Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Firefox Google Redirect Virus

Started by rcyza , Oct 21 2011 03:46 AM

  • This topic is locked This topic is locked

#1
rcyza
Posted 21 October 2011 - 03:46 AM

rcyza

    New Member

  • Member
  • Pip
  • 6 posts
Hi.

I noticed a while back that when clicking links I would simply be redirected to www.google.com or back to the search results page in Google.

I decided to find out why a few days ago and it would appear that I have a google redirect virus of some description. I have also noticed that I cannot log into amazon or load gmail in Chrome. Another problem that has started recently is that my Huawei e1820 3G dongle disconnects instantly after connecting, but I suspect that is unrelated to the virus.

Steps taken so far:
I have followed this guide on google redirects: http://www.geekstogo...ogle-redirects/
Gooredfix fails at "Scanning for general malware" step with a "Send error to microsoft" message.

I installed SUPERAntiSpyware and ran it, it detected and removed a trojan from what looked like a system restore folder. Unfortunately I did not record which trojan this was, I thought it might have saved a log but it does not show up in the log list. The firefox redirect problem is persisting though.

I then carried on following the Malware cleaning guide.

Here is the OTL log:

OTL logfile created on: 2011/10/21 11:24:36 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Ryan\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

1.87 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 51.46% Memory free
3.04 Gb Paging File | 2.33 Gb Available in Paging File | 76.75% Paging File free
Paging file location(s): c:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 1.77 Gb Free Space | 2.37% Space Free | Partition Type: NTFS
Drive D: | 579.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JAC-007651 | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Ryan\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
PRC - C:\WINDOWS\SoftwareDistribution\Download\Install\NDP40-KB2478663-x86.exe (Microsoft Corporation)
PRC - c:\d888e623038ea2c8c0\Setup.exe (Microsoft Corporation)
PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)
PRC - C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe ()
PRC - C:\Program Files\NetMeter\NetMeter.exe ()
PRC - \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE ()
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Cntlm\cntlm.exe ()
PRC - C:\Program Files\Cntlm\cygrunsrv.exe ()
PRC - C:\Program Files\FolderSize\FolderSizeSvc.exe (Brio)
PRC - C:\Documents and Settings\Ryan\My Documents\Downloads\HotKeyBind-1.2\HotKeyBind.exe (Marco Barisione ([email protected]))


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\39ad17570cd9b350f3191c46af747f0a\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\5b5dbf8a469be467c6f3a1ef97ff22cd\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\ccaccea2516d5479f2267ed40ad51f2c\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\4532468deac0fdeff26329333c7642b6\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\8d3a679adab2761b52ffbb45c9c3a424\UIAutomationTypes.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\a2ef92260effc4f8cef9339a24ba230b\UIAutomationProvider.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\9cce7d40f80e50a7e43d8e99f039359f\Microsoft.VisualC.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\dc0b188b244ec4a4ccec59ac6f1620ad\mscorlib.ni.dll ()
MOD - C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\15.0.874.100\ppgooglenaclpluginchrome.dll ()
MOD - C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\15.0.874.100\pdf.dll ()
MOD - C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\15.0.874.100\libglesv2.dll ()
MOD - C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\15.0.874.100\libegl.dll ()
MOD - C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\15.0.874.100\avutil-51.dll ()
MOD - C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\15.0.874.100\avformat-53.dll ()
MOD - C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\15.0.874.100\avcodec-53.dll ()
MOD - C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\15.0.874.100\gcswf32.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\NetMeter\NetMeter.exe ()
MOD - \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE ()
MOD - \\?\C:\WINDOWS\System32\WBEM\wbemcomn.dll ()
MOD - C:\WINDOWS\system32\qedit.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Cntlm\cntlm.exe ()
MOD - C:\Program Files\Cntlm\cygrunsrv.exe ()


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (tvnserver) -- C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
SRV - (svnserver) -- C:\Program Files\Subversion\bin\svn.exe (http://subversion.tigris.org/)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (DCService.exe) -- C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe ()
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (Tomcat5) -- C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe (Apache Software Foundation)
SRV - (cntlm) -- C:\Program Files\Cntlm\cygrunsrv.exe ()
SRV - (FolderSize) -- C:\Program Files\FolderSize\FolderSizeSvc.exe (Brio)


========== Driver Services (SafeList) ==========

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (ewusbnet) -- C:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (s0017mdm) -- C:\WINDOWS\system32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\WINDOWS\system32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\WINDOWS\system32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\WINDOWS\system32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\WINDOWS\system32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\WINDOWS\system32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (b57w2k) Broadcom NetLink ™ -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://ipchargingqa....om-ipnet.co.za; http://localhost;
http://sapportal.telkom.co.za;
http://telkom.telkomportal.co.za;
http://sapportal.tel...ervlet/;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:3128

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://msas.telkom....on=0&formdir=1"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}:5.0.19
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "10.0.3.1"
FF - prefs.js..network.proxy.backup.gopher_port: 6050
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "10.0.3.1"
FF - prefs.js..network.proxy.gopher_port: 6050
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, ipchargingqa.telkom-ipnet.co.za, 10.225.141.143, sapportal.telkom.co.za"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.9: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/08 08:55:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/02 12:46:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/09 09:32:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/11/11 10:36:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/11/11 10:36:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Extensions
[2010/11/11 10:36:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/10/13 09:22:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\r9weau6q.default\extensions
[2010/05/13 08:59:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\r9weau6q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/13 09:22:06 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\r9weau6q.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/06/18 10:45:27 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\r9weau6q.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2011/09/28 09:06:27 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\r9weau6q.default\extensions\[email protected]
[2009/06/18 14:17:21 | 000,002,164 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\r9weau6q.default\searchplugins\bing.xml
[2009/06/18 14:18:45 | 000,001,899 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\r9weau6q.default\searchplugins\flickr-tags.xml
[2009/06/18 14:18:13 | 000,004,140 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\r9weau6q.default\searchplugins\youtube.xml
[2011/10/20 10:34:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/13 09:12:40 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/06/18 12:24:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}
[2011/02/10 13:29:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/10/20 10:34:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RYAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R9WEAU6Q.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RYAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R9WEAU6Q.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RYAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R9WEAU6Q.DEFAULT\EXTENSIONS\[email protected]
[2011/02/10 13:28:50 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/02 12:46:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/02 12:46:54 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/09/02 12:46:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/02 12:46:54 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/09/02 12:46:54 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/09/02 12:46:54 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\15.0.874.100\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\15.0.874.100\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\15.0.874.100\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: Adblock Plus for Google Chrome\u2122 (Beta) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.1.4_0\
CHR - Extension: FacebookBlocker = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpnnaablhmcfdhiadamaoojjcdjhckcb\1.2.3_0\
CHR - Extension: GIF Scrubber = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gbdacbnhlfdlllckelpdkgeklfjfgcmp\2.21_0\
CHR - Extension: AT_Porsche = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg\3\
CHR - Extension: Comic Text = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hfpglafkfedcnnojpioconphfcelcljj\1.2.4_0\
CHR - Extension: Disconnect = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\3.1.1_0\
CHR - Extension: Reddit Enhancement Suite = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\3.4_0\
CHR - Extension: StayFocusd = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.0.32.3_0\
CHR - Extension: Smooth Gestures = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld\0.15.4.8_0\
CHR - Extension: Poppit = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/10/20 09:52:44 | 000,000,080 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 10.225.141.19 svn_backup
O1 - Hosts: 10.225.141.126 svn_server
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKCU..\Run: [HotKeyBind.exe] C:\Documents and Settings\Ryan\My Documents\Downloads\HotKeyBind-1.2\HotKeyBind.exe (Marco Barisione ([email protected]))
O4 - HKCU..\Run: [NetMeter] C:\Program Files\NetMeter\NetMeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tcenh209 ([]http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.231.162.87 165.143.131.218
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{941BE0D7-BC99-4807-B1CD-89616BAB2B80}: DhcpNameServer = 10.231.162.87 165.143.131.218
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Ryan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ryan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/18 09:17:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/04 14:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{14fa94f6-c1bc-11e0-b56a-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{14fa94f6-c1bc-11e0-b56a-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{14fa94f6-c1bc-11e0-b56a-0017a4ce734a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{14fa94f9-c1bc-11e0-b56a-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{14fa94f9-c1bc-11e0-b56a-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{14fa94f9-c1bc-11e0-b56a-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1990432e-a3e1-11e0-b530-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{1990432e-a3e1-11e0-b530-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1990432e-a3e1-11e0-b530-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{19904331-a3e1-11e0-b530-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{19904331-a3e1-11e0-b530-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{19904331-a3e1-11e0-b530-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1e058264-a2e7-11e0-b52c-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{1e058264-a2e7-11e0-b52c-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1e058264-a2e7-11e0-b52c-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1e058269-a2e7-11e0-b52c-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{1e058269-a2e7-11e0-b52c-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1e058269-a2e7-11e0-b52c-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3ebfd62b-e507-11e0-b5c6-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{3ebfd62b-e507-11e0-b5c6-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3ebfd62b-e507-11e0-b5c6-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3ebfd62e-e507-11e0-b5c6-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{3ebfd62e-e507-11e0-b5c6-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3ebfd62e-e507-11e0-b5c6-0017a4ce734a}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{45300c42-d25a-11e0-b594-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{45300c42-d25a-11e0-b594-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45300c42-d25a-11e0-b594-0017a4ce734a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{45300c45-d25a-11e0-b594-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{45300c45-d25a-11e0-b594-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45300c45-d25a-11e0-b594-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a9eb186-d24d-11e0-b591-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{4a9eb186-d24d-11e0-b591-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4a9eb186-d24d-11e0-b591-0017a4ce734a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4a9eb189-d24d-11e0-b591-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{4a9eb189-d24d-11e0-b591-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4a9eb189-d24d-11e0-b591-0017a4ce734a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6667ae5b-a436-11e0-b536-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{6667ae5b-a436-11e0-b536-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6667ae5b-a436-11e0-b536-0017a4ce734a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6ccf00b8-a434-11e0-b534-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{6ccf00b8-a434-11e0-b534-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6ccf00b8-a434-11e0-b534-0017a4ce734a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{72567b05-cace-11df-b3fc-0017a4ce734a}\Shell\AutoRun\command - "" = E:\Toshiba\Launcher\start.exe
O33 - MountPoints2\{7b5f4f69-f4f4-11e0-b5d3-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{7b5f4f69-f4f4-11e0-b5d3-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7b5f4f69-f4f4-11e0-b5d3-0017a4ce734a}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{7b5f4f6b-f4f4-11e0-b5d3-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{7b5f4f6b-f4f4-11e0-b5d3-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7b5f4f6b-f4f4-11e0-b5d3-0017a4ce734a}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{7b5f4f6e-f4f4-11e0-b5d3-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{7b5f4f6e-f4f4-11e0-b5d3-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7b5f4f6e-f4f4-11e0-b5d3-0017a4ce734a}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{7dff59b6-8737-11de-b253-028037fb0200}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{7dff59b6-8737-11de-b253-028037fb0200}\Shell\Install\command - "" = F:\Setup.exe
O33 - MountPoints2\{83950e0c-f5ef-11e0-b5db-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{83950e0c-f5ef-11e0-b5db-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{83950e0c-f5ef-11e0-b5db-0017a4ce734a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{854b95ca-dd64-11e0-b5b3-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{854b95ca-dd64-11e0-b5b3-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{854b95ca-dd64-11e0-b5b3-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{854b95cc-dd64-11e0-b5b3-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{854b95cc-dd64-11e0-b5b3-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{854b95cc-dd64-11e0-b5b3-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{99e2be24-dd6d-11e0-b5b6-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{99e2be24-dd6d-11e0-b5b6-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{99e2be24-dd6d-11e0-b5b6-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9ed0b0aa-bdd1-11e0-b55f-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{9ed0b0aa-bdd1-11e0-b55f-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9ed0b0aa-bdd1-11e0-b55f-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9ed0b0b0-bdd1-11e0-b55f-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{9ed0b0b0-bdd1-11e0-b55f-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9ed0b0b0-bdd1-11e0-b55f-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9ef80ece-f5c7-11e0-b5d8-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{9ef80ece-f5c7-11e0-b5d8-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9ef80ece-f5c7-11e0-b5d8-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ad1c2566-a618-11e0-b542-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{ad1c2566-a618-11e0-b542-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ad1c2566-a618-11e0-b542-0017a4ce734a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{adf5ea76-d225-11e0-b58f-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{adf5ea76-d225-11e0-b58f-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{adf5ea76-d225-11e0-b58f-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{adf5ea79-d225-11e0-b58f-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{adf5ea79-d225-11e0-b58f-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{adf5ea79-d225-11e0-b58f-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b2287c5a-96f6-11de-b270-fb941ce7e0a9}\Shell - "" = AutoRun
O33 - MountPoints2\{b2287c5a-96f6-11de-b270-fb941ce7e0a9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b2287c5a-96f6-11de-b270-fb941ce7e0a9}\Shell\AutoRun\command - "" = J:\VMC_PBStarter.exe
O33 - MountPoints2\{b2287c5b-96f6-11de-b270-fb941ce7e0a9}\Shell - "" = AutoRun
O33 - MountPoints2\{b2287c5b-96f6-11de-b270-fb941ce7e0a9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b2287c5b-96f6-11de-b270-fb941ce7e0a9}\Shell\AutoRun\command - "" = J:\VMC_PBStarter.exe
O33 - MountPoints2\{cf801cbc-dd71-11e0-b5b9-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{cf801cbc-dd71-11e0-b5b9-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf801cbc-dd71-11e0-b5b9-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cf801cbf-dd71-11e0-b5b9-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{cf801cbf-dd71-11e0-b5b9-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf801cbf-dd71-11e0-b5b9-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{dbb3e4f8-96b7-11de-b26e-f9c45b06aa20}\Shell - "" = AutoRun
O33 - MountPoints2\{dbb3e4f8-96b7-11de-b26e-f9c45b06aa20}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dbb3e4f8-96b7-11de-b26e-f9c45b06aa20}\Shell\AutoRun\command - "" = E:\VMC_PBStarter.exe
O33 - MountPoints2\{dbb3e4f9-96b7-11de-b26e-f9c45b06aa20}\Shell - "" = AutoRun
O33 - MountPoints2\{dbb3e4f9-96b7-11de-b26e-f9c45b06aa20}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dbb3e4f9-96b7-11de-b26e-f9c45b06aa20}\Shell\AutoRun\command - "" = E:\VMC_PBStarter.exe
O33 - MountPoints2\{dc62fe7b-a623-11e0-b544-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{dc62fe7b-a623-11e0-b544-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dc62fe7b-a623-11e0-b544-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e3a7d2b0-c1b6-11e0-b568-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{e3a7d2b0-c1b6-11e0-b568-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e3a7d2b0-c1b6-11e0-b568-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e3a7d2b3-c1b6-11e0-b568-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{e3a7d2b3-c1b6-11e0-b568-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e3a7d2b3-c1b6-11e0-b568-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/21 11:18:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/10/20 17:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/10/20 11:44:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/10/20 11:31:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ryan\Recent
[2011/10/20 11:23:45 | 000,000,000 | ---D | C] -- C:\SVN_BACKUPTEST
[2011/10/19 16:11:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Desktop\tdsskiller
[2011/10/19 16:10:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Desktop\GooredFix Backups
[2011/10/19 15:59:59 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/10/19 15:58:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/19 15:58:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Desktop\erunt
[2011/10/19 15:56:34 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\OTM.exe
[2011/10/19 12:33:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\SUPERAntiSpyware.com
[2011/10/19 12:32:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/10/19 12:32:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/10/19 12:32:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/10/19 12:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/10/19 12:13:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Start Menu\Programs\HiJackThis
[2011/10/13 20:20:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\8ta connect
[2011/10/13 20:19:54 | 000,070,656 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys
[2011/10/13 20:19:54 | 000,069,632 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys
[2011/10/13 20:19:54 | 000,051,584 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys
[2011/10/13 20:19:54 | 000,026,880 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys
[2011/10/13 20:19:53 | 000,117,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2011/10/13 20:19:53 | 000,105,728 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2011/10/13 20:19:53 | 000,024,448 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2011/10/13 20:19:53 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys
[2011/10/13 20:19:52 | 000,101,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys
[2011/10/12 19:19:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Desktop\8ta-connect
[2011/10/12 19:19:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Desktop\8ta connect
[2011/10/12 19:12:47 | 029,274,112 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Documents and Settings\Ryan\Desktop\utps160021001372_mac160010900372.exe
[2011/10/12 14:04:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Desktop\csvn
[2011/10/10 15:50:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/09/21 13:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Desktop\BreadCrumbs
[2009/08/04 13:39:41 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpeCC.dll

========== Files - Modified Within 30 Days ==========

[2011/10/21 11:32:02 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/10/21 11:23:26 | 000,001,906 | -H-- | M] () -- C:\Documents and Settings\Ryan\My Documents\Default.rdp
[2011/10/21 11:21:23 | 000,508,378 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/21 11:21:23 | 000,084,620 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/21 10:40:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/21 10:38:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1292428093-839522115-1003UA.job
[2011/10/21 09:10:35 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/10/21 09:10:35 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/10/21 09:09:17 | 000,000,437 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/10/21 09:07:27 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/21 09:07:25 | 002,157,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/21 09:07:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/20 17:44:50 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/20 15:15:59 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/10/20 14:38:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1292428093-839522115-1003Core.job
[2011/10/20 12:22:46 | 017,019,276 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\RevenueAssuranceDashboardEAR.ear
[2011/10/20 11:00:39 | 000,000,892 | ---- | M] () -- C:\WINDOWS\System32\reregall.bat
[2011/10/20 10:53:24 | 000,000,296 | ---- | M] () -- C:\Documents and Settings\Ryan\register.bat
[2011/10/20 09:52:44 | 000,000,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/19 16:11:35 | 001,540,631 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\tdsskiller.zip
[2011/10/19 15:57:40 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\erunt.zip
[2011/10/19 15:56:50 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\OTM.exe
[2011/10/19 12:32:28 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/19 12:13:20 | 000,001,982 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\HiJackThis.lnk
[2011/10/19 09:19:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/18 16:41:10 | 000,000,146 | ---- | M] () -- C:\Documents and Settings\Ryan\svnbackupinc.bat
[2011/10/18 11:12:38 | 000,000,153 | ---- | M] () -- C:\Documents and Settings\Ryan\datevar.bat
[2011/10/18 11:11:53 | 000,000,182 | ---- | M] () -- C:\Documents and Settings\Ryan\datevar.bat~
[2011/10/18 11:00:21 | 000,000,080 | ---- | M] () -- C:\Documents and Settings\Ryan\1
[2011/10/18 10:53:40 | 000,000,123 | ---- | M] () -- C:\Documents and Settings\Ryan\datestring.bat
[2011/10/18 10:53:17 | 000,000,123 | ---- | M] () -- C:\Documents and Settings\Ryan\datestring.bat~
[2011/10/17 13:25:43 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\PUTTY.RND
[2011/10/17 11:31:27 | 000,000,624 | ---- | M] () -- C:\WINDOWS\System32\cntlm.exe.stackdump
[2011/10/17 11:25:42 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\winscp.rnd
[2011/10/17 11:07:33 | 002,092,508 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\sendmail.8.14.5.tar.gz
[2011/10/14 14:43:05 | 190,935,040 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\MySQL-5.5.16-1.rhel5.x86_64.tar
[2011/10/14 12:15:56 | 000,005,781 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\svninstall_rhel5_wandisco.sh
[2011/10/14 12:11:42 | 006,593,086 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\subversion-1.5.5-1.rhel5.src.rpm
[2011/10/14 12:09:25 | 000,819,496 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\neon-0.27.2-1.src.rpm
[2011/10/13 20:20:30 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\8ta connect.lnk
[2011/10/13 17:18:58 | 154,922,553 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\java_ee_sdk-6u3-jdk7-linux-x64-ml.sh
[2011/10/13 13:47:48 | 013,726,981 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\CollabNetSubversion-client-1.6.17-1.x86_64.rpm
[2011/10/13 11:17:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\kakakakakak
[2011/10/13 11:17:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\kkakakak
[2011/10/13 10:30:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\da
[2011/10/12 19:02:12 | 029,274,112 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Documents and Settings\Ryan\Desktop\utps160021001372_mac160010900372.exe
[2011/10/12 19:01:00 | 014,253,024 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\8ta-connect.zip
[2011/10/12 17:32:08 | 081,695,645 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\jdk-7-linux-x64.rpm
[2011/10/12 15:27:09 | 147,525,974 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\java_ee_sdk-6u3-jdk7-linux-x64.sh
[2011/10/12 12:07:01 | 086,317,733 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\CollabNetSubversionEdge-2.1.0_linux-x86_64.tar.gz
[2011/10/12 12:01:40 | 000,040,715 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\365ab59f-ab3a-47f0-ad12-8bc814078bae.pdf
[2011/10/12 12:01:34 | 000,077,172 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\Conference_2011_Programme.pdf
[2011/10/11 14:07:18 | 000,847,427 | ---- | M] () -- C:\Documents and Settings\Ryan\My Documents\Telkom Corporate Blue-Pro 2007.potx
[2011/10/07 21:42:08 | 150,333,440 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\CollabNetSubversionEdge-2.1.0_linux-x86_64.tar
[2011/09/30 12:54:54 | 000,000,667 | ---- | M] () -- C:\Documents and Settings\Ryan\My Documents\dbtest.sql
[2011/09/30 12:42:20 | 000,000,137 | ---- | M] () -- C:\Documents and Settings\Ryan\My Documents\general_log.sql
[2011/09/26 10:09:56 | 000,012,288 | -H-- | M] () -- C:\Documents and Settings\Ryan\_.swo
[2011/09/25 13:30:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/23 11:26:44 | 000,000,130 | ---- | M] () -- C:\Documents and Settings\Ryan\My Documents\failcakes.sql
[2011/09/22 12:40:18 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/22 12:40:10 | 006,839,834 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\1311165908.wmv
[2011/09/21 13:05:18 | 000,009,078 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\BreadCrumbs-MW1.11-r23533.tar.gz

========== Files Created - No Company Name ==========

[2011/10/20 17:14:19 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/10/20 14:02:23 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2011/10/20 14:02:23 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2011/10/20 11:00:25 | 000,000,892 | ---- | C] () -- C:\WINDOWS\System32\reregall.bat
[2011/10/20 10:53:18 | 000,000,296 | ---- | C] () -- C:\Documents and Settings\Ryan\register.bat
[2011/10/19 16:11:21 | 001,540,631 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\tdsskiller.zip
[2011/10/19 15:57:35 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\erunt.zip
[2011/10/19 12:32:28 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/19 12:13:20 | 000,001,982 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\HiJackThis.lnk
[2011/10/18 16:41:10 | 000,000,146 | ---- | C] () -- C:\Documents and Settings\Ryan\svnbackupinc.bat
[2011/10/18 13:11:52 | 017,019,276 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\RevenueAssuranceDashboardEAR.ear
[2011/10/18 11:00:21 | 000,000,080 | ---- | C] () -- C:\Documents and Settings\Ryan\1
[2011/10/18 10:57:47 | 000,000,182 | ---- | C] () -- C:\Documents and Settings\Ryan\datevar.bat~
[2011/10/18 10:57:47 | 000,000,153 | ---- | C] () -- C:\Documents and Settings\Ryan\datevar.bat
[2011/10/18 10:49:36 | 000,000,123 | ---- | C] () -- C:\Documents and Settings\Ryan\datestring.bat~
[2011/10/18 10:49:36 | 000,000,123 | ---- | C] () -- C:\Documents and Settings\Ryan\datestring.bat
[2011/10/17 11:06:59 | 002,092,508 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\sendmail.8.14.5.tar.gz
[2011/10/14 14:29:31 | 190,935,040 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\MySQL-5.5.16-1.rhel5.x86_64.tar
[2011/10/14 12:16:03 | 000,005,781 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\svninstall_rhel5_wandisco.sh
[2011/10/14 12:09:06 | 000,819,496 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\neon-0.27.2-1.src.rpm
[2011/10/14 12:09:03 | 006,593,086 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\subversion-1.5.5-1.rhel5.src.rpm
[2011/10/13 20:20:30 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\8ta connect.lnk
[2011/10/13 17:06:07 | 154,922,553 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\java_ee_sdk-6u3-jdk7-linux-x64-ml.sh
[2011/10/13 13:43:04 | 013,726,981 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\CollabNetSubversion-client-1.6.17-1.x86_64.rpm
[2011/10/13 11:17:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\kakakakakak
[2011/10/13 11:17:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\kkakakak
[2011/10/13 10:30:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\da
[2011/10/12 19:12:47 | 014,253,024 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\8ta-connect.zip
[2011/10/12 17:25:15 | 081,695,645 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\jdk-7-linux-x64.rpm
[2011/10/12 14:15:29 | 147,525,974 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\java_ee_sdk-6u3-jdk7-linux-x64.sh
[2011/10/12 14:03:54 | 150,333,440 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\CollabNetSubversionEdge-2.1.0_linux-x86_64.tar
[2011/10/12 12:01:44 | 000,040,715 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\365ab59f-ab3a-47f0-ad12-8bc814078bae.pdf
[2011/10/12 12:01:37 | 000,077,172 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\Conference_2011_Programme.pdf
[2011/10/12 11:37:02 | 086,317,733 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\CollabNetSubversionEdge-2.1.0_linux-x86_64.tar.gz
[2011/10/11 14:09:27 | 000,847,427 | ---- | C] () -- C:\Documents and Settings\Ryan\My Documents\Telkom Corporate Blue-Pro 2007.potx
[2011/09/30 12:54:54 | 000,000,667 | ---- | C] () -- C:\Documents and Settings\Ryan\My Documents\dbtest.sql
[2011/09/30 12:42:20 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Ryan\My Documents\general_log.sql
[2011/09/26 09:19:00 | 000,012,288 | -H-- | C] () -- C:\Documents and Settings\Ryan\_.swo
[2011/09/25 10:42:52 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/09/23 11:26:44 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Ryan\My Documents\failcakes.sql
[2011/09/22 12:37:35 | 006,839,834 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\1311165908.wmv
[2011/09/21 13:06:25 | 000,009,078 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\BreadCrumbs-MW1.11-r23533.tar.gz
[2011/09/20 10:00:06 | 000,000,624 | ---- | C] () -- C:\WINDOWS\System32\cntlm.exe.stackdump
[2011/09/05 14:07:45 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/09/05 14:07:45 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/08/29 18:03:20 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2011/08/29 18:03:16 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2011/08/29 18:03:07 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2010/08/12 17:18:15 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/06/25 19:03:12 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010/05/07 11:02:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/22 17:53:29 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010/04/22 17:53:29 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010/04/22 17:53:29 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/12/31 20:00:14 | 003,665,693 | ---- | C] () -- C:\WINDOWS\System32\avbin.dll
[2009/12/03 10:07:49 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\winscp.rnd
[2009/08/21 17:39:48 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/08/03 12:49:13 | 000,124,368 | ---- | C] () -- C:\WINDOWS\ecrypt.exe
[2009/07/17 11:01:10 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\PUTTY.RND
[2009/06/25 15:11:45 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/24 15:02:19 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/06/19 10:35:51 | 000,012,736 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/18 10:52:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/18 10:51:21 | 002,157,184 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/18 10:40:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/06/18 10:33:46 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/06/18 10:21:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/06/18 09:20:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/06/18 09:13:22 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/02/25 22:58:44 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/02/25 22:58:44 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/01/26 19:55:37 | 000,182,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/08/04 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 14:00:00 | 000,508,378 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 14:00:00 | 000,084,620 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/04 02:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

========== LOP Check ==========

[2010/06/18 08:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/08/05 10:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/10/13 20:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
[2011/03/11 13:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HeidiSQL
[2010/05/31 12:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2010/11/16 10:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2009/08/20 15:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/02/04 10:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/04/21 16:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sparx Systems
[2010/06/25 15:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2011/05/17 10:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\.emacs.d
[2011/05/06 22:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\.minecraft
[2011/05/06 16:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\.purple
[2009/07/06 09:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Braid
[2011/08/11 16:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Dev-Cpp
[2011/10/20 17:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\foobar2000
[2010/11/04 16:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\gedit
[2011/08/17 11:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\gtk-2.0
[2011/03/11 13:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\HeidiSQL
[2009/06/18 13:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Helios
[2011/07/22 22:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\ImgBurn
[2010/02/19 11:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\lyx16
[2010/11/16 10:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\MySQL
[2011/02/04 10:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Research In Motion
[2010/04/21 16:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Sparx Systems
[2009/06/18 13:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Subversion
[2011/10/14 12:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\TeraCopy
[2010/11/11 10:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Thunderbird
[2011/09/07 12:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\TightVNC
[2010/06/25 15:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Trusteer
[2010/09/07 10:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\UDP Software
[2011/03/08 15:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\updatetool
[2010/05/11 10:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\uqm
[2010/08/10 15:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Wireshark
[2011/10/21 11:32:02 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/08/11 00:36:22 | 000,000,322 | ---- | M] () -- C:\WINDOWS\Tasks\shutdown.job

========== Purity Check ==========
< End of report >


I would really appreciate any assistance with this.

Kind regards,
Ryan

Edited by rcyza, 21 October 2011 - 04:11 AM.

  • 0

Advertisements

#2
ali.B
Posted 21 October 2011 - 01:05 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply
  • 0

#3
rcyza
Posted 24 October 2011 - 01:18 AM

rcyza

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi ali.B

Thanks very much for the response and advice.

I tried to download combofix from both of the links you offered and both tell me that the installer integrity check has failed.

Could the malware be causing this to happen?

Edited by rcyza, 24 October 2011 - 01:19 AM.

  • 0

#4
ali.B
Posted 27 October 2011 - 02:08 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://ipchargingqa....om-ipnet.co.za; http://localhost;
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:3128
O33 - MountPoints2\{14fa94f6-c1bc-11e0-b56a-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{14fa94f6-c1bc-11e0-b56a-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{14fa94f6-c1bc-11e0-b56a-0017a4ce734a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{14fa94f9-c1bc-11e0-b56a-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{14fa94f9-c1bc-11e0-b56a-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{14fa94f9-c1bc-11e0-b56a-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1990432e-a3e1-11e0-b530-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{1990432e-a3e1-11e0-b530-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1990432e-a3e1-11e0-b530-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{19904331-a3e1-11e0-b530-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{19904331-a3e1-11e0-b530-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{19904331-a3e1-11e0-b530-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1e058264-a2e7-11e0-b52c-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{1e058264-a2e7-11e0-b52c-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1e058264-a2e7-11e0-b52c-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1e058269-a2e7-11e0-b52c-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{1e058269-a2e7-11e0-b52c-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1e058269-a2e7-11e0-b52c-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3ebfd62b-e507-11e0-b5c6-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{3ebfd62b-e507-11e0-b5c6-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3ebfd62b-e507-11e0-b5c6-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3ebfd62e-e507-11e0-b5c6-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{3ebfd62e-e507-11e0-b5c6-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3ebfd62e-e507-11e0-b5c6-0017a4ce734a}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{45300c42-d25a-11e0-b594-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{45300c42-d25a-11e0-b594-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45300c42-d25a-11e0-b594-0017a4ce734a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{45300c45-d25a-11e0-b594-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{45300c45-d25a-11e0-b594-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45300c45-d25a-11e0-b594-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a9eb186-d24d-11e0-b591-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{4a9eb186-d24d-11e0-b591-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4a9eb186-d24d-11e0-b591-0017a4ce734a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4a9eb189-d24d-11e0-b591-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{4a9eb189-d24d-11e0-b591-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4a9eb189-d24d-11e0-b591-0017a4ce734a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6667ae5b-a436-11e0-b536-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{6667ae5b-a436-11e0-b536-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6667ae5b-a436-11e0-b536-0017a4ce734a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6ccf00b8-a434-11e0-b534-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{6ccf00b8-a434-11e0-b534-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6ccf00b8-a434-11e0-b534-0017a4ce734a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{72567b05-cace-11df-b3fc-0017a4ce734a}\Shell\AutoRun\command - "" = E:\Toshiba\Launcher\start.exe
O33 - MountPoints2\{7b5f4f69-f4f4-11e0-b5d3-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{7b5f4f69-f4f4-11e0-b5d3-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7b5f4f69-f4f4-11e0-b5d3-0017a4ce734a}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{7b5f4f6b-f4f4-11e0-b5d3-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{7b5f4f6b-f4f4-11e0-b5d3-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7b5f4f6b-f4f4-11e0-b5d3-0017a4ce734a}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{7b5f4f6e-f4f4-11e0-b5d3-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{7b5f4f6e-f4f4-11e0-b5d3-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7b5f4f6e-f4f4-11e0-b5d3-0017a4ce734a}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{7dff59b6-8737-11de-b253-028037fb0200}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{7dff59b6-8737-11de-b253-028037fb0200}\Shell\Install\command - "" = F:\Setup.exe
O33 - MountPoints2\{83950e0c-f5ef-11e0-b5db-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{83950e0c-f5ef-11e0-b5db-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{83950e0c-f5ef-11e0-b5db-0017a4ce734a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{854b95ca-dd64-11e0-b5b3-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{854b95ca-dd64-11e0-b5b3-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{854b95ca-dd64-11e0-b5b3-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{854b95cc-dd64-11e0-b5b3-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{854b95cc-dd64-11e0-b5b3-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{854b95cc-dd64-11e0-b5b3-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{99e2be24-dd6d-11e0-b5b6-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{99e2be24-dd6d-11e0-b5b6-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{99e2be24-dd6d-11e0-b5b6-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9ed0b0aa-bdd1-11e0-b55f-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{9ed0b0aa-bdd1-11e0-b55f-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9ed0b0aa-bdd1-11e0-b55f-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9ed0b0b0-bdd1-11e0-b55f-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{9ed0b0b0-bdd1-11e0-b55f-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9ed0b0b0-bdd1-11e0-b55f-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9ef80ece-f5c7-11e0-b5d8-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{9ef80ece-f5c7-11e0-b5d8-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9ef80ece-f5c7-11e0-b5d8-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ad1c2566-a618-11e0-b542-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{ad1c2566-a618-11e0-b542-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ad1c2566-a618-11e0-b542-0017a4ce734a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{adf5ea76-d225-11e0-b58f-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{adf5ea76-d225-11e0-b58f-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{adf5ea76-d225-11e0-b58f-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{adf5ea79-d225-11e0-b58f-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{adf5ea79-d225-11e0-b58f-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{adf5ea79-d225-11e0-b58f-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b2287c5a-96f6-11de-b270-fb941ce7e0a9}\Shell - "" = AutoRun
O33 - MountPoints2\{b2287c5a-96f6-11de-b270-fb941ce7e0a9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b2287c5a-96f6-11de-b270-fb941ce7e0a9}\Shell\AutoRun\command - "" = J:\VMC_PBStarter.exe
O33 - MountPoints2\{b2287c5b-96f6-11de-b270-fb941ce7e0a9}\Shell - "" = AutoRun
O33 - MountPoints2\{b2287c5b-96f6-11de-b270-fb941ce7e0a9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b2287c5b-96f6-11de-b270-fb941ce7e0a9}\Shell\AutoRun\command - "" = J:\VMC_PBStarter.exe
O33 - MountPoints2\{cf801cbc-dd71-11e0-b5b9-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{cf801cbc-dd71-11e0-b5b9-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf801cbc-dd71-11e0-b5b9-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cf801cbf-dd71-11e0-b5b9-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{cf801cbf-dd71-11e0-b5b9-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf801cbf-dd71-11e0-b5b9-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{dbb3e4f8-96b7-11de-b26e-f9c45b06aa20}\Shell - "" = AutoRun
O33 - MountPoints2\{dbb3e4f8-96b7-11de-b26e-f9c45b06aa20}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dbb3e4f8-96b7-11de-b26e-f9c45b06aa20}\Shell\AutoRun\command - "" = E:\VMC_PBStarter.exe
O33 - MountPoints2\{dbb3e4f9-96b7-11de-b26e-f9c45b06aa20}\Shell - "" = AutoRun
O33 - MountPoints2\{dbb3e4f9-96b7-11de-b26e-f9c45b06aa20}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dbb3e4f9-96b7-11de-b26e-f9c45b06aa20}\Shell\AutoRun\command - "" = E:\VMC_PBStarter.exe
O33 - MountPoints2\{dc62fe7b-a623-11e0-b544-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{dc62fe7b-a623-11e0-b544-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dc62fe7b-a623-11e0-b544-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e3a7d2b0-c1b6-11e0-b568-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{e3a7d2b0-c1b6-11e0-b568-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e3a7d2b0-c1b6-11e0-b568-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e3a7d2b3-c1b6-11e0-b568-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{e3a7d2b3-c1b6-11e0-b568-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e3a7d2b3-c1b6-11e0-b568-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Things I would like to see in your reply:
  • OTL log
  • MBAM log

  • 0

#5
rcyza
Posted 28 October 2011 - 04:14 AM

rcyza

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi ali.B

Thanks again. As requested, the OTL log from the quick scan:


OTL logfile created on: 2011/10/28 11:49:46 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Ryan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

1.87 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 70.29% Memory free
3.04 Gb Paging File | 2.71 Gb Available in Paging File | 89.37% Paging File free
Paging file location(s): c:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 2.07 Gb Free Space | 2.78% Space Free | Partition Type: NTFS

Computer Name: JAC-007651 | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Ryan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)
PRC - C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe ()
PRC - C:\Program Files\TextPad 5\TextPad.exe (Helios Software Solutions)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Cntlm\cntlm.exe ()
PRC - C:\Program Files\Cntlm\cygrunsrv.exe ()
PRC - C:\Program Files\FolderSize\FolderSizeSvc.exe (Brio)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe ()
MOD - C:\Program Files\Cntlm\cntlm.exe ()
MOD - C:\Program Files\Cntlm\cygrunsrv.exe ()


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (tvnserver) -- C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
SRV - (svnserver) -- C:\Program Files\Subversion\bin\svn.exe (http://subversion.tigris.org/)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (DCService.exe) -- C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe ()
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (Tomcat5) -- C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe (Apache Software Foundation)
SRV - (cntlm) -- C:\Program Files\Cntlm\cygrunsrv.exe ()
SRV - (FolderSize) -- C:\Program Files\FolderSize\FolderSizeSvc.exe (Brio)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (ewusbnet) -- C:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (s0017mdm) -- C:\WINDOWS\system32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\WINDOWS\system32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\WINDOWS\system32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\WINDOWS\system32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\WINDOWS\system32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\WINDOWS\system32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (b57w2k) Broadcom NetLink ™ -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://msas.telkom....on=0&formdir=1"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}:5.0.19
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "10.0.3.1"
FF - prefs.js..network.proxy.backup.gopher_port: 6050
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "10.0.3.1"
FF - prefs.js..network.proxy.gopher_port: 6050
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, ipchargingqa.telkom-ipnet.co.za, 10.225.141.143, sapportal.telkom.co.za"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.9: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/08 08:55:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/02 12:46:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/09 09:32:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/11/11 10:36:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/11/11 10:36:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Extensions
[2010/11/11 10:36:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/10/27 11:13:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\r9weau6q.default\extensions
[2010/05/13 08:59:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\r9weau6q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/13 09:22:06 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\r9weau6q.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/06/18 10:45:27 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\r9weau6q.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2011/10/27 11:13:25 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\r9weau6q.default\extensions\[email protected]
[2009/06/18 14:17:21 | 000,002,164 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\r9weau6q.default\searchplugins\bing.xml
[2009/06/18 14:18:45 | 000,001,899 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\r9weau6q.default\searchplugins\flickr-tags.xml
[2009/06/18 14:18:13 | 000,004,140 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\r9weau6q.default\searchplugins\youtube.xml
[2011/10/20 10:34:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/13 09:12:40 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/06/18 12:24:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}
[2011/02/10 13:29:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/10/20 10:34:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RYAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R9WEAU6Q.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RYAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R9WEAU6Q.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RYAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R9WEAU6Q.DEFAULT\EXTENSIONS\[email protected]
[2011/02/10 13:28:50 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/02 12:46:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/02 12:46:54 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/09/02 12:46:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/02 12:46:54 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/09/02 12:46:54 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/09/02 12:46:54 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: Adblock Plus for Google Chrome\u2122 (Beta) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.1.4_0\
CHR - Extension: FacebookBlocker = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpnnaablhmcfdhiadamaoojjcdjhckcb\1.2.3_0\
CHR - Extension: GIF Scrubber = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gbdacbnhlfdlllckelpdkgeklfjfgcmp\2.21_0\
CHR - Extension: AT_Porsche = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg\3\
CHR - Extension: Comic Text = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hfpglafkfedcnnojpioconphfcelcljj\1.2.4_0\
CHR - Extension: Disconnect = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\3.1.1_0\
CHR - Extension: Reddit Enhancement Suite = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\3.4_0\
CHR - Extension: StayFocusd = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.0.32.3_0\
CHR - Extension: Smooth Gestures = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld\0.15.4.8_0\
CHR - Extension: Poppit = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/10/28 11:37:14 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [HotKeyBind.exe] C:\Documents and Settings\Ryan\My Documents\Downloads\HotKeyBind-1.2\HotKeyBind.exe (Marco Barisione ([email protected]))
O4 - HKCU..\Run: [NetMeter] C:\Program Files\NetMeter\NetMeter.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tcenh209 ([]http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.231.162.87 165.143.131.218
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{941BE0D7-BC99-4807-B1CD-89616BAB2B80}: DhcpNameServer = 10.231.162.87 165.143.131.218
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Ryan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ryan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/18 09:17:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/28 09:20:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/28 09:14:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\OTL.exe
[2011/10/27 16:43:44 | 000,000,000 | ---D | C] -- C:\KindleGen
[2011/10/27 16:20:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\My Documents\My Publications
[2011/10/27 16:10:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mobipocket.com
[2011/10/27 16:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mobipocket Shared
[2011/10/27 16:09:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mobipocket.com
[2011/10/27 14:48:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Desktop\List-MoreUtils-0.33
[2011/10/24 13:15:10 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/24 13:15:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2011/10/24 13:14:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2011/10/21 12:42:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2011/10/21 12:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2011/10/21 12:42:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Security
[2011/10/21 12:28:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\Malwarebytes
[2011/10/21 12:28:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/21 12:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/21 12:28:12 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/21 12:28:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/20 17:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/10/20 11:44:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/10/20 11:31:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ryan\Recent
[2011/10/19 15:59:59 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/10/19 15:58:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/19 12:33:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\SUPERAntiSpyware.com
[2011/10/19 12:32:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/10/19 12:32:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/10/19 12:32:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/10/19 12:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/10/19 12:13:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Start Menu\Programs\HiJackThis
[2011/10/13 20:20:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\8ta connect
[2011/10/13 20:19:54 | 000,070,656 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys
[2011/10/13 20:19:54 | 000,069,632 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys
[2011/10/13 20:19:54 | 000,051,584 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys
[2011/10/13 20:19:54 | 000,026,880 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys
[2011/10/13 20:19:53 | 000,117,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2011/10/13 20:19:53 | 000,105,728 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2011/10/13 20:19:53 | 000,024,448 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2011/10/13 20:19:53 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys
[2011/10/13 20:19:52 | 000,101,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys
[2011/10/10 15:50:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2009/08/04 13:39:41 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpeCC.dll

========== Files - Modified Within 30 Days ==========

[2011/10/28 11:45:41 | 000,000,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/10/28 11:45:33 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/10/28 11:45:27 | 000,000,522 | ---- | M] () -- C:\WINDOWS\tasks\PandaUSBVaccine.job
[2011/10/28 11:45:26 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/28 11:45:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/28 11:43:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1292428093-839522115-1003UA.job
[2011/10/28 11:40:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/28 11:37:14 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/10/28 09:43:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1292428093-839522115-1003Core.job
[2011/10/28 09:14:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\OTL.exe
[2011/10/27 16:54:38 | 000,001,902 | -H-- | M] () -- C:\Documents and Settings\Ryan\My Documents\Default.rdp
[2011/10/27 16:42:59 | 005,968,181 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\kindlegen_win32_v1.2.zip
[2011/10/27 16:10:05 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mobipocket Creator.lnk
[2011/10/27 16:07:37 | 010,606,592 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\creator.msi
[2011/10/27 14:46:00 | 000,038,997 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\List-MoreUtils-0.33.tar.gz
[2011/10/27 12:02:13 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/10/27 11:10:53 | 000,000,118 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\perlreg.reg
[2011/10/27 11:03:32 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/27 09:31:40 | 000,508,378 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/27 09:31:40 | 000,084,620 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/27 09:25:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/26 17:28:33 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\PUTTY.RND
[2011/10/25 14:03:39 | 000,000,440 | ---- | M] () -- C:\WINDOWS\System32\cntlm.exe.stackdump
[2011/10/24 14:16:09 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/10/24 14:16:09 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/10/24 13:15:34 | 000,000,309 | RHS- | M] () -- C:\boot.ini
[2011/10/21 11:19:27 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/21 09:07:25 | 002,157,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/20 11:00:39 | 000,000,892 | ---- | M] () -- C:\WINDOWS\System32\reregall.bat
[2011/10/20 10:53:24 | 000,000,296 | ---- | M] () -- C:\Documents and Settings\Ryan\register.bat
[2011/10/18 16:41:10 | 000,000,146 | ---- | M] () -- C:\Documents and Settings\Ryan\svnbackupinc.bat
[2011/10/18 11:12:38 | 000,000,153 | ---- | M] () -- C:\Documents and Settings\Ryan\datevar.bat
[2011/10/18 11:11:53 | 000,000,182 | ---- | M] () -- C:\Documents and Settings\Ryan\datevar.bat~
[2011/10/18 11:00:21 | 000,000,080 | ---- | M] () -- C:\Documents and Settings\Ryan\1
[2011/10/18 10:53:40 | 000,000,123 | ---- | M] () -- C:\Documents and Settings\Ryan\datestring.bat
[2011/10/18 10:53:17 | 000,000,123 | ---- | M] () -- C:\Documents and Settings\Ryan\datestring.bat~
[2011/10/17 11:25:42 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\winscp.rnd
[2011/10/13 11:17:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\kakakakakak
[2011/10/13 11:17:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\kkakakak
[2011/10/13 10:30:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\da
[2011/10/11 14:07:18 | 000,847,427 | ---- | M] () -- C:\Documents and Settings\Ryan\My Documents\Telkom Corporate Blue-Pro 2007.potx
[2011/09/30 12:54:54 | 000,000,667 | ---- | M] () -- C:\Documents and Settings\Ryan\My Documents\dbtest.sql
[2011/09/30 12:42:20 | 000,000,137 | ---- | M] () -- C:\Documents and Settings\Ryan\My Documents\general_log.sql

========== Files Created - No Company Name ==========

[2011/10/27 16:42:11 | 005,968,181 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\kindlegen_win32_v1.2.zip
[2011/10/27 16:10:05 | 000,000,713 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mobipocket Creator.lnk
[2011/10/27 16:04:17 | 010,606,592 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\creator.msi
[2011/10/27 14:48:27 | 000,153,600 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\List-MoreUtils-0.33.tar
[2011/10/27 14:46:07 | 000,038,997 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\List-MoreUtils-0.33.tar.gz
[2011/10/27 11:10:42 | 000,000,118 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\perlreg.reg
[2011/10/24 13:15:33 | 000,000,238 | RHS- | C] () -- C:\BOOT.BAK
[2011/10/24 13:15:29 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/21 12:42:20 | 000,000,522 | ---- | C] () -- C:\WINDOWS\tasks\PandaUSBVaccine.job
[2011/10/20 17:14:19 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/10/20 14:02:23 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2011/10/20 14:02:23 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2011/10/20 11:00:25 | 000,000,892 | ---- | C] () -- C:\WINDOWS\System32\reregall.bat
[2011/10/20 10:53:18 | 000,000,296 | ---- | C] () -- C:\Documents and Settings\Ryan\register.bat
[2011/10/18 16:41:10 | 000,000,146 | ---- | C] () -- C:\Documents and Settings\Ryan\svnbackupinc.bat
[2011/10/18 11:00:21 | 000,000,080 | ---- | C] () -- C:\Documents and Settings\Ryan\1
[2011/10/18 10:57:47 | 000,000,182 | ---- | C] () -- C:\Documents and Settings\Ryan\datevar.bat~
[2011/10/18 10:57:47 | 000,000,153 | ---- | C] () -- C:\Documents and Settings\Ryan\datevar.bat
[2011/10/18 10:49:36 | 000,000,123 | ---- | C] () -- C:\Documents and Settings\Ryan\datestring.bat~
[2011/10/18 10:49:36 | 000,000,123 | ---- | C] () -- C:\Documents and Settings\Ryan\datestring.bat
[2011/10/13 11:17:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\kakakakakak
[2011/10/13 11:17:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\kkakakak
[2011/10/13 10:30:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\da
[2011/10/11 14:09:27 | 000,847,427 | ---- | C] () -- C:\Documents and Settings\Ryan\My Documents\Telkom Corporate Blue-Pro 2007.potx
[2011/09/30 12:54:54 | 000,000,667 | ---- | C] () -- C:\Documents and Settings\Ryan\My Documents\dbtest.sql
[2011/09/30 12:42:20 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Ryan\My Documents\general_log.sql
[2011/09/25 10:42:52 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/09/20 10:00:06 | 000,000,440 | ---- | C] () -- C:\WINDOWS\System32\cntlm.exe.stackdump
[2011/09/05 14:07:45 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/09/05 14:07:45 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/08/29 18:03:20 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2011/08/29 18:03:16 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2011/08/29 18:03:07 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2010/08/12 17:18:15 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/06/25 19:03:12 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010/05/07 11:02:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/22 17:53:29 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010/04/22 17:53:29 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010/04/22 17:53:29 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/12/31 20:00:14 | 003,665,693 | ---- | C] () -- C:\WINDOWS\System32\avbin.dll
[2009/12/03 10:07:49 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\winscp.rnd
[2009/08/21 17:39:48 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/08/03 12:49:13 | 000,124,368 | ---- | C] () -- C:\WINDOWS\ecrypt.exe
[2009/07/17 11:01:10 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\PUTTY.RND
[2009/06/25 15:11:45 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/24 15:02:19 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/06/19 10:35:51 | 000,012,736 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/18 10:52:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/18 10:51:21 | 002,157,184 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/18 10:40:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/06/18 10:33:46 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/06/18 10:21:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/06/18 09:20:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/06/18 09:13:22 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/02/25 22:58:44 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/02/25 22:58:44 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/01/26 19:55:37 | 000,182,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/08/04 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 14:00:00 | 000,508,378 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 14:00:00 | 000,084,620 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/04 02:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

========== LOP Check ==========

[2010/06/18 08:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/08/05 10:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/10/13 20:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
[2011/03/11 13:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HeidiSQL
[2010/05/31 12:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2010/11/16 10:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2011/10/21 12:42:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2009/08/20 15:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/02/04 10:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/04/21 16:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sparx Systems
[2010/06/25 15:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2011/05/17 10:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\.emacs.d
[2011/05/06 22:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\.minecraft
[2011/05/06 16:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\.purple
[2009/07/06 09:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Braid
[2011/08/11 16:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Dev-Cpp
[2011/10/26 17:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\foobar2000
[2011/10/28 09:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\gedit
[2011/08/17 11:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\gtk-2.0
[2011/03/11 13:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\HeidiSQL
[2009/06/18 13:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Helios
[2011/07/22 22:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\ImgBurn
[2010/02/19 11:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\lyx16
[2010/11/16 10:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\MySQL
[2011/02/04 10:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Research In Motion
[2010/04/21 16:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Sparx Systems
[2009/06/18 13:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Subversion
[2011/10/27 16:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\TeraCopy
[2010/11/11 10:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Thunderbird
[2011/09/07 12:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\TightVNC
[2010/06/25 15:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Trusteer
[2010/09/07 10:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\UDP Software
[2011/03/08 15:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\updatetool
[2010/05/11 10:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\uqm
[2010/08/10 15:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Wireshark
[2011/10/28 11:45:33 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/10/28 11:45:27 | 000,000,522 | ---- | M] () -- C:\WINDOWS\Tasks\PandaUSBVaccine.job
[2011/08/11 00:36:22 | 000,000,322 | ---- | M] () -- C:\WINDOWS\Tasks\shutdown.job

========== Purity Check ==========



< End of report >


And also the MBAM log from its quick scan:


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8033

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

2011/10/28 12:05:07 PM
mbam-log-2011-10-28 (12-05-07).txt

Scan type: Quick scan
Objects scanned: 158682
Time elapsed: 2 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Note: The first time I tried to run OTL it hung on the "killing processes" stage for over an hour so I rebooted. Windows then just showed me a black wallpaper instead of the taskbar and desktop icons after it booted again. I restarted again and went into the Recovery console (I had previously installed it from my win Xp cd) but didn't know what to do so just exited again and then windows booted up as normal. MBAM did not require me to reboot. Firefox is still redirecting google searches back to google.com or the search results page.
  • 0

#6
ali.B
Posted 30 October 2011 - 02:36 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

did you setup any proxy settings for firefox yourself ?
  • 0

#7
rcyza
Posted 31 October 2011 - 01:50 AM

rcyza

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Yes, I had to. The only way I have internet access at work is via a proxy.

127.0.0.1:3128 is a cntlm proxy running on my laptop to allow applications that cannot "speak" ntlm to access the internet.

10.0.3.1:9030 is a proxy for a DSL account that I use for testing. It used to use port 6050.

Edited by rcyza, 31 October 2011 - 03:32 AM.

  • 0

#8
ali.B
Posted 04 November 2011 - 11:43 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
do you get redirected in chrome too?
  • 0

#9
rcyza
Posted 07 November 2011 - 01:01 AM

rcyza

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
No, I don't.

In chrome I have found that I cannot log into Gmail or Amazon.
  • 0

#10
ali.B
Posted 09 November 2011 - 12:34 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
your logs does not show any sign of redirection infection.

try to fully uninstall firefox then reinstall it.
  • 0

#11
rcyza
Posted 09 November 2011 - 02:07 AM

rcyza

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Reinstalling Firefox seems to have done the trick, it no longer redirects, although I did decide to try out Firefox Aurora this time.

Note that after rebooting I am still occasionally getting the problem I mentioned after the last scan logs I posted, where after signing into windows I don't get a task bar and have to reboot.

Also, while google.com works as expected and does not redirect when I click links in chrome, if I try to sign into https://mail.google.com I get redirected back to https://mail.google.com.
  • 0

#12
ali.B
Posted 21 November 2011 - 10:27 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP