I noticed a while back that when clicking links I would simply be redirected to www.google.com or back to the search results page in Google.
I decided to find out why a few days ago and it would appear that I have a google redirect virus of some description. I have also noticed that I cannot log into amazon or load gmail in Chrome. Another problem that has started recently is that my Huawei e1820 3G dongle disconnects instantly after connecting, but I suspect that is unrelated to the virus.
Steps taken so far:
I have followed this guide on google redirects: http://www.geekstogo...ogle-redirects/
Gooredfix fails at "Scanning for general malware" step with a "Send error to microsoft" message.
I installed SUPERAntiSpyware and ran it, it detected and removed a trojan from what looked like a system restore folder. Unfortunately I did not record which trojan this was, I thought it might have saved a log but it does not show up in the log list. The firefox redirect problem is persisting though.
I then carried on following the Malware cleaning guide.
Here is the OTL log:
OTL logfile created on: 2011/10/21 11:24:36 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Ryan\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd
1.87 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 51.46% Memory free
3.04 Gb Paging File | 2.33 Gb Available in Paging File | 76.75% Paging File free
Paging file location(s): c:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 1.77 Gb Free Space | 2.37% Space Free | Partition Type: NTFS
Drive D: | 579.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: JAC-007651 | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Ryan\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
PRC - C:\WINDOWS\SoftwareDistribution\Download\Install\NDP40-KB2478663-x86.exe (Microsoft Corporation)
PRC - c:\d888e623038ea2c8c0\Setup.exe (Microsoft Corporation)
PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)
PRC - C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe ()
PRC - C:\Program Files\NetMeter\NetMeter.exe ()
PRC - \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE ()
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Cntlm\cntlm.exe ()
PRC - C:\Program Files\Cntlm\cygrunsrv.exe ()
PRC - C:\Program Files\FolderSize\FolderSizeSvc.exe (Brio)
PRC - C:\Documents and Settings\Ryan\My Documents\Downloads\HotKeyBind-1.2\HotKeyBind.exe (Marco Barisione ([email protected]))
========== Modules (No Company Name) ==========
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\39ad17570cd9b350f3191c46af747f0a\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\5b5dbf8a469be467c6f3a1ef97ff22cd\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\ccaccea2516d5479f2267ed40ad51f2c\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\4532468deac0fdeff26329333c7642b6\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\8d3a679adab2761b52ffbb45c9c3a424\UIAutomationTypes.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\a2ef92260effc4f8cef9339a24ba230b\UIAutomationProvider.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\9cce7d40f80e50a7e43d8e99f039359f\Microsoft.VisualC.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\dc0b188b244ec4a4ccec59ac6f1620ad\mscorlib.ni.dll ()
MOD - C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\15.0.874.100\ppgooglenaclpluginchrome.dll ()
MOD - C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\15.0.874.100\pdf.dll ()
MOD - C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\15.0.874.100\libglesv2.dll ()
MOD - C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\15.0.874.100\libegl.dll ()
MOD - C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\15.0.874.100\avutil-51.dll ()
MOD - C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\15.0.874.100\avformat-53.dll ()
MOD - C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\15.0.874.100\avcodec-53.dll ()
MOD - C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\15.0.874.100\gcswf32.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\NetMeter\NetMeter.exe ()
MOD - \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE ()
MOD - \\?\C:\WINDOWS\System32\WBEM\wbemcomn.dll ()
MOD - C:\WINDOWS\system32\qedit.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Cntlm\cntlm.exe ()
MOD - C:\Program Files\Cntlm\cygrunsrv.exe ()
========== Win32 Services (SafeList) ==========
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (tvnserver) -- C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
SRV - (svnserver) -- C:\Program Files\Subversion\bin\svn.exe (http://subversion.tigris.org/)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (DCService.exe) -- C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe ()
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (Tomcat5) -- C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe (Apache Software Foundation)
SRV - (cntlm) -- C:\Program Files\Cntlm\cygrunsrv.exe ()
SRV - (FolderSize) -- C:\Program Files\FolderSize\FolderSizeSvc.exe (Brio)
========== Driver Services (SafeList) ==========
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (ewusbnet) -- C:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (s0017mdm) -- C:\WINDOWS\system32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\WINDOWS\system32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\WINDOWS\system32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\WINDOWS\system32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\WINDOWS\system32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\WINDOWS\system32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (b57w2k) Broadcom NetLink -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://ipchargingqa....om-ipnet.co.za; http://localhost;
http://sapportal.telkom.co.za;
http://telkom.telkomportal.co.za;
http://sapportal.tel...ervlet/;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:3128
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://msas.telkom....on=0&formdir=1"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}:5.0.19
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "10.0.3.1"
FF - prefs.js..network.proxy.backup.gopher_port: 6050
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "10.0.3.1"
FF - prefs.js..network.proxy.gopher_port: 6050
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, ipchargingqa.telkom-ipnet.co.za, 10.225.141.143, sapportal.telkom.co.za"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 1
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.9: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/08 08:55:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/02 12:46:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/09 09:32:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/11/11 10:36:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2010/11/11 10:36:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Extensions
[2010/11/11 10:36:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/10/13 09:22:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\r9weau6q.default\extensions
[2010/05/13 08:59:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\r9weau6q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/13 09:22:06 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\r9weau6q.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/06/18 10:45:27 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\r9weau6q.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2011/09/28 09:06:27 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\r9weau6q.default\extensions\[email protected]
[2009/06/18 14:17:21 | 000,002,164 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\r9weau6q.default\searchplugins\bing.xml
[2009/06/18 14:18:45 | 000,001,899 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\r9weau6q.default\searchplugins\flickr-tags.xml
[2009/06/18 14:18:13 | 000,004,140 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Mozilla\Firefox\Profiles\r9weau6q.default\searchplugins\youtube.xml
[2011/10/20 10:34:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/13 09:12:40 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/06/18 12:24:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}
[2011/02/10 13:29:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/10/20 10:34:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RYAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R9WEAU6Q.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RYAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R9WEAU6Q.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RYAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\R9WEAU6Q.DEFAULT\EXTENSIONS\[email protected]
[2011/02/10 13:28:50 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/02 12:46:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/02 12:46:54 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/09/02 12:46:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/02 12:46:54 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/09/02 12:46:54 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/09/02 12:46:54 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\15.0.874.100\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\15.0.874.100\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\Application\15.0.874.100\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: Adblock Plus for Google Chrome\u2122 (Beta) = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.1.4_0\
CHR - Extension: FacebookBlocker = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpnnaablhmcfdhiadamaoojjcdjhckcb\1.2.3_0\
CHR - Extension: GIF Scrubber = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gbdacbnhlfdlllckelpdkgeklfjfgcmp\2.21_0\
CHR - Extension: AT_Porsche = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg\3\
CHR - Extension: Comic Text = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hfpglafkfedcnnojpioconphfcelcljj\1.2.4_0\
CHR - Extension: Disconnect = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\3.1.1_0\
CHR - Extension: Reddit Enhancement Suite = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\3.4_0\
CHR - Extension: StayFocusd = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.0.32.3_0\
CHR - Extension: Smooth Gestures = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld\0.15.4.8_0\
CHR - Extension: Poppit = C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
O1 HOSTS File: ([2011/10/20 09:52:44 | 000,000,080 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 10.225.141.19 svn_backup
O1 - Hosts: 10.225.141.126 svn_server
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKCU..\Run: [HotKeyBind.exe] C:\Documents and Settings\Ryan\My Documents\Downloads\HotKeyBind-1.2\HotKeyBind.exe (Marco Barisione ([email protected]))
O4 - HKCU..\Run: [NetMeter] C:\Program Files\NetMeter\NetMeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: tcenh209 ([]http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.231.162.87 165.143.131.218
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{941BE0D7-BC99-4807-B1CD-89616BAB2B80}: DhcpNameServer = 10.231.162.87 165.143.131.218
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Ryan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ryan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/18 09:17:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/04 14:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{14fa94f6-c1bc-11e0-b56a-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{14fa94f6-c1bc-11e0-b56a-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{14fa94f6-c1bc-11e0-b56a-0017a4ce734a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{14fa94f9-c1bc-11e0-b56a-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{14fa94f9-c1bc-11e0-b56a-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{14fa94f9-c1bc-11e0-b56a-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1990432e-a3e1-11e0-b530-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{1990432e-a3e1-11e0-b530-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1990432e-a3e1-11e0-b530-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{19904331-a3e1-11e0-b530-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{19904331-a3e1-11e0-b530-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{19904331-a3e1-11e0-b530-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1e058264-a2e7-11e0-b52c-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{1e058264-a2e7-11e0-b52c-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1e058264-a2e7-11e0-b52c-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1e058269-a2e7-11e0-b52c-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{1e058269-a2e7-11e0-b52c-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1e058269-a2e7-11e0-b52c-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3ebfd62b-e507-11e0-b5c6-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{3ebfd62b-e507-11e0-b5c6-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3ebfd62b-e507-11e0-b5c6-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3ebfd62e-e507-11e0-b5c6-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{3ebfd62e-e507-11e0-b5c6-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3ebfd62e-e507-11e0-b5c6-0017a4ce734a}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{45300c42-d25a-11e0-b594-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{45300c42-d25a-11e0-b594-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45300c42-d25a-11e0-b594-0017a4ce734a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{45300c45-d25a-11e0-b594-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{45300c45-d25a-11e0-b594-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45300c45-d25a-11e0-b594-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a9eb186-d24d-11e0-b591-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{4a9eb186-d24d-11e0-b591-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4a9eb186-d24d-11e0-b591-0017a4ce734a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4a9eb189-d24d-11e0-b591-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{4a9eb189-d24d-11e0-b591-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4a9eb189-d24d-11e0-b591-0017a4ce734a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6667ae5b-a436-11e0-b536-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{6667ae5b-a436-11e0-b536-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6667ae5b-a436-11e0-b536-0017a4ce734a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6ccf00b8-a434-11e0-b534-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{6ccf00b8-a434-11e0-b534-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6ccf00b8-a434-11e0-b534-0017a4ce734a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{72567b05-cace-11df-b3fc-0017a4ce734a}\Shell\AutoRun\command - "" = E:\Toshiba\Launcher\start.exe
O33 - MountPoints2\{7b5f4f69-f4f4-11e0-b5d3-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{7b5f4f69-f4f4-11e0-b5d3-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7b5f4f69-f4f4-11e0-b5d3-0017a4ce734a}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{7b5f4f6b-f4f4-11e0-b5d3-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{7b5f4f6b-f4f4-11e0-b5d3-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7b5f4f6b-f4f4-11e0-b5d3-0017a4ce734a}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{7b5f4f6e-f4f4-11e0-b5d3-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{7b5f4f6e-f4f4-11e0-b5d3-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7b5f4f6e-f4f4-11e0-b5d3-0017a4ce734a}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{7dff59b6-8737-11de-b253-028037fb0200}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{7dff59b6-8737-11de-b253-028037fb0200}\Shell\Install\command - "" = F:\Setup.exe
O33 - MountPoints2\{83950e0c-f5ef-11e0-b5db-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{83950e0c-f5ef-11e0-b5db-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{83950e0c-f5ef-11e0-b5db-0017a4ce734a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{854b95ca-dd64-11e0-b5b3-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{854b95ca-dd64-11e0-b5b3-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{854b95ca-dd64-11e0-b5b3-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{854b95cc-dd64-11e0-b5b3-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{854b95cc-dd64-11e0-b5b3-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{854b95cc-dd64-11e0-b5b3-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{99e2be24-dd6d-11e0-b5b6-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{99e2be24-dd6d-11e0-b5b6-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{99e2be24-dd6d-11e0-b5b6-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9ed0b0aa-bdd1-11e0-b55f-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{9ed0b0aa-bdd1-11e0-b55f-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9ed0b0aa-bdd1-11e0-b55f-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9ed0b0b0-bdd1-11e0-b55f-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{9ed0b0b0-bdd1-11e0-b55f-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9ed0b0b0-bdd1-11e0-b55f-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9ef80ece-f5c7-11e0-b5d8-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{9ef80ece-f5c7-11e0-b5d8-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9ef80ece-f5c7-11e0-b5d8-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ad1c2566-a618-11e0-b542-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{ad1c2566-a618-11e0-b542-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ad1c2566-a618-11e0-b542-0017a4ce734a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{adf5ea76-d225-11e0-b58f-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{adf5ea76-d225-11e0-b58f-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{adf5ea76-d225-11e0-b58f-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{adf5ea79-d225-11e0-b58f-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{adf5ea79-d225-11e0-b58f-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{adf5ea79-d225-11e0-b58f-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b2287c5a-96f6-11de-b270-fb941ce7e0a9}\Shell - "" = AutoRun
O33 - MountPoints2\{b2287c5a-96f6-11de-b270-fb941ce7e0a9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b2287c5a-96f6-11de-b270-fb941ce7e0a9}\Shell\AutoRun\command - "" = J:\VMC_PBStarter.exe
O33 - MountPoints2\{b2287c5b-96f6-11de-b270-fb941ce7e0a9}\Shell - "" = AutoRun
O33 - MountPoints2\{b2287c5b-96f6-11de-b270-fb941ce7e0a9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b2287c5b-96f6-11de-b270-fb941ce7e0a9}\Shell\AutoRun\command - "" = J:\VMC_PBStarter.exe
O33 - MountPoints2\{cf801cbc-dd71-11e0-b5b9-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{cf801cbc-dd71-11e0-b5b9-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf801cbc-dd71-11e0-b5b9-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cf801cbf-dd71-11e0-b5b9-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{cf801cbf-dd71-11e0-b5b9-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf801cbf-dd71-11e0-b5b9-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{dbb3e4f8-96b7-11de-b26e-f9c45b06aa20}\Shell - "" = AutoRun
O33 - MountPoints2\{dbb3e4f8-96b7-11de-b26e-f9c45b06aa20}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dbb3e4f8-96b7-11de-b26e-f9c45b06aa20}\Shell\AutoRun\command - "" = E:\VMC_PBStarter.exe
O33 - MountPoints2\{dbb3e4f9-96b7-11de-b26e-f9c45b06aa20}\Shell - "" = AutoRun
O33 - MountPoints2\{dbb3e4f9-96b7-11de-b26e-f9c45b06aa20}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dbb3e4f9-96b7-11de-b26e-f9c45b06aa20}\Shell\AutoRun\command - "" = E:\VMC_PBStarter.exe
O33 - MountPoints2\{dc62fe7b-a623-11e0-b544-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{dc62fe7b-a623-11e0-b544-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dc62fe7b-a623-11e0-b544-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e3a7d2b0-c1b6-11e0-b568-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{e3a7d2b0-c1b6-11e0-b568-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e3a7d2b0-c1b6-11e0-b568-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e3a7d2b3-c1b6-11e0-b568-0017a4ce734a}\Shell - "" = AutoRun
O33 - MountPoints2\{e3a7d2b3-c1b6-11e0-b568-0017a4ce734a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e3a7d2b3-c1b6-11e0-b568-0017a4ce734a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/10/21 11:18:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/10/20 17:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/10/20 11:44:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/10/20 11:31:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ryan\Recent
[2011/10/20 11:23:45 | 000,000,000 | ---D | C] -- C:\SVN_BACKUPTEST
[2011/10/19 16:11:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Desktop\tdsskiller
[2011/10/19 16:10:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Desktop\GooredFix Backups
[2011/10/19 15:59:59 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/10/19 15:58:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/19 15:58:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Desktop\erunt
[2011/10/19 15:56:34 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\OTM.exe
[2011/10/19 12:33:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Application Data\SUPERAntiSpyware.com
[2011/10/19 12:32:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/10/19 12:32:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/10/19 12:32:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/10/19 12:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/10/19 12:13:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Start Menu\Programs\HiJackThis
[2011/10/13 20:20:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\8ta connect
[2011/10/13 20:19:54 | 000,070,656 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys
[2011/10/13 20:19:54 | 000,069,632 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys
[2011/10/13 20:19:54 | 000,051,584 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys
[2011/10/13 20:19:54 | 000,026,880 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys
[2011/10/13 20:19:53 | 000,117,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2011/10/13 20:19:53 | 000,105,728 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2011/10/13 20:19:53 | 000,024,448 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2011/10/13 20:19:53 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys
[2011/10/13 20:19:52 | 000,101,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys
[2011/10/12 19:19:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Desktop\8ta-connect
[2011/10/12 19:19:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Desktop\8ta connect
[2011/10/12 19:12:47 | 029,274,112 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Documents and Settings\Ryan\Desktop\utps160021001372_mac160010900372.exe
[2011/10/12 14:04:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Desktop\csvn
[2011/10/10 15:50:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/09/21 13:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ryan\Desktop\BreadCrumbs
[2009/08/04 13:39:41 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpeCC.dll
========== Files - Modified Within 30 Days ==========
[2011/10/21 11:32:02 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/10/21 11:23:26 | 000,001,906 | -H-- | M] () -- C:\Documents and Settings\Ryan\My Documents\Default.rdp
[2011/10/21 11:21:23 | 000,508,378 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/21 11:21:23 | 000,084,620 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/21 10:40:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/21 10:38:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1292428093-839522115-1003UA.job
[2011/10/21 09:10:35 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/10/21 09:10:35 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/10/21 09:09:17 | 000,000,437 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/10/21 09:07:27 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/21 09:07:25 | 002,157,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/21 09:07:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/20 17:44:50 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/20 15:15:59 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/10/20 14:38:01 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1292428093-839522115-1003Core.job
[2011/10/20 12:22:46 | 017,019,276 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\RevenueAssuranceDashboardEAR.ear
[2011/10/20 11:00:39 | 000,000,892 | ---- | M] () -- C:\WINDOWS\System32\reregall.bat
[2011/10/20 10:53:24 | 000,000,296 | ---- | M] () -- C:\Documents and Settings\Ryan\register.bat
[2011/10/20 09:52:44 | 000,000,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/19 16:11:35 | 001,540,631 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\tdsskiller.zip
[2011/10/19 15:57:40 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\erunt.zip
[2011/10/19 15:56:50 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan\Desktop\OTM.exe
[2011/10/19 12:32:28 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/19 12:13:20 | 000,001,982 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\HiJackThis.lnk
[2011/10/19 09:19:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/18 16:41:10 | 000,000,146 | ---- | M] () -- C:\Documents and Settings\Ryan\svnbackupinc.bat
[2011/10/18 11:12:38 | 000,000,153 | ---- | M] () -- C:\Documents and Settings\Ryan\datevar.bat
[2011/10/18 11:11:53 | 000,000,182 | ---- | M] () -- C:\Documents and Settings\Ryan\datevar.bat~
[2011/10/18 11:00:21 | 000,000,080 | ---- | M] () -- C:\Documents and Settings\Ryan\1
[2011/10/18 10:53:40 | 000,000,123 | ---- | M] () -- C:\Documents and Settings\Ryan\datestring.bat
[2011/10/18 10:53:17 | 000,000,123 | ---- | M] () -- C:\Documents and Settings\Ryan\datestring.bat~
[2011/10/17 13:25:43 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\PUTTY.RND
[2011/10/17 11:31:27 | 000,000,624 | ---- | M] () -- C:\WINDOWS\System32\cntlm.exe.stackdump
[2011/10/17 11:25:42 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Ryan\Application Data\winscp.rnd
[2011/10/17 11:07:33 | 002,092,508 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\sendmail.8.14.5.tar.gz
[2011/10/14 14:43:05 | 190,935,040 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\MySQL-5.5.16-1.rhel5.x86_64.tar
[2011/10/14 12:15:56 | 000,005,781 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\svninstall_rhel5_wandisco.sh
[2011/10/14 12:11:42 | 006,593,086 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\subversion-1.5.5-1.rhel5.src.rpm
[2011/10/14 12:09:25 | 000,819,496 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\neon-0.27.2-1.src.rpm
[2011/10/13 20:20:30 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\8ta connect.lnk
[2011/10/13 17:18:58 | 154,922,553 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\java_ee_sdk-6u3-jdk7-linux-x64-ml.sh
[2011/10/13 13:47:48 | 013,726,981 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\CollabNetSubversion-client-1.6.17-1.x86_64.rpm
[2011/10/13 11:17:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\kakakakakak
[2011/10/13 11:17:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\kkakakak
[2011/10/13 10:30:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\da
[2011/10/12 19:02:12 | 029,274,112 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Documents and Settings\Ryan\Desktop\utps160021001372_mac160010900372.exe
[2011/10/12 19:01:00 | 014,253,024 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\8ta-connect.zip
[2011/10/12 17:32:08 | 081,695,645 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\jdk-7-linux-x64.rpm
[2011/10/12 15:27:09 | 147,525,974 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\java_ee_sdk-6u3-jdk7-linux-x64.sh
[2011/10/12 12:07:01 | 086,317,733 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\CollabNetSubversionEdge-2.1.0_linux-x86_64.tar.gz
[2011/10/12 12:01:40 | 000,040,715 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\365ab59f-ab3a-47f0-ad12-8bc814078bae.pdf
[2011/10/12 12:01:34 | 000,077,172 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\Conference_2011_Programme.pdf
[2011/10/11 14:07:18 | 000,847,427 | ---- | M] () -- C:\Documents and Settings\Ryan\My Documents\Telkom Corporate Blue-Pro 2007.potx
[2011/10/07 21:42:08 | 150,333,440 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\CollabNetSubversionEdge-2.1.0_linux-x86_64.tar
[2011/09/30 12:54:54 | 000,000,667 | ---- | M] () -- C:\Documents and Settings\Ryan\My Documents\dbtest.sql
[2011/09/30 12:42:20 | 000,000,137 | ---- | M] () -- C:\Documents and Settings\Ryan\My Documents\general_log.sql
[2011/09/26 10:09:56 | 000,012,288 | -H-- | M] () -- C:\Documents and Settings\Ryan\_.swo
[2011/09/25 13:30:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/23 11:26:44 | 000,000,130 | ---- | M] () -- C:\Documents and Settings\Ryan\My Documents\failcakes.sql
[2011/09/22 12:40:18 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/22 12:40:10 | 006,839,834 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\1311165908.wmv
[2011/09/21 13:05:18 | 000,009,078 | ---- | M] () -- C:\Documents and Settings\Ryan\Desktop\BreadCrumbs-MW1.11-r23533.tar.gz
========== Files Created - No Company Name ==========
[2011/10/20 17:14:19 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/10/20 14:02:23 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2011/10/20 14:02:23 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2011/10/20 11:00:25 | 000,000,892 | ---- | C] () -- C:\WINDOWS\System32\reregall.bat
[2011/10/20 10:53:18 | 000,000,296 | ---- | C] () -- C:\Documents and Settings\Ryan\register.bat
[2011/10/19 16:11:21 | 001,540,631 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\tdsskiller.zip
[2011/10/19 15:57:35 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\erunt.zip
[2011/10/19 12:32:28 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/19 12:13:20 | 000,001,982 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\HiJackThis.lnk
[2011/10/18 16:41:10 | 000,000,146 | ---- | C] () -- C:\Documents and Settings\Ryan\svnbackupinc.bat
[2011/10/18 13:11:52 | 017,019,276 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\RevenueAssuranceDashboardEAR.ear
[2011/10/18 11:00:21 | 000,000,080 | ---- | C] () -- C:\Documents and Settings\Ryan\1
[2011/10/18 10:57:47 | 000,000,182 | ---- | C] () -- C:\Documents and Settings\Ryan\datevar.bat~
[2011/10/18 10:57:47 | 000,000,153 | ---- | C] () -- C:\Documents and Settings\Ryan\datevar.bat
[2011/10/18 10:49:36 | 000,000,123 | ---- | C] () -- C:\Documents and Settings\Ryan\datestring.bat~
[2011/10/18 10:49:36 | 000,000,123 | ---- | C] () -- C:\Documents and Settings\Ryan\datestring.bat
[2011/10/17 11:06:59 | 002,092,508 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\sendmail.8.14.5.tar.gz
[2011/10/14 14:29:31 | 190,935,040 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\MySQL-5.5.16-1.rhel5.x86_64.tar
[2011/10/14 12:16:03 | 000,005,781 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\svninstall_rhel5_wandisco.sh
[2011/10/14 12:09:06 | 000,819,496 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\neon-0.27.2-1.src.rpm
[2011/10/14 12:09:03 | 006,593,086 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\subversion-1.5.5-1.rhel5.src.rpm
[2011/10/13 20:20:30 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\8ta connect.lnk
[2011/10/13 17:06:07 | 154,922,553 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\java_ee_sdk-6u3-jdk7-linux-x64-ml.sh
[2011/10/13 13:43:04 | 013,726,981 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\CollabNetSubversion-client-1.6.17-1.x86_64.rpm
[2011/10/13 11:17:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\kakakakakak
[2011/10/13 11:17:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\kkakakak
[2011/10/13 10:30:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\da
[2011/10/12 19:12:47 | 014,253,024 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\8ta-connect.zip
[2011/10/12 17:25:15 | 081,695,645 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\jdk-7-linux-x64.rpm
[2011/10/12 14:15:29 | 147,525,974 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\java_ee_sdk-6u3-jdk7-linux-x64.sh
[2011/10/12 14:03:54 | 150,333,440 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\CollabNetSubversionEdge-2.1.0_linux-x86_64.tar
[2011/10/12 12:01:44 | 000,040,715 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\365ab59f-ab3a-47f0-ad12-8bc814078bae.pdf
[2011/10/12 12:01:37 | 000,077,172 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\Conference_2011_Programme.pdf
[2011/10/12 11:37:02 | 086,317,733 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\CollabNetSubversionEdge-2.1.0_linux-x86_64.tar.gz
[2011/10/11 14:09:27 | 000,847,427 | ---- | C] () -- C:\Documents and Settings\Ryan\My Documents\Telkom Corporate Blue-Pro 2007.potx
[2011/09/30 12:54:54 | 000,000,667 | ---- | C] () -- C:\Documents and Settings\Ryan\My Documents\dbtest.sql
[2011/09/30 12:42:20 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Ryan\My Documents\general_log.sql
[2011/09/26 09:19:00 | 000,012,288 | -H-- | C] () -- C:\Documents and Settings\Ryan\_.swo
[2011/09/25 10:42:52 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/09/23 11:26:44 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Ryan\My Documents\failcakes.sql
[2011/09/22 12:37:35 | 006,839,834 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\1311165908.wmv
[2011/09/21 13:06:25 | 000,009,078 | ---- | C] () -- C:\Documents and Settings\Ryan\Desktop\BreadCrumbs-MW1.11-r23533.tar.gz
[2011/09/20 10:00:06 | 000,000,624 | ---- | C] () -- C:\WINDOWS\System32\cntlm.exe.stackdump
[2011/09/05 14:07:45 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/09/05 14:07:45 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/08/29 18:03:20 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2011/08/29 18:03:16 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2011/08/29 18:03:07 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2010/08/12 17:18:15 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/06/25 19:03:12 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010/05/07 11:02:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/22 17:53:29 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010/04/22 17:53:29 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010/04/22 17:53:29 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/12/31 20:00:14 | 003,665,693 | ---- | C] () -- C:\WINDOWS\System32\avbin.dll
[2009/12/03 10:07:49 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Ryan\Application Data\winscp.rnd
[2009/08/21 17:39:48 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/08/03 12:49:13 | 000,124,368 | ---- | C] () -- C:\WINDOWS\ecrypt.exe
[2009/07/17 11:01:10 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\PUTTY.RND
[2009/06/25 15:11:45 | 000,054,272 | ---- | C] () -- C:\Documents and Settings\Ryan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/24 15:02:19 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/06/19 10:35:51 | 000,012,736 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/18 10:52:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/18 10:51:21 | 002,157,184 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/18 10:40:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/06/18 10:33:46 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/06/18 10:21:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/06/18 09:20:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/06/18 09:13:22 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/02/25 22:58:44 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/02/25 22:58:44 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/01/26 19:55:37 | 000,182,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/08/04 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 14:00:00 | 000,508,378 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 14:00:00 | 000,084,620 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/04 02:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
========== LOP Check ==========
[2010/06/18 08:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/08/05 10:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/10/13 20:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
[2011/03/11 13:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HeidiSQL
[2010/05/31 12:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2010/11/16 10:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2009/08/20 15:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/02/04 10:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/04/21 16:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sparx Systems
[2010/06/25 15:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2011/05/17 10:40:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\.emacs.d
[2011/05/06 22:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\.minecraft
[2011/05/06 16:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\.purple
[2009/07/06 09:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Braid
[2011/08/11 16:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Dev-Cpp
[2011/10/20 17:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\foobar2000
[2010/11/04 16:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\gedit
[2011/08/17 11:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\gtk-2.0
[2011/03/11 13:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\HeidiSQL
[2009/06/18 13:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Helios
[2011/07/22 22:12:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\ImgBurn
[2010/02/19 11:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\lyx16
[2010/11/16 10:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\MySQL
[2011/02/04 10:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Research In Motion
[2010/04/21 16:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Sparx Systems
[2009/06/18 13:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Subversion
[2011/10/14 12:18:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\TeraCopy
[2010/11/11 10:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Thunderbird
[2011/09/07 12:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\TightVNC
[2010/06/25 15:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Trusteer
[2010/09/07 10:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\UDP Software
[2011/03/08 15:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\updatetool
[2010/05/11 10:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\uqm
[2010/08/10 15:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ryan\Application Data\Wireshark
[2011/10/21 11:32:02 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/08/11 00:36:22 | 000,000,322 | ---- | M] () -- C:\WINDOWS\Tasks\shutdown.job
========== Purity Check ==========
< End of report >
I would really appreciate any assistance with this.
Kind regards,
Ryan
Edited by rcyza, 21 October 2011 - 04:11 AM.