WiredWX Hobby Weather ToolsLog in

 


Vista Antivirus Pro 2010 virus

2 posters

descriptionVista Antivirus Pro 2010 virus EmptyVista Antivirus Pro 2010 virus

more_horiz
had a random ad pop up and some how ended up with a nasty little thing called "Vista Antivirus Pro 2010" i know this is not my anti virus cause i use Avira. Please help me to get rid of it. thank you for your time.

descriptionVista Antivirus Pro 2010 virus EmptyRe: Vista Antivirus Pro 2010 virus

more_horiz
Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionVista Antivirus Pro 2010 virus EmptyRe: Vista Antivirus Pro 2010 virus

more_horiz
Extras.Txt file

OTL Extras logfile created on: 2/25/2010 11:24:05 PM - Run 1
OTL by OldTimer - Version 3.1.30.2 Folder = C:\Users\Justin the Hutt\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): c:\pagefile.sys 3067 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 674.99 Gb Free Space | 72.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 647.36 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HAL
Current User Name: Justin the Hutt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = secfile] -- C:\Users\Justin the Hutt\AppData\Local\av.exe ()
.html [@ = ChromeHTML] -- C:\Users\Justin the Hutt\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6FF42DF6-3DE1-4FC2-8037-061972FF394B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{82C1F49D-D650-4100-AC65-C27A00A91341}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DFB0F4-BEF0-41A4-8C55-B0F2EB33DD27}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{017E8D89-3F74-458D-9278-3A4B35D1F551}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{14B7FB5D-0D83-404C-9A57-581756928F83}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{213CF35A-5DAC-439A-9DE2-667A066BFCD5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3891977F-29F4-480F-B832-7013FCE4E393}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{58AC1490-1A8D-4192-A010-7F31A2308738}" = protocol=17 | dir=in | app=c:\windows\system32\lxcrcoms.exe |
"{5DFF41B3-1803-4FB5-95A5-E77E170039EA}" = protocol=6 | dir=in | app=c:\program files\lexmark 2400 series\lxcraiox.exe |
"{67A70372-215B-4923-A55B-9884EB12936F}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{7086C684-2097-4D36-AA89-009E137DE3CC}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{83C570AD-7F34-4739-A88D-A91054940949}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{8930B052-C594-4B91-8476-7316FBAEAB96}" = protocol=6 | dir=in | app=c:\windows\system32\lxcrcoms.exe |
"{8FEC19C6-4B9E-4F60-A1EF-E357A00AC2F9}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{9885D838-281F-4708-A8A5-F3910E9631EA}" = protocol=6 | dir=in | app=c:\program files\lexmark 2400 series\lxcrmon.exe |
"{A42F6485-93EA-45AF-BA9B-28F907D307A5}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{AA761B62-4EB4-4BCF-90E8-59648341A211}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{B89C98E8-AFC4-4C5E-BCC9-A7B432C8A7D6}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{E4A2C2C5-A33C-4FB2-AE25-C363F5D4FB06}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"{E9FE429D-F39D-455C-97D9-29E5CC8B11E4}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"{ECCFE725-EA53-4654-997D-B654C5695ED0}" = protocol=17 | dir=in | app=c:\program files\lexmark 2400 series\lxcraiox.exe |
"{FB8458C1-0307-4B9F-B11A-C6B68B4DDD15}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{FEB61CAA-DAA0-469F-9BA7-5593BD51FE14}" = protocol=17 | dir=in | app=c:\program files\lexmark 2400 series\lxcrmon.exe |
"TCP Query User{1132169A-BFC6-4F7E-9059-B943666CA0E3}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{16A04045-3DA0-4A83-A96A-CECB92A86205}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{32180D77-366B-4472-BA5D-B5DDEEF6C3A6}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{5AF4C23D-8F01-4B5F-B38D-934A7C52C16C}C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe |
"TCP Query User{6ADDCCCA-D039-4593-8135-82B384D35FE5}C:\users\justin the hutt\downloads\q3a\quake3\quake3.exe" = protocol=6 | dir=in | app=c:\users\justin the hutt\downloads\q3a\quake3\quake3.exe |
"TCP Query User{892B2E8F-6A54-41E9-8D1D-E25C6D8DD611}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{A25B085E-945E-4DC2-BFD3-3C87EF7CA039}C:\program files\java\jre1.6.0_11\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_11\bin\java.exe |
"TCP Query User{AA29FA46-8C35-4C46-8EDB-845D7682129E}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{B5989D6B-31D3-4636-8B3F-FABD540C7776}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe |
"TCP Query User{B9DFFBF5-D86A-4058-96A2-534D24E60325}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{C59DD2C4-B25C-40F2-844A-6007D4296011}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{DC025AB3-9ACC-42A0-83E0-03E6709D443A}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{E0F823E1-2C39-4AB8-B1D1-ABBE15B3FEA6}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"TCP Query User{ED58C809-542A-4F4D-AE15-BDF9977FAF2E}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{FE564B9C-1BD0-4978-9234-12129F0FD704}C:\program files\curse\curseclient.exe" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"UDP Query User{0B44D501-4783-4D54-801B-72D35C0DDDC8}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{0F8EF445-545A-412C-A73F-F15626D6328D}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{10DD283A-D181-4B1A-8B12-9FDDFD09F1AF}C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-enus-downloader.exe |
"UDP Query User{1C461549-5290-4FCF-A20D-7204CBF1E290}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{2B7AC45C-7BE2-47A0-909F-FEFCDA960AF6}C:\users\justin the hutt\downloads\q3a\quake3\quake3.exe" = protocol=17 | dir=in | app=c:\users\justin the hutt\downloads\q3a\quake3\quake3.exe |
"UDP Query User{474E265C-6C3B-4018-A298-A456BBE612F8}C:\program files\curse\curseclient.exe" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"UDP Query User{6AE90BB8-F17C-4D5B-87D2-3DB988F1E6E7}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-enus-downloader.exe |
"UDP Query User{6E2152F1-BC70-4FAF-AF84-DFF4F28DFFE7}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{81BA5A5F-23E6-4714-BA64-2B04B0D29D04}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{86671629-A92A-4CD4-A2C3-54EB2AD07ADA}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{A5E7A3C0-2152-40C5-AB5F-D0DDA7A56428}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{A8E60DD6-F41D-421F-A39E-3343A1A60198}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{ABA13465-0492-4507-AA67-151082595A9B}C:\program files\java\jre1.6.0_11\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_11\bin\java.exe |
"UDP Query User{E9306737-94E2-4EB1-B9CD-C1FDE653FACF}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{F52FB6F5-97A4-40C0-881B-498B89CADAFC}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011F0}" = Java(TM) 6 Update 11
"{2764CA82-DFB9-4498-AF85-719340BF5305}" = Dell Resource CD
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.4.106e
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™️
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{a4f780ba-155b-47b9-9fcf-860b7fb1b13f}" = Nero 9
"{A59BB15D-51B7-F12B-4548-8C0368243441}" = EA Download Manager UI
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0C60A57-0353-498B-BDF0-AE83BFE3B4B9}_is1" = championBuilder v0.4.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™️ Creepy & Cute Parts Pack
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe Extendscript Toolkit 2
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"7-Zip" = 7-Zip 4.65
"AC3Filter_is1" = AC3Filter 1.62b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"bearsharetb" = MediaBar
"Bryce" = Bryce 6.1
"Bryce Lightning" = Bryce Lightning 2.0 c
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"Champions Online" = Champions Online
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DAZ|Studio" = DAZ|Studio 1.4.16.0
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EA Download Manager" = EA Download Manager
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.0.0 (Full)
"Lexmark 2400 Series" = Lexmark 2400 Series
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Media Player Classic" = Media Player Classic
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 6.0" = RealPlayer
"Rmtablet" = TOOYA PRO
"SubtitleWorkshop" = Subtitle Workshop 2.51
"SystemRequirementsLab" = System Requirements Lab
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/16/2010 6:43:51 PM | Computer Name = HAL | Source = Perflib | ID = 1008
Description =

Error - 2/16/2010 6:43:53 PM | Computer Name = HAL | Source = Perflib | ID = 1008
Description =

Error - 2/16/2010 6:43:53 PM | Computer Name = HAL | Source = Perflib | ID = 1005
Description =

Error - 2/16/2010 6:43:53 PM | Computer Name = HAL | Source = Perflib | ID = 1018
Description =

Error - 2/16/2010 6:43:53 PM | Computer Name = HAL | Source = Perflib | ID = 1008
Description =

Error - 2/16/2010 8:24:16 PM | Computer Name = HAL | Source = VSS | ID = 8194
Description =

Error - 2/16/2010 8:26:21 PM | Computer Name = HAL | Source = System Restore | ID = 8193
Description =

Error - 2/20/2010 5:35:17 PM | Computer Name = HAL | Source = Application Error | ID = 1000
Description = Faulting application ConvertXtoDvd.exe, version 3.3.4.106, time stamp
0x494fb702, faulting module ConvertXtoDvd.exe, version 3.3.4.106, time stamp 0x494fb702,
exception code 0xc0000005, fault offset 0x0043e469, process id 0x1bc, application
start time 0x01cab26596743847.

Error - 2/20/2010 5:37:54 PM | Computer Name = HAL | Source = Windows Search Service | ID = 3013
Description =

Error - 2/20/2010 7:53:47 PM | Computer Name = HAL | Source = Application Error | ID = 1000
Description = Faulting application ConvertXtoDvd.exe, version 3.3.4.106, time stamp
0x494fb702, faulting module ConvertXtoDvd.exe, version 3.3.4.106, time stamp 0x494fb702,
exception code 0xc0000005, fault offset 0x0043e469, process id 0x13cc, application
start time 0x01cab2749d3b7d07.

[ System Events ]
Error - 2/10/2010 7:08:42 PM | Computer Name = HAL | Source = DCOM | ID = 10016
Description =

Error - 2/16/2010 11:19:38 AM | Computer Name = HAL | Source = HTTP | ID = 15016
Description =

Error - 2/16/2010 11:19:55 AM | Computer Name = HAL | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description =

Error - 2/16/2010 11:20:28 AM | Computer Name = HAL | Source = Service Control Manager | ID = 7000
Description =

Error - 2/20/2010 7:55:58 PM | Computer Name = HAL | Source = DCOM | ID = 10016
Description =

Error - 2/20/2010 7:55:58 PM | Computer Name = HAL | Source = DCOM | ID = 10016
Description =

Error - 2/20/2010 7:56:03 PM | Computer Name = HAL | Source = DCOM | ID = 10016
Description =

Error - 2/20/2010 7:56:03 PM | Computer Name = HAL | Source = DCOM | ID = 10016
Description =

Error - 2/20/2010 7:56:14 PM | Computer Name = HAL | Source = DCOM | ID = 10016
Description =

Error - 2/20/2010 7:56:14 PM | Computer Name = HAL | Source = DCOM | ID = 10016
Description =


< End of report >

descriptionVista Antivirus Pro 2010 virus EmptyRe: Vista Antivirus Pro 2010 virus

more_horiz
OTL.Txt file

OTL logfile created on: 2/25/2010 11:24:04 PM - Run 1
OTL by OldTimer - Version 3.1.30.2 Folder = C:\Users\Justin the Hutt\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): c:\pagefile.sys 3067 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 674.99 Gb Free Space | 72.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 647.36 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HAL
Current User Name: Justin the Hutt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/25 23:23:07 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Justin the Hutt\Documents\Downloads\OTL.exe
PRC - [2010/02/25 20:12:34 | 000,135,664 | ---- | M] (Google Inc.) -- C:\Users\Justin the Hutt\AppData\Local\Google\Update\1.2.183.17\GoogleCrashHandler.exe
PRC - [2010/02/25 11:27:43 | 000,200,704 | -HS- | M] () -- C:\Users\Justin the Hutt\AppData\Local\av.exe
PRC - [2010/02/16 17:43:37 | 001,682,944 | ---- | M] (Curse) -- C:\Users\Justin the Hutt\AppData\Local\Apps\2.0\MM251594.KZ6\38KGNWMO.D5A\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe
PRC - [2010/01/19 18:34:52 | 000,289,584 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009/08/05 21:53:57 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/28 17:12:40 | 000,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_11\bin\jusched.exe
PRC - [2009/06/11 08:20:42 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/06/09 18:47:20 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/06/09 18:25:39 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/30 23:07:52 | 000,211,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/23 18:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/09/29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/05/19 12:13:20 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\ASTSRV.EXE
PRC - [2008/01/19 02:33:39 | 000,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
PRC - [2008/01/19 02:33:23 | 000,300,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2008/01/19 02:33:12 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2007/08/30 13:04:54 | 000,364,192 | ---- | M] () -- C:\Windows\System32\atwtusb.exe
PRC - [2007/08/28 16:56:42 | 000,065,184 | ---- | M] (WALTOP International Corp.) -- C:\Windows\System32\TBLMOUSE.EXE
PRC - [2006/12/11 10:12:06 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxcrcoms.exe
PRC - [2006/12/11 10:11:58 | 000,082,864 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2400 Series\ezprint.exe
PRC - [2006/12/11 10:11:54 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
PRC - [2006/02/28 11:42:38 | 000,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe


========== Modules (SafeList) ==========

MOD - [2010/02/25 23:23:07 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Justin the Hutt\Documents\Downloads\OTL.exe
MOD - [2008/01/19 02:36:40 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2008/01/19 02:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/08/05 21:53:57 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/16 12:35:47 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/09 18:25:39 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/04/30 23:07:52 | 000,211,488 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/09/29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/05/19 12:13:20 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\ASTSRV.EXE -- (ASTSRV)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/30 13:04:54 | 000,364,192 | ---- | M] () [Auto | Running] -- C:\Windows\System32\atwtusb.exe -- (WTService)
SRV - [2006/12/11 10:12:06 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcrcoms.exe -- (lxcr_device)
SRV - [2006/11/02 07:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/02/28 11:42:38 | 000,229,376 | ---- | M] (Apple Computer, Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 07:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/12/23 13:22:22 | 000,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2009/12/07 11:48:09 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/09/04 16:38:28 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\androidusb.sys -- (androidusb)
DRV - [2009/06/09 18:25:39 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/30 21:02:00 | 009,850,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/24 17:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/11/16 21:06:36 | 001,143,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\P17.sys -- (P17)
DRV - [2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/18 23:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/22 09:57:00 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/22 09:57:00 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/22 09:57:00 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2006/11/02 02:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (VST_DPV)
DRV - [2006/11/02 02:41:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 01:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2005/11/02 09:54:44 | 000,011,596 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\copperhd.sys -- (UsbFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 53 9D 5F 0D 5C 39 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..browser.search.selectedEngine: "BearShare Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.bearshare.com/"
FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.0
FF - prefs.js..keyword.URL: "http://search.bearshare.com/webResults.html?src=ffb&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/06/11 08:20:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/20 18:56:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/20 18:56:41 | 000,000,000 | ---D | M]

[2009/07/03 13:39:15 | 000,000,000 | ---D | M] -- C:\Users\Justin the Hutt\AppData\Roaming\Mozilla\Extensions
[2010/02/25 14:00:16 | 000,000,000 | ---D | M] -- C:\Users\Justin the Hutt\AppData\Roaming\Mozilla\Firefox\Profiles\pq5fbrn1.default\extensions
[2009/09/24 14:56:17 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\Justin the Hutt\AppData\Roaming\Mozilla\Firefox\Profiles\pq5fbrn1.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
[2009/07/17 18:02:48 | 000,002,476 | ---- | M] () -- C:\Users\Justin the Hutt\AppData\Roaming\Mozilla\Firefox\Profiles\pq5fbrn1.default\searchplugins\BearShareWebSearch.xml
[2009/09/05 08:57:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/17 18:02:48 | 000,002,476 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_11\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [LXCRCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [lxcrmon.exe] C:\Program Files\Lexmark 2400 Series\lxcrmon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_11\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [Google Update] C:\Users\Justin the Hutt\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Justin the Hutt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Justin the Hutt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Justin the Hutt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Justin the Hutt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/20 14:15:25 | 000,000,000 | ---D | C] -- C:\Program Files\championBuilder
[2010/02/16 19:26:21 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2010/02/16 19:26:21 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2010/02/16 19:26:20 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2010/02/16 19:26:20 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2010/02/16 19:26:20 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2010/02/16 19:26:20 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010/02/16 19:26:20 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2010/02/16 19:26:19 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2010/02/16 19:26:19 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2010/02/16 19:26:19 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2010/02/16 19:26:19 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2010/02/16 19:26:19 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2010/02/16 19:26:19 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2010/02/16 19:26:19 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2010/02/16 19:26:18 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2010/02/16 19:26:18 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2010/02/16 19:26:18 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010/02/16 19:26:18 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2010/02/16 19:26:18 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2010/02/16 19:26:18 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2010/02/16 19:26:18 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010/02/16 19:26:18 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2010/02/16 19:26:17 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2010/02/16 19:26:17 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2010/02/16 19:26:17 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2010/02/16 19:26:17 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2010/02/16 19:26:17 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2010/02/16 19:26:17 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2010/02/16 19:26:17 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2010/02/16 19:26:17 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2010/02/16 19:26:16 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2010/02/16 19:26:16 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2010/02/16 19:26:16 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2010/02/16 19:26:16 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2010/02/16 19:26:16 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2010/02/16 19:26:15 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2010/02/16 19:26:15 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2010/02/16 19:26:15 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2010/02/16 19:26:15 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2010/02/16 19:26:15 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2010/02/16 19:26:15 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2010/02/16 19:26:14 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2010/02/16 19:26:14 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2010/02/16 19:26:14 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2010/02/16 19:26:14 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2010/02/16 19:26:14 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2010/02/16 19:26:14 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2010/02/16 19:26:14 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2010/02/16 19:26:13 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2010/02/16 19:26:13 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2010/02/16 19:26:13 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2010/02/16 19:26:13 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2010/02/16 19:26:12 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2010/02/16 19:26:12 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2010/02/16 19:26:12 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2010/02/16 19:26:12 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2010/02/16 19:26:12 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2010/02/16 19:26:12 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2010/02/16 19:26:11 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2010/02/16 19:26:11 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2010/02/16 19:26:11 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2010/02/16 19:26:11 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2010/02/16 19:26:08 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2010/02/16 19:25:11 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2010/02/16 19:25:11 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2010/02/16 19:25:11 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2010/02/16 19:25:11 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2010/02/16 19:25:10 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2010/02/16 19:25:08 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2010/02/16 19:25:08 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2010/02/16 19:25:08 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2010/02/16 19:25:08 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2010/02/16 19:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\Cryptic Studios
[2010/02/10 06:40:50 | 003,597,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/10 06:40:49 | 003,546,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/10 06:40:34 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/10 06:40:34 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/10 06:40:34 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/10 06:40:34 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/10 06:40:34 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2009/12/23 13:22:22 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Justin the Hutt\AppData\Roaming\pcouffin.sys
[2009/06/13 22:30:44 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcrinpa.dll
[2009/06/13 22:30:44 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcriesc.dll
[2009/06/13 22:30:44 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCRhcp.dll
[2009/06/13 22:30:43 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcrserv.dll
[2009/06/13 22:30:43 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxcrusb1.dll
[2009/06/13 22:30:43 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcrpmui.dll
[2009/06/13 22:30:43 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcrlmpm.dll
[2009/06/13 22:30:43 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcrprox.dll
[2009/06/13 22:30:43 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcrpplc.dll
[2009/06/13 22:30:42 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomc.dll
[2009/06/13 22:30:42 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomm.dll

========== Files - Modified Within 30 Days ==========

[2010/02/25 23:24:08 | 003,145,728 | -HS- | M] () -- C:\Users\Justin the Hutt\NTUSER.DAT
[2010/02/25 23:17:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-102117945-2110181670-3325598433-1000UA.job
[2010/02/25 22:28:03 | 000,009,338 | -HS- | M] () -- C:\Users\Justin the Hutt\AppData\Local\RHpCMfQD4
[2010/02/25 22:21:09 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/25 22:21:09 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/25 20:17:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-102117945-2110181670-3325598433-1000Core.job
[2010/02/25 11:27:43 | 000,200,704 | -HS- | M] () -- C:\Users\Justin the Hutt\AppData\Local\av.exe
[2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/02/23 18:15:37 | 000,049,605 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/02/20 20:52:47 | 000,049,605 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/02/20 20:52:46 | 000,000,354 | ---- | M] () -- C:\Windows\win.ini
[2010/02/20 18:53:46 | 000,000,663 | ---- | M] () -- C:\Users\Justin the Hutt\AppData\Roaming\vso_ts_preview.xml
[2010/02/20 18:40:18 | 840,999,058 | ---- | M] () -- C:\Users\Justin the Hutt\Desktop\Twilight+%3A+New+Moon+%282009%29+PPV+-+SilentNinjaRelease+%28Part+2%29.divx.part
[2010/02/20 17:04:27 | 630,724,954 | ---- | M] () -- C:\Users\Justin the Hutt\Desktop\Twilight+%3A+New+Moon+%282009%29+PPV+-+SilentNinjaRelease+%28Part+1%29.divx.part
[2010/02/20 16:36:10 | 000,017,408 | ---- | M] () -- C:\Users\Justin the Hutt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/20 14:54:56 | 000,022,582 | ---- | M] () -- C:\Users\Justin the Hutt\Desktop\Tinkerbell_And_The_Lost_Treasure__Xvid_DVDRIP__1337x__SAFCuk009.5242970.TPB.torrent
[2010/02/20 14:25:15 | 000,000,083 | ---- | M] () -- C:\Users\Justin the Hutt\Desktop\Fire Framework Solo PvE Video - Champions Online Forums.url
[2010/02/20 14:15:31 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\championBuilder.lnk
[2010/02/16 19:29:33 | 000,000,893 | ---- | M] () -- C:\Users\Justin the Hutt\Desktop\Champions Online.lnk
[2010/02/16 17:43:38 | 000,000,312 | ---- | M] () -- C:\Users\Justin the Hutt\Desktop\Curse Client.appref-ms
[2010/02/16 10:19:38 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/16 10:19:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/16 10:18:57 | 2145,308,672 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/16 10:17:51 | 000,524,288 | -HS- | M] () -- C:\Users\Justin the Hutt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/02/16 10:17:51 | 000,065,536 | -HS- | M] () -- C:\Users\Justin the Hutt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/02/16 10:17:47 | 002,973,952 | -H-- | M] () -- C:\Users\Justin the Hutt\AppData\Local\IconCache.db
[2010/02/14 19:58:10 | 000,000,185 | ---- | M] () -- C:\Users\Justin the Hutt\AppData\Roaming\default.rss
[2010/02/11 22:14:37 | 000,002,092 | ---- | M] () -- C:\Users\Justin the Hutt\Desktop\Google Chrome.lnk
[2010/02/10 13:25:44 | 000,029,820 | ---- | M] () -- C:\Users\Justin the Hutt\Desktop\GetAttachment.jpg
[2010/01/31 08:59:04 | 000,040,706 | ---- | M] () -- C:\Users\Justin the Hutt\Desktop\Coheed_and_Cambria_discography_(as_of_June_2008).4229930.TPB.torrent
[2010/01/30 13:25:51 | 157,210,624 | ---- | M] () -- C:\Users\Justin the Hutt\Desktop\South+Park+1x08+Damien.divx

========== Files Created - No Company Name ==========

[2010/02/25 11:27:44 | 000,009,338 | -HS- | C] () -- C:\Users\Justin the Hutt\AppData\Local\RHpCMfQD4
[2010/02/25 11:27:43 | 000,200,704 | -HS- | C] () -- C:\Users\Justin the Hutt\AppData\Local\av.exe
[2010/02/20 17:43:03 | 840,999,058 | ---- | C] () -- C:\Users\Justin the Hutt\Desktop\Twilight+%3A+New+Moon+%282009%29+PPV+-+SilentNinjaRelease+%28Part+2%29.divx.part
[2010/02/20 16:39:47 | 630,724,954 | ---- | C] () -- C:\Users\Justin the Hutt\Desktop\Twilight+%3A+New+Moon+%282009%29+PPV+-+SilentNinjaRelease+%28Part+1%29.divx.part
[2010/02/20 14:54:52 | 000,022,582 | ---- | C] () -- C:\Users\Justin the Hutt\Desktop\Tinkerbell_And_The_Lost_Treasure__Xvid_DVDRIP__1337x__SAFCuk009.5242970.TPB.torrent
[2010/02/20 14:25:15 | 000,000,083 | ---- | C] () -- C:\Users\Justin the Hutt\Desktop\Fire Framework Solo PvE Video - Champions Online Forums.url
[2010/02/20 14:15:31 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\championBuilder.lnk
[2010/02/16 19:29:33 | 000,000,893 | ---- | C] () -- C:\Users\Justin the Hutt\Desktop\Champions Online.lnk
[2010/02/10 13:28:00 | 000,029,820 | ---- | C] () -- C:\Users\Justin the Hutt\Desktop\GetAttachment.jpg
[2010/01/31 08:59:18 | 000,040,706 | ---- | C] () -- C:\Users\Justin the Hutt\Desktop\Coheed_and_Cambria_discography_(as_of_June_2008).4229930.TPB.torrent
[2010/01/30 13:43:50 | 157,210,624 | ---- | C] () -- C:\Users\Justin the Hutt\Desktop\South+Park+1x08+Damien.divx
[2010/01/02 01:22:20 | 000,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini
[2009/12/26 22:46:00 | 000,003,348 | ---- | C] () -- C:\Windows\System32\ludap17.ini
[2009/12/26 22:46:00 | 000,002,191 | ---- | C] () -- C:\Windows\P17EP.ini
[2009/12/26 22:46:00 | 000,001,694 | ---- | C] () -- C:\Windows\P17EP51.ini
[2009/12/26 22:45:59 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009/12/23 13:23:59 | 000,000,663 | ---- | C] () -- C:\Users\Justin the Hutt\AppData\Roaming\vso_ts_preview.xml
[2009/12/23 13:23:37 | 000,000,034 | ---- | C] () -- C:\Users\Justin the Hutt\AppData\Roaming\pcouffin.log
[2009/12/23 13:22:22 | 000,087,608 | ---- | C] () -- C:\Users\Justin the Hutt\AppData\Roaming\inst.exe
[2009/12/23 13:22:22 | 000,007,887 | ---- | C] () -- C:\Users\Justin the Hutt\AppData\Roaming\pcouffin.cat
[2009/12/23 13:22:22 | 000,001,144 | ---- | C] () -- C:\Users\Justin the Hutt\AppData\Roaming\pcouffin.inf
[2009/12/06 22:26:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/13 15:17:18 | 000,000,185 | ---- | C] () -- C:\Users\Justin the Hutt\AppData\Roaming\default.rss
[2009/10/08 06:54:46 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/09/30 22:32:35 | 000,000,030 | ---- | C] () -- C:\Windows\Q3version.ini
[2009/09/30 22:23:19 | 000,000,551 | ---- | C] () -- C:\Windows\Qiii.INI
[2009/08/25 19:39:14 | 000,006,355 | ---- | C] () -- C:\Windows\aiptbl.ini
[2009/07/20 08:05:13 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/07/20 08:05:12 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/07/20 08:05:11 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/07/20 08:05:11 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/07/20 08:05:09 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/07/20 08:05:09 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/07/06 18:02:01 | 000,017,408 | ---- | C] () -- C:\Users\Justin the Hutt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/13 22:30:44 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCRinst.dll
[2009/06/11 08:21:18 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/06/09 19:39:33 | 000,000,680 | ---- | C] () -- C:\Users\Justin the Hutt\AppData\Local\d3d9caps.dat
[2009/06/09 17:30:59 | 000,049,605 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/06/09 17:30:59 | 000,049,605 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006/12/05 14:07:16 | 000,032,256 | ---- | C] () -- C:\Windows\System32\dzbryce6.dll
[2006/12/05 14:00:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\dzwrapper.dll
[2006/12/05 14:00:44 | 006,144,000 | ---- | C] () -- C:\Windows\System32\dzcore.dll
[2006/11/30 10:32:52 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxcrcoin.dll
[2006/11/20 15:25:16 | 001,343,488 | ---- | C] () -- C:\Windows\System32\daz-qsa.dll
[2006/11/20 15:25:02 | 004,984,832 | ---- | C] () -- C:\Windows\System32\daz-qt-mt.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/14 15:01:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxcrcaps.dll
[2006/08/08 13:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxcrdrs.dll
[2006/03/23 02:33:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcrvs.dll
[2005/12/20 10:54:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcrcnv4.dll
[2003/01/07 10:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >

descriptionVista Antivirus Pro 2010 virus EmptyRe: Vista Antivirus Pro 2010 virus

more_horiz
just posting to put me back at the top of the list Big Grin

descriptionVista Antivirus Pro 2010 virus EmptyRe: Vista Antivirus Pro 2010 virus

more_horiz
Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    PRC - [2010/02/25 11:27:43 | 000,200,704 | -HS- | M] () -- C:\Users\Justin the Hutt\AppData\Local\av.exe
    PRC - [2010/01/19 18:34:52 | 000,289,584 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
    FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
    FF - prefs.js..browser.search.order.1: "BearShare Web Search"
    FF - prefs.js..browser.search.selectedEngine: "BearShare Web Search"
    FF - prefs.js..browser.startup.homepage: "http://search.bearshare.com/"
    FF - prefs.js..keyword.URL: "http://search.bearshare.com/webResults.html?src=ffb&q="
    O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll File not found
    O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll File not found
    [2010/02/25 11:27:43 | 000,200,704 | -HS- | M] () -- C:\Users\Justin the Hutt\AppData\Local\av.exe



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

descriptionVista Antivirus Pro 2010 virus EmptyRe: Vista Antivirus Pro 2010 virus

more_horiz
Copied the post like you said. When it said "fix complete press ok to view log" i pressed ok and NO log appeared. now it wont let me use mozilla, or google chrome. IE works but only after choosing which program i would like to open it with.

descriptionVista Antivirus Pro 2010 virus EmptyRe: Vista Antivirus Pro 2010 virus

more_horiz
the annoying popups seemed to have stopped but i can still see the program in my quickbar.

descriptionVista Antivirus Pro 2010 virus EmptyRe: Vista Antivirus Pro 2010 virus

more_horiz
ok now upon further inspection i cannot open any program on my computer except Internet Explorer. Any program i try to open asks me what program i would like to use to open the file and if its not one of the few select programs in the list i cannot access it. please help. :sad:

descriptionVista Antivirus Pro 2010 virus EmptyRe: Vista Antivirus Pro 2010 virus

more_horiz

  • Download combofix from here
    Link 1
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:

Vista Antivirus Pro 2010 virus CF_download_FF

Vista Antivirus Pro 2010 virus 2aflf5z

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See HERE for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.

descriptionVista Antivirus Pro 2010 virus EmptyRe: Vista Antivirus Pro 2010 virus

more_horiz
ComboFix 10-02-27.04 - Justin the Hutt 02/27/2010 15:59:40.1.2 - x86
Microsoft®️ Windows Vista™️ Home Premium 6.0.6001.1.1252.1.1033.18.2045.1284 [GMT -5:00]
Running from: c:\users\Justin the Hutt\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\programdata\sysReserve.ini
c:\users\Justin the Hutt\AppData\Local\Microsoft\Windows\Temporary Internet Files\k0LA4KYyJ.jpg
c:\users\Justin the Hutt\AppData\Local\Microsoft\Windows\Temporary Internet Files\lX5bA6.jpg
c:\users\Justin the Hutt\AppData\Local\Microsoft\Windows\Temporary Internet Files\MymY126KN.jpg
c:\users\Justin the Hutt\AppData\Local\Microsoft\Windows\Temporary Internet Files\x01AXk.jpg
c:\users\Justin the Hutt\AppData\Roaming\inst.exe
c:\users\Justin the Hutt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
c:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((( Files Created from 2010-01-27 to 2010-02-27 )))))))))))))))))))))))))))))))
.

2010-02-27 21:06 . 2010-02-27 21:06 -------- d-----w- c:\users\Justin the Hutt\AppData\Local\temp
2010-02-27 21:06 . 2010-02-27 21:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-27 20:57 . 2010-02-27 20:58 -------- d-----w- C:\32788R22FWJFW
2010-02-26 23:46 . 2010-02-26 23:46 -------- d-----w- C:\_OTL
2010-02-20 19:15 . 2010-02-20 19:15 -------- d-----w- c:\program files\championBuilder
2010-02-17 00:25 . 2005-05-26 20:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-02-17 00:24 . 2010-02-19 03:58 -------- d-----w- c:\program files\Cryptic Studios

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-27 01:33 . 2009-11-21 01:32 439816 ----a-w- c:\users\Justin the Hutt\AppData\Roaming\Real\Update\setup3.09\setup.exe
2010-02-26 23:38 . 2009-06-11 13:03 -------- d-----w- c:\users\Justin the Hutt\AppData\Roaming\uTorrent
2010-02-25 04:35 . 2009-08-13 18:40 -------- d-----w- c:\users\Justin the Hutt\AppData\Roaming\SPORE
2010-02-24 14:16 . 2009-10-03 05:11 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-21 01:52 . 2009-06-09 22:30 49605 ----a-w- c:\programdata\nvModes.dat
2010-02-20 23:53 . 2009-12-23 18:22 -------- d-----w- c:\users\Justin the Hutt\AppData\Roaming\Vso
2010-02-16 15:17 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-27 01:32 . 2009-08-13 18:10 -------- d-----w- c:\programdata\Electronic Arts
2010-01-27 01:31 . 2009-06-11 12:54 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-27 01:31 . 2010-01-27 01:32 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-27 01:31 . 2009-06-11 12:54 38784 ----a-w- c:\users\Justin the Hutt\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-26 16:18 . 2009-06-12 18:53 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-26 15:03 . 2009-06-10 00:39 680 ----a-w- c:\users\Justin the Hutt\AppData\Local\d3d9caps.dat
2010-01-15 06:14 . 2009-12-07 03:21 -------- d-----w- c:\programdata\Skype
2010-01-15 06:09 . 2009-09-12 19:23 -------- d-----w- c:\users\Justin the Hutt\AppData\Roaming\Move Networks
2010-01-15 06:04 . 2009-06-11 12:55 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-06 23:51 . 2009-12-07 03:26 -------- d-----w- c:\users\Justin the Hutt\AppData\Roaming\skypePM
2010-01-06 23:50 . 2009-06-11 12:54 -------- d-----w- c:\programdata\NOS
2010-01-03 02:16 . 2009-06-10 00:39 85672 ----a-w- c:\users\Justin the Hutt\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-02 06:38 . 2010-01-22 11:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 11:05 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 11:05 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 11:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-31 01:51 . 2009-12-31 01:51 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_androidusb_01005.Wdf
2009-12-31 01:49 . 2009-12-31 01:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-12-28 12:35 . 2010-02-10 11:40 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-10 11:40 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:32 . 2010-02-10 11:40 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32 . 2010-02-10 11:40 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32 . 2010-02-10 11:40 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32 . 2010-02-10 11:40 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31 . 2010-02-10 11:40 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31 . 2010-02-10 11:40 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28 . 2010-02-10 11:40 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:28 . 2010-02-10 11:40 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-23 20:45 . 2009-12-23 18:22 47360 ----a-w- c:\users\Justin the Hutt\AppData\Roaming\pcouffin.sys
2009-12-23 20:45 . 2009-12-23 18:22 47360 ----a-w- c:\users\Justin the Hutt\AppData\Roaming\pcouffin.sys
2009-12-23 18:22 . 2009-12-23 18:22 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-11 12:07 . 2010-02-10 11:40 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 12:07 . 2010-02-10 11:40 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:52 . 2010-02-10 11:40 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:52 . 2010-02-10 11:40 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:52 . 2010-02-10 11:40 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-07 16:48 . 2009-06-09 23:05 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-07 03:26 . 2009-12-07 03:26 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-12-04 16:12 . 2010-02-10 11:40 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 16:12 . 2010-02-10 11:40 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-11-22 14:57 . 2006-11-22 14:57 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\users\Justin the Hutt\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-09 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13781536]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-11 198160]
"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2006-12-11 291760]
"EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-12-11 82864]
"LXCRCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-11-21 106496]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-06-25 283792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_11\bin\jusched.exe" [2009-07-28 136600]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

c:\users\Justin the Hutt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2009-12-9 0]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/9/2009 6:05 PM 108289]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\System32\ASTSRV.EXE [7/12/2009 4:24 PM 57344]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\System32\drivers\copperhd.sys [11/2/2005 9:54 AM 11596]
R3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [11/2/2006 5:25 AM 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [11/2/2006 5:25 AM 251904]
S2 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]
S3 androidusb;ADB Interface Driver;c:\windows\System32\drivers\androidusb.sys [9/4/2009 4:38 PM 25728]
.
Contents of the 'Scheduled Tasks' folder

2010-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-102117945-2110181670-3325598433-1000Core.job
- c:\users\Justin the Hutt\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-09 19:06]

2010-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-102117945-2110181670-3325598433-1000UA.job
- c:\users\Justin the Hutt\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-09 19:06]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Justin the Hutt\AppData\Roaming\Mozilla\Firefox\Profiles\pq5fbrn1.default\
FF - prefs.js: browser.search.selectedEngine -
FF - plugin: c:\program files\Java\jre1.6.0_11\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre1.6.0_11\bin\new_plugin\npjp2.dll
FF - plugin: c:\users\Justin the Hutt\AppData\Local\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
AddRemove-bearsharetb - c:\program files\BearShareTb\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-27 16:06
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-102117945-2110181670-3325598433-1000\Software\SecuROM\License information*]
"datasecu"=hex:81,1a,e0,33,01,f9,8f,16,ec,e5,45,b7,87,01,da,5a,5c,0a,80,d8,f1,
fa,8b,8c,35,c5,b9,60,fd,a0,85,83,dd,c1,36,b5,f6,97,d7,bb,07,69,0e,40,d4,f5,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-02-27 16:09:02
ComboFix-quarantined-files.txt 2010-02-27 21:09

Pre-Run: 726,052,880,384 bytes free
Post-Run: 726,101,143,552 bytes free

- - End Of File - - 11FDF00BBCF162E0CA3C42543579AF61

descriptionVista Antivirus Pro 2010 virus EmptyRe: Vista Antivirus Pro 2010 virus

more_horiz
is anything else needed? everything seems ok at the moment Big Grin

descriptionVista Antivirus Pro 2010 virus EmptyRe: Vista Antivirus Pro 2010 virus

more_horiz
Hello.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    Java(TM) 6 Update 11
    MediaBar
    Uniblue DriverScanner 2009

  • Click on the Uninstall/Change button at the top.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

descriptionVista Antivirus Pro 2010 virus EmptyRe: Vista Antivirus Pro 2010 virus

more_horiz
didnt see a MediaBar in the program list, looked for a while. havent done the run / copy past part yet should i do it even though i didnt see Medibar?

descriptionVista Antivirus Pro 2010 virus EmptyRe: Vista Antivirus Pro 2010 virus

more_horiz
i did uninstall the other two though.

descriptionVista Antivirus Pro 2010 virus EmptyRe: Vista Antivirus Pro 2010 virus

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum