Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Mum clicked on a pop up.


  • Please log in to reply

#1
Lazera

Lazera

    New Member

  • Member
  • Pip
  • 8 posts
HI.

My Mum rang me the other week saying that a pop-up had come up offering free Norton software and she had clicked on it and now the computer wasn't working.

There's been loads of pop-ups coming up saying the system was infected and requesting that she put in her card information.

I've run Malwarebytes and S&D but I'm not sure if I've got it all and wanted to double check.


This is the log:

OTL logfile created on: 18/08/2011 21:47:37 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Jean\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.97 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 40.46% Memory free
4.17 Gb Paging File | 2.72 Gb Available in Paging File | 65.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.75 Gb Total Space | 162.62 Gb Free Space | 73.01% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.38 Gb Free Space | 43.85% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive K: | 3.81 Gb Total Space | 3.74 Gb Free Space | 97.98% Space Free | Partition Type: FAT32

Computer Name: BOB | User Name: Jean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/18 21:39:17 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Jean\Downloads\OTL.exe
PRC - [2011/05/10 08:32:05 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/14 17:23:24 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/11/25 17:34:05 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/23 18:51:33 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/26 10:12:41 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/26 10:12:39 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/26 10:12:06 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/26 10:12:05 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/05/21 00:55:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:54:56 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/03/09 20:15:42 | 000,287,368 | ---- | M] (Smilebox, Inc.) -- C:\Users\Jean\AppData\Roaming\Smilebox\SmileboxTray.exe
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/01/18 18:13:32 | 000,139,944 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\ezprint.exe
PRC - [2010/01/18 18:13:28 | 000,770,728 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleamon.exe
PRC - [2010/01/07 22:09:23 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\dleacoms.exe
PRC - [2009/04/05 18:44:37 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/08/19 07:19:40 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/08/19 07:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2008/07/20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/07/20 17:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/06/24 07:27:40 | 000,025,840 | ---- | M] () -- C:\Program Files\Dell V305\dldtmsdmon.exe
PRC - [2008/06/24 07:26:16 | 000,668,912 | ---- | M] () -- C:\Program Files\Dell V305\dldtmon.exe
PRC - [2008/02/25 17:38:12 | 000,595,184 | ---- | M] ( ) -- C:\Windows\System32\dldtcoms.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/17 11:57:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f183e57f94e56ac92ee99eed8e63943d\System.Configuration.ni.dll
MOD - [2011/06/16 17:41:00 | 005,451,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\59f9dfe0ea64752c07f5a59c283c163b\System.Xml.ni.dll
MOD - [2011/06/16 17:40:46 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f4fbd5c3aa0de64cce8f542b447a31a8\System.Windows.Forms.ni.dll
MOD - [2011/06/16 17:40:37 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d1bb7213f94f2bfa67b0b560785220\System.Drawing.ni.dll
MOD - [2011/06/16 17:39:48 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\a9288099fbc6849c6c7523745b4f64f4\System.ni.dll
MOD - [2011/06/16 17:39:15 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a189480a53deaaf80a820de30553259b\mscorlib.ni.dll
MOD - [2011/05/10 08:32:05 | 001,874,904 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/03/31 17:29:48 | 000,044,032 | ---- | M] () -- C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\dnjio76z.default\extensions\[email protected]\components\AlotXpcom.dll
MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/01/27 02:07:32 | 003,884,312 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2010/01/18 18:13:32 | 000,139,944 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\ezprint.exe
MOD - [2010/01/18 18:13:28 | 000,770,728 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleamon.exe
MOD - [2009/12/16 18:07:29 | 001,159,168 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleadrs.dll
MOD - [2009/12/16 18:04:21 | 000,389,120 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleascw.dll
MOD - [2009/11/26 09:49:41 | 000,086,180 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\DLEAcfg.dll
MOD - [2009/11/26 09:49:41 | 000,086,180 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\DLEAcfg.dll
MOD - [2009/11/09 09:06:45 | 000,159,744 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dleaprpr.dll
MOD - [2009/11/04 14:14:38 | 000,165,376 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dleadrui.dll
MOD - [2009/11/04 14:14:06 | 000,236,032 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dleadr.dll
MOD - [2009/09/05 00:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/06/22 14:08:44 | 000,196,608 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\epoemdll.dll
MOD - [2009/06/22 14:08:43 | 000,045,056 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\epstring.dll
MOD - [2009/06/22 14:08:41 | 002,203,648 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\epwizres.dll
MOD - [2009/06/22 14:08:27 | 000,708,608 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\epwizard.dll
MOD - [2009/06/22 14:06:32 | 000,159,744 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\customui.dll
MOD - [2009/06/22 14:06:09 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\epfunct.dll
MOD - [2009/06/22 14:06:03 | 000,114,688 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\eputil.dll
MOD - [2009/06/22 14:05:49 | 000,139,264 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\imagutil.dll
MOD - [2009/05/27 13:16:50 | 000,192,512 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dleadatr.dll
MOD - [2009/05/18 14:29:08 | 000,819,200 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dleaptpc.dll
MOD - [2009/04/07 20:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\iptk.dll
MOD - [2009/03/10 06:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleacaps.dll
MOD - [2009/03/05 18:55:33 | 000,059,904 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleacnv4.dll
MOD - [2009/03/02 15:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleaptp.dll
MOD - [2009/02/20 09:50:18 | 000,028,672 | ---- | M] () -- C:\Windows\System32\DLEAsmr.dll
MOD - [2009/02/20 09:49:37 | 000,299,008 | ---- | M] () -- C:\Windows\System32\DLEAsm.dll
MOD - [2008/06/24 07:27:40 | 000,025,840 | ---- | M] () -- C:\Program Files\Dell V305\dldtmsdmon.exe
MOD - [2008/06/24 07:26:16 | 000,668,912 | ---- | M] () -- C:\Program Files\Dell V305\dldtmon.exe
MOD - [2008/05/26 08:05:20 | 000,036,864 | ---- | M] () -- C:\Program Files\Dell V305\app4r.monitor.core.dll
MOD - [2008/05/26 08:05:20 | 000,028,672 | ---- | M] () -- C:\Program Files\Dell V305\app4r.monitor.common.dll
MOD - [2008/05/26 08:04:06 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell V305\app4r.devmons.mcmdevmon.dll
MOD - [2008/03/18 23:05:05 | 000,782,336 | ---- | M] () -- C:\Program Files\Dell V305\dldtdrs.dll
MOD - [2008/03/18 23:04:20 | 000,380,928 | ---- | M] () -- C:\Program Files\Dell V305\dldtscw.dll
MOD - [2008/02/19 23:25:56 | 000,081,920 | ---- | M] () -- C:\Program Files\Dell V305\dldtcaps.dll
MOD - [2008/02/19 23:18:58 | 000,151,552 | ---- | M] () -- C:\Program Files\Dell V305\dldtmonr.dll
MOD - [2008/01/22 03:05:12 | 000,077,906 | ---- | M] () -- C:\Program Files\Dell V305\DLDTcfg.dll
MOD - [2007/11/22 09:55:48 | 000,011,776 | ---- | M] () -- C:\Program Files\Dell V305\app4r.devmons.mcmdevmon.autoplayutil.dll
MOD - [2007/11/13 20:13:09 | 000,069,632 | ---- | M] () -- C:\Program Files\Dell V305\dldtcnv4.dll
MOD - [2007/05/29 08:39:08 | 000,589,824 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dldtdatr.dll
MOD - [2007/03/26 08:39:35 | 000,073,728 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dldtcats.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security)
SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/07/26 10:12:39 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/07/26 10:12:06 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/01/07 22:09:23 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dleacoms.exe -- (dlea_device)
SRV - [2010/01/07 22:09:17 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dleaserv.exe -- (dleaCATSCustConnectService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/19 07:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2008/07/20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/02/25 17:38:16 | 000,099,568 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe -- (dldtCATSCustConnectService)
SRV - [2008/02/25 17:38:12 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldtcoms.exe -- (dldt_device)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/05 16:15:32 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/26 10:12:06 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/05 18:06:12 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/08/26 18:55:14 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/08/19 08:03:28 | 000,079,960 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2008/08/19 08:02:56 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/08/19 07:59:30 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/01/21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/06/01 06:11:28 | 000,252,416 | R--- | M] (Belkin Corporation. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BLKWGU.sys -- (BELKIN)
DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.sky.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.msn.co.uk"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: [email protected]:2.4.2000
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..keyword.URL: "http://search.avg.co...k&lng=en-GB&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/25 17:35:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/08/18 20:00:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/10 08:32:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/10 08:32:08 | 000,000,000 | ---D | M]

[2009/04/14 10:41:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jean\AppData\Roaming\Mozilla\Extensions
[2011/08/18 21:38:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\dnjio76z.default\extensions
[2011/08/18 21:38:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\dnjio76z.default\extensions\staged
[2011/05/10 08:32:47 | 000,000,000 | ---D | M] (ALOT Toolbar) -- C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\dnjio76z.default\extensions\[email protected]
[2011/05/09 19:49:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/24 19:23:45 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/24 09:25:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
[2011/08/18 20:00:04 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.007.026.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/05/10 08:32:04 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/06/24 09:25:28 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/10 08:32:06 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/05/10 08:32:06 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/05/10 08:32:06 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/05/10 08:32:06 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/05/10 08:32:06 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Dell Toolbar) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dldtamon] C:\Program Files\Dell V305\dldtamon.exe ()
O4 - HKLM..\Run: [dldtmon.exe] C:\Program Files\Dell V305\dldtmon.exe ()
O4 - HKLM..\Run: [dleamon.exe] C:\Program Files\Dell V310-V510 Series\dleamon.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Dell V310-V510 Series\ezprint.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SmileboxTray] C:\Users\Jean\AppData\Roaming\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\RunOnce: [Shockwave Updater] File not found
O4 - Startup: C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4887dc85-36be-11e0-b68e-00219b1c1457}\Shell\AutoRun\command - "" = K:\start.exe
O33 - MountPoints2\{58c32ea9-7f14-11df-ace1-00219b1c1457}\Shell - "" = AutoRun
O33 - MountPoints2\{58c32ea9-7f14-11df-ace1-00219b1c1457}\Shell\AutoRun\command - "" = M:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/18 21:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/08/18 21:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/08/18 21:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/08/18 20:00:34 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Roaming\Malwarebytes
[2011/08/18 20:00:26 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/08/18 20:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/18 20:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/18 20:00:23 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/18 20:00:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/28 17:24:27 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\dleacoin.dll
[2010/09/28 17:18:44 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\dleausb1.dll
[2010/09/28 17:18:44 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dleainpa.dll
[2010/09/28 17:18:44 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\DLEAhcp.dll
[2010/09/28 17:18:44 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\dleaiesc.dll
[2010/09/28 17:18:43 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\dleaserv.dll
[2010/09/28 17:18:43 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\dleahbn3.dll
[2010/09/28 17:18:43 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dleapmui.dll
[2010/09/28 17:18:43 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\dlealmpm.dll
[2010/09/28 17:18:43 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\dleaih.exe
[2010/09/28 17:18:42 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\dleacomc.dll
[2010/09/28 17:18:42 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\dleacoms.exe
[2010/09/28 17:18:42 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\dleacfg.exe
[2010/09/28 17:18:42 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\dleacomm.dll
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2009/06/08 14:55:36 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\dldtserv.dll
[2009/06/08 14:55:36 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\dldtusb1.dll
[2009/06/08 14:55:36 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\DLDThcp.dll
[2009/06/08 14:55:36 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dldtinpa.dll
[2009/06/08 14:55:36 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\dldtiesc.dll
[2009/06/08 14:55:35 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\dldthbn3.dll
[2009/06/08 14:55:35 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\dldtpmui.dll
[2009/06/08 14:55:35 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\dldtlmpm.dll
[2009/06/08 14:55:35 | 000,320,752 | ---- | C] ( ) -- C:\Windows\System32\dldtih.exe
[2009/06/08 14:55:35 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\dldtprox.dll
[2009/06/08 14:55:34 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\dldtcomc.dll
[2009/06/08 14:55:34 | 000,595,184 | ---- | C] ( ) -- C:\Windows\System32\dldtcoms.exe
[2009/06/08 14:55:34 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\dldtcomm.dll
[2009/06/08 14:55:34 | 000,365,808 | ---- | C] ( ) -- C:\Windows\System32\dldtcfg.exe

========== Files - Modified Within 30 Days ==========

[2011/08/18 21:31:14 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/18 21:31:14 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/18 21:31:13 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2011/08/18 21:31:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/18 21:31:09 | 2110,771,200 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/18 21:10:27 | 000,001,081 | ---- | M] () -- C:\Users\Jean\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/08/18 21:10:27 | 000,001,057 | ---- | M] () -- C:\Users\Jean\Desktop\Spybot - Search & Destroy.lnk
[2011/08/18 20:00:48 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/18 20:00:48 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/18 20:00:27 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/18 20:00:04 | 084,048,107 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/08/18 19:55:12 | 000,010,646 | -HS- | M] () -- C:\Users\Jean\AppData\Local\c77y01vmu65eh2lssuh1il
[2011/08/18 19:55:12 | 000,010,646 | -HS- | M] () -- C:\ProgramData\c77y01vmu65eh2lssuh1il

========== Files Created - No Company Name ==========

[2011/08/18 21:10:27 | 000,001,081 | ---- | C] () -- C:\Users\Jean\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/08/18 21:10:27 | 000,001,057 | ---- | C] () -- C:\Users\Jean\Desktop\Spybot - Search & Destroy.lnk
[2011/08/18 20:00:27 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/24 13:04:07 | 000,010,646 | -HS- | C] () -- C:\Users\Jean\AppData\Local\c77y01vmu65eh2lssuh1il
[2011/06/24 13:04:07 | 000,010,646 | -HS- | C] () -- C:\ProgramData\c77y01vmu65eh2lssuh1il
[2011/05/19 20:08:06 | 000,000,680 | ---- | C] () -- C:\Users\Jean\AppData\Local\d3d9caps.dat
[2010/09/28 17:24:33 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dleavs.dll
[2010/09/28 17:23:45 | 000,110,592 | ---- | C] () -- C:\Windows\System32\dleacuir.dll
[2010/09/28 17:23:45 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dleagcfg.dll
[2010/09/28 17:23:44 | 000,294,912 | ---- | C] () -- C:\Windows\System32\dleacui.dll
[2010/09/28 17:19:48 | 000,372,736 | ---- | C] () -- C:\Windows\System32\DLEAwupd.dll
[2010/09/28 17:19:48 | 000,213,672 | ---- | C] () -- C:\Windows\System32\DLEAwupd.exe
[2010/09/28 17:18:44 | 000,331,776 | ---- | C] () -- C:\Windows\System32\DLEAinst.dll
[2010/09/28 17:18:43 | 000,323,584 | ---- | C] () -- C:\Windows\System32\dleains.dll
[2010/09/28 17:18:43 | 000,262,144 | ---- | C] () -- C:\Windows\System32\dleainsb.dll
[2010/09/28 17:18:43 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dleainsr.dll
[2010/09/28 17:18:43 | 000,057,344 | ---- | C] () -- C:\Windows\System32\dleajswr.dll
[2010/09/28 17:18:42 | 000,253,952 | ---- | C] () -- C:\Windows\System32\dleacu.dll
[2010/09/28 17:18:42 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dleagrd.dll
[2010/09/28 17:18:42 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dleacub.dll
[2010/09/28 17:18:42 | 000,086,180 | ---- | C] () -- C:\Windows\System32\DLEAcfg.dll
[2010/09/28 17:18:42 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dleacur.dll
[2010/09/28 17:18:06 | 000,028,672 | ---- | C] () -- C:\Windows\System32\DLEAsmr.dll
[2010/09/28 17:18:05 | 000,299,008 | ---- | C] () -- C:\Windows\System32\DLEAsm.dll
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/07/29 18:31:03 | 000,127,824 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/04/26 20:49:36 | 000,003,584 | ---- | C] () -- C:\Users\Jean\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/09 18:01:21 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/09/10 19:56:10 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/06/08 14:58:54 | 000,360,448 | ---- | C] () -- C:\Windows\System32\dldtcoin.dll
[2009/06/08 14:55:51 | 000,102,400 | ---- | C] () -- C:\Windows\System32\dldtwupd.dll
[2009/06/08 14:55:51 | 000,017,648 | ---- | C] () -- C:\Windows\System32\dldtwupd.exe
[2009/06/08 14:55:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\dldtutil.dll
[2009/06/08 14:55:36 | 000,348,160 | ---- | C] () -- C:\Windows\System32\DLDTinst.dll
[2009/06/08 14:55:35 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dldtgrd.dll
[2009/06/08 14:55:35 | 000,180,224 | ---- | C] () -- C:\Windows\System32\dldtinsb.dll
[2009/06/08 14:55:35 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldtins.dll
[2009/06/08 14:55:35 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dldtjswr.dll
[2009/06/08 14:55:35 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dldtinsr.dll
[2009/06/08 14:55:34 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldtcub.dll
[2009/06/08 14:55:34 | 000,077,906 | ---- | C] () -- C:\Windows\System32\DLDTcfg.dll
[2009/06/08 14:55:34 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldtcu.dll
[2009/06/08 14:55:34 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dldtcur.dll
[2009/04/14 10:11:02 | 000,010,242 | ---- | C] () -- C:\Users\Jean\AppData\Roaming\wklnhst.dat
[2009/04/05 18:49:34 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/04/05 18:49:33 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1545.dll
[2009/04/05 18:49:33 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009/04/05 18:49:25 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2009/04/05 18:46:23 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/05 18:46:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/02/21 21:41:23 | 000,782,336 | ---- | C] () -- C:\Windows\System32\dldtdrs.dll
[2008/02/19 23:25:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\dldtcaps.dll
[2008/02/04 00:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/11/13 20:13:09 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dldtcnv4.dll
[2007/04/28 15:41:49 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dldtvs.dll
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,296,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010/04/11 21:05:40 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/09/18 11:40:34 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Elluminate
[2010/06/24 09:36:45 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\OpenOffice.org
[2011/02/12 16:59:41 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Research In Motion
[2010/04/26 20:49:37 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Smilebox
[2009/04/14 10:11:39 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Template
[2011/08/18 21:31:13 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RtlNICDiagVistaStart.job
[2011/08/18 21:30:30 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

Copy the text in the code box by highlighting and Ctrl + c


:processes
killallprocesses

:Services
Norton Internet Security

:OTL
SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security)
FF - prefs.js..extensions.enabledItems: [email protected]:2.4.2000
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
[2011/05/10 08:32:47 | 000,000,000 | ---D | M] (ALOT Toolbar) -- C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\dnjio76z.default\extensions\[email protected]
[2010/06/24 09:25:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKCU..\RunOnce: [Shockwave Updater] File not found
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O33 - MountPoints2\{4887dc85-36be-11e0-b68e-00219b1c1457}\Shell\AutoRun\command - "" = K:\start.exe
O33 - MountPoints2\{58c32ea9-7f14-11df-ace1-00219b1c1457}\Shell - "" = AutoRun
O33 - MountPoints2\{58c32ea9-7f14-11df-ace1-00219b1c1457}\Shell\AutoRun\command - "" = M:\iStudio.exe
[2011/08/18 19:55:12 | 000,010,646 | -HS- | M] () -- C:\Users\Jean\AppData\Local\c77y01vmu65eh2lssuh1il
[2011/08/18 19:55:12 | 000,010,646 | -HS- | M] () -- C:\ProgramData\c77y01vmu65eh2lssuh1il
[2011/06/24 13:04:07 | 000,010,646 | -HS- | C] () -- C:\Users\Jean\AppData\Local\c77y01vmu65eh2lssuh1il
[2011/06/24 13:04:07 | 000,010,646 | -HS- | C] () -- C:\ProgramData\c77y01vmu65eh2lssuh1il

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:Commands
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

You must first uninstall AVG before running Combofix then download and run the AVG removal tool.
http://download.avg....6_2011_1322.exe

:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.

Right click and Run As Administrator the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled (not the Fix MBR button) and tell me) click save log, save it to your desktop and post in your next reply
Posted Image


Open OTL again and select the All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Ron
  • 0

#3
Lazera

Lazera

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks.

There was no log that came up after I ran Malwarebytes'.

This is the ComboFix log:

ComboFix 11-08-18.03 - Jean 19/08/2011 18:04:07.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2012.1142 [GMT 1:00]
Running from: c:\users\Jean\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-19 to 2011-08-19 )))))))))))))))))))))))))))))))
.
.
2011-08-19 16:42 . 2011-08-19 16:42 -------- d-----w- C:\_OTL
2011-08-18 20:10 . 2011-08-18 20:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-18 20:10 . 2011-08-18 20:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-18 19:08 . 2011-07-06 14:56 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-18 19:08 . 2011-06-02 12:59 2042368 ----a-w- c:\windows\system32\win32k.sys
2011-08-18 19:08 . 2011-04-20 14:47 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-18 19:08 . 2011-04-20 14:44 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-08-18 19:07 . 2011-04-29 14:54 276992 ----a-w- c:\windows\system32\schannel.dll
2011-08-18 19:00 . 2011-08-18 19:00 -------- d-----w- c:\users\Jean\AppData\Roaming\Malwarebytes
2011-08-18 19:00 . 2011-08-18 19:00 -------- d-----w- c:\programdata\Malwarebytes
2011-08-18 19:00 . 2011-07-06 18:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-18 19:00 . 2011-07-06 18:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-18 19:00 . 2011-08-18 19:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-28 06:08 . 2011-06-15 19:51 916480 ----a-w- c:\windows\system32\wininet.dll
2011-05-28 06:04 . 2011-06-15 19:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-28 06:04 . 2011-06-15 19:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-28 06:04 . 2011-06-15 19:51 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-05-28 06:04 . 2011-06-15 19:51 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-28 05:10 . 2011-06-15 19:51 385024 ----a-w- c:\windows\system32\html.iec
2011-05-28 04:33 . 2011-06-15 19:51 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-28 04:31 . 2011-06-15 19:51 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-10 07:32 . 2011-05-10 07:32 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"SmileboxTray"="c:\users\Jean\AppData\Roaming\Smilebox\SmileboxTray.exe" [2010-03-09 287368]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-19 6265376]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"dldtmon.exe"="c:\program files\Dell V305\dldtmon.exe" [2008-06-24 668912]
"dldtamon"="c:\program files\Dell V305\dldtamon.exe" [2008-06-24 16624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"dleamon.exe"="c:\program files\Dell V310-V510 Series\dleamon.exe" [2010-01-18 770728]
"EzPrint"="c:\program files\Dell V310-V510 Series\ezprint.exe" [2010-01-18 139944]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
.
c:\users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\dldtserv.exe [2008-02-25 99568]
R2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\dleaserv.exe [2010-01-07 98984]
R3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\DRIVERS\BLKWGU.sys [2007-06-01 252416]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-08-19 81920]
S2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe [2008-02-25 595184]
S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe [2010-01-07 598696]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2008-08-19 27648]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-08-26 112128]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-19 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2009-04-05 07:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sky.com
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\dnjio76z.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.msn.co.uk
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4baa43da&v=7.007.026.001&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q=
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-NSS - c:\program files\Norton Security Scan\Engine\3.1.3.7\InstWrap.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-19 18:09
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-08-19 18:12:05
ComboFix-quarantined-files.txt 2011-08-19 17:12
.
Pre-Run: 174,282,784,768 bytes free
Post-Run: 174,236,741,632 bytes free
.
- - End Of File - - 1CD86B3EFBD3EF304C4538701A800DAE


This is the TDSSKiller log:

2011/08/19 19:33:07.0729 3436 TDSS rootkit removing tool 2.5.16.0 Aug 19 2011 17:48:17
2011/08/19 19:33:08.0056 3436 ================================================================================
2011/08/19 19:33:08.0056 3436 SystemInfo:
2011/08/19 19:33:08.0056 3436
2011/08/19 19:33:08.0056 3436 OS Version: 6.0.6001 ServicePack: 1.0
2011/08/19 19:33:08.0056 3436 Product type: Workstation
2011/08/19 19:33:08.0056 3436 ComputerName: BOB
2011/08/19 19:33:08.0056 3436 UserName: Jean
2011/08/19 19:33:08.0056 3436 Windows directory: C:\Windows
2011/08/19 19:33:08.0056 3436 System windows directory: C:\Windows
2011/08/19 19:33:08.0056 3436 Processor architecture: Intel x86
2011/08/19 19:33:08.0056 3436 Number of processors: 2
2011/08/19 19:33:08.0056 3436 Page size: 0x1000
2011/08/19 19:33:08.0057 3436 Boot type: Normal boot
2011/08/19 19:33:08.0057 3436 ================================================================================
2011/08/19 19:33:08.0444 3436 Initialize success
2011/08/19 19:33:30.0153 1032 ================================================================================
2011/08/19 19:33:30.0153 1032 Scan started
2011/08/19 19:33:30.0153 1032 Mode: Manual;
2011/08/19 19:33:30.0153 1032 ================================================================================
2011/08/19 19:33:30.0461 1032 ACPI (0cee59e4613bf65e2fd37e544ad66bdb) C:\Windows\system32\drivers\acpi.sys
2011/08/19 19:33:30.0508 1032 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/08/19 19:33:30.0614 1032 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/08/19 19:33:30.0634 1032 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/08/19 19:33:30.0658 1032 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/08/19 19:33:30.0802 1032 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
2011/08/19 19:33:30.0838 1032 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/08/19 19:33:30.0914 1032 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/08/19 19:33:30.0943 1032 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/08/19 19:33:31.0009 1032 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/08/19 19:33:31.0066 1032 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/08/19 19:33:31.0119 1032 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/08/19 19:33:31.0142 1032 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/08/19 19:33:31.0234 1032 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/08/19 19:33:31.0265 1032 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/08/19 19:33:31.0298 1032 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/19 19:33:31.0374 1032 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
2011/08/19 19:33:31.0440 1032 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/08/19 19:33:31.0525 1032 BELKIN (aabc25b5a02d64ea6e8190ae24814b64) C:\Windows\system32\DRIVERS\BLKWGU.sys
2011/08/19 19:33:31.0578 1032 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/08/19 19:33:31.0665 1032 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/19 19:33:31.0744 1032 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/19 19:33:31.0781 1032 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/08/19 19:33:31.0846 1032 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/08/19 19:33:31.0873 1032 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/08/19 19:33:31.0908 1032 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/19 19:33:31.0933 1032 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/08/19 19:33:32.0040 1032 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/08/19 19:33:32.0181 1032 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/19 19:33:32.0213 1032 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/19 19:33:32.0241 1032 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/08/19 19:33:32.0272 1032 CLFS (0703b9dee7eec6d6370edebd43d0f5c2) C:\Windows\system32\CLFS.sys
2011/08/19 19:33:32.0350 1032 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/08/19 19:33:32.0382 1032 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/08/19 19:33:32.0410 1032 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/08/19 19:33:32.0468 1032 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/08/19 19:33:32.0541 1032 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
2011/08/19 19:33:32.0651 1032 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/08/19 19:33:32.0772 1032 drmkaud (a261867e0862be565bc1f86d387c0805) C:\Windows\system32\drivers\drmkaud.sys
2011/08/19 19:33:32.0832 1032 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/19 19:33:32.0916 1032 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/08/19 19:33:32.0956 1032 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/08/19 19:33:33.0046 1032 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/08/19 19:33:33.0086 1032 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/08/19 19:33:33.0173 1032 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/08/19 19:33:33.0223 1032 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/08/19 19:33:33.0244 1032 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/08/19 19:33:33.0321 1032 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/19 19:33:33.0353 1032 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/08/19 19:33:33.0375 1032 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/08/19 19:33:33.0447 1032 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/19 19:33:33.0480 1032 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/08/19 19:33:33.0554 1032 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/19 19:33:33.0574 1032 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/19 19:33:33.0633 1032 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/19 19:33:33.0713 1032 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/19 19:33:33.0738 1032 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/08/19 19:33:33.0757 1032 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/08/19 19:33:33.0840 1032 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/19 19:33:33.0870 1032 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/08/19 19:33:33.0937 1032 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/08/19 19:33:34.0017 1032 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/08/19 19:33:34.0114 1032 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/19 19:33:34.0173 1032 iaStor (707c1692214b1c290271067197f075f6) C:\Windows\system32\drivers\iastor.sys
2011/08/19 19:33:34.0265 1032 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/08/19 19:33:34.0534 1032 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/08/19 19:33:34.0669 1032 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/08/19 19:33:34.0752 1032 IntcAzAudAddService (9b89f2e3d705651dec1f01033b9d6b24) C:\Windows\system32\drivers\RTKVHDA.sys
2011/08/19 19:33:34.0847 1032 IntcHdmiAddService (8dab99684cfe8b4ddd5d6d0c5d55fdac) C:\Windows\system32\drivers\IntcHdmi.sys
2011/08/19 19:33:34.0891 1032 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/08/19 19:33:34.0957 1032 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/19 19:33:34.0997 1032 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/19 19:33:35.0038 1032 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/19 19:33:35.0107 1032 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/19 19:33:35.0136 1032 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/08/19 19:33:35.0167 1032 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/08/19 19:33:35.0235 1032 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/19 19:33:35.0260 1032 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/08/19 19:33:35.0286 1032 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/08/19 19:33:35.0314 1032 JRAID (b07084095f8c03aadb9811c9df14b5e4) C:\Windows\system32\drivers\jraid.sys
2011/08/19 19:33:35.0375 1032 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/19 19:33:35.0395 1032 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/19 19:33:35.0468 1032 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/19 19:33:35.0520 1032 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/19 19:33:35.0606 1032 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/19 19:33:35.0630 1032 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/19 19:33:35.0675 1032 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/19 19:33:35.0737 1032 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/08/19 19:33:35.0769 1032 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/08/19 19:33:35.0804 1032 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/08/19 19:33:35.0870 1032 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/08/19 19:33:35.0905 1032 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/19 19:33:35.0941 1032 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/19 19:33:36.0004 1032 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/19 19:33:36.0032 1032 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/08/19 19:33:36.0073 1032 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/08/19 19:33:36.0136 1032 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/19 19:33:36.0184 1032 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/19 19:33:36.0220 1032 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/08/19 19:33:36.0334 1032 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/19 19:33:36.0370 1032 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/19 19:33:36.0404 1032 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/19 19:33:36.0431 1032 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2011/08/19 19:33:36.0493 1032 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/08/19 19:33:36.0519 1032 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/08/19 19:33:36.0559 1032 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/08/19 19:33:36.0606 1032 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/19 19:33:36.0665 1032 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/19 19:33:36.0682 1032 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/08/19 19:33:36.0701 1032 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/08/19 19:33:36.0731 1032 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/19 19:33:36.0773 1032 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/08/19 19:33:36.0832 1032 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/08/19 19:33:36.0880 1032 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/19 19:33:37.0006 1032 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys
2011/08/19 19:33:37.0062 1032 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/19 19:33:37.0107 1032 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/19 19:33:37.0138 1032 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/19 19:33:37.0187 1032 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/08/19 19:33:37.0236 1032 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/19 19:33:37.0259 1032 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/19 19:33:37.0329 1032 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/08/19 19:33:37.0379 1032 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/08/19 19:33:37.0397 1032 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/19 19:33:37.0474 1032 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/08/19 19:33:37.0525 1032 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/08/19 19:33:37.0580 1032 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/08/19 19:33:37.0606 1032 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/08/19 19:33:37.0654 1032 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/08/19 19:33:37.0711 1032 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/08/19 19:33:37.0844 1032 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/08/19 19:33:37.0908 1032 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/08/19 19:33:37.0943 1032 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/08/19 19:33:37.0975 1032 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/08/19 19:33:38.0030 1032 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/08/19 19:33:38.0080 1032 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/08/19 19:33:38.0107 1032 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/08/19 19:33:38.0175 1032 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/08/19 19:33:38.0281 1032 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/19 19:33:38.0325 1032 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/08/19 19:33:38.0366 1032 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/19 19:33:38.0448 1032 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2011/08/19 19:33:38.0533 1032 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/08/19 19:33:38.0612 1032 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/08/19 19:33:38.0652 1032 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/19 19:33:38.0785 1032 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/19 19:33:38.0890 1032 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/19 19:33:38.0925 1032 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/19 19:33:38.0952 1032 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/19 19:33:38.0972 1032 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/19 19:33:39.0049 1032 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/19 19:33:39.0072 1032 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/19 19:33:39.0101 1032 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/08/19 19:33:39.0118 1032 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/19 19:33:39.0158 1032 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/08/19 19:33:39.0267 1032 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\Windows\system32\Drivers\RimUsb.sys
2011/08/19 19:33:39.0323 1032 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/08/19 19:33:39.0351 1032 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2011/08/19 19:33:39.0379 1032 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/19 19:33:39.0463 1032 RTL8169 (2fc33077f85d7dc0d03678c06d43898c) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/08/19 19:33:39.0517 1032 RtNdPt60 (7f8d15ee000577be703537849d4f9397) C:\Windows\system32\DRIVERS\RtNdPt60.sys
2011/08/19 19:33:39.0549 1032 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/08/19 19:33:39.0643 1032 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/19 19:33:39.0691 1032 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/19 19:33:39.0723 1032 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/08/19 19:33:39.0798 1032 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/08/19 19:33:39.0838 1032 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/08/19 19:33:39.0857 1032 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/19 19:33:39.0879 1032 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/19 19:33:39.0898 1032 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/08/19 19:33:39.0982 1032 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/08/19 19:33:40.0006 1032 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/08/19 19:33:40.0040 1032 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/08/19 19:33:40.0088 1032 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/08/19 19:33:40.0127 1032 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/08/19 19:33:40.0356 1032 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
2011/08/19 19:33:40.0758 1032 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/19 19:33:40.0822 1032 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/19 19:33:40.0914 1032 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/19 19:33:40.0955 1032 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/08/19 19:33:41.0273 1032 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/08/19 19:33:41.0342 1032 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/08/19 19:33:41.0462 1032 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/08/19 19:33:42.0147 1032 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/19 19:33:42.0646 1032 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/19 19:33:42.0710 1032 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/08/19 19:33:42.0758 1032 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/08/19 19:33:42.0791 1032 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/19 19:33:42.0818 1032 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/19 19:33:42.0931 1032 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/19 19:33:42.0978 1032 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/19 19:33:43.0014 1032 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/19 19:33:43.0091 1032 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/08/19 19:33:43.0113 1032 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/19 19:33:43.0162 1032 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/19 19:33:43.0190 1032 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/08/19 19:33:43.0257 1032 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/08/19 19:33:43.0280 1032 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/08/19 19:33:43.0316 1032 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/19 19:33:43.0387 1032 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2011/08/19 19:33:43.0463 1032 usbccgp (4073a94046d5f1025766eefd6abdc8db) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/19 19:33:43.0502 1032 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/08/19 19:33:43.0579 1032 usbehci (8625e96957cb855413628abb306c7b89) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/19 19:33:43.0613 1032 usbhub (bc1912ebb127b4e0905c7574349c6dce) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/19 19:33:43.0651 1032 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/08/19 19:33:43.0722 1032 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/19 19:33:43.0751 1032 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/19 19:33:43.0778 1032 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/19 19:33:43.0838 1032 usbuhci (4ba9542f67c63979761f1e0b8ab7141f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/19 19:33:43.0879 1032 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/19 19:33:43.0905 1032 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/08/19 19:33:43.0925 1032 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/08/19 19:33:43.0979 1032 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/08/19 19:33:44.0006 1032 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/08/19 19:33:44.0036 1032 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/08/19 19:33:44.0071 1032 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/08/19 19:33:44.0119 1032 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/08/19 19:33:44.0172 1032 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/08/19 19:33:44.0214 1032 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/08/19 19:33:44.0269 1032 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/19 19:33:44.0294 1032 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/19 19:33:44.0345 1032 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/08/19 19:33:44.0422 1032 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/19 19:33:44.0548 1032 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/19 19:33:44.0611 1032 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/19 19:33:44.0668 1032 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/19 19:33:44.0711 1032 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/08/19 19:33:44.0746 1032 Boot (0x1200) (7610b42fce924befa5ca533c9aad5cdb) \Device\Harddisk0\DR0\Partition0
2011/08/19 19:33:44.0755 1032 Boot (0x1200) (787cc4bc4c5eb1d91c72e0982117f11e) \Device\Harddisk0\DR0\Partition1
2011/08/19 19:33:44.0764 1032 ================================================================================
2011/08/19 19:33:44.0764 1032 Scan finished
2011/08/19 19:33:44.0764 1032 ================================================================================
2011/08/19 19:33:44.0775 3204 Detected object count: 0
2011/08/19 19:33:44.0775 3204 Actual detected object count: 0


When aswMBR.exe had finished the Fix button was not enabled.
This is the log:

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-19 19:09:58
-----------------------------
19:09:58.604 OS Version: Windows 6.0.6001 Service Pack 1
19:09:58.604 Number of processors: 2 586 0x1706
19:09:58.604 ComputerName: BOB UserName:
19:09:59.649 Initialize success
19:10:40.758 AVAST engine defs: 11081900
19:10:44.456 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
19:10:44.459 Disk 0 Vendor: Hitachi_ GM2O Size: 238418MB BusType: 3
19:10:44.471 Disk 0 MBR read successfully
19:10:44.475 Disk 0 MBR scan
19:10:44.482 Disk 0 Windows VISTA default MBR code
19:10:44.488 Disk 0 scanning sectors +488278016
19:10:44.579 Disk 0 scanning C:\Windows\system32\drivers
19:10:54.178 Service scanning
19:10:55.219 Modules scanning
19:11:00.625 Disk 0 trace - called modules:
19:11:00.650 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
19:11:00.656 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8552b178]
19:11:00.662 3 CLASSPNP.SYS[87faa745] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x849e0028]
19:11:02.002 AVAST engine scan C:\Windows
19:11:04.685 AVAST engine scan C:\Windows\system32
19:12:54.270 AVAST engine scan C:\Windows\system32\drivers
19:13:02.035 AVAST engine scan C:\Users\Jean
19:14:28.101 AVAST engine scan C:\ProgramData
19:15:21.303 Scan finished successfully
19:22:10.639 Disk 0 MBR has been saved successfully to "C:\Users\Jean\Documents\MBR.dat"
19:22:10.645 The log file has been saved successfully to "C:\Users\Jean\Documents\aswMBR.txt"


These are the 2 logs from OTL:

OTL logfile created on: 19/08/2011 19:22:57 - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = c:\Users\Jean\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.97 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.63% Memory free
4.17 Gb Paging File | 3.05 Gb Available in Paging File | 73.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.75 Gb Total Space | 162.44 Gb Free Space | 72.92% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.38 Gb Free Space | 43.85% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: BOB | User Name: Jean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/18 21:39:17 | 000,580,096 | ---- | M] (OldTimer Tools) -- c:\Users\Jean\Downloads\OTL.exe
PRC - [2011/05/10 08:32:05 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/05/21 00:55:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:54:56 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/03/09 20:15:42 | 000,287,368 | ---- | M] (Smilebox, Inc.) -- C:\Users\Jean\AppData\Roaming\Smilebox\SmileboxTray.exe
PRC - [2010/01/18 18:13:28 | 000,770,728 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleamon.exe
PRC - [2010/01/07 22:09:23 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\dleacoms.exe
PRC - [2009/04/05 18:44:37 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/08/19 07:19:40 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/08/19 07:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2008/07/20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/07/20 17:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/06/24 07:27:40 | 000,025,840 | ---- | M] () -- C:\Program Files\Dell V305\dldtmsdmon.exe
PRC - [2008/06/24 07:26:16 | 000,668,912 | ---- | M] () -- C:\Program Files\Dell V305\dldtmon.exe
PRC - [2008/02/25 17:38:12 | 000,595,184 | ---- | M] ( ) -- C:\Windows\System32\dldtcoms.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/17 11:57:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f183e57f94e56ac92ee99eed8e63943d\System.Configuration.ni.dll
MOD - [2011/06/16 17:41:00 | 005,451,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\59f9dfe0ea64752c07f5a59c283c163b\System.Xml.ni.dll
MOD - [2011/06/16 17:40:46 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f4fbd5c3aa0de64cce8f542b447a31a8\System.Windows.Forms.ni.dll
MOD - [2011/06/16 17:40:37 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d1bb7213f94f2bfa67b0b560785220\System.Drawing.ni.dll
MOD - [2011/06/16 17:39:48 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\a9288099fbc6849c6c7523745b4f64f4\System.ni.dll
MOD - [2011/06/16 17:39:15 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a189480a53deaaf80a820de30553259b\mscorlib.ni.dll
MOD - [2011/05/10 08:32:05 | 001,874,904 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/01/27 02:07:32 | 003,884,312 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2010/01/18 18:13:28 | 000,770,728 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleamon.exe
MOD - [2009/12/16 18:07:29 | 001,159,168 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleadrs.dll
MOD - [2009/12/16 18:04:21 | 000,389,120 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleascw.dll
MOD - [2009/11/26 09:49:41 | 000,086,180 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\DLEAcfg.dll
MOD - [2009/09/05 00:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/05/27 13:16:50 | 000,192,512 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dleadatr.dll
MOD - [2009/03/10 06:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleacaps.dll
MOD - [2009/03/05 18:55:33 | 000,059,904 | ---- | M] () -- C:\Program Files\Dell V310-V510 Series\dleacnv4.dll
MOD - [2009/02/20 09:50:18 | 000,028,672 | ---- | M] () -- C:\Windows\System32\DLEAsmr.dll
MOD - [2009/02/20 09:49:37 | 000,299,008 | ---- | M] () -- C:\Windows\System32\DLEAsm.dll
MOD - [2008/06/24 07:27:40 | 000,025,840 | ---- | M] () -- C:\Program Files\Dell V305\dldtmsdmon.exe
MOD - [2008/06/24 07:26:16 | 000,668,912 | ---- | M] () -- C:\Program Files\Dell V305\dldtmon.exe
MOD - [2008/05/26 08:05:20 | 000,036,864 | ---- | M] () -- C:\Program Files\Dell V305\app4r.monitor.core.dll
MOD - [2008/05/26 08:05:20 | 000,028,672 | ---- | M] () -- C:\Program Files\Dell V305\app4r.monitor.common.dll
MOD - [2008/05/26 08:04:06 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell V305\app4r.devmons.mcmdevmon.dll
MOD - [2008/03/18 23:05:05 | 000,782,336 | ---- | M] () -- C:\Program Files\Dell V305\dldtdrs.dll
MOD - [2008/03/18 23:04:20 | 000,380,928 | ---- | M] () -- C:\Program Files\Dell V305\dldtscw.dll
MOD - [2008/02/19 23:25:56 | 000,081,920 | ---- | M] () -- C:\Program Files\Dell V305\dldtcaps.dll
MOD - [2008/02/19 23:18:58 | 000,151,552 | ---- | M] () -- C:\Program Files\Dell V305\dldtmonr.dll
MOD - [2008/01/22 03:05:12 | 000,077,906 | ---- | M] () -- C:\Program Files\Dell V305\DLDTcfg.dll
MOD - [2007/11/22 09:55:48 | 000,011,776 | ---- | M] () -- C:\Program Files\Dell V305\app4r.devmons.mcmdevmon.autoplayutil.dll
MOD - [2007/11/13 20:13:09 | 000,069,632 | ---- | M] () -- C:\Program Files\Dell V305\dldtcnv4.dll
MOD - [2007/05/29 08:39:08 | 000,589,824 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dldtdatr.dll
MOD - [2007/03/26 08:39:35 | 000,073,728 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dldtcats.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/07 22:09:23 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dleacoms.exe -- (dlea_device)
SRV - [2010/01/07 22:09:17 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dleaserv.exe -- (dleaCATSCustConnectService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/19 07:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2008/07/20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/02/25 17:38:16 | 000,099,568 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe -- (dldtCATSCustConnectService)
SRV - [2008/02/25 17:38:12 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldtcoms.exe -- (dldt_device)


========== Driver Services (SafeList) ==========

DRV - [2008/08/26 18:55:14 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/08/19 08:03:28 | 000,079,960 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2008/08/19 08:02:56 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/08/19 07:59:30 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/01/21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/06/01 06:11:28 | 000,252,416 | R--- | M] (Belkin Corporation. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BLKWGU.sys -- (BELKIN)
DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.sky.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.msn.co.uk"
FF - prefs.js..keyword.URL: "http://search.avg.co...k&lng=en-GB&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/10 08:32:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/10 08:32:08 | 000,000,000 | ---D | M]

[2009/04/14 10:41:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jean\AppData\Roaming\Mozilla\Extensions
[2011/08/19 17:42:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\dnjio76z.default\extensions
[2011/08/19 17:42:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/24 19:23:45 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) --
[2011/05/10 08:32:04 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/06/24 09:25:28 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/10 08:32:06 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/05/10 08:32:06 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/05/10 08:32:06 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/05/10 08:32:06 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/05/10 08:32:06 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/08/19 18:09:33 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Dell Toolbar) - {09B71986-2AC5-482D-B6CB-42EA34F4F85B} - C:\Program Files\Dell Toolbar\toolband.dll ()
O4 - HKLM..\Run: [dldtamon] C:\Program Files\Dell V305\dldtamon.exe ()
O4 - HKLM..\Run: [dldtmon.exe] C:\Program Files\Dell V305\dldtmon.exe ()
O4 - HKLM..\Run: [dleamon.exe] C:\Program Files\Dell V310-V510 Series\dleamon.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Dell V310-V510 Series\ezprint.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [SmileboxTray] C:\Users\Jean\AppData\Roaming\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4 - Startup: C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/19 19:09:41 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Users\Jean\Desktop\aswMBR.exe
[2011/08/19 18:55:40 | 001,405,744 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jean\Desktop\tdsskiller.exe
[2011/08/19 18:12:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/19 18:12:07 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Local\temp
[2011/08/19 18:02:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/19 18:02:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/19 18:02:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/19 18:02:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/19 18:02:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/19 18:00:55 | 004,177,927 | R--- | C] (Swearware) -- C:\Users\Jean\Desktop\ComboFix.exe
[2011/08/19 17:42:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/18 21:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/08/18 21:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/08/18 21:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/08/18 20:08:07 | 002,042,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/08/18 20:08:02 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/18 20:08:02 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/08/18 20:00:34 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Roaming\Malwarebytes
[2011/08/18 20:00:26 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/08/18 20:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/18 20:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/18 20:00:23 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/18 20:00:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/28 17:24:27 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\dleacoin.dll
[2010/09/28 17:18:44 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\dleausb1.dll
[2010/09/28 17:18:44 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dleainpa.dll
[2010/09/28 17:18:44 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\DLEAhcp.dll
[2010/09/28 17:18:44 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\dleaiesc.dll
[2010/09/28 17:18:43 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\dleaserv.dll
[2010/09/28 17:18:43 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\dleahbn3.dll
[2010/09/28 17:18:43 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dleapmui.dll
[2010/09/28 17:18:43 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\dlealmpm.dll
[2010/09/28 17:18:43 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\dleaih.exe
[2010/09/28 17:18:42 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\dleacomc.dll
[2010/09/28 17:18:42 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\dleacoms.exe
[2010/09/28 17:18:42 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\dleacfg.exe
[2010/09/28 17:18:42 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\dleacomm.dll
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2009/06/08 14:55:36 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\dldtserv.dll
[2009/06/08 14:55:36 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\dldtusb1.dll
[2009/06/08 14:55:36 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\DLDThcp.dll
[2009/06/08 14:55:36 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dldtinpa.dll
[2009/06/08 14:55:36 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\dldtiesc.dll
[2009/06/08 14:55:35 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\dldthbn3.dll
[2009/06/08 14:55:35 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\dldtpmui.dll
[2009/06/08 14:55:35 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\dldtlmpm.dll
[2009/06/08 14:55:35 | 000,320,752 | ---- | C] ( ) -- C:\Windows\System32\dldtih.exe
[2009/06/08 14:55:35 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\dldtprox.dll
[2009/06/08 14:55:34 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\dldtcomc.dll
[2009/06/08 14:55:34 | 000,595,184 | ---- | C] ( ) -- C:\Windows\System32\dldtcoms.exe
[2009/06/08 14:55:34 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\dldtcomm.dll
[2009/06/08 14:55:34 | 000,365,808 | ---- | C] ( ) -- C:\Windows\System32\dldtcfg.exe

========== Files - Modified Within 30 Days ==========

[2011/08/19 19:22:10 | 000,000,512 | ---- | M] () -- C:\Users\Jean\Documents\MBR.dat
[2011/08/19 19:09:42 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\Jean\Desktop\aswMBR.exe
[2011/08/19 18:55:41 | 001,405,744 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jean\Desktop\tdsskiller.exe
[2011/08/19 18:09:33 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/08/19 18:01:13 | 004,177,927 | R--- | M] (Swearware) -- C:\Users\Jean\Desktop\ComboFix.exe
[2011/08/19 17:57:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/19 17:57:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/19 17:57:23 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2011/08/19 17:57:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/19 17:57:19 | 2110,771,200 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/19 17:37:33 | 000,296,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/18 21:10:27 | 000,001,081 | ---- | M] () -- C:\Users\Jean\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/08/18 21:10:27 | 000,001,057 | ---- | M] () -- C:\Users\Jean\Desktop\Spybot - Search & Destroy.lnk
[2011/08/18 20:00:48 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/18 20:00:48 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/18 20:00:27 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2011/08/19 19:22:10 | 000,000,512 | ---- | C] () -- C:\Users\Jean\Documents\MBR.dat
[2011/08/19 18:02:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/19 18:02:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/19 18:02:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/19 18:02:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/19 18:02:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/18 21:10:27 | 000,001,081 | ---- | C] () -- C:\Users\Jean\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/08/18 21:10:27 | 000,001,057 | ---- | C] () -- C:\Users\Jean\Desktop\Spybot - Search & Destroy.lnk
[2011/08/18 20:00:27 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/19 20:08:06 | 000,000,680 | ---- | C] () -- C:\Users\Jean\AppData\Local\d3d9caps.dat
[2010/09/28 17:24:33 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dleavs.dll
[2010/09/28 17:23:45 | 000,110,592 | ---- | C] () -- C:\Windows\System32\dleacuir.dll
[2010/09/28 17:23:45 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dleagcfg.dll
[2010/09/28 17:23:44 | 000,294,912 | ---- | C] () -- C:\Windows\System32\dleacui.dll
[2010/09/28 17:19:48 | 000,372,736 | ---- | C] () -- C:\Windows\System32\DLEAwupd.dll
[2010/09/28 17:19:48 | 000,213,672 | ---- | C] () -- C:\Windows\System32\DLEAwupd.exe
[2010/09/28 17:18:44 | 000,331,776 | ---- | C] () -- C:\Windows\System32\DLEAinst.dll
[2010/09/28 17:18:43 | 000,323,584 | ---- | C] () -- C:\Windows\System32\dleains.dll
[2010/09/28 17:18:43 | 000,262,144 | ---- | C] () -- C:\Windows\System32\dleainsb.dll
[2010/09/28 17:18:43 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dleainsr.dll
[2010/09/28 17:18:43 | 000,057,344 | ---- | C] () -- C:\Windows\System32\dleajswr.dll
[2010/09/28 17:18:42 | 000,253,952 | ---- | C] () -- C:\Windows\System32\dleacu.dll
[2010/09/28 17:18:42 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dleagrd.dll
[2010/09/28 17:18:42 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dleacub.dll
[2010/09/28 17:18:42 | 000,086,180 | ---- | C] () -- C:\Windows\System32\DLEAcfg.dll
[2010/09/28 17:18:42 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dleacur.dll
[2010/09/28 17:18:06 | 000,028,672 | ---- | C] () -- C:\Windows\System32\DLEAsmr.dll
[2010/09/28 17:18:05 | 000,299,008 | ---- | C] () -- C:\Windows\System32\DLEAsm.dll
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/07/29 18:31:03 | 000,127,824 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/04/26 20:49:36 | 000,003,584 | ---- | C] () -- C:\Users\Jean\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/09 18:01:21 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/09/10 19:56:10 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/06/08 14:58:54 | 000,360,448 | ---- | C] () -- C:\Windows\System32\dldtcoin.dll
[2009/06/08 14:55:51 | 000,102,400 | ---- | C] () -- C:\Windows\System32\dldtwupd.dll
[2009/06/08 14:55:51 | 000,017,648 | ---- | C] () -- C:\Windows\System32\dldtwupd.exe
[2009/06/08 14:55:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\dldtutil.dll
[2009/06/08 14:55:36 | 000,348,160 | ---- | C] () -- C:\Windows\System32\DLDTinst.dll
[2009/06/08 14:55:35 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dldtgrd.dll
[2009/06/08 14:55:35 | 000,180,224 | ---- | C] () -- C:\Windows\System32\dldtinsb.dll
[2009/06/08 14:55:35 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldtins.dll
[2009/06/08 14:55:35 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dldtjswr.dll
[2009/06/08 14:55:35 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dldtinsr.dll
[2009/06/08 14:55:34 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldtcub.dll
[2009/06/08 14:55:34 | 000,077,906 | ---- | C] () -- C:\Windows\System32\DLDTcfg.dll
[2009/06/08 14:55:34 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldtcu.dll
[2009/06/08 14:55:34 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dldtcur.dll
[2009/04/14 10:11:02 | 000,010,242 | ---- | C] () -- C:\Users\Jean\AppData\Roaming\wklnhst.dat
[2009/04/05 18:49:34 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/04/05 18:49:33 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1545.dll
[2009/04/05 18:49:33 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009/04/05 18:49:25 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2009/04/05 18:46:23 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/05 18:46:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/02/21 21:41:23 | 000,782,336 | ---- | C] () -- C:\Windows\System32\dldtdrs.dll
[2008/02/19 23:25:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\dldtcaps.dll
[2008/02/04 00:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/11/13 20:13:09 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dldtcnv4.dll
[2007/04/28 15:41:49 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dldtvs.dll
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,296,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >

And this one:

OTL Extras logfile created on: 19/08/2011 19:22:57 - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = c:\Users\Jean\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.97 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.63% Memory free
4.17 Gb Paging File | 3.05 Gb Available in Paging File | 73.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.75 Gb Total Space | 162.44 Gb Free Space | 72.92% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.38 Gb Free Space | 43.85% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: BOB | User Name: Jean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B53ED5-A060-4DA9-BD46-2100D54D3E89}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{3E848692-B8A2-455A-B4C7-B445203A9D26}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{7E7996DF-45CF-4DD4-8841-BA5D6781DB51}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{B73953CB-B1FD-46C5-B339-ED0DC622A989}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EB57BFA7-E0D8-4E15-945E-FAF3033E5A4F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F34E89CA-6DD9-48FB-956A-3E22D4F0D952}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05189FAA-4B37-4A29-80E7-D4A8E91AB9BE}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{095D9F86-B967-4741-B19A-428C590BD56D}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{0E499749-F1C7-40E0-AE89-365F4CAEF6DF}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{13BDD215-D4E0-4C9E-9338-CBFB4DE16284}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{14D58F9C-5D0B-4B28-A273-8CEB31075260}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldtjswx.exe |
"{1B55C02B-8175-48F1-9326-A313E2E38FA8}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{2ADE548A-5126-4CFB-9EDE-5DEBAE4C95AC}" = protocol=17 | dir=in | app=c:\program files\dell v305\dldtamon.exe |
"{2D6D51FB-F011-474C-8B10-F9C00FC6353B}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldttime.exe |
"{339EF493-0143-485C-936A-FF711748956A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{37F95B03-57CE-49FD-9875-BFB680891573}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{38745423-BD47-4FF1-B223-75ED040DAEC6}" = protocol=17 | dir=in | app=e:\hiw\tiscali.exe |
"{3AC0E5CA-9317-40A9-BDF9-09B35813EED6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4055A2CA-BF1D-448D-A252-010D4BDA34D8}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{415FC170-6FB1-4649-B2BE-E0F1F534C1D0}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{4953E67D-A1B9-484B-82DD-43AD5DF5EFA4}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldtpswx.exe |
"{4F442FC4-06AA-4BED-83F8-4CBFA73F949C}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldtpswx.exe |
"{5087A7AB-8A93-4A80-961A-43E3E3E377AB}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{511ADAD9-23F8-464B-A995-DEC218CC1574}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{53588C50-F58F-497B-ABE3-19AEAF9AACBD}" = protocol=17 | dir=in | app=c:\program files\dell v305\dldtmon.exe |
"{541A1864-D393-4E37-9143-65A0DE5F4AA0}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldtjswx.exe |
"{58C1ACD2-A881-4FDB-85E1-C99560FF38C2}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{614CDF4D-0E82-425D-87BD-0D715C73AB6D}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{6578439A-C0F2-4D01-92DE-3C17EA4DCDC8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6E55EA1E-D621-4FE0-BAA9-22D4EAB928DB}" = protocol=6 | dir=in | app=c:\program files\dell v305\dldtmon.exe |
"{753597FC-BE7B-4EA6-BF1B-4B0940BD18C3}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{7A89E6AE-74F7-4471-9EBB-C05273111485}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{87E7CF10-7B27-4381-9B4F-C4EDA43C61A1}" = protocol=17 | dir=in | app=c:\windows\system32\dldtcoms.exe |
"{88EACD29-7578-4767-9217-E3146FB02BC0}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{8A130F64-6D53-4609-86F4-C3F5A8A0A363}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B12C4A10-C9B2-4C8B-8155-92F4277B1F06}" = protocol=6 | dir=in | app=c:\program files\dell v305\dldtamon.exe |
"{BC660666-8805-4208-94C1-EFAFA2E2DBDC}" = protocol=6 | dir=in | app=c:\program files\dell v305\frun.exe |
"{C9DF404F-E056-400D-8F21-322D21371FBC}" = protocol=6 | dir=in | app=c:\windows\system32\dldtcoms.exe |
"{D2C9EDE6-C073-465C-A034-D299502EF6B6}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{D3194D47-6820-4987-B506-53550EDF2530}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldttime.exe |
"{D7A197FD-1BDA-4EF0-B6D2-24608479E665}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{DD5381FA-A67E-4C64-A2AD-C42C4AE98556}" = protocol=6 | dir=in | app=e:\hiw\tiscali.exe |
"{F8F65591-F2FF-44BB-85A5-C4A71D786A33}" = protocol=17 | dir=in | app=c:\program files\dell v305\frun.exe |
"{FAF36FEB-1E53-4BCA-98ED-83E2167F5A1A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{00FD5D40-32DA-49F4-8FD6-2408E4E0C8CB}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{4E246CD7-898A-4B4A-A2AD-B89D75D0B759}C:\program files\dell v305\dldtmon.exe" = protocol=6 | dir=in | app=c:\program files\dell v305\dldtmon.exe |
"UDP Query User{0381BD81-A81A-4714-9891-FA0DAF8D5CB2}C:\program files\dell v305\dldtmon.exe" = protocol=17 | dir=in | app=c:\program files\dell v305\dldtmon.exe |
"UDP Query User{0A578C9C-F01F-4208-85BD-77339A8B2B5A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{09B71986-2AC5-482d-B6CB-42EA34F4F85B}" = Dell Toolbar
"{09DF00E6-520C-49D5-B7E0-9612165CACA8}" = OpenOffice.org 3.2
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}" = Realtek Ethernet Network Card Diagnostic tool for Windows Vista
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4571CC76-42C4-7D67-E024-0AEB166E1C6F}" = Acrobat.com
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5BBD0D3F-E4B2-4EE4-806A-07A95D4E2683}" = Sky Broadband Browser Branding
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D593C72C-435B-4171-8106-9CA8AA34D716}" = Belkin Wireless Driver
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell V305" = Dell V305
"Dell V310-V510 Series" = Dell V310-V510 Series
"HDMI" = Intel® Graphics Media Accelerator Driver
"L211 DVD 1" = L211 DVD 1
"L211 DVD 2" = L211 DVD 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0.1 (x86 en-GB)" = Mozilla Firefox 4.0.1 (x86 en-GB)
"ShockwaveFlash" = Macromedia Flash Player 8
"U211 DVD 1" = U211 DVD 1
"U211 DVD 2" = U211 DVD 2
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Smilebox" = Smilebox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16/06/2011 13:49:09 | Computer Name = Bob | Source = WinMgmt | ID = 10
Description =

Error - 17/06/2011 02:57:14 | Computer Name = Bob | Source = WinMgmt | ID = 10
Description =

Error - 17/06/2011 06:50:38 | Computer Name = Bob | Source = WinMgmt | ID = 10
Description =

Error - 18/06/2011 04:41:28 | Computer Name = Bob | Source = WinMgmt | ID = 10
Description =

Error - 18/06/2011 11:52:27 | Computer Name = Bob | Source = WinMgmt | ID = 10
Description =

Error - 19/06/2011 01:45:40 | Computer Name = Bob | Source = WinMgmt | ID = 10
Description =

Error - 20/06/2011 12:01:10 | Computer Name = Bob | Source = WinMgmt | ID = 10
Description =

Error - 20/06/2011 13:22:50 | Computer Name = Bob | Source = WinMgmt | ID = 10
Description =

Error - 20/06/2011 15:10:08 | Computer Name = Bob | Source = WinMgmt | ID = 10
Description =

Error - 21/06/2011 12:21:40 | Computer Name = Bob | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 19/08/2011 12:50:13 | Computer Name = Bob | Source = Service Control Manager | ID = 7022
Description =

Error - 19/08/2011 12:57:22 | Computer Name = Bob | Source = HTTP | ID = 15016
Description =

Error - 19/08/2011 12:57:43 | Computer Name = Bob | Source = Service Control Manager | ID = 7009
Description =

Error - 19/08/2011 12:57:43 | Computer Name = Bob | Source = Service Control Manager | ID = 7000
Description =

Error - 19/08/2011 12:57:43 | Computer Name = Bob | Source = Service Control Manager | ID = 7009
Description =

Error - 19/08/2011 12:57:43 | Computer Name = Bob | Source = Service Control Manager | ID = 7000
Description =

Error - 19/08/2011 12:57:43 | Computer Name = Bob | Source = Service Control Manager | ID = 7026
Description =

Error - 19/08/2011 13:03:56 | Computer Name = Bob | Source = Service Control Manager | ID = 7030
Description =

Error - 19/08/2011 13:07:13 | Computer Name = Bob | Source = Service Control Manager | ID = 7030
Description =

Error - 19/08/2011 13:09:34 | Computer Name = Bob | Source = Service Control Manager | ID = 7030
Description =


< End of report >


Many thanks.
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Logs look clean. (Malwarebytes log should be in c:\users\Jean\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\ and should start with mbam-log. Sorry, I gave you the path for XP.) Are you still seeing a problem?

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 20
J2SE Runtime Environment 5.0 Update 11
Java Auto Updater

Get the latest Java at:
http://www.java.com/en/

Make sure they don't also install a McAfee antivirus scan or a Yahoo toolbar. (Read each page and uncheck any additional downloads. If one does get by you then just uninstall it afterward.)

Let's run a checkup:

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#5
Lazera

Lazera

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi.

Found the mbam log:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7501

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088

19/08/2011 17:50:36
mbam-log-2011-08-19 (17-50-36).txt

Scan type: Quick scan
Objects scanned: 159422
Time elapsed: 3 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



I didn't get any drivers come up when I scanned them. Here are the 2 VEW logs.



Vino's Event Viewer v01c run on Windows Vista in English
Report run at 22/08/2011 08:16:19

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 21/08/2011 21:49:07
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 22/08/2011 06:59:38
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 22/08/2011 08:16:19

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 21/08/2011 21:49:07
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 22/08/2011 06:59:38
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
I don't see the System logs from VEW. You posted the Application logs twice.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP