Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google redirect / website search function issues

Started by Zetan , Mar 31 2011 01:44 PM

  • Please log in to reply

#1
Zetan
Posted 31 March 2011 - 01:44 PM

Zetan

    New Member

  • Member
  • Pip
  • 1 posts
A couple of days ago, most of my google search clicks were being redirected. This happened once in a while, in the past, but I never thought anything of it as it happened rarely. However, recently, it's been happening a lot.

I ran Avast!, which found some infections, and the incriminating files were put into the quarantine chest. Now, whenever I go on certain websites such as ebay and amazon, the search function won't respond - regardless whether I click on 'search' / magnifying glass icon or type return.

For the past hour, I've been running OTM, GooredFix, TDSSKiller and ERUNT. I've just finished running OTS and have enclosed the log. Any help would be appreciated.

Cheers.



OTS logfile created on: 31/03/2011 20:23:49 - Run 1
OTS by OldTimer - Version 3.1.42.0 Folder = C:\Documents and Settings\Robert Ashton\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.76 Gb Total Space | 105.07 Gb Free Space | 45.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 3.72 Gb Total Space | 0.89 Gb Free Space | 23.97% Space Free | Partition Type: FAT32
Drive K: | 298.09 Gb Total Space | 136.54 Gb Free Space | 45.80% Space Free | Partition Type: NTFS
Drive L: | 3.83 Gb Total Space | 2.17 Gb Free Space | 56.58% Space Free | Partition Type: FAT32
Drive N: | 1.46 Mb Total Space | 1.27 Mb Free Space | 86.86% Space Free | Partition Type: FAT

Computer Name: DG8CBT1J
Current User Name: Robert Ashton
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Robert Ashton\Desktop\OTS.exe -> [2011/03/31 20:21:22 | 000,645,632 | ---- | M] (OldTimer Tools)
avastui.exe -> C:\Program Files\Alwil Software\Avast5\AvastUI.exe -> [2011/01/13 09:47:34 | 003,396,624 | ---- | M] (AVAST Software)
avastsvc.exe -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2011/01/13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software)
vsmon.exe -> C:\WINDOWS\system32\ZoneLabs\vsmon.exe -> [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD)
zlclient.exe -> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe -> [2010/06/23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD)
iswsvc.exe -> C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -> [2010/05/26 14:35:18 | 000,493,032 | ---- | M] (Check Point Software Technologies)
forcefield.exe -> C:\Program Files\CheckPoint\ZAForceField\ForceField.exe -> [2010/05/26 14:35:14 | 000,730,600 | ---- | M] (Check Point Software Technologies)
teatimer.exe -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -> [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.)
yahooauservice.exe -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
photoshopelementsfileagent.exe -> C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -> [2007/09/11 00:45:04 | 000,124,832 | ---- | M] ()
pg2.exe -> C:\Program Files\PeerGuardian2\pg2.exe -> [2005/09/18 19:44:02 | 001,382,400 | ---- | M] (Methlabs)
ctsysvol.exe -> C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe -> [2003/09/17 10:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd)
wzqkpick.exe -> C:\Program Files\WinZip\WZQKPICK.EXE -> [2003/02/11 08:10:00 | 000,106,560 | ---- | M] (WinZip Computing, Inc.)

[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Robert Ashton\Desktop\OTS.exe -> [2011/03/31 20:21:22 | 000,645,632 | ---- | M] (OldTimer Tools)
snxhk.dll -> C:\Program Files\Alwil Software\Avast5\snxhk.dll -> [2011/01/13 09:47:35 | 000,189,728 | ---- | M] (AVAST Software)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll -> [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation)
iswshex.dll -> C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll -> [2010/05/26 14:35:24 | 000,640,488 | ---- | M] (Check Point Software Technologies)
msvcr80.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll -> [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation)
msvcp80.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll -> [2009/07/12 01:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation)
serwvdrv.dll -> C:\WINDOWS\system32\serwvdrv.dll -> [2004/08/04 05:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation)
umdmxfrm.dll -> C:\WINDOWS\system32\umdmxfrm.dll -> [2004/08/04 05:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(AppMgmt) Application Management [On_Demand | Stopped] -> -> File not found
(avast! Antivirus) avast! Antivirus [Auto | Running] -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2011/01/13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software)
(vsmon) TrueVector Internet Monitor [Auto | Running] -> C:\WINDOWS\System32\ZoneLabs\vsmon.exe -> [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD)
(IswSvc) ZoneAlarm Toolbar IswSvc [Auto | Running] -> C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -> [2010/05/26 14:35:18 | 000,493,032 | ---- | M] (Check Point Software Technologies)
(getPlusHelper) getPlus® Helper [On_Demand | Stopped] -> C:\Program Files\NOS\bin\getPlus_Helper.dll -> [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.)
(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2009/06/05 17:15:03 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.)
(YahooAUService) Yahoo! Updater [Auto | Running] -> C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -> [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.)
(AdobeActiveFileMonitor6.0) Adobe Active File Monitor V6 [Auto | Running] -> C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -> [2007/09/11 00:45:04 | 000,124,832 | ---- | M] ()
(DSBrokerService) DSBrokerService [On_Demand | Stopped] -> C:\Program Files\DellSupport\brkrsvc.exe -> [2007/03/07 15:47:46 | 000,076,848 | ---- | M] ()

[Driver Services - Safe List]
(aswSP) aswSP [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\aswSP.sys -> [2011/01/13 09:41:16 | 000,294,608 | ---- | M] (AVAST Software)
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\aswTdi.sys -> [2011/01/13 09:40:16 | 000,047,440 | ---- | M] (AVAST Software)
(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> C:\WINDOWS\System32\drivers\aswmon2.sys -> [2011/01/13 09:40:04 | 000,100,176 | ---- | M] (AVAST Software)
(aswRdr) aswRdr [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\aswRdr.sys -> [2011/01/13 09:37:30 | 000,023,632 | ---- | M] (AVAST Software)
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\aavmker4.sys -> [2011/01/13 09:37:11 | 000,029,392 | ---- | M] (AVAST Software)
(aswFsBlk) aswFsBlk [File_System | Auto | Running] -> C:\WINDOWS\System32\drivers\aswFsBlk.sys -> [2011/01/13 09:37:09 | 000,017,744 | ---- | M] (AVAST Software)
(ISWKL) ZoneAlarm Toolbar ISWKL [Kernel | Auto | Running] -> C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -> [2010/05/26 14:35:10 | 000,026,352 | ---- | M] (Check Point Software Technologies)
(vsdatant) vsdatant [Kernel | System | Running] -> C:\WINDOWS\system32\vsdatant.sys -> [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD)
(srescan) srescan [Kernel | Boot | Running] -> C:\WINDOWS\system32\ZoneLabs\srescan.sys -> [2008/11/17 02:24:00 | 000,051,688 | ---- | M] (Check Point Software Technologies LTD)
(ST330) ST330 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\st330.sys -> [2007/03/19 21:58:00 | 000,030,464 | R--- | M] (THOMSON Telecom Belgium)
(STBUS) STBUS [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\stbus.sys -> [2007/03/19 21:58:00 | 000,012,672 | R--- | M] (THOMSON Telecom Belgium)
(dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\dsunidrv.sys -> [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.)
(DSproct) DSproct [Kernel | On_Demand | Stopped] -> C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -> [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.)
(STHDA) High Definition Audio Driver (WDM) - SigmaTel CODEC [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\sthda.sys -> [2005/03/31 19:22:16 | 000,180,096 | ---- | M] (SigmaTel, Inc.)
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ati2mtag.sys -> [2005/03/30 05:03:06 | 001,035,264 | ---- | M] (ATI Technologies Inc.)
(NAL) Nal Service [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\iqvw32.sys -> [2004/11/02 15:12:14 | 000,019,456 | ---- | M] (Intel Corporation )
(IntelC53) IntelC53 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\IntelC53.sys -> [2004/06/16 03:52:40 | 000,061,157 | ---- | M] (Intel Corporation)
(P17) Sound Blaster Live! 24-bit [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\P17.sys -> [2004/06/09 17:16:00 | 000,840,960 | ---- | M] (Creative Technology Ltd.)
(IntelC52) IntelC52 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\IntelC52.sys -> [2004/03/06 04:15:34 | 000,647,929 | ---- | M] (Intel Corporation)
(IntelC51) IntelC51 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\IntelC51.sys -> [2004/03/06 04:14:42 | 001,233,525 | ---- | M] (Intel Corporation)
(mohfilt) mohfilt [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mohfilt.sys -> [2004/03/06 04:13:38 | 000,037,048 | ---- | M] (Intel Corporation)
(alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\alcan5wn.sys -> [2003/12/08 12:53:48 | 000,053,600 | ---- | M] (THOMSON)
(alcaudsl) SpeedTouch ADSL Modem ATM Transport [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\alcaudsl.sys -> [2003/12/08 12:53:46 | 000,070,688 | ---- | M] (THOMSON)
(ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ctsfm2k.sys -> [2003/09/22 13:48:00 | 000,130,192 | ---- | M] (Creative Technology Ltd)
(ossrv) Creative OS Services Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ctoss2k.sys -> [2003/09/22 13:47:00 | 000,178,672 | ---- | M] (Creative Technology Ltd.)
(PfModNT) PfModNT [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\Pfmodnt.sys -> [2003/03/05 18:19:00 | 000,015,840 | ---- | M] (Creative Technology Ltd.)
(omci) OMCI WDM Device Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\omci.sys -> [2002/11/08 19:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: Main\\"Default_Page_URL" -> http://www.dell.co.uk/myway ->
HKEY_USERS\.DEFAULT\: Main\\"First Home Page" -> http://www.dell.co.uk/myway ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: Main\\"Default_Page_URL" -> http://www.dell.co.uk/myway ->
HKEY_USERS\S-1-5-18\: Main\\"First Home Page" -> http://www.dell.co.uk/myway ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-371757489-1780262812-3310583448-1006\] > -> ->
HKEY_USERS\S-1-5-21-371757489-1780262812-3310583448-1006\: Main\\"Start Page" -> http://www.google.co.uk/ ->
HKEY_USERS\S-1-5-21-371757489-1780262812-3310583448-1006\: URLSearchHooks\\"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}" [HKLM] -> C:\Program Files\ZoneAlarm\tbZone.dll [ZoneAlarm Toolbar] -> [2010/05/09 11:50:18 | 002,517,088 | ---- | M] (Conduit Ltd.)
HKEY_USERS\S-1-5-21-371757489-1780262812-3310583448-1006\: "ProxyEnable" -> 0 ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Robert Ashton\Application Data\Mozilla\FireFox\Profiles\cnujbrxv.default\prefs.js ->
browser.search.suggest.enabled -> false ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://www.basenotes....net/forum.php" ->
extensions.enabledItems -> [email protected]:1.19.1 ->
extensions.enabledItems -> {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 ->
extensions.enabledItems -> [email protected]:1.0 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 ->
extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 ->
extensions.enabledItems -> {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.7 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 ->
extensions.enabledItems -> [email protected]:2.5.2 ->
< FireFox Settings [User.js] > -> C:\Documents and Settings\Robert Ashton\Application Data\Mozilla\FireFox\Profiles\cnujbrxv.default\user.js ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} -> C:\Program Files\CheckPoint\ZAForceField\Trustchecker [C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER] -> [2011/02/07 12:09:08 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2011/03/29 07:09:48 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2011/03/24 01:22:40 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\Robert Ashton\Application Data\Mozilla\Extensions -> [2008/12/06 01:35:59 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Robert Ashton\Application Data\Mozilla\Firefox\Profiles\cnujbrxv.default\extensions -> [2011/03/31 19:52:18 | 000,000,000 | ---D | M]
MeasureIt -> C:\Documents and Settings\Robert Ashton\Application Data\Mozilla\Firefox\Profiles\cnujbrxv.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0} -> [2011/03/25 08:18:57 | 000,000,000 | ---D | M]
DownloadHelper -> C:\Documents and Settings\Robert Ashton\Application Data\Mozilla\Firefox\Profiles\cnujbrxv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} -> [2011/03/18 20:35:33 | 000,000,000 | ---D | M]
Adblock Plus -> C:\Documents and Settings\Robert Ashton\Application Data\Mozilla\Firefox\Profiles\cnujbrxv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2011/03/28 03:52:39 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Robert Ashton\Application Data\Mozilla\Firefox\Profiles\cnujbrxv.default\extensions\[email protected] -> [2010/12/11 12:15:24 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\Robert Ashton\Application Data\Mozilla\Firefox\Profiles\cnujbrxv.default\extensions\[email protected] -> [2011/03/14 16:54:08 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > ->
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2011/03/31 19:52:18 | 000,000,000 | ---D | M]
Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -> [2010/05/01 08:06:34 | 000,000,000 | ---D | M]
Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} -> [2010/08/06 07:14:01 | 000,000,000 | ---D | M]
Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} -> [2010/11/01 08:56:55 | 000,000,000 | ---D | M]
Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} -> [2011/01/01 15:55:49 | 000,000,000 | ---D | M]
Java Console -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} -> [2011/03/01 15:58:13 | 000,000,000 | ---D | M]
British English Dictionary -> C:\DOCUMENTS AND SETTINGS\ROBERT ASHTON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CNUJBRXV.DEFAULT\EXTENSIONS\[email protected] -> [2010/12/11 12:15:24 | 000,000,000 | ---D | M]
Redirector -> C:\DOCUMENTS AND SETTINGS\ROBERT ASHTON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CNUJBRXV.DEFAULT\EXTENSIONS\[email protected] -> [2011/03/14 16:54:08 | 000,000,000 | ---D | M]
Java Quick Starter -> C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF -> [2009/01/11 12:23:54 | 000,000,000 | ---D | M]
< HOSTS File > ([2011/03/31 20:11:22 | 000,000,000 | ---- | M] - 0 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
Reset Hosts
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> [2007/09/13 14:31:40 | 001,312,040 | ---- | M] (Skype Technologies S.A.)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 16:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\dla\tfswshx.dll [DriveLetterAccess] -> [2005/05/31 06:33:00 | 000,118,844 | ---- | M] (Sonic Solutions)
{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} [HKLM] -> C:\Program Files\ZoneAlarm\tbZone.dll [ZoneAlarm Toolbar] -> [2010/05/09 11:50:18 | 002,517,088 | ---- | M] (Conduit Ltd.)
{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} [HKLM] -> C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll [ZoneAlarm Security Engine Registrar] -> [2010/05/26 14:35:28 | 000,591,336 | ---- | M] (Check Point Software Technologies)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}" [HKLM] -> C:\Program Files\ZoneAlarm\tbZone.dll [ZoneAlarm Toolbar] -> [2010/05/09 11:50:18 | 002,517,088 | ---- | M] (Conduit Ltd.)
"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" [HKLM] -> C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll [ZoneAlarm Security Engine] -> [2010/05/26 14:35:28 | 000,591,336 | ---- | M] (Check Point Software Technologies)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-371757489-1780262812-3310583448-1006\] > -> HKEY_USERS\S-1-5-21-371757489-1780262812-3310583448-1006\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}" [HKLM] -> C:\Program Files\ZoneAlarm\tbZone.dll [ZoneAlarm Toolbar] -> [2010/05/09 11:50:18 | 002,517,088 | ---- | M] (Conduit Ltd.)
WebBrowser\\"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" [HKLM] -> C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll [ZoneAlarm Security Engine] -> [2010/05/26 14:35:28 | 000,591,336 | ---- | M] (Check Point Software Technologies)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"avast5" -> C:\Program Files\Alwil Software\Avast5\AvastUI.exe [C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui] -> [2011/01/13 09:47:34 | 003,396,624 | ---- | M] (AVAST Software)
"CTSysVol" -> C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe [C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r] -> [2003/09/17 10:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd)
"ISW" -> C:\Program Files\CheckPoint\ZAForceField\ForceField.exe ["C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"] -> [2010/05/26 14:35:14 | 000,730,600 | ---- | M] (Check Point Software Technologies)
"P17Helper" -> C:\WINDOWS\System32\P17.dll [Rundll32 P17.dll,P17Helper] -> [2004/06/10 16:51:00 | 000,060,928 | ---- | M] ()
"SigmatelSysTrayApp" -> C:\WINDOWS\STSYSTRA.EXE [stsystra.exe] -> [2005/03/22 23:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.)
"UpdReg" -> C:\WINDOWS\Updreg.EXE [C:\WINDOWS\UpdReg.EXE] -> [2000/05/11 01:00:00 | 000,090,112 | ---- | M] (Creative Technology Ltd.)
"ZoneAlarm Client" -> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe ["C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"] -> [2010/06/23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD)
< Run [HKEY_USERS\S-1-5-21-371757489-1780262812-3310583448-1006\] > -> HKEY_USERS\S-1-5-21-371757489-1780262812-3310583448-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Messenger (Yahoo!)" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe ["C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> [2010/06/01 11:17:48 | 005,252,408 | ---- | M] (Yahoo! Inc.)
"PeerGuardian" -> C:\Program Files\PeerGuardian2\pg2.exe [C:\Program Files\PeerGuardian2\pg2.exe] -> [2005/09/18 19:44:02 | 001,382,400 | ---- | M] (Methlabs)
"SpybotSD TeaTimer" -> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE -> [2003/02/11 08:10:00 | 000,106,560 | ---- | M] (WinZip Computing, Inc.)
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Guest Startup Folder > -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup ->
< Robert Ashton Startup Folder > -> C:\Documents and Settings\Robert Ashton\Start Menu\Programs\Startup ->
C:\Documents and Settings\Robert Ashton\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE -> [2005/10/20 12:04:08 | 000,038,912 | ---- | M] ()
< Software Policy Settings [HKEY_USERS\S-1-5-21-371757489-1780262812-3310583448-1006] > -> HKEY_USERS\S-1-5-21-371757489-1780262812-3310583448-1006\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
\\"NoCDBurning" -> [0] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-371757489-1780262812-3310583448-1006] > -> HKEY_USERS\S-1-5-21-371757489-1780262812-3310583448-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-371757489-1780262812-3310583448-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-371757489-1780262812-3310583448-1006] > -> HKEY_USERS\S-1-5-21-371757489-1780262812-3310583448-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Button: Skype] -> [2007/09/13 14:31:40 | 001,312,040 | ---- | M] (Skype Technologies S.A.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 16:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Value error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Value error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-371757489-1780262812-3310583448-1006\] > -> HKEY_USERS\S-1-5-21-371757489-1780262812-3310583448-1006\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Value error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7630 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7654 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 78 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7654 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 78 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4210 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 78 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4210 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 78 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-371757489-1780262812-3310583448-1006\] > -> HKEY_USERS\S-1-5-21-371757489-1780262812-3310583448-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-371757489-1780262812-3310583448-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 11312 domain(s) found. ->
internet .[about] -> Internet ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-371757489-1780262812-3310583448-1006\] > -> HKEY_USERS\S-1-5-21-371757489-1780262812-3310583448-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-371757489-1780262812-3310583448-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 78 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> Reg Error: Value error. [Windows Genuine Advantage Validation Tool] ->
{193C772A-87BE-4B19-A7BB-445B226FE9A1} [HKLM] -> http://download.ewid...oOnlineScan.cab [ewidoOnlineScan Control] ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} [HKLM] -> http://office.micros...ntent/opuc3.cab [Office Update Installation Engine] ->
{5ED80217-570B-4DA9-BF44-BE107C0EC166} [HKLM] -> http://cdn.scan.onec...wlscbase370.cab [Windows Live Safety Center Base Module] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> Reg Error: Value error. [MUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_24] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.ma...t/ultrashim.cab [Reg Error: Key error.] ->
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} [HKLM] -> Reg Error: Value error. [Reg Error: Key error.] ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_24] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/...indows-i586.cab [Java Plug-in 1.6.0_24] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.0.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{6C7A3E9C-0618-4166-B0B9-0A6C0B38F54E}\\DhcpNameServer -> 192.168.0.1 (Intel® PRO/100 VE Network Connection) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Program Files\uTorrent\uTorrent.exe" -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [2008/08/20 07:58:05 | 000,268,592 | ---- | M] (BitTorrent, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2010/06/01 11:17:48 | 005,252,408 | ---- | M] (Yahoo! Inc.)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" -> C:\WINDOWS\System32\ZoneLabs\vsmon.exe [C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon] -> [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004/08/10 13:04:08 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< AppCertDlls [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = ComFile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->

[Registry - Additional Scans - Safe List]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->
SpeedTouch USB Diagnostics hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe -> [2007/06/11 07:06:16 | 000,901,120 | ---- | M] (THOMSON Telecom Belgium)
< Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 ->
"msacm.divxa32" -> C:\WINDOWS\System32\msaud32_divx.acm [msaud32_divx.acm] -> [2003/02/03 07:01:02 | 000,186,368 | ---- | M] (Microsoft Corporation)
"msacm.iac2" -> C:\WINDOWS\system32\iac25_32.ax [C:\WINDOWS\system32\iac25_32.ax] -> [2008/04/14 01:12:42 | 000,199,680 | ---- | M] (Intel Corporation)
"msacm.l3acm" -> C:\WINDOWS\system32\l3codeca.acm [C:\WINDOWS\system32\l3codeca.acm] -> [2010/01/29 15:43:39 | 000,307,260 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS)
"msacm.sl_anet" -> C:\WINDOWS\System32\sl_anet.acm [sl_anet.acm] -> [2008/04/14 01:10:50 | 000,086,016 | ---- | M] (Sipro Lab Telecom Inc.)
"msacm.trspch" -> C:\WINDOWS\System32\tssoft32.acm [tssoft32.acm] -> [2004/08/04 05:00:00 | 000,008,192 | ---- | M] (DSP GROUP, INC.)
"vidc.3IV2" -> C:\WINDOWS\System32\3ivxVfWCodec.dll [3ivxVfWCodec.dll] -> [2003/11/18 13:49:44 | 000,282,624 | ---- | M] (3ivx.com)
"vidc.cvid" -> C:\WINDOWS\System32\iccvid.dll [iccvid.dll] -> [2010/06/17 15:03:00 | 000,080,384 | ---- | M] (Radius Inc.)
"vidc.iv31" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004/08/04 05:00:00 | 000,199,168 | ---- | M] ()
"vidc.iv32" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004/08/04 05:00:00 | 000,199,168 | ---- | M] ()
"vidc.iv41" -> C:\WINDOWS\System32\ir41_32.ax [ir41_32.ax] -> [2008/04/14 01:12:42 | 000,848,384 | ---- | M] (Intel Corporation)
"vidc.iv50" -> C:\WINDOWS\System32\ir50_32.dll [ir50_32.dll] -> [2008/04/14 01:11:55 | 000,755,200 | ---- | M] (Intel Corporation)
"vidc.XVID" -> C:\WINDOWS\System32\xvidvfw.dll [xvidvfw.dll] -> [2007/06/28 18:54:10 | 000,180,224 | ---- | M] ()
"wave1" -> C:\WINDOWS\System32\serwvdrv.dll [serwvdrv.dll] -> [2004/08/04 05:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation)
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 -> -> File not found
AppMgmt -> -> File not found
Ias -> -> File not found
Iprip -> -> File not found
Irmon -> -> File not found
NWCWorkstation -> -> File not found
Nwsapagent -> -> File not found
WmdmPmSp -> -> File not found
*MultiFile Done* -> ->
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
AppMgmt -> -> File not found
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
Primary disk -> Driver Group
SCSI Class -> Driver Group
sermouse.sys -> Driver
System Bus Extender -> Driver Group
vds -> Service
vga.sys -> Driver
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
batfile [open] -> "%1" %* ->
cmdfile [open] -> "%1" %* ->
comfile [open] -> "%1" %* ->
cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* ->
exefile [open] -> "%1" %* ->
http [open] -> "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" -> [2011/03/23 18:49:21 | 001,004,088 | ---- | M] (Google Inc.)
https [open] -> "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" -> [2011/03/23 18:49:21 | 001,004,088 | ---- | M] (Google Inc.)
InternetShortcut [open] -> rundll32.exe ieframe.dll,OpenURL %l ->
piffile [open] -> "%1" %* ->
scrfile [config] -> "%1" ->
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l ->
scrfile [open] -> "%1" /S ->
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 ->
Directory [find] -> %SystemRoot%\Explorer.exe -> [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L -> [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L -> [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe -> [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Antivirus [ Error ] 06/03/2008 05:47:06 Computer Name = DG8CBT1J | Source = avast! | ID = 33554522 -> Description =
Antivirus [ Error ] 07/04/2008 13:53:21 Computer Name = DG8CBT1J | Source = avast! | ID = 33554522 -> Description =
Antivirus [ Error ] 05/08/2008 16:58:17 Computer Name = DG8CBT1J | Source = avast! | ID = 33554522 -> Description =
Antivirus [ Error ] 05/08/2008 16:58:17 Computer Name = DG8CBT1J | Source = avast! | ID = 33554522 -> Description =
Antivirus [ Error ] 05/04/2010 17:40:13 Computer Name = DG8CBT1J | Source = avast! | ID = 33554522 -> Description =
Antivirus [ Error ] 05/04/2010 17:40:13 Computer Name = DG8CBT1J | Source = avast! | ID = 33554522 -> Description =
Antivirus [ Error ] 05/04/2010 17:40:29 Computer Name = DG8CBT1J | Source = avast! | ID = 33554522 -> Description =
Antivirus [ Error ] 05/04/2010 17:42:24 Computer Name = DG8CBT1J | Source = avast! | ID = 33554522 -> Description =
Antivirus [ Error ] 05/04/2010 18:01:31 Computer Name = DG8CBT1J | Source = avast! | ID = 33554522 -> Description =
Antivirus [ Error ] 06/04/2010 10:05:38 Computer Name = DG8CBT1J | Source = avast! | ID = 33554522 -> Description =
Application [ Error ] 24/01/2011 19:14:33 Computer Name = DG8CBT1J | Source = crypt32 | ID = 131083 -> Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Application [ Error ] 24/01/2011 20:04:06 Computer Name = DG8CBT1J | Source = Application Error | ID = 1000 -> Description = Faulting application skype.exe, version 3.5.0.239, faulting module skype.exe, version 3.5.0.239, fault address 0x004ba478.
Application [ Error ] 24/01/2011 20:49:09 Computer Name = DG8CBT1J | Source = Application Error | ID = 1000 -> Description = Faulting application skype.exe, version 3.5.0.239, faulting module skype.exe, version 3.5.0.239, fault address 0x004ba478.
Application [ Error ] 24/01/2011 21:24:39 Computer Name = DG8CBT1J | Source = Application Error | ID = 1000 -> Description = Faulting application skype.exe, version 3.5.0.239, faulting module skype.exe, version 3.5.0.239, fault address 0x004ba478.
Application [ Error ] 06/02/2011 23:03:02 Computer Name = DG8CBT1J | Source = Application Error | ID = 1000 -> Description = Faulting application plugin-container.exe, version 1.9.2.3989, faulting module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.
Application [ Error ] 15/02/2011 14:15:37 Computer Name = DG8CBT1J | Source = Application Error | ID = 1000 -> Description = Faulting application pg2.exe, version 1.0.6.4, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000673be.
Application [ Error ] 15/02/2011 21:32:59 Computer Name = DG8CBT1J | Source = Application Error | ID = 1000 -> Description = Faulting application rundll32.exe, version 5.1.2600.5512, faulting module shimgvw.dll, version 6.0.2900.6072, fault address 0x0000e971.
Application [ Error ] 28/02/2011 10:23:53 Computer Name = DG8CBT1J | Source = Application Error | ID = 1000 -> Description = Faulting application rundll32.exe, version 5.1.2600.5512, faulting module shimgvw.dll, version 6.0.2900.6072, fault address 0x00021c73.
Application [ Error ] 01/03/2011 10:38:14 Computer Name = DG8CBT1J | Source = Application Error | ID = 1000 -> Description = Faulting application rundll32.exe, version 5.1.2600.5512, faulting module shimgvw.dll, version 6.0.2900.6072, fault address 0x00021c73.
Application [ Error ] 14/03/2011 14:01:22 Computer Name = DG8CBT1J | Source = Application Error | ID = 1000 -> Description = Faulting application plugin-container.exe, version 1.9.2.4079, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.
System [ Error ] 31/03/2011 02:55:05 Computer Name = DG8CBT1J | Source = Service Control Manager | ID = 7000 -> Description = The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: %%2
System [ Error ] 31/03/2011 12:50:04 Computer Name = DG8CBT1J | Source = Service Control Manager | ID = 7000 -> Description = The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: %%2
System [ Error ] 31/03/2011 14:36:47 Computer Name = DG8CBT1J | Source = Service Control Manager | ID = 7000 -> Description = The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: %%2
System [ Error ] 31/03/2011 14:55:16 Computer Name = DG8CBT1J | Source = Service Control Manager | ID = 7034 -> Description = The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
System [ Error ] 31/03/2011 14:55:16 Computer Name = DG8CBT1J | Source = Service Control Manager | ID = 7034 -> Description = The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
System [ Error ] 31/03/2011 14:55:16 Computer Name = DG8CBT1J | Source = Service Control Manager | ID = 7034 -> Description = The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
System [ Error ] 31/03/2011 14:55:16 Computer Name = DG8CBT1J | Source = Service Control Manager | ID = 7034 -> Description = The Adobe Active File Monitor V6 service terminated unexpectedly. It has done this 1 time(s).
System [ Error ] 31/03/2011 14:55:16 Computer Name = DG8CBT1J | Source = Service Control Manager | ID = 7034 -> Description = The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
System [ Error ] 31/03/2011 14:58:45 Computer Name = DG8CBT1J | Source = Service Control Manager | ID = 7000 -> Description = The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: %%2
System [ Error ] 31/03/2011 15:11:36 Computer Name = DG8CBT1J | Source = Service Control Manager | ID = 7000 -> Description = The General Purpose USB Driver (adildr.sys) service failed to start due to the following error: %%2

[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Documents and Settings\Robert Ashton\Desktop\OTS.exe -> [2011/03/31 20:21:20 | 000,645,632 | ---- | C] (OldTimer Tools)
TDSSKiller.exe -> C:\Documents and Settings\Robert Ashton\Desktop\TDSSKiller.exe -> [2011/03/31 20:08:04 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO)
GooredFix Backups -> C:\Documents and Settings\Robert Ashton\Desktop\GooredFix Backups -> [2011/03/31 20:06:28 | 000,000,000 | ---D | C]
GooredFix.exe -> C:\Documents and Settings\Robert Ashton\Desktop\GooredFix.exe -> [2011/03/31 20:05:47 | 000,071,398 | ---- | C] (jpshortstuff)
_OTM -> C:\_OTM -> [2011/03/31 19:55:16 | 000,000,000 | ---D | C]
OTM.exe -> C:\Documents and Settings\Robert Ashton\Desktop\OTM.exe -> [2011/03/31 19:54:13 | 000,519,680 | ---- | C] (OldTimer Tools)
ERUNT -> C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT -> [2011/03/31 19:52:44 | 000,000,000 | ---D | C]
ERUNT -> C:\Program Files\ERUNT -> [2011/03/31 19:52:43 | 000,000,000 | ---D | C]
erunt-setup.exe -> C:\erunt-setup.exe -> [2011/03/31 19:51:50 | 000,791,393 | ---- | C] (Lars Hederer )
New Folder -> C:\Documents and Settings\Robert Ashton\My Documents\New Folder -> [2011/03/23 23:23:31 | 000,000,000 | ---D | C]
eBayISAPI.dll_files -> C:\Documents and Settings\Robert Ashton\My Documents\eBayISAPI.dll_files -> [2011/03/19 16:10:08 | 000,000,000 | ---D | C]
Yahoo -> C:\Documents and Settings\Robert Ashton\Local Settings\Application Data\Yahoo -> [2011/03/18 20:09:33 | 000,000,000 | ---D | C]
Yahoo! -> C:\Documents and Settings\Robert Ashton\Application Data\Yahoo! -> [2011/03/18 20:06:58 | 000,000,000 | ---D | C]
Yahoo! Messenger -> C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger -> [2011/03/18 20:06:10 | 000,000,000 | ---D | C]
Yahoo! -> C:\Documents and Settings\All Users\Application Data\Yahoo! -> [2011/03/18 20:06:07 | 000,000,000 | ---D | C]
Esxence-The-Scent-of-Excellence-2011-Exhibition-in-Milan-2043_files -> C:\Documents and Settings\Robert Ashton\My Documents\Esxence-The-Scent-of-Excellence-2011-Exhibition-in-Milan-2043_files -> [2011/03/02 18:13:10 | 000,000,000 | ---D | C]
A3d.dll -> C:\WINDOWS\System32\A3d.dll -> [2005/09/07 11:31:34 | 000,065,536 | ---- | C] ( )
3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->

[Files/Folders - Modified Within 30 Days]
OTS.exe -> C:\Documents and Settings\Robert Ashton\Desktop\OTS.exe -> [2011/03/31 20:21:22 | 000,645,632 | ---- | M] (OldTimer Tools)
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2011/03/31 20:12:30 | 000,002,206 | ---- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2011/03/31 20:11:27 | 000,000,894 | ---- | M] ()
hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2011/03/31 20:11:22 | 000,000,000 | ---- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2011/03/31 20:11:08 | 000,002,048 | --S- | M] ()
tdsskiller.zip -> C:\Documents and Settings\Robert Ashton\Desktop\tdsskiller.zip -> [2011/03/31 20:07:32 | 001,263,721 | ---- | M] ()
GooredFix.exe -> C:\Documents and Settings\Robert Ashton\Desktop\GooredFix.exe -> [2011/03/31 20:05:48 | 000,071,398 | ---- | M] (jpshortstuff)
GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2011/03/31 19:55:00 | 000,000,898 | ---- | M] ()
OTM.exe -> C:\Documents and Settings\Robert Ashton\Desktop\OTM.exe -> [2011/03/31 19:54:16 | 000,519,680 | ---- | M] (OldTimer Tools)
ERUNT AutoBackup.lnk -> C:\Documents and Settings\Robert Ashton\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2011/03/31 19:53:01 | 000,000,767 | ---- | M] ()
NTREGOPT.lnk -> C:\Documents and Settings\Robert Ashton\Desktop\NTREGOPT.lnk -> [2011/03/31 19:52:44 | 000,000,611 | ---- | M] ()
ERUNT.lnk -> C:\Documents and Settings\Robert Ashton\Desktop\ERUNT.lnk -> [2011/03/31 19:52:44 | 000,000,592 | ---- | M] ()
erunt-setup.exe -> C:\erunt-setup.exe -> [2011/03/31 19:51:51 | 000,791,393 | ---- | M] (Lars Hederer )
Safari.lnk -> C:\Documents and Settings\All Users\Desktop\Safari.lnk -> [2011/03/31 18:53:40 | 000,002,187 | ---- | M] ()
FATSort.ini -> C:\Documents and Settings\Robert Ashton\Application Data\FATSort.ini -> [2011/03/30 07:38:00 | 000,000,097 | ---- | M] ()
Emilana+Torrini+005.png -> C:\Documents and Settings\Robert Ashton\My Documents\Emilana+Torrini+005.png -> [2011/03/28 01:11:52 | 000,282,072 | ---- | M] ()
Emilana+Torrini+emiliana_nu_268.jpg -> C:\Documents and Settings\Robert Ashton\My Documents\Emilana+Torrini+emiliana_nu_268.jpg -> [2011/03/28 01:11:43 | 000,018,512 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Robert Ashton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/03/27 15:32:23 | 000,112,128 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2011/03/27 10:58:40 | 000,445,678 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2011/03/27 10:58:40 | 000,072,692 | ---- | M] ()
StarWarsHS.jpg -> C:\Documents and Settings\Robert Ashton\My Documents\StarWarsHS.jpg -> [2011/03/24 12:02:30 | 000,038,769 | ---- | M] ()
tumblr_lhbhsofiUc1qz7lxdo1_500.jpg -> C:\Documents and Settings\Robert Ashton\My Documents\tumblr_lhbhsofiUc1qz7lxdo1_500.jpg -> [2011/03/21 12:20:14 | 000,054,062 | ---- | M] ()
tumblr_lhzqb4dKA41qz7lxdo1_500.jpg -> C:\Documents and Settings\Robert Ashton\My Documents\tumblr_lhzqb4dKA41qz7lxdo1_500.jpg -> [2011/03/21 12:16:40 | 000,094,037 | ---- | M] ()
000.jpg -> C:\Documents and Settings\Robert Ashton\My Documents\000.jpg -> [2011/03/21 12:14:51 | 000,060,233 | ---- | M] ()
2000bpol.jpg -> C:\Documents and Settings\Robert Ashton\My Documents\2000bpol.jpg -> [2011/03/20 20:54:56 | 000,018,053 | ---- | M] ()
eBayISAPI.dll.htm -> C:\Documents and Settings\Robert Ashton\My Documents\eBayISAPI.dll.htm -> [2011/03/19 16:10:09 | 000,010,089 | ---- | M] ()
Yahoo! Messenger.lnk -> C:\Documents and Settings\Robert Ashton\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk -> [2011/03/18 20:06:10 | 000,000,820 | ---- | M] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2011/03/18 04:01:50 | 000,001,374 | ---- | M] ()
27101.jpg -> C:\Documents and Settings\Robert Ashton\My Documents\27101.jpg -> [2011/03/16 15:35:14 | 000,055,789 | ---- | M] ()
md717.jpg -> C:\Documents and Settings\Robert Ashton\My Documents\md717.jpg -> [2011/03/14 21:20:49 | 000,169,770 | ---- | M] ()
mlfcache.dat -> C:\WINDOWS\System32\mlfcache.dat -> [2011/03/11 20:27:46 | 000,059,964 | -H-- | M] ()
TDSSKiller.exe -> C:\Documents and Settings\Robert Ashton\Desktop\TDSSKiller.exe -> [2011/03/10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO)
Esxence-The-Scent-of-Excellence-2011-Exhibition-in-Milan-2043.html -> C:\Documents and Settings\Robert Ashton\My Documents\Esxence-The-Scent-of-Excellence-2011-Exhibition-in-Milan-2043.html -> [2011/03/02 18:13:12 | 000,089,711 | ---- | M] ()
6 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->

[Files - No Company Name]
tdsskiller.zip -> C:\Documents and Settings\Robert Ashton\Desktop\tdsskiller.zip -> [2011/03/31 20:07:32 | 001,263,721 | ---- | C] ()
ERUNT AutoBackup.lnk -> C:\Documents and Settings\Robert Ashton\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2011/03/31 19:53:01 | 000,000,767 | ---- | C] ()
NTREGOPT.lnk -> C:\Documents and Settings\Robert Ashton\Desktop\NTREGOPT.lnk -> [2011/03/31 19:52:44 | 000,000,611 | ---- | C] ()
ERUNT.lnk -> C:\Documents and Settings\Robert Ashton\Desktop\ERUNT.lnk -> [2011/03/31 19:52:44 | 000,000,592 | ---- | C] ()
Emilana+Torrini+005.png -> C:\Documents and Settings\Robert Ashton\My Documents\Emilana+Torrini+005.png -> [2011/03/28 01:11:52 | 000,282,072 | ---- | C] ()
Emilana+Torrini+emiliana_nu_268.jpg -> C:\Documents and Settings\Robert Ashton\My Documents\Emilana+Torrini+emiliana_nu_268.jpg -> [2011/03/28 01:11:42 | 000,018,512 | ---- | C] ()
StarWarsHS.jpg -> C:\Documents and Settings\Robert Ashton\My Documents\StarWarsHS.jpg -> [2011/03/24 12:02:23 | 000,038,769 | ---- | C] ()
tumblr_lhbhsofiUc1qz7lxdo1_500.jpg -> C:\Documents and Settings\Robert Ashton\My Documents\tumblr_lhbhsofiUc1qz7lxdo1_500.jpg -> [2011/03/21 12:20:13 | 000,054,062 | ---- | C] ()
tumblr_lhzqb4dKA41qz7lxdo1_500.jpg -> C:\Documents and Settings\Robert Ashton\My Documents\tumblr_lhzqb4dKA41qz7lxdo1_500.jpg -> [2011/03/21 12:16:39 | 000,094,037 | ---- | C] ()
000.jpg -> C:\Documents and Settings\Robert Ashton\My Documents\000.jpg -> [2011/03/21 12:14:50 | 000,060,233 | ---- | C] ()
2000bpol.jpg -> C:\Documents and Settings\Robert Ashton\My Documents\2000bpol.jpg -> [2011/03/20 20:54:55 | 000,018,053 | ---- | C] ()
eBayISAPI.dll.htm -> C:\Documents and Settings\Robert Ashton\My Documents\eBayISAPI.dll.htm -> [2011/03/19 16:10:08 | 000,010,089 | ---- | C] ()
Yahoo! Messenger.lnk -> C:\Documents and Settings\Robert Ashton\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk -> [2011/03/18 20:06:10 | 000,000,820 | ---- | C] ()
27101.jpg -> C:\Documents and Settings\Robert Ashton\My Documents\27101.jpg -> [2011/03/16 15:35:11 | 000,055,789 | ---- | C] ()
md717.jpg -> C:\Documents and Settings\Robert Ashton\My Documents\md717.jpg -> [2011/03/14 21:20:48 | 000,169,770 | ---- | C] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2011/03/09 02:20:52 | 000,001,374 | ---- | C] ()
Esxence-The-Scent-of-Excellence-2011-Exhibition-in-Milan-2043.html -> C:\Documents and Settings\Robert Ashton\My Documents\Esxence-The-Scent-of-Excellence-2011-Exhibition-in-Milan-2043.html -> [2011/03/02 18:13:10 | 000,089,711 | ---- | C] ()
mlfcache.dat -> C:\WINDOWS\System32\mlfcache.dat -> [2010/08/31 10:11:22 | 000,059,964 | -H-- | C] ()
PEV.exe -> C:\WINDOWS\PEV.exe -> [2010/04/06 21:10:52 | 000,261,632 | ---- | C] ()
MBR.exe -> C:\WINDOWS\MBR.exe -> [2010/04/06 21:10:52 | 000,077,312 | ---- | C] ()
WORDPAD.INI -> C:\WINDOWS\WORDPAD.INI -> [2009/12/28 16:55:45 | 000,000,754 | ---- | C] ()
ezsidmv.dat -> C:\WINDOWS\System32\ezsidmv.dat -> [2008/12/02 08:17:55 | 000,000,056 | -H-- | C] ()
ativpsrm.bin -> C:\WINDOWS\ativpsrm.bin -> [2008/08/06 18:50:00 | 000,000,000 | ---- | C] ()
d3d8caps.dat -> C:\WINDOWS\System32\d3d8caps.dat -> [2008/08/06 00:04:23 | 000,000,552 | ---- | C] ()
FATSort.ini -> C:\Documents and Settings\Robert Ashton\Application Data\FATSort.ini -> [2008/06/11 01:39:02 | 000,000,097 | ---- | C] ()
stci.dll -> C:\WINDOWS\System32\stci.dll -> [2008/01/19 10:21:13 | 000,005,606 | ---- | C] ()
xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2007/10/09 12:11:45 | 000,765,952 | ---- | C] ()
xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2007/10/09 12:11:45 | 000,180,224 | ---- | C] ()
oortapi.sys -> C:\WINDOWS\System32\oortapi.sys -> [2007/04/02 21:21:06 | 000,000,047 | ---- | C] ()
ciifapi.sys -> C:\WINDOWS\System32\ciifapi.sys -> [2007/04/02 21:21:06 | 000,000,047 | ---- | C] ()
Disktool.INI -> C:\WINDOWS\Disktool.INI -> [2007/01/29 22:09:14 | 000,006,850 | R--- | C] ()
PlaySnd.INI -> C:\WINDOWS\PlaySnd.INI -> [2007/01/29 22:09:14 | 000,003,677 | R--- | C] ()
fwupgrade.ini -> C:\WINDOWS\fwupgrade.ini -> [2007/01/29 22:09:13 | 000,005,628 | R--- | C] ()
libeay32_0.9.6l.dll -> C:\WINDOWS\System32\libeay32_0.9.6l.dll -> [2006/06/26 18:02:23 | 000,796,584 | ---- | C] ()
ActiveSkin.INI -> C:\WINDOWS\ActiveSkin.INI -> [2006/02/04 22:45:07 | 000,000,112 | ---- | C] ()
cdplayer.ini -> C:\WINDOWS\cdplayer.ini -> [2005/09/15 22:28:45 | 000,048,175 | ---- | C] ()
dsltest.INI -> C:\WINDOWS\dsltest.INI -> [2005/09/14 22:57:47 | 000,000,000 | ---- | C] ()
fusioncache.dat -> C:\Documents and Settings\Robert Ashton\Local Settings\Application Data\fusioncache.dat -> [2005/09/13 20:05:50 | 000,000,136 | ---- | C] ()
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2005/09/13 18:37:18 | 000,000,478 | ---- | C] ()
zllictbl.dat -> C:\WINDOWS\System32\zllictbl.dat -> [2005/09/13 18:28:08 | 000,004,212 | -H-- | C] ()
msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2005/09/13 18:19:50 | 000,000,002 | ---- | C] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Robert Ashton\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2005/09/13 07:24:46 | 000,112,128 | ---- | C] ()
smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2005/09/07 12:06:19 | 000,000,061 | ---- | C] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2005/09/07 11:58:25 | 000,000,918 | ---- | C] ()
nsreg.dat -> C:\WINDOWS\nsreg.dat -> [2005/09/07 11:54:27 | 000,000,335 | ---- | C] ()
SFMAN.DAT -> C:\WINDOWS\System32\SFMAN.DAT -> [2005/09/07 11:53:01 | 001,048,576 | ---- | C] ()
AC3API.INI -> C:\WINDOWS\AC3API.INI -> [2005/09/07 11:53:01 | 000,000,231 | ---- | C] ()
LudaP17.ini -> C:\WINDOWS\System32\LudaP17.ini -> [2005/09/07 11:52:51 | 000,003,278 | ---- | C] ()
ctzapxx.ini -> C:\WINDOWS\System32\ctzapxx.ini -> [2005/09/07 11:52:51 | 000,000,029 | ---- | C] ()
SBWIN.INI -> C:\WINDOWS\SBWIN.INI -> [2005/09/07 11:52:45 | 000,000,072 | ---- | C] ()
P17.dll -> C:\WINDOWS\System32\P17.dll -> [2005/09/07 11:31:34 | 000,060,928 | ---- | C] ()
P17CPI.dll -> C:\WINDOWS\System32\P17CPI.dll -> [2005/09/07 11:31:34 | 000,053,248 | ---- | C] ()
DVEMODEM.DAT -> C:\WINDOWS\System32\drivers\DVEMODEM.DAT -> [2005/09/07 11:31:28 | 000,000,017 | ---- | C] ()
setpwrcg.exe -> C:\WINDOWS\setpwrcg.exe -> [2005/09/07 11:31:20 | 000,049,152 | ---- | C] ()
atiicdxx.dat -> C:\WINDOWS\System32\atiicdxx.dat -> [2005/09/07 11:31:14 | 000,081,342 | ---- | C] ()
OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2005/09/07 11:31:00 | 000,000,387 | ---- | C] ()
px.ini -> C:\WINDOWS\System32\px.ini -> [2005/06/22 14:37:46 | 000,000,000 | ---- | C] ()
orun32.ini -> C:\WINDOWS\orun32.ini -> [2004/08/10 13:12:05 | 000,000,780 | ---- | C] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2004/08/10 13:07:31 | 000,002,048 | --S- | C] ()
emptyregdb.dat -> C:\WINDOWS\System32\emptyregdb.dat -> [2004/08/10 13:02:15 | 000,021,640 | ---- | C] ()
fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2004/08/10 13:01:18 | 000,001,793 | ---- | C] ()
ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2004/08/10 12:57:52 | 000,004,161 | ---- | C] ()
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2004/08/10 12:57:15 | 000,303,624 | ---- | C] ()
secupd.dat -> C:\WINDOWS\System32\secupd.dat -> [2004/08/10 12:51:21 | 000,004,569 | ---- | C] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2004/08/10 12:51:20 | 000,445,678 | ---- | C] ()
perfi009.dat -> C:\WINDOWS\System32\perfi009.dat -> [2004/08/10 12:51:20 | 000,272,128 | ---- | C] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2004/08/10 12:51:20 | 000,072,692 | ---- | C] ()
perfd009.dat -> C:\WINDOWS\System32\perfd009.dat -> [2004/08/10 12:51:20 | 000,028,626 | ---- | C] ()
oembios.dat -> C:\WINDOWS\System32\oembios.dat -> [2004/08/10 12:51:18 | 000,004,627 | ---- | C] ()
oembios.bin -> C:\WINDOWS\System32\oembios.bin -> [2004/08/10 12:51:17 | 013,107,200 | ---- | C] ()
noise.dat -> C:\WINDOWS\System32\noise.dat -> [2004/08/10 12:51:16 | 000,000,741 | ---- | C] ()
mlang.dat -> C:\WINDOWS\System32\mlang.dat -> [2004/08/10 12:51:12 | 000,673,088 | ---- | C] ()
mib.bin -> C:\WINDOWS\System32\mib.bin -> [2004/08/10 12:51:11 | 000,046,258 | ---- | C] ()
dssec.dat -> C:\WINDOWS\System32\dssec.dat -> [2004/08/10 12:51:05 | 000,218,003 | ---- | C] ()
dcache.bin -> C:\WINDOWS\System32\dcache.bin -> [2004/08/10 12:50:56 | 000,001,804 | ---- | C] ()
libfaac.dll -> C:\WINDOWS\System32\libfaac.dll -> [2003/11/18 13:50:36 | 000,061,440 | ---- | C] ()
OpenQuicktimeLib.dll -> C:\WINDOWS\System32\OpenQuicktimeLib.dll -> [2003/11/18 13:50:24 | 000,421,888 | ---- | C] ()
ADFUUD.SYS -> C:\WINDOWS\System32\drivers\ADFUUD.SYS -> [2003/11/13 15:28:02 | 000,012,570 | ---- | C] ()
ADFUUD.SYS -> C:\WINDOWS\ADFUUD.SYS -> [2003/11/13 15:28:02 | 000,012,570 | ---- | C] ()
OUTLPERF.INI -> C:\WINDOWS\System32\OUTLPERF.INI -> [2003/01/07 15:05:08 | 000,002,695 | ---- | C] ()

[File - Lop Check]
Alwil Software -> C:\Documents and Settings\All Users\Application Data\Alwil Software -> [2010/05/13 18:25:53 | 000,000,000 | ---D | M]
BVRP Software -> C:\Documents and Settings\All Users\Application Data\BVRP Software -> [2005/09/07 11:51:48 | 000,000,000 | ---D | M]
espionServerData -> C:\Documents and Settings\All Users\Application Data\espionServerData -> [2009/06/07 20:07:35 | 000,000,000 | ---D | M]
Installations -> C:\Documents and Settings\All Users\Application Data\Installations -> [2008/10/20 19:24:07 | 000,000,000 | ---D | M]
MailFrontier -> C:\Documents and Settings\All Users\Application Data\MailFrontier -> [2007/09/21 19:06:26 | 000,000,000 | ---D | M]
Nokia -> C:\Documents and Settings\All Users\Application Data\Nokia -> [2008/10/20 19:29:07 | 000,000,000 | ---D | M]
TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2011/03/29 20:29:55 | 000,000,000 | ---D | M]
Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [2005/09/07 11:55:34 | 000,000,000 | ---D | M]
{81D4BDA8-1F33-4633-B176-8A7E942ABDE1} -> C:\Documents and Settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1} -> [2009/06/07 19:53:02 | 000,000,000 | ---D | M]
CheckPoint -> C:\Documents and Settings\Robert Ashton\Application Data\CheckPoint -> [2010/07/02 07:23:15 | 000,000,000 | ---D | M]
com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> C:\Documents and Settings\Robert Ashton\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> [2010/04/20 07:29:47 | 000,000,000 | ---D | M]
KeySafe -> C:\Documents and Settings\Robert Ashton\Application Data\KeySafe -> [2005/09/16 18:35:25 | 000,000,000 | ---D | M]
Leadertech -> C:\Documents and Settings\Robert Ashton\Application Data\Leadertech -> [2005/09/14 23:01:30 | 000,000,000 | ---D | M]
My-disgo -> C:\Documents and Settings\Robert Ashton\Application Data\My-disgo -> [2010/05/29 09:50:57 | 000,000,000 | ---D | M]
SystemRequirementsLab -> C:\Documents and Settings\Robert Ashton\Application Data\SystemRequirementsLab -> [2009/06/14 12:22:00 | 000,000,000 | ---D | M]
Template -> C:\Documents and Settings\Robert Ashton\Application Data\Template -> [2005/09/12 21:24:27 | 000,000,000 | ---D | M]
uTorrent -> C:\Documents and Settings\Robert Ashton\Application Data\uTorrent -> [2011/03/31 00:09:19 | 000,000,000 | ---D | M]
Windows Live Safety Center -> C:\Documents and Settings\Robert Ashton\Application Data\Windows Live Safety Center -> [2006/05/03 00:50:58 | 000,000,000 | ---D | M]
Windows Live Writer -> C:\Documents and Settings\Robert Ashton\Application Data\Windows Live Writer -> [2010/09/13 19:54:16 | 000,000,000 | ---D | M]

[File - Purity Scan]


[Alternate Data Streams]
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0938FDDA
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

Attached Files


  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP