Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Being redirected occasionally to Google Search

Started by jpmboston , Mar 30 2009 11:25 PM

  • Please log in to reply

#1
jpmboston
Posted 30 March 2009 - 11:25 PM

jpmboston

    New Member

  • Member
  • Pip
  • 1 posts
I recently had trouble on a web site (Dealerrater.com). Every time I go to this site and try to click on a topic, I get redirected to Google Search mainpage. It's driving me nuts. I went through the whole removal of Malware process starting with the ATF Cleaner, System Restore, backed up my registry with ERUNT, used Malwarebytes Anti-Malware (installed and ran - came up with 4 Trojan Zlobs), downloaded Avast Anti-virus (even though I have McAfee and ran it as well- no viruses found), Updated Windows, Rebooted, problem still exists. I then used the Rooter Rootkit Detector (see log pasted below). I also downloaded Old Timer List It 2 but had a problem. When I scanned it it only gave me one note pad log (see below) and then I received an error Message and it won't go past that point. So, here I am still with this redirect/hijack problem. Can anyone help me??? I am a bit "Techie Challenged", so this may be a bit complicated for me (so please be patient and I appreciate ANY help!).

Here is the Rooter Notepad:

Microsoft Windows Vista Home Edition (6.0.6001) Service Pack 1

C:\ [Fixed] - NTFS - (Total:292356 Mo/Free:2366 Mo)
D:\ [Fixed] - NTFS - (Total:10239 Mo/Free:1828 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Tue 03/31/2009| 0:54

----------------------\\ Processes..

--Locked-- [System Process]
--Locked-- System
---------- \SystemRoot\System32\smss.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\wininit.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\services.exe
---------- C:\Windows\system32\lsass.exe
---------- C:\Windows\system32\lsm.exe
---------- C:\Windows\system32\winlogon.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\svchost.exe
--Locked-- audiodg.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\SLsvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Program Files\Dell\DellDock\DockLogin.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
---------- C:\Program Files\Alwil Software\Avast4\ashServ.exe
---------- C:\Windows\system32\WLANExt.exe
---------- C:\Windows\System32\spoolsv.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\aestsrv.exe
---------- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
---------- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
---------- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
---------- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
---------- C:\Program Files\McAfee\MPF\MPFSrv.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
---------- C:\Windows\system32\STacSV.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\SearchIndexer.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Windows\system32\DRIVERS\xaudio.exe
---------- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
---------- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
---------- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
---------- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
---------- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
---------- c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
---------- c:\PROGRA~1\mcafee.com\agent\mcagent.exe
---------- C:\Windows\system32\Dwm.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Windows\Explorer.EXE
---------- C:\Program Files\Dell\DellDock\DellDock.exe
---------- C:\Program Files\Windows Defender\MSASCui.exe
---------- C:\Program Files\DellTPad\Apoint.exe
---------- C:\Windows\OEM02Mon.exe
---------- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
---------- C:\Windows\System32\hkcmd.exe
---------- C:\Windows\System32\igfxpers.exe
---------- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
---------- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
---------- C:\Program Files\Dell\MediaDirect\PCMService.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
---------- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
---------- C:\Windows\system32\igfxsrvc.exe
---------- C:\Program Files\Digital Line Detect\DLG.exe
---------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
---------- C:\Program Files\Logitech\SetPoint\SetPoint.exe
---------- C:\Program Files\Dell\QuickSet\quickset.exe
---------- C:\Windows\system32\wbem\wmiprvse.exe
---------- C:\Program Files\DellTPad\ApMsgFwd.exe
---------- C:\Program Files\DellTPad\HidFind.exe
---------- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
---------- C:\Program Files\DellTPad\Apntex.exe
---------- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\winlogon.exe
---------- c:\PROGRA~1\mcafee.com\agent\mcagent.exe
---------- C:\Windows\system32\Dwm.exe
---------- C:\Windows\Explorer.EXE
---------- C:\Windows\system32\taskeng.exe
---------- C:\Program Files\Windows Defender\MSASCui.exe
---------- C:\Program Files\DellTPad\Apoint.exe
---------- C:\Windows\OEM02Mon.exe
---------- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
---------- C:\Windows\System32\hkcmd.exe
---------- C:\Windows\System32\igfxpers.exe
---------- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
---------- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
---------- C:\Program Files\Dell\MediaDirect\PCMService.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
---------- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
---------- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
---------- C:\Program Files\Digital Line Detect\DLG.exe
---------- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
---------- C:\Program Files\Logitech\SetPoint\SetPoint.exe
---------- C:\Program Files\Dell\QuickSet\quickset.exe
---------- C:\Windows\system32\igfxsrvc.exe
---------- C:\Program Files\DellTPad\ApMsgFwd.exe
---------- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
---------- C:\Program Files\DellTPad\HidFind.exe
---------- C:\Program Files\DellTPad\Apntex.exe
---------- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
---------- C:\Windows\System32\mobsync.exe
---------- C:\Program Files\Internet Explorer\ieuser.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Windows\system32\DllHost.exe
---------- C:\Windows\system32\DllHost.exe
---------- C:\Users\Jon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BK15MJO1\Rooter[1].exe
---------- C:\Windows\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Tue 03/31/2009| 0:55

----------------------\\ Scan completed at 0:55





Here is the OTListIt - Notepad:

OTListIt logfile created on: 3/31/2009 1:07:30 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Users\Jon\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 93.92% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 222.28 Gb Free Space | 77.85% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.79 Gb Free Space | 57.86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KRISTEN-PC
Current User Name: Jon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Windows\system32\aestsrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe ()
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Windows\system32\STacSV.exe (IDT, Inc.)
PRC - C:\Windows\system32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Windows\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe ()
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Program Files\DellTPad\HidFind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE (Logitech, Inc.)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Windows\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Users\Jon\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AESTFilters [Auto | Running]) -- C:\Windows\system32\aestsrv.exe (Andrea Electronics Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DockLoginService [Auto | Running]) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager-010708-104812 [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (GoToAssist [On_Demand | Stopped]) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (LBTServ [On_Demand | Stopped]) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (LeapFrog Connect Device Service [Auto | Running]) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe ()
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Stopped]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (SBSDWSCService [Auto | Running]) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (STacSV [Auto | Running]) -- C:\Windows\system32\STacSV.exe (IDT, Inc.)
SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (XAudioService [Auto | Running]) -- C:\Windows\system32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\Windows\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt [Auto | Running]) -- C:\Windows\system32\DRIVERS\aswMonFlt.sys (ALWIL Software)
DRV - (aswRdr [System | Running]) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (b57nd60x [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\b57nd60x.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (e1express [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\e1e6032.sys (Intel Corporation)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (FlyUsb [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\FlyUsb.sys (LeapFrog)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (iaStor [Boot | Running]) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (iaStorV [Boot | Running]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (igfx [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LHidFilt [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV - (LMouFilt [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (mdmxsdk [Auto | Running]) -- C:\Windows\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (mfeavfk [On_Demand | Running]) -- C:\Windows\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\Windows\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\Windows\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Stopped]) -- C:\Windows\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\Windows\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (NETw4v32 [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\NETw4v32.sys (Intel Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (NWADI [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\NWADIenum.sys (Novatel Wireless Inc)
DRV - (NWUSBModem [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (NWUSBPort [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\nwusbser.sys (Novatel Wireless Inc.)
DRV - (NWUSBPort2 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\nwusbser2.sys (Novatel Wireless Inc.)
DRV - (OEM02Dev [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (OEM02Vfx [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (R300 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (rimmptsk [Auto | Running]) -- C:\Windows\system32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [Auto | Running]) -- C:\Windows\system32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [Auto | Running]) -- C:\Windows\system32\DRIVERS\rixdptsk.sys (REDC)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (STHDA [On_Demand | Running]) -- C:\Windows\system32\drivers\stwrt.sys (IDT, Inc.)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (winachsf [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio [Auto | Running]) -- C:\Windows\system32\DRIVERS\xaudio.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...amp;ibd=5080603
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/30 00:46:12 | 00,000,000 | ---D | M]


O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s (Creative Technology Ltd.)
O4 - HKLM..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" ( )
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE (Logitech, Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe" ()
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Sites: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Sites: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Sites: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\system32\igfxdev.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\autoexec.bat () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/03/31 01:03:54 | 00,498,688 | ---- | C] (OldTimer Tools) -- C:\Users\Jon\Desktop\OTListIt2.exe
[2009/03/31 00:54:57 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/30 03:56:24 | 37,738,9087 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/03/30 00:41:25 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/03/30 00:41:24 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/03/30 00:41:22 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/03/30 00:41:21 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/03/30 00:41:21 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/03/30 00:41:21 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/03/30 00:41:18 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/03/30 00:41:13 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/03/30 00:31:41 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/03/30 00:31:38 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/03/30 00:31:36 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/03/30 00:31:19 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/03/30 00:31:10 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/03/30 00:14:46 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2009/03/30 00:14:46 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2009/03/30 00:14:46 | 00,001,851 | ---- | C] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/03/30 00:14:44 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2009/03/30 00:14:44 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
[2009/03/30 00:14:44 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2009/03/30 00:14:31 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2009/03/30 00:14:31 | 00,380,928 | ---- | C] () -- C:\Windows\System32\actskin4.ocx
[2009/03/30 00:14:31 | 00,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2009/03/30 00:08:46 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/03/29 23:55:50 | 00,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Malwarebytes
[2009/03/29 23:55:46 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/03/29 23:55:46 | 00,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/29 23:55:43 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/03/29 23:55:41 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/03/29 23:55:41 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/29 23:54:19 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/03/29 23:53:23 | 00,000,735 | ---- | C] () -- C:\Users\Jon\Desktop\NTREGOPT.lnk
[2009/03/29 23:53:23 | 00,000,716 | ---- | C] () -- C:\Users\Jon\Desktop\ERUNT.lnk
[2009/03/29 23:53:22 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/03/29 23:51:36 | 00,009,334 | ---- | C] () -- C:\Users\Jon\Desktop\SysRestorePoint_v13.zip
[2009/03/16 01:23:29 | 00,028,672 | ---- | C] () -- C:\Users\Jon\Documents\Bernardi Honda.doc
[2009/03/15 22:38:53 | 00,273,920 | ---- | C] () -- C:\Users\Jon\Documents\NYAF - Overcoming Objections Training.doc
[2009/03/11 07:57:10 | 10,622,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/03/11 07:57:09 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/03/11 07:57:07 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/03/11 07:57:07 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/03/11 07:57:07 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/03/11 07:57:04 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/03/11 07:57:02 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/03/03 21:38:38 | 00,001,057 | ---- | C] () -- C:\Users\Jon\Desktop\Spybot - Search & Destroy.lnk
[2009/03/03 21:38:31 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/03/03 21:38:31 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/03/03 21:27:53 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/03/02 21:51:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2009/03/02 21:51:45 | 00,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\Downloaded Installations
[2009/03/01 22:32:09 | 00,326,144 | ---- | C] () -- C:\Users\Jon\Documents\NYAF - Client Development Training.doc

========== Files - Modified Within 30 Days ==========

[2009/03/31 01:07:24 | 00,016,287 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2009/03/31 01:06:20 | 00,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/03/31 01:06:19 | 00,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/03/31 01:06:18 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/03/31 01:06:10 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/03/31 01:06:07 | 32,107,84768 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/31 01:05:04 | 03,712,414 | -H-- | M] () -- C:\Users\Jon\AppData\Local\IconCache.db
[2009/03/31 01:03:55 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\Users\Jon\Desktop\OTListIt2.exe
[2009/03/30 04:01:30 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/03/30 04:01:30 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/03/30 04:01:29 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/03/30 03:57:02 | 37,738,9087 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/03/30 00:14:46 | 00,001,851 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/03/30 00:14:43 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/03/29 23:55:46 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/29 23:53:23 | 00,000,735 | ---- | M] () -- C:\Users\Jon\Desktop\NTREGOPT.lnk
[2009/03/29 23:53:23 | 00,000,716 | ---- | M] () -- C:\Users\Jon\Desktop\ERUNT.lnk
[2009/03/29 23:51:37 | 00,009,334 | ---- | M] () -- C:\Users\Jon\Desktop\SysRestorePoint_v13.zip
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/03/16 22:44:36 | 00,028,672 | ---- | M] () -- C:\Users\Jon\Documents\Bernardi Honda.doc
[2009/03/16 01:22:18 | 00,273,920 | ---- | M] () -- C:\Users\Jon\Documents\NYAF - Overcoming Objections Training.doc
[2009/03/15 01:52:25 | 00,000,336 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2009/03/12 03:08:41 | 00,282,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/03/03 21:38:38 | 00,001,057 | ---- | M] () -- C:\Users\Jon\Desktop\Spybot - Search & Destroy.lnk
[2009/03/02 03:06:35 | 00,326,144 | ---- | M] () -- C:\Users\Jon\Documents\NYAF - Client Development Training.doc
[2009/03/01 02:00:05 | 00,000,328 | ---- | M] () -- C:\Windows\tasks\McQcTask.job

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >




PLEASE HELP! THANK YOU!!!
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP