[RedSuedePump]

Hi,

I posted this earlier today in the wrong place:

http://www.geekstogo...-keeps-opening/

and Essex Boy came along and suggested I run OTL.

I've attached the txt files generated by OTL - can anyone here tell me what they mean?

RSP

OTL logfile created on: 22/07/2012 15:21:41 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = E:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 0,56 Gb Available Physical Memory | 28,03% Memory free
3,85 Gb Paging File | 1,66 Gb Available in Paging File | 43,08% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 94,03 Gb Free Space | 63,09% Space Free | Partition Type: NTFS
Drive E: | 3,83 Gb Total Space | 3,73 Gb Free Space | 97,33% Space Free | Partition Type: FAT32
Drive H: | 1,95 Mb Total Space | 0,24 Mb Free Space | 12,08% Space Free | Partition Type: FAT

Computer Name: SARL_YORK_ED | User Name: Edward | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/04/02 16:36:58 | 000,096,768 | ---- | M] (Freemake) -- C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2012/03/28 01:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe
PRC - [2011/10/24 09:53:38 | 002,565,632 | ---- | M] (Deutsche Telekom AG) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
PRC - [2011/08/02 13:17:32 | 000,253,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Program Files\Telekom\InternetManager_H\DataCardMonitor.exe
PRC - [2011/06/17 19:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/05/25 14:06:20 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/12/07 15:15:12 | 000,503,969 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe
PRC - [2010/08/19 10:52:04 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe
PRC - [2010/08/18 01:00:00 | 000,028,672 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0700Mon.exe
PRC - [2009/12/28 18:25:40 | 000,036,864 | ---- | M] () -- C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe
PRC - [2009/11/25 19:45:22 | 000,110,592 | ---- | M] () -- C:\Program Files\Belkin\F7D4101\V1\PBN.exe
PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/11/09 18:44:08 | 000,184,320 | ---- | M] () -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
PRC - [2005/11/09 17:40:32 | 000,110,592 | ---- | M] ( ) -- C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
PRC - [2005/11/09 17:19:38 | 000,634,880 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe
PRC - [2005/10/17 17:24:32 | 000,081,920 | ---- | M] (Maxtor Corp.) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2005/02/16 16:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/15 19:39:25 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2516a49d10f4418f72e1c25f691815a8\System.ServiceProcess.ni.dll
MOD - [2012/06/15 19:39:15 | 000,148,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\909306caa69b55ffdce3ae5a7f6baa20\System.Configuration.Install.ni.dll
MOD - [2012/06/15 19:35:03 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/15 19:34:22 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/05/12 06:37:15 | 001,859,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web.Services\1126dc2c152098ec23d4554405217184\System.Web.Services.ni.dll
MOD - [2012/05/12 06:37:03 | 017,996,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\5be1370b1331393f73af710d0d71b02d\System.ServiceModel.ni.dll
MOD - [2012/05/12 06:34:24 | 001,020,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\a40c42510e312339018486b1d7076e0a\System.Runtime.DurableInstancing.ni.dll
MOD - [2012/05/12 06:34:22 | 002,637,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\9bfda0add366eea12ea0402e60d01e84\System.Runtime.Serialization.ni.dll
MOD - [2012/05/12 06:34:22 | 000,142,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\9115e9f656b00fc4e46da91537ef1358\SMDiagnostics.ni.dll
MOD - [2012/05/12 06:29:59 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\660c4d6dd69ef22bc05587e1998cd135\SMDiagnostics.ni.dll
MOD - [2012/05/12 06:29:26 | 017,403,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\bc254d2fa26664898ae21d45643bc194\System.ServiceModel.ni.dll
MOD - [2012/05/11 22:18:35 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\505e12638acd6fdb22e1fd2d4c6fc232\System.Runtime.Serialization.ni.dll
MOD - [2012/05/11 22:18:25 | 001,070,080 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\e09496ddb2bf6f3b69707924f2e6b5ff\System.IdentityModel.ni.dll
MOD - [2012/05/11 22:14:29 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/11 22:14:22 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/11 22:14:15 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/11 22:14:03 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/05/11 22:04:07 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll
MOD - [2012/05/11 22:04:01 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll
MOD - [2012/05/11 22:03:37 | 007,052,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll
MOD - [2012/05/11 22:03:22 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll
MOD - [2012/05/11 22:03:11 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2012/04/08 16:10:07 | 000,167,936 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_fr_b77a5c561934e089\System.Xml.resources.dll
MOD - [2012/04/08 16:10:06 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\libxml2.dll
MOD - [2010/08/19 10:52:04 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe
MOD - [2009/12/28 18:25:40 | 000,036,864 | ---- | M] () -- C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe
MOD - [2009/11/25 19:45:22 | 000,110,592 | ---- | M] () -- C:\Program Files\Belkin\F7D4101\V1\PBN.exe
MOD - [2009/09/15 20:17:20 | 000,200,704 | ---- | M] () -- C:\Program Files\Belkin\F7D4101\V1\BelkinwcuiDLL.dll
MOD - [2008/04/14 04:33:31 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007/08/21 14:32:44 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll
MOD - [2005/11/09 18:44:08 | 000,184,320 | ---- | M] () -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/14 10:22:16 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/04/02 16:36:58 | 000,096,768 | ---- | M] (Freemake) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2012/03/28 01:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe -- (NIS)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/24 09:53:38 | 002,565,632 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011/06/17 19:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/05/25 14:06:20 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/08/19 10:52:04 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2009/12/28 18:25:40 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe -- (WLANBelkinService)
SRV - [2006/12/23 17:54:04 | 000,262,144 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/10/26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/11/09 18:44:08 | 000,184,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe -- (MaxBackServiceInt)
SRV - [2005/11/09 17:40:32 | 000,110,592 | ---- | M] ( ) [Auto | Running] -- C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe -- (NTService1)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/06/19 02:01:14 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120711.002\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/06/14 20:39:26 | 000,369,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120720.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/05/31 19:17:50 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/05/31 19:17:50 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/30 19:22:08 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120720.024\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/30 19:22:08 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120720.024\NAVENG.SYS -- (NAVENG)
DRV - [2012/04/08 16:18:34 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pssdk42.sys -- (PSSDK42)
DRV - [2012/04/08 16:18:33 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pssdklbf.sys -- (PSSDKLBF)
DRV - [2012/04/06 15:01:03 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/03/29 08:28:38 | 000,388,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1307010.005\symtdi.sys -- (SYMTDI)
DRV - [2012/03/29 08:28:30 | 000,905,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1307010.005\symefa.sys -- (SymEFA)
DRV - [2012/03/29 08:06:25 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1307010.005\ironx86.sys -- (SymIRON)
DRV - [2012/03/29 08:03:27 | 000,574,072 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NIS\1307010.005\srtsp.sys -- (SRTSP)
DRV - [2012/03/29 08:03:27 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1307010.005\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/11/30 00:44:14 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1307010.005\ccsetx86.sys -- (ccSet_NIS)
DRV - [2011/07/25 20:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1307010.005\symds.sys -- (SymDS)
DRV - [2011/04/13 15:56:34 | 000,057,144 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus_25973.sys -- (RapportCerberus_25973)
DRV - [2011/04/08 10:17:38 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/04/08 10:17:38 | 000,053,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/04/08 10:17:36 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/10/20 14:24:22 | 000,302,720 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0700Afx.sys -- (V0700Afx)
DRV - [2010/10/18 01:00:00 | 000,322,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0700Vid.sys -- (V0700Vid)
DRV - [2010/09/16 17:02:33 | 000,035,040 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys -- (TelekomNM3)
DRV - [2010/08/31 11:28:56 | 000,147,040 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2010/06/01 14:07:00 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010/05/22 14:48:20 | 000,070,656 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010/03/25 10:08:30 | 000,105,728 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/03/20 11:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/12/15 10:46:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009/12/15 10:46:18 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2009/11/06 09:26:36 | 000,642,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2009/10/02 10:59:16 | 000,489,952 | ---- | M] (ITETech ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2009/02/27 15:39:18 | 000,007,552 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewfiltertdidriver.sys -- (filtertdidriver)
DRV - [2008/04/13 21:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2006/07/11 15:38:30 | 000,020,480 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/07/11 15:38:28 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/03/17 11:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/04/06 15:05:24 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2004/08/13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/DapCtrl: C:\Program Files\Fichiers communs\Thunder Network\KanKan\npDapCtrl.2.3.7201.375.(310).dll (ShenZhen Thunder Networking Technologies Ltd.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/04/06 15:01:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/07/22 14:40:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/04/13 15:14:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Iminent\[email protected]

[2012/07/21 12:41:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/19 18:30:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

O1 HOSTS File: ([2004/08/05 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\Telekom\InternetManager_H\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Fichiers communs\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [Live! Central 3] C:\Program Files\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor Corporation)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install File not found
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [V0700Mon.exe] C:\WINDOWS\V0700Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Yahoo Messenger] File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Play Wireless USB Adapter Utility.lnk = C:\Program Files\Belkin\F7D4101\V1\PBN.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1296281020859 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {DD5BF6D1-6663-47E0-9DFA-5C343CAF178E} http://xmp.down.sand.../xinstaller.cab (xoliimpl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{304248DE-D864-4DA2-BC1F-37647F12762F}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/21 10:26:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/07/22 14:53:18 | 002,508,724 | ---- | M] () - E:\AutoRuns.arn -- [ FAT32 ]
O32 - AutoRun File - [2012/07/22 14:36:26 | 000,537,166 | ---- | M] () - H:\Autoruns.zip -- [ FAT ]
O32 - AutoRun File - [2012/07/22 14:36:50 | 000,000,000 | ---D | M] - H:\Autoruns -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/22 08:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Application Data\Malwarebytes
[2012/07/22 08:26:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
[2012/07/22 08:26:16 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/22 08:26:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/22 08:26:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/07/22 08:10:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Local Settings\Application Data\VS Revo Group
[2012/07/22 08:10:38 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2012/07/22 08:10:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Revo Uninstaller Pro
[2012/07/22 08:10:36 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/07/21 15:46:47 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Edward\PrivacIE
[2012/07/21 15:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Local Settings\Application Data\Apple Computer
[2012/07/21 15:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Application Data\Apple Computer
[2012/07/21 15:45:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Local Settings\Application Data\Lexware
[2012/07/21 15:45:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Application Data\Lexware
[2012/07/21 15:45:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Application Data\Creative
[2012/07/21 15:45:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Local Settings\Application Data\Scansoft
[2012/07/21 15:45:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Menu Démarrer\Programmes\CyberLink DVD Suite
[2012/07/21 15:45:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Edward\IETldCache
[2012/07/21 15:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Application Data\Identities
[2012/07/21 15:44:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Edward\Mes documents\Mes images
[2012/07/21 15:44:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Edward\Mes documents\Ma musique
[2012/07/21 15:44:34 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Edward\Application Data\Microsoft
[2012/07/21 15:44:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Edward\SendTo
[2012/07/21 15:44:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Edward\Recent
[2012/07/21 15:44:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Edward\Application Data
[2012/07/21 15:44:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Edward\Mes documents
[2012/07/21 15:44:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Edward\Menu Démarrer
[2012/07/21 15:44:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Edward\Favoris
[2012/07/21 15:44:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Edward\Menu Démarrer\Programmes\Démarrage
[2012/07/21 15:44:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Edward\Menu Démarrer\Programmes\Accessoires
[2012/07/21 15:44:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Edward\Cookies
[2012/07/21 15:44:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Edward\Voisinage réseau
[2012/07/21 15:44:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Edward\Voisinage d'impression
[2012/07/21 15:44:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Edward\Modèles
[2012/07/21 15:44:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Edward\Local Settings
[2012/07/21 15:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Application Data\Trusteer
[2012/07/21 15:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Local Settings\Application Data\Microsoft Help
[2012/07/21 15:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Local Settings\Application Data\Microsoft
[2012/07/21 15:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Application Data\Macromedia
[2012/07/21 15:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Edward\Bureau
[2012/07/14 10:22:09 | 009,822,920 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2012/07/01 09:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ImgBurn
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/22 15:22:15 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/22 14:39:52 | 000,250,701 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012/07/22 14:39:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/22 08:26:19 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
[2012/07/22 08:10:40 | 000,000,943 | ---- | M] () -- C:\Documents and Settings\Edward\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2012/07/22 08:10:40 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Revo Uninstaller Pro.lnk
[2012/07/22 08:09:30 | 000,000,743 | ---- | M] () -- C:\Documents and Settings\Edward\Mes documents\bookmark.htm
[2012/07/22 08:08:31 | 000,000,743 | ---- | M] () -- C:\Documents and Settings\Edward\Bureau\bookmark.htm
[2012/07/21 15:45:34 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Edward\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk
[2012/07/21 15:45:30 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Edward\Application Data\Microsoft\Internet Explorer\Quick Launch\Bureau.scf
[2012/07/21 15:45:25 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Edward\Bureau\Windows Media Player.lnk
[2012/07/21 14:03:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/21 12:33:29 | 000,000,830 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2012/07/21 09:04:39 | 000,000,875 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2012/07/20 18:55:23 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/15 11:05:27 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/07/15 09:11:10 | 000,212,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/14 10:22:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/07/14 10:22:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/07/14 10:22:09 | 009,822,920 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2012/07/12 11:16:28 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk
[2012/07/08 03:00:00 | 000,000,536 | ---- | M] () -- C:\WINDOWS\tasks\NatSpeak Periodic Language Model Optimization.job
[2012/07/06 07:26:13 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/06 01:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\NatSpeak Periodic Data Collection.job
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/01 09:42:37 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\ImgBurn.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/22 08:26:18 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
[2012/07/22 08:10:40 | 000,000,943 | ---- | C] () -- C:\Documents and Settings\Edward\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2012/07/22 08:10:40 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Revo Uninstaller Pro.lnk
[2012/07/22 08:09:30 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\Edward\Mes documents\bookmark.htm
[2012/07/22 08:08:31 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\Edward\Bureau\bookmark.htm
[2012/07/21 15:45:34 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Edward\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk
[2012/07/21 15:45:34 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Edward\Menu Démarrer\Programmes\Internet Explorer.lnk
[2012/07/21 15:45:30 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Edward\Application Data\Microsoft\Internet Explorer\Quick Launch\Bureau.scf
[2012/07/21 15:45:25 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Edward\Menu Démarrer\Programmes\Windows Media Player.lnk
[2012/07/21 15:45:25 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Edward\Bureau\Windows Media Player.lnk
[2012/07/21 15:45:21 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Edward\Menu Démarrer\Programmes\Outlook Express.lnk
[2012/07/21 15:44:35 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Edward\Menu Démarrer\Programmes\Assistance à distance.lnk
[2012/07/01 09:43:19 | 000,000,830 | ---- | C] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2012/07/01 09:42:37 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\ImgBurn.lnk
[2012/05/11 22:18:45 | 000,313,120 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/04/14 17:21:23 | 000,868,387 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3763518644-895795467-4165139698-1006-0.dat
[2012/04/14 17:21:21 | 000,185,150 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/14 20:09:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/23 10:30:00 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\pub_store.dat
[2011/12/14 20:21:58 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011/12/04 10:28:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/29 17:02:13 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008/01/30 13:18:03 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib

========== Files - Unicode (All) ==========
[2011/12/23 10:30:49 | 000,001,138 | ---- | M] ()(C:\Documents and Settings\All Users\Bureau\????-??????.lnk) -- C:\Documents and Settings\All Users\Bureau\迅雷看看-免费高清电影.lnk
[2011/03/19 12:04:00 | 000,001,138 | ---- | C] ()(C:\Documents and Settings\All Users\Bureau\????-??????.lnk) -- C:\Documents and Settings\All Users\Bureau\迅雷看看-免费高清电影.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 222 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD

< End of report >

Attached Files

•  OTL.Txt   83.06KB   173 downloads
•  Extras.Txt   42.95KB   309 downloads

[Advertisements]

Hi this looks to be an unusual one, do the IE pages open on specific sites or just randowm ones

• Download RogueKiller and save it on your desktop.
• Quit all programs
• Start RogueKiller.exe.
• Wait until Prescan has finished ...
• Click on Scan

• Wait for the end of the scan.
• The report has been created on the desktop.
• Click on the Delete button.

• The report has been created on the desktop.

• Next click on the ShortcutsFix
  
• The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

THEN

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply

[Essexboy]

Hi this looks to be an unusual one, do the IE pages open on specific sites or just randowm ones

• Download RogueKiller and save it on your desktop.
• Quit all programs
• Start RogueKiller.exe.
• Wait until Prescan has finished ...
• Click on Scan

• Wait for the end of the scan.
• The report has been created on the desktop.
• Click on the Delete button.

• The report has been created on the desktop.

• Next click on the ShortcutsFix
  
• The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

THEN

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply

[RedSuedePump]

Hi,

I don't need to be on a website for IE to keep opening - all I need to do is switch the computer on and IE goes wild. I turned off the internet connection (wlan stick) in an attempt to calm it down, but that made no difference.

What makes me curious is this post:

http://www.geekstogo...-own resolved/

Crustyoldbloke asks if the user lives or works in Germany (which I do)....or is that just a coincidence?

Anyway, will set to work with RogueKiller.

RSP

[Essexboy]

Do you get the same problem in safe mode ?

To get to safe mode :

Reboot the computer
Immediately and repeatedly press F8
A menu will appear
Select safe mode with networking

[RedSuedePump]

Hi,

Have just tried that (didn't know how to get into safe mode before), I then get a question which boot device I want to use (Maxtor or D drive). Have I done something wrong here?

[Essexboy]

Looks like the Maxtor one which should be C drive .. Are they not called windows ?

[RedSuedePump]

Essex Boy,

I finally got the computer into safe mode and it appeared in the process to have deleted a number of files before starting up.

The second time I did this, to my surprise, the IE madness had stopped, which means I was able to follow your Rogue Killer instructions.

I've attached the three files and hope that they provide useful information. Nice at least, that the computer is no longer in an IE frenzy (before safe mode it opened 102 times!).

Look forward to your comments.

RSP

Attached Files

•  RKreport1.txt   3.88KB   199 downloads
•  RKreport2.txt   3.9KB   187 downloads
•  RKreport3.txt   1.46KB   183 downloads

[Essexboy]

OK now from normal mode could you do the following

Run aswMBR

Let me know whether IE starts misbehaving again

[RedSuedePump]

Hi,

Unfortunatly, the madness has returned.

The only time it calmed down was when the computer did a scan of the system before opening in safe mode and it doesn't seem to want to do this any more.

Is there any way I can get the computer to do a system scan via the DOS prompt?

[Essexboy]

Yes if you can access the dos prompt

Download the following programme to a flash drive

[*]Download Farbar Recovery Scan Tool and save it to a flash drive.

Restart at the dos prompt
[*]Insert the flash drive with FRST on it
[*]Locate the flash drive and run FSRT (it will be e or f drive)
[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

[RedSuedePump]

Hi,

I've done that and have attached the file generated.

Just out of interest, does that mean the dodgy files have been deleted again like they were with the Windows scan or do I need a fix file for this?

Will leave the computer in dos mode for the moment - nice to see it on without IE jumping up all over the place!

RSP

Attached Files

•  FRST.txt   21.68KB   183 downloads

[Essexboy]

Alas I will ask you to go back to safe mode and run the following programme. Once this has run I will ask you to update to IE8

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
• Allow the installation of the recovery console
  
  
  
  
  
• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[RedSuedePump]

Hi,

Tried it, system rebooted and a window came up saying the software is preparing a report, don't start any software in the meantime.

Then IE opened up 51 times without propmting which I presume has buggered the report.

Should I try again?

[Essexboy]

No the report should still have been written at C:\Combofix.txt

OK this may break one of your programmes

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

  :OTL
  SRV - [2012/04/02 16:36:58 | 000,096,768 | ---- | M] (Freemake) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
  [2012/07/06 01:00:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\NatSpeak Periodic Data Collection.job
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[RedSuedePump]

OK, it's getting a bit late (21:45 here) and I don't want to do it wrong, so I will give it a try tomorrow evening, with better concentration levels.

Thanks

RSP