some sort of virus

View previous topic View next topic Go down

some sort of virus

Post by s8nthc on Fri Apr 16, 2010 9:36 pm

I have some sort of virus that is not being detected by my anti virus. it has made internet explorer and google chrome stop working. mozzilla still works but most sites dont display right. i first noticed it when a phoney anti virus tried to run. I immediatley closed it and thats when the problems started, any help would be great.

s8nthc
Novice
Novice

Posts Posts : 46
Joined Joined : 2009-05-18
OS OS : vista
Points Points : 28050
# Likes # Likes : 0

View user profile

Back to top Go down

Re: some sort of virus

Post by Belahzur on Sat Apr 17, 2010 12:36 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: some sort of virus

Post by s8nthc on Sat Apr 17, 2010 3:29 pm

OTL logfile created on: 4/17/2010 11:26:18 AM - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Justin the Hutt\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): c:\pagefile.sys 3067 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 669.83 Gb Free Space | 71.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 647.36 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HAL
Current User Name: Justin the Hutt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/17 11:25:49 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Justin the Hutt\Desktop\OTL.exe
PRC - [2010/04/14 09:30:06 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/18 02:17:06 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Users\Justin the Hutt\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2009/11/23 15:53:58 | 004,781,352 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe
PRC - [2009/11/23 15:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2009/11/23 15:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
PRC - [2009/11/23 15:53:56 | 001,823,528 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Pen_TabletUser.exe
PRC - [2009/08/05 22:53:57 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/06/11 09:20:42 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/06/09 19:47:20 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/06/09 19:25:39 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/09/29 06:09:20 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/05/19 13:13:20 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\ASTSRV.EXE
PRC - [2008/01/19 03:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 03:33:39 | 000,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
PRC - [2008/01/19 03:33:23 | 000,300,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2008/01/19 03:33:12 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2007/08/30 14:04:54 | 000,364,192 | ---- | M] () -- C:\Windows\System32\atwtusb.exe
PRC - [2006/12/11 11:12:06 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxcrcoms.exe
PRC - [2006/12/11 11:11:58 | 000,082,864 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2400 Series\ezprint.exe
PRC - [2006/12/11 11:11:54 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrmon.exe


========== Modules (SafeList) ==========

MOD - [2010/04/17 11:25:49 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Justin the Hutt\Desktop\OTL.exe
MOD - [2008/01/19 03:36:40 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2008/01/19 03:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/23 15:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009/11/23 15:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009/08/05 22:53:57 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/16 13:35:47 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/09 19:25:39 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/09/29 06:09:20 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/05/19 13:13:20 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\ASTSRV.EXE -- (ASTSRV)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/30 14:04:54 | 000,364,192 | ---- | M] () [Auto | Running] -- C:\Windows\System32\atwtusb.exe -- (WTService)
SRV - [2006/12/11 11:12:06 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcrcoms.exe -- (lxcr_device)


========== Driver Services (SafeList) ==========

DRV - [2009/12/07 12:48:09 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/09/04 17:38:28 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\androidusb.sys -- (androidusb)
DRV - [2009/08/27 15:06:32 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009/06/09 19:25:39 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/20 11:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/04/30 22:02:00 | 009,850,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/11/16 22:06:36 | 001,143,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\P17.sys -- (P17)
DRV - [2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/19 00:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/02/16 10:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006/11/22 10:57:00 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/22 10:57:00 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/22 10:57:00 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2006/11/02 03:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (VST_DPV)
DRV - [2006/11/02 03:41:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2005/11/02 10:54:44 | 000,011,596 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\copperhd.sys -- (UsbFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 53 9D 5F 0D 5C 39 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/home"
FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/06/11 09:20:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/14 09:30:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/14 09:30:14 | 000,000,000 | ---D | M]

[2009/07/03 14:39:15 | 000,000,000 | ---D | M] -- C:\Users\Justin the Hutt\AppData\Roaming\Mozilla\Extensions
[2010/04/17 10:15:52 | 000,000,000 | ---D | M] -- C:\Users\Justin the Hutt\AppData\Roaming\Mozilla\Firefox\Profiles\pq5fbrn1.default\extensions
[2009/08/02 21:25:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Justin the Hutt\AppData\Roaming\Mozilla\Firefox\Profiles\pq5fbrn1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/24 15:56:17 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\Justin the Hutt\AppData\Roaming\Mozilla\Firefox\Profiles\pq5fbrn1.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
[2009/07/17 19:02:48 | 000,002,476 | ---- | M] () -- C:\Users\Justin the Hutt\AppData\Roaming\Mozilla\Firefox\Profiles\pq5fbrn1.default\searchplugins\BearShareWebSearch.xml
[2010/02/28 10:42:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/23 13:59:54 | 000,002,191 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2009/07/17 19:02:48 | 000,002,476 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [LXCRCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [lxcrmon.exe] C:\Program Files\Lexmark 2400 Series\lxcrmon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Justin the Hutt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Justin the Hutt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Justin the Hutt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/04/17 11:25:46 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Justin the Hutt\Desktop\OTL.exe
[2010/04/13 13:56:25 | 000,000,000 | ---D | C] -- C:\Users\Justin the Hutt\AppData\Local\lhehyrdyj
[2010/04/10 19:25:51 | 000,000,000 | R--D | C] -- C:\Users\Justin the Hutt\Desktop\internet links
[2010/04/06 18:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Pixologic
[2010/04/06 18:46:02 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2010/03/30 20:46:07 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/03/30 20:46:07 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/03/30 20:46:07 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/03/30 20:46:07 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/03/30 20:46:06 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/03/30 20:46:06 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/03/30 20:46:06 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/03/30 20:46:06 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/03/30 20:46:06 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/03/30 20:46:06 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/03/30 20:46:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/03/30 20:46:06 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/03/30 20:46:06 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/03/30 20:46:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/03/30 20:46:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/03/24 14:13:08 | 000,000,000 | ---D | C] -- C:\Users\Justin the Hutt\AppData\Roaming\WTablet
[2010/03/24 14:12:31 | 000,000,000 | ---D | C] -- C:\Users\Justin the Hutt\AppData\Roaming\WTouch
[2010/03/24 14:12:30 | 000,245,032 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Touch_Tablet.dll
[2010/03/24 14:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\WTouch
[2010/03/24 14:11:24 | 006,393,640 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\PenTablet.cpl
[2010/03/24 14:11:24 | 000,000,000 | ---D | C] -- C:\Program Files\TabletPlugins
[2010/03/24 14:10:59 | 000,011,312 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacommousefilter.sys
[2010/03/24 14:10:57 | 000,284,160 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wintab32.dln
[2010/03/24 14:08:46 | 000,013,736 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacomvhid.sys
[2010/03/24 14:07:11 | 000,016,168 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacmoumonitor.sys
[2010/03/24 14:07:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\WTablet
[2010/03/24 14:07:09 | 004,497,704 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
[2010/03/24 14:07:09 | 000,416,040 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.dll
[2010/03/24 14:07:09 | 000,284,160 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wintab32.dlm
[2010/03/24 14:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2010/03/23 13:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/03/23 13:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\myBabylon_English
[2009/12/23 14:22:22 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Justin the Hutt\AppData\Roaming\pcouffin.sys
[2009/06/13 23:30:44 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcrinpa.dll
[2009/06/13 23:30:44 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcriesc.dll
[2009/06/13 23:30:44 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCRhcp.dll
[2009/06/13 23:30:43 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcrserv.dll
[2009/06/13 23:30:43 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxcrusb1.dll
[2009/06/13 23:30:43 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcrpmui.dll
[2009/06/13 23:30:43 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcrlmpm.dll
[2009/06/13 23:30:43 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcrprox.dll
[2009/06/13 23:30:43 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcrpplc.dll
[2009/06/13 23:30:42 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomc.dll
[2009/06/13 23:30:42 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomm.dll

========== Files - Modified Within 30 Days ==========

[2010/04/17 11:27:00 | 004,980,736 | -HS- | M] () -- C:\Users\Justin the Hutt\ntuser.dat
[2010/04/17 11:25:49 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Justin the Hutt\Desktop\OTL.exe
[2010/04/17 11:25:43 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/17 11:25:43 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/17 11:22:01 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-102117945-2110181670-3325598433-1000UA.job
[2010/04/17 02:22:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-102117945-2110181670-3325598433-1000Core.job
[2010/04/14 09:59:17 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/14 09:59:17 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/14 09:59:17 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/14 02:26:58 | 000,049,605 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/04/14 02:25:33 | 000,000,354 | ---- | M] () -- C:\Windows\win.ini
[2010/04/14 02:25:31 | 000,049,605 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/04/14 02:25:29 | 002,438,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/14 02:25:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/14 02:25:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/14 02:24:23 | 2145,308,672 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/14 02:17:21 | 000,524,288 | -HS- | M] () -- C:\Users\Justin the Hutt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/04/14 02:17:21 | 000,065,536 | -HS- | M] () -- C:\Users\Justin the Hutt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/04/14 02:17:19 | 002,047,604 | -H-- | M] () -- C:\Users\Justin the Hutt\AppData\Local\IconCache.db
[2010/04/08 23:40:57 | 000,086,632 | ---- | M] () -- C:\Users\Justin the Hutt\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/07 15:35:29 | 001,636,241 | ---- | M] () -- C:\Users\Justin the Hutt\subject o text.psd
[2010/04/01 06:22:15 | 000,002,092 | ---- | M] () -- C:\Users\Justin the Hutt\Desktop\Google Chrome.lnk
[2010/03/22 20:57:08 | 000,000,196 | ---- | M] () -- C:\Users\Justin the Hutt\AppData\Roaming\default.rss
[2010/03/22 18:15:15 | 000,019,456 | ---- | M] () -- C:\Users\Justin the Hutt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2010/04/14 02:07:34 | 2145,308,672 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/07 14:08:49 | 001,636,241 | ---- | C] () -- C:\Users\Justin the Hutt\subject o text.psd
[2010/04/06 18:57:04 | 000,000,725 | -HS- | C] () -- C:\Users\Public\Documents\zmtl02.rtf
[2010/03/24 14:11:24 | 001,595,175 | ---- | C] () -- C:\Windows\System32\PenTablet.znc
[2010/02/25 12:27:44 | 000,009,338 | -HS- | C] () -- C:\Users\Justin the Hutt\AppData\Local\RHpCMfQD4
[2009/12/26 23:46:00 | 000,003,348 | ---- | C] () -- C:\Windows\System32\ludap17.ini
[2009/12/26 23:46:00 | 000,002,191 | ---- | C] () -- C:\Windows\P17EP.ini
[2009/12/26 23:46:00 | 000,001,694 | ---- | C] () -- C:\Windows\P17EP51.ini
[2009/12/26 23:45:59 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009/12/23 14:23:59 | 000,000,663 | ---- | C] () -- C:\Users\Justin the Hutt\AppData\Roaming\vso_ts_preview.xml
[2009/12/23 14:23:37 | 000,000,034 | ---- | C] () -- C:\Users\Justin the Hutt\AppData\Roaming\pcouffin.log
[2009/12/23 14:22:22 | 000,007,887 | ---- | C] () -- C:\Users\Justin the Hutt\AppData\Roaming\pcouffin.cat
[2009/12/23 14:22:22 | 000,001,144 | ---- | C] () -- C:\Users\Justin the Hutt\AppData\Roaming\pcouffin.inf
[2009/12/06 23:26:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/13 16:17:18 | 000,000,196 | ---- | C] () -- C:\Users\Justin the Hutt\AppData\Roaming\default.rss
[2009/10/08 07:54:46 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/09/30 23:32:35 | 000,000,030 | ---- | C] () -- C:\Windows\Q3version.ini
[2009/09/30 23:23:19 | 000,000,551 | ---- | C] () -- C:\Windows\Qiii.INI
[2009/08/25 20:39:14 | 000,006,355 | ---- | C] () -- C:\Windows\aiptbl.ini
[2009/07/20 09:05:13 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/07/20 09:05:12 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/07/20 09:05:11 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/07/20 09:05:11 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/07/20 09:05:09 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/07/20 09:05:09 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/07/06 19:02:01 | 000,019,456 | ---- | C] () -- C:\Users\Justin the Hutt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/13 23:30:44 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCRinst.dll
[2009/06/11 09:21:18 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/06/09 20:39:33 | 000,000,680 | ---- | C] () -- C:\Users\Justin the Hutt\AppData\Local\d3d9caps.dat
[2009/06/09 20:39:33 | 000,000,020 | -HS- | C] () -- C:\Users\Justin the Hutt\ntuser.ini
[2009/06/09 20:39:32 | 004,980,736 | -HS- | C] () -- C:\Users\Justin the Hutt\ntuser.dat
[2009/06/09 20:39:32 | 000,524,288 | -HS- | C] () -- C:\Users\Justin the Hutt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009/06/09 20:39:32 | 000,524,288 | -HS- | C] () -- C:\Users\Justin the Hutt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/06/09 20:39:32 | 000,262,144 | -H-- | C] () -- C:\Users\Justin the Hutt\ntuser.dat.LOG1
[2009/06/09 20:39:32 | 000,065,536 | -HS- | C] () -- C:\Users\Justin the Hutt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/06/09 20:39:32 | 000,000,000 | -H-- | C] () -- C:\Users\Justin the Hutt\ntuser.dat.LOG2
[2009/06/09 18:30:59 | 000,049,605 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/06/09 18:30:59 | 000,049,605 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/01/10 07:44:26 | 001,457,024 | R--- | C] () -- C:\Windows\System32\SSCProt.dll
[2006/12/05 15:07:16 | 000,032,256 | ---- | C] () -- C:\Windows\System32\dzbryce6.dll
[2006/12/05 15:00:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\dzwrapper.dll
[2006/12/05 15:00:44 | 006,144,000 | ---- | C] () -- C:\Windows\System32\dzcore.dll
[2006/11/30 11:32:52 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxcrcoin.dll
[2006/11/20 16:25:16 | 001,343,488 | ---- | C] () -- C:\Windows\System32\daz-qsa.dll
[2006/11/20 16:25:02 | 004,984,832 | ---- | C] () -- C:\Windows\System32\daz-qt-mt.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/14 16:01:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxcrcaps.dll
[2006/08/08 14:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxcrdrs.dll
[2006/03/23 03:33:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcrvs.dll
[2005/12/20 11:54:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcrcnv4.dll
[2003/01/07 11:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >

s8nthc
Novice
Novice

Posts Posts : 46
Joined Joined : 2009-05-18
OS OS : vista
Points Points : 28050
# Likes # Likes : 0

View user profile

Back to top Go down

Re: some sort of virus

Post by s8nthc on Sat Apr 17, 2010 3:30 pm

OTL logfile created on: 4/17/2010 11:26:18 AM - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Justin the Hutt\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): c:\pagefile.sys 3067 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 669.83 Gb Free Space | 71.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 647.36 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HAL
Current User Name: Justin the Hutt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/17 11:25:49 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Justin the Hutt\Desktop\OTL.exe
PRC - [2010/04/14 09:30:06 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/18 02:17:06 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Users\Justin the Hutt\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2009/11/23 15:53:58 | 004,781,352 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe
PRC - [2009/11/23 15:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2009/11/23 15:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
PRC - [2009/11/23 15:53:56 | 001,823,528 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Pen_TabletUser.exe
PRC - [2009/08/05 22:53:57 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/06/11 09:20:42 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/06/09 19:47:20 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/06/09 19:25:39 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/09/29 06:09:20 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/05/19 13:13:20 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\ASTSRV.EXE
PRC - [2008/01/19 03:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 03:33:39 | 000,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
PRC - [2008/01/19 03:33:23 | 000,300,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2008/01/19 03:33:12 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2007/08/30 14:04:54 | 000,364,192 | ---- | M] () -- C:\Windows\System32\atwtusb.exe
PRC - [2006/12/11 11:12:06 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxcrcoms.exe
PRC - [2006/12/11 11:11:58 | 000,082,864 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2400 Series\ezprint.exe
PRC - [2006/12/11 11:11:54 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrmon.exe


========== Modules (SafeList) ==========

MOD - [2010/04/17 11:25:49 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Justin the Hutt\Desktop\OTL.exe
MOD - [2008/01/19 03:36:40 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2008/01/19 03:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/23 15:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009/11/23 15:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009/08/05 22:53:57 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/16 13:35:47 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/09 19:25:39 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/09/29 06:09:20 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/05/19 13:13:20 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\ASTSRV.EXE -- (ASTSRV)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/30 14:04:54 | 000,364,192 | ---- | M] () [Auto | Running] -- C:\Windows\System32\atwtusb.exe -- (WTService)
SRV - [2006/12/11 11:12:06 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcrcoms.exe -- (lxcr_device)


========== Driver Services (SafeList) ==========

DRV - [2009/12/07 12:48:09 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/09/04 17:38:28 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\androidusb.sys -- (androidusb)
DRV - [2009/08/27 15:06:32 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009/06/09 19:25:39 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/20 11:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/04/30 22:02:00 | 009,850,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/11/16 22:06:36 | 001,143,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\P17.sys -- (P17)
DRV - [2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/19 00:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/02/16 10:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006/11/22 10:57:00 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/22 10:57:00 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/22 10:57:00 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2006/11/02 03:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (VST_DPV)
DRV - [2006/11/02 03:41:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2005/11/02 10:54:44 | 000,011,596 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\copperhd.sys -- (UsbFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 53 9D 5F 0D 5C 39 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/home"
FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/06/11 09:20:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/14 09:30:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/14 09:30:14 | 000,000,000 | ---D | M]

[2009/07/03 14:39:15 | 000,000,000 | ---D | M] -- C:\Users\Justin the Hutt\AppData\Roaming\Mozilla\Extensions
[2010/04/17 10:15:52 | 000,000,000 | ---D | M] -- C:\Users\Justin the Hutt\AppData\Roaming\Mozilla\Firefox\Profiles\pq5fbrn1.default\extensions
[2009/08/02 21:25:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Justin the Hutt\AppData\Roaming\Mozilla\Firefox\Profiles\pq5fbrn1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/24 15:56:17 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\Justin the Hutt\AppData\Roaming\Mozilla\Firefox\Profiles\pq5fbrn1.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
[2009/07/17 19:02:48 | 000,002,476 | ---- | M] () -- C:\Users\Justin the Hutt\AppData\Roaming\Mozilla\Firefox\Profiles\pq5fbrn1.default\searchplugins\BearShareWebSearch.xml
[2010/02/28 10:42:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/23 13:59:54 | 000,002,191 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2009/07/17 19:02:48 | 000,002,476 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [LXCRCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [lxcrmon.exe] C:\Program Files\Lexmark 2400 Series\lxcrmon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Justin the Hutt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Justin the Hutt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Justin the Hutt\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/04/17 11:25:46 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Justin the Hutt\Desktop\OTL.exe
[2010/04/13 13:56:25 | 000,000,000 | ---D | C] -- C:\Users\Justin the Hutt\AppData\Local\lhehyrdyj
[2010/04/10 19:25:51 | 000,000,000 | R--D | C] -- C:\Users\Justin the Hutt\Desktop\internet links
[2010/04/06 18:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Pixologic
[2010/04/06 18:46:02 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2010/03/30 20:46:07 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/03/30 20:46:07 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/03/30 20:46:07 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/03/30 20:46:07 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/03/30 20:46:06 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/03/30 20:46:06 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/03/30 20:46:06 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/03/30 20:46:06 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/03/30 20:46:06 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/03/30 20:46:06 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/03/30 20:46:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/03/30 20:46:06 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/03/30 20:46:06 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/03/30 20:46:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/03/30 20:46:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/03/24 14:13:08 | 000,000,000 | ---D | C] -- C:\Users\Justin the Hutt\AppData\Roaming\WTablet
[2010/03/24 14:12:31 | 000,000,000 | ---D | C] -- C:\Users\Justin the Hutt\AppData\Roaming\WTouch
[2010/03/24 14:12:30 | 000,245,032 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Touch_Tablet.dll
[2010/03/24 14:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\WTouch
[2010/03/24 14:11:24 | 006,393,640 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\PenTablet.cpl
[2010/03/24 14:11:24 | 000,000,000 | ---D | C] -- C:\Program Files\TabletPlugins
[2010/03/24 14:10:59 | 000,011,312 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacommousefilter.sys
[2010/03/24 14:10:57 | 000,284,160 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wintab32.dln
[2010/03/24 14:08:46 | 000,013,736 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacomvhid.sys
[2010/03/24 14:07:11 | 000,016,168 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacmoumonitor.sys
[2010/03/24 14:07:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\WTablet
[2010/03/24 14:07:09 | 004,497,704 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
[2010/03/24 14:07:09 | 000,416,040 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.dll
[2010/03/24 14:07:09 | 000,284,160 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wintab32.dlm
[2010/03/24 14:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2010/03/23 13:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/03/23 13:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\myBabylon_English
[2009/12/23 14:22:22 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Justin the Hutt\AppData\Roaming\pcouffin.sys
[2009/06/13 23:30:44 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcrinpa.dll
[2009/06/13 23:30:44 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcriesc.dll
[2009/06/13 23:30:44 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCRhcp.dll
[2009/06/13 23:30:43 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcrserv.dll
[2009/06/13 23:30:43 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxcrusb1.dll
[2009/06/13 23:30:43 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcrpmui.dll
[2009/06/13 23:30:43 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcrlmpm.dll
[2009/06/13 23:30:43 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcrprox.dll
[2009/06/13 23:30:43 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcrpplc.dll
[2009/06/13 23:30:42 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomc.dll
[2009/06/13 23:30:42 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomm.dll

========== Files - Modified Within 30 Days ==========

[2010/04/17 11:27:00 | 004,980,736 | -HS- | M] () -- C:\Users\Justin the Hutt\ntuser.dat
[2010/04/17 11:25:49 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Justin the Hutt\Desktop\OTL.exe
[2010/04/17 11:25:43 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/17 11:25:43 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/17 11:22:01 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-102117945-2110181670-3325598433-1000UA.job
[2010/04/17 02:22:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-102117945-2110181670-3325598433-1000Core.job
[2010/04/14 09:59:17 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/14 09:59:17 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/14 09:59:17 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/14 02:26:58 | 000,049,605 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/04/14 02:25:33 | 000,000,354 | ---- | M] () -- C:\Windows\win.ini
[2010/04/14 02:25:31 | 000,049,605 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/04/14 02:25:29 | 002,438,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/14 02:25:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/14 02:25:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/14 02:24:23 | 2145,308,672 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/14 02:17:21 | 000,524,288 | -HS- | M] () -- C:\Users\Justin the Hutt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/04/14 02:17:21 | 000,065,536 | -HS- | M] () -- C:\Users\Justin the Hutt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/04/14 02:17:19 | 002,047,604 | -H-- | M] () -- C:\Users\Justin the Hutt\AppData\Local\IconCache.db
[2010/04/08 23:40:57 | 000,086,632 | ---- | M] () -- C:\Users\Justin the Hutt\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/07 15:35:29 | 001,636,241 | ---- | M] () -- C:\Users\Justin the Hutt\subject o text.psd
[2010/04/01 06:22:15 | 000,002,092 | ---- | M] () -- C:\Users\Justin the Hutt\Desktop\Google Chrome.lnk
[2010/03/22 20:57:08 | 000,000,196 | ---- | M] () -- C:\Users\Justin the Hutt\AppData\Roaming\default.rss
[2010/03/22 18:15:15 | 000,019,456 | ---- | M] () -- C:\Users\Justin the Hutt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2010/04/14 02:07:34 | 2145,308,672 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/07 14:08:49 | 001,636,241 | ---- | C] () -- C:\Users\Justin the Hutt\subject o text.psd
[2010/04/06 18:57:04 | 000,000,725 | -HS- | C] () -- C:\Users\Public\Documents\zmtl02.rtf
[2010/03/24 14:11:24 | 001,595,175 | ---- | C] () -- C:\Windows\System32\PenTablet.znc
[2010/02/25 12:27:44 | 000,009,338 | -HS- | C] () -- C:\Users\Justin the Hutt\AppData\Local\RHpCMfQD4
[2009/12/26 23:46:00 | 000,003,348 | ---- | C] () -- C:\Windows\System32\ludap17.ini
[2009/12/26 23:46:00 | 000,002,191 | ---- | C] () -- C:\Windows\P17EP.ini
[2009/12/26 23:46:00 | 000,001,694 | ---- | C] () -- C:\Windows\P17EP51.ini
[2009/12/26 23:45:59 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009/12/23 14:23:59 | 000,000,663 | ---- | C] () -- C:\Users\Justin the Hutt\AppData\Roaming\vso_ts_preview.xml
[2009/12/23 14:23:37 | 000,000,034 | ---- | C] () -- C:\Users\Justin the Hutt\AppData\Roaming\pcouffin.log
[2009/12/23 14:22:22 | 000,007,887 | ---- | C] () -- C:\Users\Justin the Hutt\AppData\Roaming\pcouffin.cat
[2009/12/23 14:22:22 | 000,001,144 | ---- | C] () -- C:\Users\Justin the Hutt\AppData\Roaming\pcouffin.inf
[2009/12/06 23:26:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/13 16:17:18 | 000,000,196 | ---- | C] () -- C:\Users\Justin the Hutt\AppData\Roaming\default.rss
[2009/10/08 07:54:46 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/09/30 23:32:35 | 000,000,030 | ---- | C] () -- C:\Windows\Q3version.ini
[2009/09/30 23:23:19 | 000,000,551 | ---- | C] () -- C:\Windows\Qiii.INI
[2009/08/25 20:39:14 | 000,006,355 | ---- | C] () -- C:\Windows\aiptbl.ini
[2009/07/20 09:05:13 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/07/20 09:05:12 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/07/20 09:05:11 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/07/20 09:05:11 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/07/20 09:05:09 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/07/20 09:05:09 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/07/06 19:02:01 | 000,019,456 | ---- | C] () -- C:\Users\Justin the Hutt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/13 23:30:44 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCRinst.dll
[2009/06/11 09:21:18 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/06/09 20:39:33 | 000,000,680 | ---- | C] () -- C:\Users\Justin the Hutt\AppData\Local\d3d9caps.dat
[2009/06/09 20:39:33 | 000,000,020 | -HS- | C] () -- C:\Users\Justin the Hutt\ntuser.ini
[2009/06/09 20:39:32 | 004,980,736 | -HS- | C] () -- C:\Users\Justin the Hutt\ntuser.dat
[2009/06/09 20:39:32 | 000,524,288 | -HS- | C] () -- C:\Users\Justin the Hutt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009/06/09 20:39:32 | 000,524,288 | -HS- | C] () -- C:\Users\Justin the Hutt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/06/09 20:39:32 | 000,262,144 | -H-- | C] () -- C:\Users\Justin the Hutt\ntuser.dat.LOG1
[2009/06/09 20:39:32 | 000,065,536 | -HS- | C] () -- C:\Users\Justin the Hutt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/06/09 20:39:32 | 000,000,000 | -H-- | C] () -- C:\Users\Justin the Hutt\ntuser.dat.LOG2
[2009/06/09 18:30:59 | 000,049,605 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/06/09 18:30:59 | 000,049,605 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/01/10 07:44:26 | 001,457,024 | R--- | C] () -- C:\Windows\System32\SSCProt.dll
[2006/12/05 15:07:16 | 000,032,256 | ---- | C] () -- C:\Windows\System32\dzbryce6.dll
[2006/12/05 15:00:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\dzwrapper.dll
[2006/12/05 15:00:44 | 006,144,000 | ---- | C] () -- C:\Windows\System32\dzcore.dll
[2006/11/30 11:32:52 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxcrcoin.dll
[2006/11/20 16:25:16 | 001,343,488 | ---- | C] () -- C:\Windows\System32\daz-qsa.dll
[2006/11/20 16:25:02 | 004,984,832 | ---- | C] () -- C:\Windows\System32\daz-qt-mt.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/14 16:01:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxcrcaps.dll
[2006/08/08 14:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxcrdrs.dll
[2006/03/23 03:33:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcrvs.dll
[2005/12/20 11:54:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcrcnv4.dll
[2003/01/07 11:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >

s8nthc
Novice
Novice

Posts Posts : 46
Joined Joined : 2009-05-18
OS OS : vista
Points Points : 28050
# Likes # Likes : 0

View user profile

Back to top Go down

Re: some sort of virus

Post by Belahzur on Sat Apr 17, 2010 7:14 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: some sort of virus

Post by s8nthc on Sat Apr 17, 2010 9:57 pm

Malwarebytes' Anti-Malware 1.45
[You must be registered and logged in to see this link.]

Database version: 4002

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904

4/17/2010 5:56:30 PM
mbam-log-2010-04-17 (17-56-30).txt

Scan type: Quick scan
Objects scanned: 109319
Time elapsed: 4 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Justin the Hutt\AppData\Local\temp\tydt.exe (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

s8nthc
Novice
Novice

Posts Posts : 46
Joined Joined : 2009-05-18
OS OS : vista
Points Points : 28050
# Likes # Likes : 0

View user profile

Back to top Go down

Re: some sort of virus

Post by Belahzur on Sat Apr 17, 2010 11:17 pm

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: some sort of virus

Post by s8nthc on Sat Apr 17, 2010 11:39 pm

works great you guys are awesome! will be sure to donate come payday Big Grin

s8nthc
Novice
Novice

Posts Posts : 46
Joined Joined : 2009-05-18
OS OS : vista
Points Points : 28050
# Likes # Likes : 0

View user profile

Back to top Go down

Re: some sort of virus

Post by Belahzur on Sat Apr 17, 2010 11:43 pm

Please post Extras.txt from OTL.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum