Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32/Kryptik.ITV trojan


  • Please log in to reply

#1
saniya8987

saniya8987

    Member

  • Member
  • PipPip
  • 20 posts
Hi,

I've been running a few scans on my laptop for the last few days because it didn't seem to be working perfectly since I had a friend borrow my laptop. First google chrome kept freezing up and when I switched to Mozilla firefox I kept getting google re-directs. So when I ran scans with AVG nothing was found initially but in my last scan there was a trojan found, I can't give you the name of it because when I went to get the name the scan had been deleted from my scan history and it's not in the virus vault. But then I ran a scan with Malwarebytes' and it picked up a Malware.Gen. After this the Malware.Gen was quarantined and in the following scans nothing was found until today when I ran a ESET Online Scan and it found a variant of Win32/Kryptik.ITV trojan. It seems to me that all three scanners are picking up different problems and now I'm worried that I have a bigger problem that the scanners aren't picking up.

I would appreciate any help that you can give as I don't really know how to deal with this, I had virus problem previously and was being really careful with my laptop but it appears lending my laptop wasn't the best idea. :-(

I've posted my OTL logs below. Thank you for all your help.

OTL logfile created on: 05/06/2011 15:31:43 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Ruler of the world\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 36.82% Memory free
6.18 Gb Paging File | 4.41 Gb Available in Paging File | 71.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290.32 Gb Total Space | 172.83 Gb Free Space | 59.53% Space Free | Partition Type: NTFS

Computer Name: ROOM101 | User Name: Ruler of the world | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/05 15:26:26 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Ruler of the world\Desktop\OTL.exe
PRC - [2011/05/31 14:24:26 | 000,941,936 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2011/05/29 09:11:22 | 001,047,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/04/28 14:34:42 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/04/28 14:34:42 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/04/13 15:02:41 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/03/21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/03/19 13:55:24 | 001,204,224 | ---- | M] (www.IslamicFinder.org) -- C:\Program Files\Athan\Athan.exe
PRC - [2011/03/18 11:18:58 | 000,546,464 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
PRC - [2011/03/18 11:18:54 | 000,880,184 | ---- | M] () -- C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
PRC - [2010/09/16 15:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010/09/15 05:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/10 01:45:18 | 003,210,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe
PRC - [2010/09/10 01:44:22 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/09/09 04:46:42 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/09/07 03:50:58 | 001,065,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/09/07 03:50:22 | 001,047,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010/09/07 03:50:14 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/09/07 03:50:08 | 000,745,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010/09/03 10:35:52 | 000,725,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/09/03 10:35:50 | 006,104,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/04/02 19:07:56 | 000,147,456 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2008/04/02 19:07:54 | 000,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2008/04/02 19:07:38 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2008/03/07 19:48:38 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2008/02/21 18:26:20 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2008/02/21 18:26:20 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008/01/23 02:16:14 | 000,550,752 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
PRC - [2007/11/21 20:38:28 | 000,311,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2007/11/13 04:59:54 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2007/11/10 01:34:28 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
PRC - [2007/06/05 21:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007/01/05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (SafeList) ==========

MOD - [2011/06/05 15:26:26 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Ruler of the world\Desktop\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/28 14:34:42 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/09/16 15:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/10 01:45:18 | 003,210,176 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2010/09/03 10:35:50 | 006,104,144 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2008/04/02 19:07:58 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/04/02 19:07:56 | 000,147,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2008/04/02 19:07:54 | 000,184,320 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/04/02 19:07:38 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/03/05 04:58:30 | 000,063,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/03/05 04:56:42 | 000,350,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/03/05 04:54:50 | 000,104,288 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/03/03 22:45:48 | 000,333,088 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2008/03/03 21:27:14 | 000,087,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2008/02/21 18:26:20 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/28 10:08:02 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2007/11/28 10:02:20 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2007/11/28 09:43:44 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2007/11/13 04:59:54 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/11/10 01:34:28 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/06/05 21:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/05/24 15:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/01/05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/06/01 17:44:58 | 000,057,144 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys -- (RapportCerberus_26762)
DRV - [2011/05/19 17:45:26 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/04/28 14:34:50 | 000,066,360 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/04/28 14:34:50 | 000,053,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/04/28 14:34:48 | 000,158,904 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/09/13 16:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:38 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/19 21:42:36 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/07/12 04:34:02 | 000,054,112 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010/06/23 11:23:44 | 000,023,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/03/06 15:04:48 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/06/10 01:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2008/02/13 01:01:28 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2008/02/13 01:01:28 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2008/02/07 01:03:27 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/01/31 01:33:28 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007/12/17 02:57:23 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/12/14 01:40:06 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007/11/16 01:29:22 | 000,818,688 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/09/26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/05/26 09:03:06 | 000,128,104 | R--- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/05/07 12:49:38 | 000,013,824 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2007/04/18 04:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/03/22 10:09:36 | 000,009,600 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MUsbFltr.sys -- (tiltmouse)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B7 9C 6A 37 0D DC CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.87
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.4
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.5
FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.5.1462
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1114
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.2.0
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/10/24 16:08:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/13 15:04:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/25 20:39:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/25 20:39:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 11\components [2011/05/23 20:50:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 11\plugins

[2009/12/05 19:42:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruler of the world\AppData\Roaming\Mozilla\Extensions
[2011/06/05 15:22:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruler of the world\AppData\Roaming\Mozilla\Firefox\Profiles\jy6ra9wg.default\extensions
[2011/05/20 16:10:54 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Ruler of the world\AppData\Roaming\Mozilla\Firefox\Profiles\jy6ra9wg.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/04/28 19:49:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ruler of the world\AppData\Roaming\Mozilla\Firefox\Profiles\jy6ra9wg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/05 15:22:31 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Ruler of the world\AppData\Roaming\Mozilla\Firefox\Profiles\jy6ra9wg.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2011/05/19 17:41:05 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Ruler of the world\AppData\Roaming\Mozilla\Firefox\Profiles\jy6ra9wg.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/10/30 22:36:54 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Ruler of the world\AppData\Roaming\Mozilla\Firefox\Profiles\jy6ra9wg.default\extensions\[email protected]
[2010/10/09 19:18:40 | 000,000,000 | ---D | M] (Oberon Game Host) -- C:\Users\Ruler of the world\AppData\Roaming\Mozilla\Firefox\Profiles\jy6ra9wg.default\extensions\[email protected]
[2010/05/06 18:05:58 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Ruler of the world\AppData\Roaming\Mozilla\Firefox\Profiles\jy6ra9wg.default\extensions\[email protected]
[2011/02/07 22:14:50 | 000,002,306 | ---- | M] () -- C:\Users\Ruler of the world\AppData\Roaming\Mozilla\Firefox\Profiles\jy6ra9wg.default\searchplugins\wot-safe-search.xml
[2011/02/19 13:42:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/18 18:39:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/15 16:03:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/19 08:04:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/15 17:11:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/16 18:44:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/04/25 20:28:20 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 11\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\RULER OF THE WORLD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JY6RA9WG.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}.XPI
() (No name found) -- C:\USERS\RULER OF THE WORLD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JY6RA9WG.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\RULER OF THE WORLD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JY6RA9WG.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\USERS\RULER OF THE WORLD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JY6RA9WG.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\RULER OF THE WORLD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JY6RA9WG.DEFAULT\EXTENSIONS\[email protected]
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/05/06 23:05:12 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Athan] C:\Program Files\Athan\Athan.exe (www.IslamicFinder.org)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VAIO Help and Support Demo] C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe ()
O4 - HKLM..\Run: [VAIOMyMemCenter] C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe ()
O4 - HKLM..\Run: [VAIORegistration] C:\Program Files\Sony\First Experience\WelcomeLauncher.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe ()
O4 - HKLM..\Run: [VWLASU] C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - Reg Error: Value error. File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{e22e038a-fe83-11dd-aab9-001dba393fab}\Shell - "" = AutoRun
O33 - MountPoints2\{e22e038a-fe83-11dd-aab9-001dba393fab}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/05 15:26:26 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Ruler of the world\Desktop\OTL.exe
[2011/06/05 13:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\EA SPORTS
[2011/06/04 21:06:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/31 14:38:07 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/05/31 14:37:51 | 000,000,000 | ---D | C] -- C:\Users\Ruler of the world\AppData\Local\Sunbelt Software
[2011/05/31 14:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/05/31 14:33:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
[2011/05/31 14:32:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/05/31 14:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/05/31 14:29:01 | 000,000,000 | ---D | C] -- C:\Users\Ruler of the world\AppData\Local\Google Translator
[2011/05/31 14:24:31 | 000,000,000 | ---D | C] -- C:\Users\Ruler of the world\AppData\Roaming\Opera
[2011/05/31 14:24:31 | 000,000,000 | ---D | C] -- C:\Users\Ruler of the world\AppData\Local\Opera
[2011/05/31 14:24:25 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011/05/31 14:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011/05/19 19:14:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Sports Interactive
[2011/05/19 19:13:42 | 000,000,000 | ---D | C] -- C:\Users\Ruler of the world\Documents\Sports Interactive
[2011/05/19 19:13:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Sports Interactive
[2011/05/19 19:13:40 | 000,000,000 | ---D | C] -- C:\Users\Ruler of the world\AppData\Local\Sports Interactive
[2011/05/19 19:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\Sports Interactive
[2011/05/19 17:45:26 | 000,218,688 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011/05/19 17:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/05/19 17:45:14 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011/05/19 17:40:53 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/05/19 17:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/05/19 17:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze_Remote
[2011/05/19 17:40:46 | 000,000,000 | ---D | C] -- C:\Users\Ruler of the world\AppData\Local\Conduit
[2011/05/19 13:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/05/19 13:57:34 | 000,000,000 | ---D | C] -- C:\Users\Ruler of the world\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/05/14 13:31:25 | 000,000,000 | ---D | C] -- C:\Users\Ruler of the world\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BUFFALO
[2011/05/14 13:31:24 | 000,000,000 | ---D | C] -- C:\Program Files\BUFFALO
[2011/05/06 23:05:09 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/05/06 17:20:17 | 000,000,000 | ---D | C] -- C:\Users\Ruler of the world\Desktop\Movies

========== Files - Modified Within 30 Days ==========

[2011/06/05 15:26:26 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Ruler of the world\Desktop\OTL.exe
[2011/06/05 15:01:04 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/05 14:20:51 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/05 14:20:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/05 13:45:28 | 117,270,103 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/06/05 13:22:27 | 000,612,100 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/05 13:22:27 | 000,109,516 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/05 12:20:51 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/05 12:20:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/05 12:20:43 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/05 02:08:17 | 000,006,396 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/06/04 21:14:14 | 000,441,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/04 21:13:56 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/06/04 19:12:59 | 000,711,688 | ---- | M] () -- C:\Users\Ruler of the world\Desktop\uninstall.reg
[2011/06/03 18:59:51 | 000,654,320 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2011/06/03 18:28:32 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/06/03 18:28:32 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/05/31 14:38:07 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/05/31 14:34:32 | 000,001,978 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/05/31 14:34:32 | 000,001,962 | ---- | M] () -- C:\Users\Ruler of the world\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/31 14:24:28 | 000,001,643 | ---- | M] () -- C:\Users\Ruler of the world\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/05/31 14:24:28 | 000,001,619 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/26 16:38:32 | 000,002,651 | ---- | M] () -- C:\Users\Ruler of the world\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011/05/19 17:45:26 | 000,218,688 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011/05/19 17:41:22 | 000,001,638 | ---- | M] () -- C:\Users\Ruler of the world\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/05/13 14:06:09 | 000,000,948 | ---- | M] () -- C:\Users\Ruler of the world\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/12 22:13:44 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/05/12 22:13:44 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/05/12 22:13:33 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/05/06 23:29:49 | 000,000,977 | ---- | M] () -- C:\Users\Ruler of the world\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/06 23:29:49 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/06 23:05:12 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/05/06 17:36:47 | 000,057,344 | ---- | M] () -- C:\Users\Ruler of the world\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/06/04 19:12:59 | 000,711,688 | ---- | C] () -- C:\Users\Ruler of the world\Desktop\uninstall.reg
[2011/06/04 17:06:27 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/05/31 14:49:44 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/05/31 14:49:44 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/05/31 14:34:32 | 000,001,978 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/05/31 14:34:32 | 000,001,962 | ---- | C] () -- C:\Users\Ruler of the world\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/31 14:29:02 | 000,001,993 | ---- | C] () -- C:\Users\Ruler of the world\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Translator.lnk
[2011/05/31 14:24:28 | 000,001,643 | ---- | C] () -- C:\Users\Ruler of the world\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/05/31 14:24:28 | 000,001,631 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2011/05/31 14:24:28 | 000,001,619 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2011/05/19 17:41:22 | 000,001,638 | ---- | C] () -- C:\Users\Ruler of the world\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/05/19 17:41:22 | 000,001,638 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[2011/05/12 22:13:33 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/05/06 23:29:49 | 000,000,977 | ---- | C] () -- C:\Users\Ruler of the world\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/06 23:29:49 | 000,000,965 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/06 23:29:49 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/04 02:00:22 | 000,008,922 | ---- | C] () -- C:\Windows\UN020914.INI
[2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/09/11 12:43:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/11 12:43:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/11 13:18:27 | 000,116,842 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/06/05 11:32:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/02/20 14:26:30 | 000,001,356 | ---- | C] () -- C:\Users\Ruler of the world\AppData\Local\d3d9caps.dat
[2008/12/31 20:32:31 | 000,148,899 | ---- | C] () -- C:\Windows\hpoins19.dat
[2008/12/31 20:31:19 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2008/12/08 23:40:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/10/30 00:14:01 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/10/30 00:14:01 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\1335355B6A.sys
[2008/10/28 12:36:13 | 000,057,344 | ---- | C] () -- C:\Users\Ruler of the world\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/20 10:21:39 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/04/18 21:52:44 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008/04/18 20:59:47 | 000,000,032 | ---- | C] () -- C:\Windows\System32\elcric.dat
[2008/04/18 20:25:16 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/04/18 19:34:04 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/04/18 19:34:04 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/04/18 19:34:04 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll
[2008/04/18 19:31:02 | 000,006,396 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/10/30 18:44:52 | 000,393,216 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007/06/05 21:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2007/04/16 11:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,441,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,612,100 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,109,516 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/11/14 21:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2010/10/24 13:26:01 | 000,000,000 | ---D | M] -- C:\Users\Ruler of the world\AppData\Roaming\AVG10
[2011/06/02 20:57:12 | 000,000,000 | ---D | M] -- C:\Users\Ruler of the world\AppData\Roaming\Azureus
[2009/02/26 20:17:56 | 000,000,000 | ---D | M] -- C:\Users\Ruler of the world\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/03/06 15:15:12 | 000,000,000 | ---D | M] -- C:\Users\Ruler of the world\AppData\Roaming\DAEMON Tools Lite
[2009/08/15 15:51:56 | 000,000,000 | ---D | M] -- C:\Users\Ruler of the world\AppData\Roaming\EasyJob Resume Builder
[2010/01/03 02:31:21 | 000,000,000 | ---D | M] -- C:\Users\Ruler of the world\AppData\Roaming\FireShot
[2010/10/10 16:12:01 | 000,000,000 | ---D | M] -- C:\Users\Ruler of the world\AppData\Roaming\Floodlight Games
[2010/12/04 20:12:48 | 000,000,000 | ---D | M] -- C:\Users\Ruler of the world\AppData\Roaming\Foxit
[2010/12/04 20:12:49 | 000,000,000 | ---D | M] -- C:\Users\Ruler of the world\AppData\Roaming\Foxit Software
[2010/10/10 20:39:51 | 000,000,000 | ---D | M] -- C:\Users\Ruler of the world\AppData\Roaming\Gogii
[2011/02/19 23:15:12 | 000,000,000 | ---D | M] -- C:\Users\Ruler of the world\AppData\Roaming\HTC
[2011/02/19 23:15:24 | 000,000,000 | ---D | M] -- C:\Users\Ruler of the world\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2010/10/11 06:49:58 | 000,000,000 | ---D | M] -- C:\Users\Ruler of the world\AppData\Roaming\ICAClient
[2009/09/13 15:08:50 | 000,000,000 | ---D | M] -- C:\Users\Ruler of the world\AppData\Roaming\Image Zone Express
[2009/01/01 02:41:06 | 000,000,000 | ---D | M] -- C:\Users\Ruler of the world\AppData\Roaming\InterVideo
[2011/02/19 23:02:32 | 000,000,000 | ---D | M] -- C:\Users\Ruler of the world\AppData\Roaming\Mael
[2008/12/16 23:30:04 | 000,000,000 | ---D | M] -- C:\Users\Ruler of the world\AppData\Roaming\OpenOffice.org
[2011/05/31 14:29:03 | 000,000,000 | ---D | M] -- C:\Users\Ruler of the world\AppData\Roaming\Opera
[2009/11/27 11:06:31 | 000,000,000 | ---D | M] -- C:\Users\Ruler of the world\AppData\Roaming\PC Suite
[2009/02/24 02:04:17 | 000,000,000 | ---D | M] -- C:\Users\Ruler of the world\AppData\Roaming\Printer Info Cache
[2011/03/26 17:58:04 | 000,000,000 | ---D | M] -- C:\Users\Ruler of the world\AppData\Roaming\QuickScan
[2010/10/20 19:02:40 | 000,000,000 | ---D | M] -- C:\Users\Ruler of the world\AppData\Roaming\Registry Mechanic
[2009/11/27 10:32:01 | 000,000,000 | ---D | M] -- C:\Users\Ruler of the world\AppData\Roaming\Samsung
[2011/05/19 19:13:40 | 000,000,000 | ---D | M] -- C:\Users\Ruler of the world\AppData\Roaming\Sports Interactive
[2010/01/01 15:40:06 | 000,000,000 | ---D | M] -- C:\Users\Ruler of the world\AppData\Roaming\SuperAdBlocker.com
[2009/07/01 03:27:47 | 000,000,000 | ---D | M] -- C:\Users\Ruler of the world\AppData\Roaming\SystemRequirementsLab
[2011/02/19 00:30:23 | 000,000,000 | ---D | M] -- C:\Users\Ruler of the world\AppData\Roaming\Trusteer
[2008/12/24 15:35:10 | 000,000,000 | ---D | M] -- C:\Users\Ruler of the world\AppData\Roaming\TSO
[2010/07/28 17:59:05 | 000,000,000 | ---D | M] -- C:\Users\Ruler of the world\AppData\Roaming\Uniblue
[2011/06/04 21:13:56 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/06/05 02:08:13 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:5AA80927
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6DCFAD3B
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:161B4B1D
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

Thanks again!
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP