:00.637 AVAST engine defs: 12012000
11:29:31.527 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:29:31.527 Disk 0 Vendor: TOSHIBA_MK2561GSYN MH000C Size: 238475MB BusType: 3
11:29:31.543 Disk 0 MBR read successfully
11:29:31.543 Disk 0 MBR scan
11:29:31.590 Disk 0 Windows VISTA default MBR code
11:29:31.605 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238463 MB offset 2048
11:29:31.621 Disk 0 scanning sectors +488376000
11:29:31.699 Disk 0 scanning C:\WINDOWS\system32\drivers
11:29:55.949 Service scanning
11:29:56.840 Modules scanning
11:30:02.762 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
11:30:03.699 Disk 0 trace - called modules:
11:30:03.730 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys atapi.sys pciide.sys PCIIDEX.SYS
11:30:03.730 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aed9ab8]
11:30:03.730 3 CLASSPNP.SYS[b8188fd7] -> nt!IofCallDriver -> [0x8af29d58]
11:30:03.730 5 hpdskflt.sys[b81f9ffd] -> nt!IofCallDriver -> \Device\000000c7[0x8aee09e8]
11:30:03.730 7 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8af29940]
11:30:05.246 AVAST engine scan C:\WINDOWS
11:30:17.387 AVAST engine scan C:\WINDOWS\system32
11:31:55.387 AVAST engine scan C:\WINDOWS\system32\drivers
11:32:22.090 AVAST engine scan C:\Documents and Settings\jeh46727
11:42:41.652 AVAST engine scan C:\Documents and Settings\All Users
11:43:20.574 Scan finished successfully
11:46:34.527 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\jeh46727\Desktop\MBR.dat"
11:46:34.558 The log file has been saved successfully to "C:\Documents and Settings\jeh46727\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-23 10:05:15
-----------------------------
10:05:15.000 OS Version: Windows 5.1.2600 Service Pack 3
10:05:15.000 Number of processors: 4 586 0x2505
10:05:15.000 ComputerName: NG00158029 UserName: jeh46727
10:05:16.875 Initialize success
10:08:56.468 AVAST engine defs: 12012300
10:09:50.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:09:50.046 Disk 0 Vendor: TOSHIBA_MK2561GSYN MH000C Size: 238475MB BusType: 3
10:09:50.062 Disk 0 MBR read successfully
10:09:50.062 Disk 0 MBR scan
10:09:50.125 Disk 0 Windows VISTA default MBR code
10:09:50.140 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238463 MB offset 2048
10:09:50.171 Disk 0 scanning sectors +488376000
10:09:50.265 Disk 0 scanning C:\WINDOWS\system32\drivers
10:10:18.156 Service scanning
10:10:19.203 Modules scanning
10:10:25.546 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
10:10:26.500 Disk 0 trace - called modules:
10:10:26.515
10:10:27.484 AVAST engine scan C:\WINDOWS
10:10:44.515 AVAST engine scan C:\WINDOWS\system32
10:13:21.343 AVAST engine scan C:\WINDOWS\system32\drivers
10:13:48.296 AVAST engine scan C:\Documents and Settings\jeh46727
10:35:54.109 AVAST engine scan C:\Documents and Settings\All Users
10:36:32.093 Scan finished successfully
10:59:56.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\jeh46727\Desktop\MBR.dat"
10:59:56.218 The log file has been saved successfully to "C:\Documents and Settings\jeh46727\Desktop\aswMBR.txt"

[Advertisements]

That looks good now - any further problems ?

[Essexboy]

That looks good now - any further problems ?

[jogibso1]

the only thing I found is that adobe acrobat reader would not work. Tried opening PDFs and they would blink open for a split second then close. That had never happened before. I installed foxit reader and they are working fine now. Maybe unrelated? What do you think? Thanks so much for your fantastic help

[Essexboy]

Uninstall Adobe reader... You will find Foxit a darn sight faster. Adobe was damaged during the cleaning process

During the first OTL run whilst I reset the restore points could you disable MBAM please

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :Commands
  [resethosts]
  [emptytemp]
  [CLEARALLRESTOREPOINTS]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
• Click Yes to confirm.
• Click OK.

Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

• Go to this site and click Do I have Java
• It will check your current version and then offer to update to the latest version

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe

[jogibso1]

thank you....donation coming your way...wish i had more to give...great service

[Essexboy]

My pleasure and thank you very much

[Essexboy]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.