BleepingComputer.com: Windows Recovery Virus + Google Redirects + Hidden Audio Ads

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

Windows Recovery Virus + Google Redirects + Hidden Audio Ads

#1 User is offline   ramzo19 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 11
  • Joined: 28-March 11

Posted 28 March 2011 - 10:04 PM

Thanks in advance for your assistance with this. I was infected with a virus that installed "Windows Recovery" and prevented me from pulling up task manager, cleared out my start menu, and hid whatever files were in my open folders at the time. I was able to clean (I believe) the virus and did a system restore but what remains is the google redirection issue where all my searches get redirected through a plomedia or forbettertimes website. Also I have 2 iexplore.exe constantly open in my processes that I can't get rid of that will randomly play audio ads in the background - that did not go away either after I did a system restore. My restore point was about 2 weeks prior to being infected and was definitely a clean restore. Logs below and attached per your instructions. Thanks.


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Ramzi Faris at 12:34:37.70 on Mon 03/28/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3071.1298 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\lxbfcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\SugarSync\SugarSyncManager.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\hp\kbd\kbd.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Logitech\LWS\LU\LULnchr.exe
C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k swprv
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Ramzi Faris\Desktop\Virus Removal\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [SugarSync] "c:\program files\sugarsync\SugarSyncManager.exe" -startInTray -usedelay=true
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [Google Update] "c:\users\ramzi faris\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [<NO NAME>]
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [VetStart] "c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe" -r
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SaiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~2.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logmei~1.lnk - c:\program files\logmein hamachi\hamachi-2-ui.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ramzif~1\appdata\roaming\mozilla\firefox\profiles\swl2b39h.default\
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll
FF - plugin: c:\users\ramzi faris\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\ramzi faris\appdata\roaming\mozilla\firefox\profiles\swl2b39h.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\users\ramzi faris\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\ramzi faris\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation

foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-12-6 1238408]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-29 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-2-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-6-7 47640]
R2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe -service --> c:\windows\system32\lxbfcoms.exe -service [?]
R2 mvCmExtA;mvCmExtA;c:\windows\system32\drivers\mvCmExtA.SYS [2009-9-17 12416]
R2 mvCmExtB;mvCmExtB;c:\windows\system32\drivers\mvCmExtB.SYS [2009-9-17 13696]
R2 mvCmExtC;mvCmExtC;c:\windows\system32\drivers\mvCmExtC.SYS [2009-9-17 13696]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 27216]
R3 mvvideoexta;MaxiVista Virtual Video ExtA;c:\windows\system32\drivers\mvvideoexta.sys [2009-9-17 12544]
R3 mvvideoextb;MaxiVista Virtual Video ExtB;c:\windows\system32\drivers\mvvideoextb.sys [2009-9-17 12544]
R3 mvvideoextc;MaxiVista Virtual Video ExtC;c:\windows\system32\drivers\mvvideoextc.sys [2009-9-17 12544]
S3 MaxiVista_service_A;MaxiVista_service_A;c:\users\ramzi faris\desktop\maxivista viewers\MaxiVistaViewerA.exe [2009-9-17 1770504]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2008-2-28 13408]
S3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [2007-5-1 132232]
S3 USBNET;Instant Wireless USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\vnetusbl.sys [2004-3-26 107648]
.
=============== Created Last 30 ================
.
2011-03-28 13:24:15 -------- d--h--w- C:\$AVG
2011-03-28 12:20:00 -------- d-----w- c:\users\ramzif~1\appdata\roaming\AVG10
2011-03-28 12:11:55 -------- d-----w- c:\windows\system32\drivers\AVG
2011-03-28 12:11:55 -------- d-----w- c:\progra~2\AVG10
2011-03-28 12:09:54 -------- d-----w- c:\program files\AVG
2011-03-28 12:06:59 -------- d-----w- c:\progra~2\MFAData
2011-03-28 02:12:08 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{135b888e-b03a-406e-a63c-ea98921a9bfa}\mpengine.dll
2011-03-24 13:58:30 -------- d-----w- c:\windows\pss
2011-03-23 13:12:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-23 13:12:39 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-03-23 13:03:49 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-03-23 05:45:08 -------- d-----w- c:\progra~2\Hitman Pro
2011-03-12 06:11:01 -------- d-----w- c:\program files\Ventrilo
.
==================== Find3M ====================
.
2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 12:35:11.13 ===============

Attached File  Ark.txt (6.09K)
Number of downloads: 1
Attached File  Attach.txt (189.44K)
Number of downloads: 1

#2 User is offline   myrti 

  • bleepin' _temp_
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 27,518
  • Joined: 25-January 08
  • Gender:Female
  • Location:At home

Posted 03 April 2011 - 09:02 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
wininit.exe
hlp.dat
/md5stop

  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized


In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

Posted Image
Please don't send help request via PM, unless I am already helping you. Use the forums!

I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein

#3 User is offline   ramzo19 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 11
  • Joined: 28-March 11

Posted 03 April 2011 - 04:47 PM

OTL logfile created on: 4/3/2011 5:37:22 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Ramzi Faris\Desktop\Virus Removal
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 33.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.52 Gb Total Space | 36.73 Gb Free Space | 8.05% Space Free | Partition Type: NTFS
Drive D: | 9.24 Gb Total Space | 1.24 Gb Free Space | 13.47% Space Free | Partition Type: NTFS

Computer Name: SERVER | User Name: Ramzi Faris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/03 17:36:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Ramzi Faris\Desktop\Virus Removal\OTL.exe
PRC - [2011/03/24 10:16:21 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/23 08:48:40 | 000,403,240 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2011/03/23 00:55:40 | 015,921,152 | ---- | M] (SugarSync, Inc.) -- C:\Program Files\SugarSync\SugarSyncManager.exe
PRC - [2011/02/25 10:18:30 | 002,870,784 | ---- | M] (Flagship Industries, Inc.) -- C:\Program Files\Ventrilo\Ventrilo.exe
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/12/06 09:31:52 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2010/12/06 09:31:48 | 001,238,408 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/11/16 23:28:16 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/05/11 15:11:30 | 001,188,176 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe
PRC - [2010/05/11 15:11:20 | 000,341,328 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\LWS\LU\LULnchr.exe
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2009/09/12 13:36:00 | 001,903,360 | ---- | M] () -- C:\Program Files\MaxiVista Pro Server\MaxiVistaA.exe
PRC - [2009/09/12 13:36:00 | 001,890,048 | ---- | M] () -- C:\Program Files\MaxiVista Pro Server\MaxiVistaB.exe
PRC - [2009/06/03 10:49:18 | 000,131,072 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
PRC - [2009/06/03 10:49:00 | 000,237,568 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
PRC - [2008/10/22 08:25:30 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/07/03 11:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/06/13 23:19:36 | 001,700,288 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2008/06/13 23:19:34 | 000,600,000 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2008/06/07 12:47:56 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/06/02 18:50:34 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/06/02 18:50:32 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/02/28 18:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008/02/28 15:31:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/01/20 22:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/04/24 19:24:16 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxbfcoms.exe
PRC - [2007/04/18 11:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/10/22 23:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe


========== Modules (SafeList) ==========

MOD - [2011/04/03 17:36:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Ramzi Faris\Desktop\Virus Removal\OTL.exe
MOD - [2008/01/20 22:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/23 08:48:40 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/12/06 09:31:48 | 001,238,408 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/09/17 12:34:33 | 001,770,504 | ---- | M] () [On_Demand | Stopped] -- C:\Users\Ramzi Faris\Desktop\Maxivista Viewers\MaxiVistaViewerA.exe -- (MaxiVista_service_A)
SRV - [2008/10/22 08:25:30 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/06/13 23:19:36 | 001,700,288 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2008/06/07 12:47:56 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/06/02 18:50:34 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/04/24 19:24:16 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbfcoms.exe -- (lxbf_device)


========== Driver Services (SafeList) ==========

DRV - [2010/12/08 14:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/03 15:23:58 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/03 15:23:54 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/03 15:23:52 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/06/09 20:04:40 | 000,013,408 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\radpms.sys -- (radpms)
DRV - [2010/05/14 18:04:02 | 006,842,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
DRV - [2010/05/14 18:02:26 | 000,276,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/08/19 20:20:00 | 000,013,696 | ---- | M] (MaxiVista) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mvCmExtC.SYS -- (mvCmExtC)
DRV - [2009/08/19 20:20:00 | 000,013,696 | ---- | M] (MaxiVista) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mvCmExtB.SYS -- (mvCmExtB)
DRV - [2009/08/19 20:20:00 | 000,012,544 | ---- | M] (MaxiVista) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mvvideoextc.sys -- (mvvideoextc)
DRV - [2009/08/19 20:20:00 | 000,012,544 | ---- | M] (MaxiVista) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mvvideoextb.sys -- (mvvideoextb)
DRV - [2009/08/19 20:20:00 | 000,012,544 | ---- | M] (MaxiVista) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mvvideoexta.sys -- (mvvideoexta)
DRV - [2009/08/19 20:20:00 | 000,012,416 | ---- | M] (MaxiVista) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mvCmExtA.SYS -- (mvCmExtA)
DRV - [2009/06/10 11:23:04 | 000,036,992 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2009/06/10 11:23:04 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2008/10/18 12:07:14 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/07/26 00:48:00 | 007,281,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/08 13:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 13:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/02/28 15:31:52 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2007/10/18 15:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/03 12:18:12 | 000,099,840 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/09/25 10:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/05/01 15:33:34 | 000,132,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiH0461.sys -- (SaiH0461)
DRV - [2005/12/12 12:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2004/03/26 13:08:14 | 000,107,648 | ---- | M] (Cisco-Linksys LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vnetusbl.sys -- (USBNET)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3658682615-243027084-529734419-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3658682615-243027084-529734419-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3658682615-243027084-529734419-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/03/30 09:31:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 10:16:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 10:16:35 | 000,000,000 | ---D | M]

[2009/10/12 13:15:44 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Ramzi Faris\AppData\Roaming\Mozilla\Extensions
[2009/10/12 13:15:44 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Ramzi Faris\AppData\Roaming\Mozilla\Extensions\MediaCoder
[2009/10/12 13:08:16 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Ramzi Faris\AppData\Roaming\Mozilla\Extensions\MediaCoder-Setup-Wizard
[2011/03/28 12:09:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ramzi Faris\AppData\Roaming\Mozilla\Firefox\Profiles\swl2b39h.default\extensions
[2011/03/28 00:57:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ramzi Faris\AppData\Roaming\Mozilla\Firefox\Profiles\swl2b39h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/05/20 09:39:00 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Ramzi Faris\AppData\Roaming\Mozilla\Firefox\Profiles\swl2b39h.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}-trash
[2011/03/23 03:05:36 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Ramzi Faris\AppData\Roaming\Mozilla\Firefox\Profiles\swl2b39h.default\extensions\LogMeInClient@logmein.com
[2011/03/23 03:05:36 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Ramzi Faris\AppData\Roaming\Mozilla\Firefox\Profiles\swl2b39h.default\extensions\moveplayer@movenetworks.com
[2011/03/28 12:09:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/12 14:11:01 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/03/23 09:12:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2007/06/21 18:38:54 | 000,079,432 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2007/06/21 18:38:56 | 000,071,240 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2007/06/21 18:39:18 | 000,034,376 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\logging.dll
[2011/03/23 09:12:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/06/21 18:39:34 | 000,325,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2008/05/19 14:57:00 | 002,641,920 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
[2008/02/28 14:30:00 | 000,008,784 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ractrlkeyhook.dll
[2007/06/21 18:40:02 | 000,030,280 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
[2008/02/28 14:33:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\unicows.dll

O1 HOSTS File: ([2011/03/24 10:20:50 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3658682615-243027084-529734419-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [VetStart] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3658682615-243027084-529734419-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-3658682615-243027084-529734419-1000..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3658682615-243027084-529734419-1000..\Run: [SugarSync] C:\Program Files\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3658682615-243027084-529734419-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3658682615-243027084-529734419-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/14 13:03:13 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {64DD5F7F-97A0-B0E4-C290-C62FEA72520B} -
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.XVID - xvidvfw.dll File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/03/28 09:24:15 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/03/28 08:20:46 | 000,000,000 | ---D | C] -- C:\Users\Ramzi Faris\Desktop\Virus Removal
[2011/03/28 08:20:00 | 000,000,000 | ---D | C] -- C:\Users\Ramzi Faris\AppData\Roaming\AVG10
[2011/03/28 08:14:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/03/28 08:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/03/28 08:11:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/03/28 08:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/03/28 08:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/03/28 08:06:07 | 004,738,880 | ---- | C] (AVG Technologies) -- C:\Users\Ramzi Faris\Desktop\avg_free_stb_all_2011_1204_cnet.exe
[2011/03/28 07:16:35 | 000,000,000 | -H-D | C] -- C:\Config.msi
[2011/03/24 14:36:22 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/03/24 10:20:26 | 000,000,000 | ---D | C] -- C:\Users\Ramzi Faris\Desktop\backups
[2011/03/24 09:58:30 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/03/23 19:12:48 | 000,000,000 | ---D | C] -- C:\Users\Ramzi Faris\Desktop\avz4
[2011/03/23 10:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2011/03/23 09:32:23 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Ramzi Faris\Desktop\HijackThis.exe
[2011/03/23 09:13:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/03/23 09:12:39 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/03/23 09:12:39 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/03/23 09:12:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/03/23 09:12:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/03/23 09:03:24 | 006,449,984 | ---- | C] (SurfRight B.V.) -- C:\Users\Ramzi Faris\Desktop\HitmanPro35.exe
[2011/03/23 08:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ventrilo
[2011/03/23 01:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/03/22 19:33:20 | 000,000,000 | ---D | C] -- C:\Users\Ramzi Faris\Documents\MW2
[2011/03/12 02:12:09 | 000,000,000 | -H-D | C] -- C:\Users\Ramzi Faris\AppData\Roaming\Ventrilo
[2011/03/12 02:11:01 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2009/02/08 02:41:05 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Ramzi Faris\AppData\Roaming\pcouffin.sys
[2008/06/08 03:41:31 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbfinpa.dll
[2008/06/08 03:41:31 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbfiesc.dll
[2008/06/08 03:41:31 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBFhcp.dll
[2008/06/08 03:41:30 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbfserv.dll
[2008/06/08 03:41:30 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbfusb1.dll
[2008/06/08 03:41:30 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbfhbn3.dll
[2008/06/08 03:41:30 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbfcomc.dll
[2008/06/08 03:41:30 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbfpmui.dll
[2008/06/08 03:41:30 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbflmpm.dll
[2008/06/08 03:41:30 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxbfcoms.exe
[2008/06/08 03:41:30 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbfcomm.dll
[2008/06/08 03:41:30 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxbfih.exe
[2008/06/08 03:41:30 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxbfcfg.exe
[2008/06/08 03:41:30 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbfprox.dll
[2008/06/08 03:41:30 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbfpplc.dll
[2 C:\Users\Ramzi Faris\Desktop\*.tmp files -> C:\Users\Ramzi Faris\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/03 16:51:59 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3658682615-243027084-529734419-1000UA.job
[2011/04/03 15:53:43 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/03 15:53:43 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/03 10:52:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3658682615-243027084-529734419-1000Core.job
[2011/04/03 08:26:19 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{68315E47-8C9B-439A-81FA-FC19851C789D}.job
[2011/04/02 17:44:16 | 111,284,821 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/04/02 07:51:28 | 000,002,032 | ---- | M] () -- C:\Users\Ramzi Faris\AppData\Local\d3d9caps.dat
[2011/03/30 09:31:33 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/03/30 02:09:09 | 000,002,631 | ---- | M] () -- C:\Users\Ramzi Faris\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2011/03/28 16:55:48 | 000,002,633 | ---- | M] () -- C:\Users\Ramzi Faris\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2011/03/28 15:41:01 | 000,035,328 | ---- | M] () -- C:\Users\Ramzi Faris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/28 15:41:01 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/03/28 12:01:16 | 000,598,350 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/28 12:01:16 | 000,101,988 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/28 11:54:09 | 000,002,473 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/03/28 11:52:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/28 11:51:58 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/28 10:59:41 | 000,053,760 | ---- | M] () -- C:\Users\Ramzi Faris\Desktop\keygen.exe
[2011/03/28 08:06:08 | 004,738,880 | ---- | M] (AVG Technologies) -- C:\Users\Ramzi Faris\Desktop\avg_free_stb_all_2011_1204_cnet.exe
[2011/03/28 00:25:25 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k7
[2011/03/28 00:25:25 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k6
[2011/03/28 00:25:25 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k5
[2011/03/28 00:25:25 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k4
[2011/03/28 00:25:25 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k3
[2011/03/28 00:25:25 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k2
[2011/03/28 00:25:25 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k1
[2011/03/28 00:25:25 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k0
[2011/03/27 21:40:10 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/03/24 10:20:50 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/03/23 19:12:27 | 006,175,589 | ---- | M] () -- C:\Users\Ramzi Faris\Desktop\avz4.zip
[2011/03/23 09:32:23 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Ramzi Faris\Desktop\HijackThis.exe
[2011/03/23 09:12:14 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/03/23 09:12:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/03/23 09:12:13 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/03/23 09:12:13 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/03/23 09:03:25 | 006,449,984 | ---- | M] (SurfRight B.V.) -- C:\Users\Ramzi Faris\Desktop\HitmanPro35.exe
[2011/03/23 08:53:16 | 000,000,262 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/03/23 08:53:14 | 000,000,793 | ---- | M] () -- C:\Users\Public\Desktop\Ventrilo.lnk
[2011/03/23 08:52:28 | 003,786,512 | ---- | M] () -- C:\Users\Ramzi Faris\Desktop\ventrilo-3.0.8-Windows-i386.exe
[2011/03/22 21:17:09 | 000,018,954 | ---- | M] () -- C:\Users\Ramzi Faris\Desktop\Faris Interview Schedule.pdf
[2011/03/10 18:36:44 | 001,546,396 | ---- | M] () -- C:\Users\Ramzi Faris\Desktop\Espresso Hazelnut Cake.pdf
[2 C:\Users\Ramzi Faris\Desktop\*.tmp files -> C:\Users\Ramzi Faris\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/02 17:44:16 | 111,284,821 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/03/28 10:59:41 | 000,053,760 | ---- | C] () -- C:\Users\Ramzi Faris\Desktop\keygen.exe
[2011/03/28 08:14:57 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/03/28 00:49:01 | 3220,480,000 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/24 10:11:17 | 000,002,473 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/03/24 10:11:17 | 000,002,332 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2011/03/24 10:11:17 | 000,002,005 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
[2011/03/24 10:11:17 | 000,000,866 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LogMeIn Hamachi.lnk
[2011/03/23 19:12:16 | 006,175,589 | ---- | C] () -- C:\Users\Ramzi Faris\Desktop\avz4.zip
[2011/03/23 09:03:49 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/03/23 08:53:14 | 000,000,793 | ---- | C] () -- C:\Users\Public\Desktop\Ventrilo.lnk
[2011/03/23 08:53:13 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/03/22 21:16:56 | 000,018,954 | ---- | C] () -- C:\Users\Ramzi Faris\Desktop\Faris Interview Schedule.pdf
[2011/03/12 02:07:05 | 003,786,512 | ---- | C] () -- C:\Users\Ramzi Faris\Desktop\ventrilo-3.0.8-Windows-i386.exe
[2011/03/10 18:36:44 | 001,546,396 | ---- | C] () -- C:\Users\Ramzi Faris\Desktop\Espresso Hazelnut Cake.pdf
[2011/01/21 18:09:50 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2011/01/12 14:13:06 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/11/13 03:32:11 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/11/13 03:32:11 | 000,022,328 | ---- | C] () -- C:\Users\Ramzi Faris\AppData\Roaming\PnkBstrK.sys
[2010/11/13 03:31:50 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/11/13 03:31:48 | 000,674,600 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010/11/13 03:31:48 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/10/09 11:08:54 | 000,012,306 | ---- | C] () -- C:\Windows\scunin.dat
[2010/05/14 17:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/05/14 17:56:06 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/05/14 17:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/05/14 17:47:00 | 000,090,071 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2010/04/27 22:12:16 | 000,004,096 | -H-- | C] () -- C:\Users\Ramzi Faris\AppData\Local\keyfile3.drm
[2010/02/16 21:30:37 | 000,112,192 | ---- | C] () -- C:\Windows\System32\cad.exe
[2009/12/20 21:42:18 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/11/24 20:41:58 | 000,000,502 | ---- | C] () -- C:\Windows\System32\CNCMFP34.INI
[2009/10/31 02:00:47 | 000,205,824 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/10/31 01:56:55 | 000,205,824 | ---- | C] () -- C:\Windows\pw32a.dll
[2009/10/31 01:56:54 | 000,205,824 | ---- | C] () -- C:\Windows\System32\pw32a.dll
[2009/10/12 15:44:19 | 000,000,600 | ---- | C] () -- C:\Users\Ramzi Faris\AppData\Roaming\AutoGK.ini
[2009/07/05 09:54:37 | 000,000,082 | -H-- | C] () -- C:\Users\Ramzi Faris\AppData\Local\X-Plane Installer.prf
[2009/02/08 02:41:06 | 000,087,608 | ---- | C] () -- C:\Users\Ramzi Faris\AppData\Roaming\inst.exe
[2009/02/08 02:41:06 | 000,007,887 | ---- | C] () -- C:\Users\Ramzi Faris\AppData\Roaming\pcouffin.cat
[2009/02/08 02:41:05 | 000,001,144 | ---- | C] () -- C:\Users\Ramzi Faris\AppData\Roaming\pcouffin.inf
[2009/02/08 00:55:38 | 000,000,003 | ---- | C] () -- C:\Windows\System32\OutM64proc32.dll
[2009/02/08 00:55:38 | 000,000,003 | ---- | C] () -- C:\Windows\System32\InM64proc32.dll
[2009/01/07 00:24:05 | 000,000,119 | ---- | C] () -- C:\Users\Ramzi Faris\AppData\Roaming\FixVTS.ini
[2008/09/01 07:12:46 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/09/01 07:12:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/10 11:26:33 | 000,000,199 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2008/07/06 13:25:40 | 000,000,056 | ---- | C] () -- C:\Windows\SSB.ini
[2008/06/29 22:56:22 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/06/28 18:11:34 | 000,035,328 | ---- | C] () -- C:\Users\Ramzi Faris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/19 02:04:37 | 000,000,604 | -H-- | C] () -- C:\ProgramData\T2
[2008/06/19 02:04:37 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/06/08 03:45:11 | 000,000,452 | ---- | C] () -- C:\Windows\lexstat.ini
[2008/06/08 03:41:31 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBFinst.dll
[2008/06/08 03:41:30 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbfutil.dll
[2008/06/07 03:14:39 | 000,001,796 | ---- | C] () -- C:\Windows\mozver.dat
[2008/06/07 02:52:35 | 000,000,000 | ---- | C] () -- C:\Windows\Progs_.ini
[2008/06/07 02:51:13 | 000,000,002 | ---- | C] () -- C:\Windows\1way.ini
[2008/06/07 02:00:26 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/06/07 01:25:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/06/06 23:28:44 | 000,002,032 | ---- | C] () -- C:\Users\Ramzi Faris\AppData\Local\d3d9caps.dat
[2008/06/06 23:18:17 | 000,024,206 | -H-- | C] () -- C:\Users\Ramzi Faris\AppData\Roaming\UserTile.png
[2008/06/06 22:53:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IsUser11b.dll
[2008/06/05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/04/14 13:41:29 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/04/14 13:41:29 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/04/14 13:41:29 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2008/04/14 13:41:29 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2008/04/14 13:03:24 | 000,000,060 | ---- | C] () -- C:\Windows\System32\HP_Demo.ini
[2008/04/14 12:55:03 | 000,102,451 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/04/14 12:50:49 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2008/04/14 12:48:25 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/04/14 12:48:25 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2008/02/28 15:30:08 | 000,008,784 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2007/05/01 15:33:34 | 001,052,672 | ---- | C] () -- C:\Windows\System32\SaiC0461.Dll
[2007/05/01 15:33:34 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiC0461_0C.dll
[2007/05/01 15:33:34 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0461_10.dll
[2007/05/01 15:33:34 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0461_0A.dll
[2007/05/01 15:33:34 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0461_07.dll
[2007/05/01 15:33:34 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC0461_09.dll
[2007/05/01 15:33:34 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiC0461_0402.dll
[2007/05/01 15:33:34 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiC0461_11.dll
[2007/02/22 18:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbfcoin.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,435,240 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,598,350 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,101,988 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/01/12 10:24:36 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbfvs.dll
[2005/09/13 17:27:08 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbfcnv4.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002/12/15 21:59:28 | 000,000,520 | ---- | C] () -- C:\Windows\System32\wlan.ini
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 22:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\explorer.exe
[2008/01/20 22:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: WININIT.EXE >
[2008/01/20 22:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/20 22:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2008/01/20 22:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/20 22:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 498 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >



OTL Extras logfile created on: 4/3/2011 5:37:22 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Ramzi Faris\Desktop\Virus Removal
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 33.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.52 Gb Total Space | 36.73 Gb Free Space | 8.05% Space Free | Partition Type: NTFS
Drive D: | 9.24 Gb Total Space | 1.24 Gb Free Space | 13.47% Space Free | Partition Type: NTFS

Computer Name: SERVER | User Name: Ramzi Faris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3658682615-243027084-529734419-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3658682615-243027084-529734419-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03133124-F826-4661-AF0F-91574EAF4841}" = rport=445 | protocol=6 | dir=out | app=system |
"{0440B86E-2985-4C5B-98EC-DD862BBD7BC5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1D848345-BB65-415C-9FCC-01AC29BC0E42}" = lport=445 | protocol=6 | dir=in | app=system |
"{2485155A-7A06-4CCC-96D7-6430703362E9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{32286F3F-C8FF-4AA8-83EE-BFCF7ECFAA66}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3DBE6EFE-6716-46A2-85E5-4CC32132D967}" = lport=137 | protocol=17 | dir=in | app=system |
"{6996864A-6606-48FC-95F5-BFC7961ACDF0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{76DF35CE-8857-4DB6-8552-AA44588EC310}" = rport=138 | protocol=17 | dir=out | app=system |
"{780BC926-8E83-4009-99C8-5D4CD3F206EE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{788CC542-9766-4F31-918B-67DC435A0365}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7BC0EECB-DB38-416B-9D1E-36B86B32B5CB}" = lport=139 | protocol=6 | dir=in | app=system |
"{7FBC0739-97DB-42A5-85D8-E5EB4E37D090}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8063C90B-4A02-4477-85FF-D44CC02EB1F7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{888E8D72-593F-46FD-B13F-FC4AEC860DF5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{95338DD0-C663-4CB3-AD87-CD641388DB50}" = lport=138 | protocol=17 | dir=in | app=system |
"{AEB75E9E-4C48-4882-8398-57F2BDDB6107}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DF59CAEA-5B80-4C7C-98FB-E0DED4300102}" = rport=137 | protocol=17 | dir=out | app=system |
"{E02AFD11-054B-404E-A611-20624F186CB6}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1277BC9A-19B4-49DE-899F-4E93D0444CB0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{165C9149-4835-4967-9A5A-68D00E3C4F32}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{1F695036-CD07-4A19-A03A-3AE1CC10C321}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{22AA98B2-5CB2-4441-AF3E-D19439401F50}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{24E4B346-1005-4ACD-87E6-53A2C37C22E6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{28A3A164-CEEA-4554-A63A-D62E211BF473}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{2A40E52E-F540-42D4-AFD7-C81FECF1F4F3}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{2B3D0969-11F3-46C1-B89A-26BD24C4491C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 4\iw3mp.exe |
"{355A3296-393C-4832-8A76-15D4D7048CEA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{38BF3988-CED8-471E-B2A0-81A4171E113F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3C7355BD-9327-43E0-AE46-354876F2797B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{40F17BBE-197D-43A5-A6D7-D653265CBB02}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{417D20A9-4B35-4F75-9FFB-06DEA6D55F7E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{41B50D0B-3833-4448-AEAD-FF5A24B015BB}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{432F29AE-3A46-47D0-88BC-5E8B900D2808}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{4AE88D85-4FB8-4F87-AE98-60DA8183A505}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{53A187CA-F748-4B49-9CF0-110E756E23A4}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{5BA61A19-16F9-487D-9AE0-58109F2DE824}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"{68E74D7F-4CF6-40BC-8EA8-CD4CE5B57861}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{6920EF7A-8FBE-477C-9231-52BC8AC1BB38}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{6DB19505-32CD-4626-8801-A5247891464D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 4\iw3sp.exe |
"{7DB6067E-04AD-4417-A086-FD80A12A38B8}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{81578750-9EE5-4EA1-92BA-818DA0AA0E66}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{8167A156-AC59-491D-8B72-FA55554B02EC}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{83445A31-2B42-46F8-B75B-72850950FF58}" = protocol=17 | dir=in | app=c:\windows\system32\lxbfcoms.exe |
"{8B7C7A78-F8B5-41B7-8C1E-F8FBF369A413}" = protocol=17 | dir=in | app=c:\users\ramzi faris\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{8DEDF3F7-61FA-4B74-B4F9-390F4E483169}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{96EA7CAE-D543-4081-9A53-6CE6830E3CCD}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbfpswx.exe |
"{9A64CEF9-2D50-4A19-BE9D-DFF3D60C33C2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9A87479B-7408-413C-8CFF-B37E29B53C19}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{9BE59B91-0627-41AB-BAEC-6BF759B47B04}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{A85A4A95-4D4D-4D5D-8234-475C9D7D616D}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbfpswx.exe |
"{ACD8D312-1D94-440F-8D40-4C3C6C963E7A}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{ADC626A0-D9D0-489B-91B5-E456E8505358}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B46DCE12-398C-4DFE-894B-57C5E0E3DCCF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{B75AF7A0-E5AF-45AC-8321-74A46BACADD7}" = protocol=6 | dir=in | app=c:\windows\system32\lxbfcoms.exe |
"{B95ED564-F671-4EEB-83E1-6513E5C00FF9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BE598745-C303-41F8-A3FC-35426D0FF9FD}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{C0912FB8-92D0-4067-86D7-09424DB9F4BE}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{C26B23C2-02B2-40A2-949C-31795C985C24}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"{C61137BF-DCBD-476D-8B5C-B1F0441B7894}" = protocol=6 | dir=in | app=c:\users\ramzi faris\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{C80FC975-0879-44B4-9EA8-CACAD0840620}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{CE5926D7-CB10-44E7-9177-F8C507ACD601}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{CFB64594-A9B8-4CC5-A410-A7566CCE70B8}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{CFE9FD1C-2B05-493A-AD12-D0F2CE3153A7}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{D2197A8A-2152-4043-AD66-34710E4087B0}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{DC66D02A-8661-4731-B3E2-28A3A496A730}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{DF372085-098C-45B8-85CA-8224E13E4484}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{E7F23D8F-CB3F-4554-ABFF-8F98278EC84D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 4\iw3sp.exe |
"{EDBDAD87-E442-4C85-A5BA-9EB947AD2125}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{EE767878-7BA0-482A-B5FE-CED9F046397C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{F283A839-1F02-45D7-8E47-2631C3607637}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 4\iw3mp.exe |
"{F484D70E-372B-4F80-AEB6-B7029935B1AD}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{FA9A2557-8148-42E6-8F15-083E928E9AA4}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"TCP Query User{1CD1DC12-E95E-4F06-A0F4-BB6C2BC31D1E}C:\program files\maxivista pro server\maxivistaa.exe" = protocol=6 | dir=in | app=c:\program files\maxivista pro server\maxivistaa.exe |
"TCP Query User{3B772E0F-DD7B-4894-AE8A-2AD1FF0FCA38}C:\users\ramzi faris\desktop\maxivista viewers\maxivistaviewera.exe" = protocol=6 | dir=in | app=c:\users\ramzi faris\desktop\maxivista viewers\maxivistaviewera.exe |
"TCP Query User{550F24B7-BD5B-4D87-A770-65B4650F70C1}C:\program files\lead pursuit\battlefield operations\falconaf.exe" = protocol=6 | dir=in | app=c:\program files\lead pursuit\battlefield operations\falconaf.exe |
"TCP Query User{5F0F1B83-353D-4B51-AF7C-9BF4F2100AA0}C:\program files\sugarsync\sugarsyncmanager.exe" = protocol=6 | dir=in | app=c:\program files\sugarsync\sugarsyncmanager.exe |
"TCP Query User{694E6059-6AFB-4F84-92CF-5365B9018963}C:\programdata\microsoft\windows\start menu\programs\startup\maxivistaviewera.exe" = protocol=6 | dir=in | app=c:\programdata\microsoft\windows\start menu\programs\startup\maxivistaviewera.exe |
"TCP Query User{6A7FC0B8-9DC5-471E-94B8-74AF257DECB2}C:\program files\maxivista pro server\maxivistac.exe" = protocol=6 | dir=in | app=c:\program files\maxivista pro server\maxivistac.exe |
"TCP Query User{6FFCDE9D-ADD3-450D-AE53-AEE2C09FBA75}C:\program files\microsoft games\microsoft flight simulator x\fsx.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\microsoft flight simulator x\fsx.exe |
"TCP Query User{7B98E37E-AAAC-40BA-9AAF-1C722B20CC5F}C:1\x-plane 9\x-plane.exe" = protocol=6 | dir=in | app=c:1\x-plane 9\x-plane.exe |
"TCP Query User{7F69ACA9-D6C0-49A8-9233-0518DD41582C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{94C15081-0279-4190-AFE8-A3B881BAFD5B}C:\users\ramzi faris\desktop\maxivistaviewera.exe" = protocol=6 | dir=in | app=c:\users\ramzi faris\desktop\maxivistaviewera.exe |
"TCP Query User{A3D7AE49-9CA3-4C45-97A1-532C42A695EE}C:\program files\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files\hamachi\hamachi.exe |
"TCP Query User{B2287F30-EA1D-4570-A31A-5E7C544A0A97}C:\program files\maxivista demo viewer\maxivistademoviewer.exe" = protocol=6 | dir=in | app=c:\program files\maxivista demo viewer\maxivistademoviewer.exe |
"TCP Query User{C55EA849-940E-4CFF-AC01-2CA3F73B6DCA}C:\program files\canon\color network scangear\sgtool.exe" = protocol=6 | dir=in | app=c:\program files\canon\color network scangear\sgtool.exe |
"TCP Query User{C86717B7-2CD9-4E08-B9FE-59178D9CC66F}C:\program files\maxivista pro server\maxivistab.exe" = protocol=6 | dir=in | app=c:\program files\maxivista pro server\maxivistab.exe |
"TCP Query User{D7E51D5A-584A-4E65-8FFF-6E9FCCF8BBDB}C:0\x-plane 9\x-plane.exe" = protocol=6 | dir=in | app=c:0\x-plane 9\x-plane.exe |
"TCP Query User{DD900D35-FC62-4D5D-B238-E6B9C7B39CAC}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{0979D780-E449-48DF-89BB-E061CF159290}C:\program files\microsoft games\microsoft flight simulator x\fsx.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\microsoft flight simulator x\fsx.exe |
"UDP Query User{43FEB8B8-1D22-40E8-94FA-BC42F5B8B3A3}C:\program files\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files\hamachi\hamachi.exe |
"UDP Query User{4684F07E-4A3A-4E78-933E-CB8F1D102FF8}C:0\x-plane 9\x-plane.exe" = protocol=17 | dir=in | app=c:0\x-plane 9\x-plane.exe |
"UDP Query User{523F9EBF-EF9A-4899-ABEB-B2BCCF25C695}C:\users\ramzi faris\desktop\maxivista viewers\maxivistaviewera.exe" = protocol=17 | dir=in | app=c:\users\ramzi faris\desktop\maxivista viewers\maxivistaviewera.exe |
"UDP Query User{6FC291D3-8FBF-4CB7-BC6F-23DE7E100BD9}C:\program files\maxivista pro server\maxivistab.exe" = protocol=17 | dir=in | app=c:\program files\maxivista pro server\maxivistab.exe |
"UDP Query User{800C679A-8018-4AFF-93A2-99E59D818008}C:\users\ramzi faris\desktop\maxivistaviewera.exe" = protocol=17 | dir=in | app=c:\users\ramzi faris\desktop\maxivistaviewera.exe |
"UDP Query User{8B74EC6E-AF7A-4879-8420-9EBCFAF06317}C:\program files\sugarsync\sugarsyncmanager.exe" = protocol=17 | dir=in | app=c:\program files\sugarsync\sugarsyncmanager.exe |
"UDP Query User{8E6F1C79-2D56-44AA-9522-C5063D0B97E8}C:\program files\maxivista pro server\maxivistac.exe" = protocol=17 | dir=in | app=c:\program files\maxivista pro server\maxivistac.exe |
"UDP Query User{94EA6EA6-B66B-4F1C-BCB3-D3C4D5A40A81}C:\program files\maxivista demo viewer\maxivistademoviewer.exe" = protocol=17 | dir=in | app=c:\program files\maxivista demo viewer\maxivistademoviewer.exe |
"UDP Query User{99F4BAA3-09F3-4B1E-9080-3E4EFF62DCCD}C:1\x-plane 9\x-plane.exe" = protocol=17 | dir=in | app=c:1\x-plane 9\x-plane.exe |
"UDP Query User{9FB7CB5E-8339-4021-BB5E-4BF1BE2D253E}C:\program files\maxivista pro server\maxivistaa.exe" = protocol=17 | dir=in | app=c:\program files\maxivista pro server\maxivistaa.exe |
"UDP Query User{B1DC81A1-E340-4E65-AEB4-599C693BFE31}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{D070ABB5-41C0-49BC-BC2F-E5AEEC42AF2E}C:\program files\canon\color network scangear\sgtool.exe" = protocol=17 | dir=in | app=c:\program files\canon\color network scangear\sgtool.exe |
"UDP Query User{DE13E81F-21F9-406F-9E5F-9EE80F7164F4}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{DF25B08C-0534-4421-B437-CF6A5E04934F}C:\programdata\microsoft\windows\start menu\programs\startup\maxivistaviewera.exe" = protocol=17 | dir=in | app=c:\programdata\microsoft\windows\start menu\programs\startup\maxivistaviewera.exe |
"UDP Query User{F09F209C-AEDA-48A5-B4DF-662CBEEE79FF}C:\program files\lead pursuit\battlefield operations\falconaf.exe" = protocol=17 | dir=in | app=c:\program files\lead pursuit\battlefield operations\falconaf.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{0E19A83E-F53B-40CF-8C91-96F32D955E6A}" = LightScribe System Software 1.10.23.1
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}" = ISO Recorder
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{18B05B3E-DD9F-426D-BCFE-AD9ECFCEDD83}" = Color Network ScanGear Ver.2.40
"{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}" = HP Easy Setup - Frontend
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C5F1B30-B10B-4579-86DD-D00F662E1033}" = Nero 8 Trial
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FDF4C9C-BFA0-43AE-B7D4-54BC33B1B0DA}" = NVIDIA PhysX v8.07.18
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{49480197-4A67-4EAB-AD44-001862FCEEB7}" = Saitek SD6 Programming Software 6.6.6.9
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5115C036-C0D5-4E1B-81C9-542CA967478A}" = muvee autoProducer 6.1
"{543983D1-F7F8-4FF6-B008-34AB65434564}_is1" = MaxiVista Pro Server v4.0.10
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7A65E382-1843-4B46-861B-1BECB8354911}" = Falcon 4.0: Allied Force
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ECB8220-F422-4BEB-9596-97033C533702}" = QuickBooks Pro 2008
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A379E7A-22ED-44FF-9293-E393D704505D}" = HP Demo
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{B3AEF776-7FFF-4C50-A402-9119E3849EE0}" = AVG 2011
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B78823CD-488F-43B4-80D6-FAEADAE40EC4}" = Instant Wireless USB Adapter
"{B93A5C71-1F05-47c6-A9CD-DB6183CC8B30}" = Canon MF4360-4390
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C23B8C30-E05E-4CB5-8188-F27CC3B2DD3E}" = Sibelius 5
"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Web Only
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8D47273-7A1A-4614-A3D8-263632D8A5ED}" = HP Customer Experience Enhancements
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{ED0042CA-CBEA-4ADF-B262-FE0518AF2221}" = LogMeIn
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FA3E4B-04DE-5EDE-FDC0-8E527912F2E0}" = Pandora
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{fef8097e-662d-49b3-aa77-2919db3746d7}" = HP Total Care Advisor
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity_is1" = Audacity 1.2.6
"AVG" = AVG 2011
"Carbonite Backup" = Carbonite
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1" = Pandora
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 6_is1" = DVDFab 6.0.7.0 (18/09/2009)
"Fences" = Fences
"FileZilla Client" = FileZilla Client 3.3.0
"FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"Fraps" = Fraps
"GPL Ghostscript 8.56" = GPL Ghostscript 8.56
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Lexmark X6100 Series" = Lexmark X6100 Series
"LMMS 0.4.7" = Linux MultiMedia Studio (LMMS)
"LogMeIn Hamachi" = LogMeIn Hamachi
"MediaCoder" = MediaCoder 0.7.2.4522
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Neuratron PhotoScore Ultimate" = Neuratron PhotoScore Ultimate
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"PunkBusterSvc" = PunkBuster Services
"RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X
"Sibelius Sounds Essentials" = Sibelius Sounds Essentials
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X Service Pack 1
"Starcraft" = Starcraft
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 7940" = Call of Duty 4: Modern Warfare
"Steam App 8930" = Sid Meier's Civilization V
"VLC media player" = VLC media player 0.9.8a
"VobSub" = VobSub v2.23 (Remove Only)
"WildTangent hp Master Uninstall" = My HP Games
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinMerge_is1" = WinMerge 2.8.4.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3658682615-243027084-529734419-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"SugarSync" = SugarSync Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/27/2011 10:10:59 PM | Computer Name = Server | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 3/27/2011 10:11:03 PM | Computer Name = Server | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 3/27/2011 10:25:51 PM | Computer Name = Server | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 3/27/2011 10:25:53 PM | Computer Name = Server | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 3/27/2011 10:31:49 PM | Computer Name = Server | Source = UmxAgent | ID = 67
Description =

Error - 3/27/2011 10:33:49 PM | Computer Name = Server | Source = UmxAgent | ID = 99
Description =

Error - 3/28/2011 12:29:55 AM | Computer Name = Server | Source = WinMgmt | ID = 10
Description =

Error - 3/28/2011 12:50:48 AM | Computer Name = Server | Source = WinMgmt | ID = 10
Description =

Error - 3/28/2011 12:54:30 AM | Computer Name = Server | Source = UmxAgent | ID = 99
Description =

Error - 3/28/2011 12:54:54 AM | Computer Name = Server | Source = Application Error | ID = 1000
Description = Faulting application NMIndexStoreSvr.exe, version 3.3.3.0, time stamp
0x47c6bd1b, faulting module NMIndexStoreSvr.exe, version 3.3.3.0, time stamp 0x47c6bd1b,
exception code 0xc0000005, fault offset 0x000c463a, process id 0x1350, application
start time 0x01cbed041d874e58.

[ System Events ]
Error - 2/16/2010 11:33:12 AM | Computer Name = Server | Source = bowser | ID = 8003
Description =

Error - 2/16/2010 9:29:24 PM | Computer Name = Server | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 001FC65F68EE has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 2/16/2010 9:29:26 PM | Computer Name = Server | Source = HTTP | ID = 15016
Description =

Error - 2/16/2010 9:29:58 PM | Computer Name = Server | Source = Print | ID = 19
Description = The print spooler failed to share printer Lexmark X6100 Series with
shared resource name Lexmark X6100 Series. Error 2114. The printer cannot be used
by others on the network.

Error - 2/16/2010 9:31:05 PM | Computer Name = Server | Source = bowser | ID = 8003
Description =

Error - 2/16/2010 9:55:58 PM | Computer Name = SERVER | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.103 for the Network Card with network
address 001FC65F68EE has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 2/16/2010 9:56:00 PM | Computer Name = Server | Source = HTTP | ID = 15016
Description =

Error - 2/16/2010 9:56:12 PM | Computer Name = Server | Source = Print | ID = 19
Description = The print spooler failed to share printer Lexmark X6100 Series with
shared resource name Lexmark X6100 Series. Error 2114. The printer cannot be used
by others on the network.

Error - 2/19/2010 4:02:34 AM | Computer Name = Server | Source = bowser | ID = 8003
Description =

Error - 2/28/2010 11:00:31 PM | Computer Name = Server | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.103 for the Network Card with network
address 001FC65F68EE has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

#4 User is offline   myrti 

  • bleepin' _temp_
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 27,518
  • Joined: 25-January 08
  • Gender:Female
  • Location:At home

Posted 03 April 2011 - 05:02 PM

Hi,

please run a scan with MBRCheck next:
Please download MBRCheck.exe to your desktop.

  • Double click to run it
  • It will prompt you with some text
  • Left click on title bar (where program name and path is written)
  • From menu chose Edit -> Select All
  • Now just click Enter key on keyboard to copy selected text
  • Now paste that text here for me.


regards myrti
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

Posted Image
Please don't send help request via PM, unless I am already helping you. Use the forums!

I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein

#5 User is offline   ramzo19 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 11
  • Joined: 28-March 11

Posted 03 April 2011 - 05:06 PM

Thanks for the help - pasted below.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: PEGATRON CORPORATION
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: HP-Pavilion
System Product Name: KJ379AA-ABA a6400f
Logical Drives Mask: 0x000001fc

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000072`21561600 (NTFS)

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Hewlett-Packard MBR code detected
SHA1: F362CE084BC77B454330005C1657154A64FB9456


Done!
Press ENTER to exit...

#6 User is offline   myrti 

  • bleepin' _temp_
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 27,518
  • Joined: 25-January 08
  • Gender:Female
  • Location:At home

Posted 03 April 2011 - 05:15 PM

Hi,

please run ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link


  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

Posted Image
Please don't send help request via PM, unless I am already helping you. Use the forums!

I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein

#7 User is offline   ramzo19 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 11
  • Joined: 28-March 11

Posted 03 April 2011 - 07:20 PM

Ran Combofix - it removed 1 item but while doing a necessary restart it froze while trying to create the log. I ran it again and this is the log from the second run:


ComboFix 11-04-03.01 - Ramzi Faris 04/03/2011 19:59:35.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3071.1860 [GMT -4:00]
Running from: c:\users\Ramzi Faris\Desktop\Virus Removal\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\Ramzi Faris\AppData\Roaming\inst.exe
c:\users\Ramzi Faris\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db
c:\windows\system32\arp.exe
c:\windows\system32\jusched.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WMPNetworkSvc
.
.
((((((((((((((((((((((((( Files Created from 2011-03-04 to 2011-04-04 )))))))))))))))))))))))))))))))
.
.
2011-04-04 00:11 . 2011-04-04 00:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-04 00:11 . 2011-04-04 00:11 -------- d-----w- c:\users\Dana Price\AppData\Local\temp
2011-03-28 13:24 . 2011-03-28 13:24 -------- d-----w- C:\$AVG
2011-03-28 12:20 . 2011-03-28 12:20 -------- d-----w- c:\users\Ramzi Faris\AppData\Roaming\AVG10
2011-03-28 12:11 . 2011-04-03 22:40 -------- d-----w- c:\programdata\AVG10
2011-03-28 12:09 . 2011-03-28 12:09 -------- d-----w- c:\program files\AVG
2011-03-28 12:06 . 2011-03-28 12:10 -------- d-----w- c:\programdata\MFAData
2011-03-28 02:12 . 2011-03-23 14:11 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{135B888E-B03A-406E-A63C-EA98921A9BFA}\mpengine.dll
2011-03-24 18:36 . 2011-03-24 18:36 -------- d-----w- c:\programdata\WindowsSearch
2011-03-23 14:33 . 2011-03-23 14:37 -------- d-----w- c:\program files\Windows Live Safety Center
2011-03-23 13:12 . 2011-03-23 13:12 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-23 13:12 . 2011-03-23 13:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-23 13:03 . 2011-03-28 01:40 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-03-23 05:45 . 2011-03-23 05:53 -------- d-----w- c:\programdata\Hitman Pro
2011-03-12 06:12 . 2011-03-28 01:42 -------- d--h--w- c:\users\Ramzi Faris\AppData\Roaming\Ventrilo
2011-03-12 06:11 . 2011-03-23 12:53 -------- d-----w- c:\program files\Ventrilo
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 22:11 . 2009-10-03 06:04 222080 ------w- c:\windows\system32\MpSigStub.exe
2007-06-21 22:38 . 2007-06-21 22:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-06-21 22:38 . 2007-06-21 22:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-06-21 22:38 . 2007-06-21 22:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-06-21 22:38 . 2007-06-21 22:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-06-21 22:39 . 2007-06-21 22:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-06-21 22:39 . 2007-06-21 22:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-06-21 22:39 . 2007-06-21 22:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll
2008-02-28 18:30 . 2008-06-07 16:13 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-06-21 22:39 . 2007-06-21 22:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-06-21 22:40 . 2007-06-21 22:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2008-02-28 18:33 . 2008-06-07 16:13 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2008-06-14 03:19 527296 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2008-06-14 03:19 527296 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2008-06-14 03:19 527296 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2011-03-23 04:56 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2011-03-23 04:56 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2011-03-23 04:56 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2011-03-23 04:56 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SugarSync"="c:\program files\SugarSync\SugarSyncManager.exe" [2011-03-23 15921152]
"Steam"="c:\program files\Steam\steam.exe" [2010-11-17 1242448]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"Google Update"="c:\users\Ramzi Faris\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-28 136176]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 131072]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2009-06-03 237568]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-01 133656]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-26 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13576736]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-01 141848]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-01 166424]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2008-06-14 600000]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-03-28 1910152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2008-6-7 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
LogMeIn Hamachi.lnk - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe [2011-3-28 1910152]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-10-22 972064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3658682615-243027084-529734419-1000]
"EnableNotificationsRef"=dword:00000001
.
R3 maxidemo;Maxi_Vista_Demo_Driver;c:\windows\system32\DRIVERS\maxidemo.sys [x]
R3 MaxiVista_service_A;MaxiVista_service_A;c:\users\Ramzi Faris\Desktop\Maxivista Viewers\MaxiVistaViewerA.exe [2009-09-17 1770504]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [2010-06-10 13408]
R3 SaiH0461;SaiH0461;c:\windows\system32\DRIVERS\SaiH0461.sys [2007-05-01 132232]
R3 USBNET;Instant Wireless USB Network Adapter ver.2.6 Driver;c:\windows\system32\DRIVERS\vnetusbl.sys [2004-03-26 107648]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 1242504]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
S2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe [2007-04-24 537520]
S2 mvCmExtA;mvCmExtA;c:\windows\system32\Drivers\mvCmExtA.SYS [2009-08-20 12416]
S2 mvCmExtB;mvCmExtB;c:\windows\system32\Drivers\mvCmExtB.SYS [2009-08-20 13696]
S2 mvCmExtC;mvCmExtC;c:\windows\system32\Drivers\mvCmExtC.SYS [2009-08-20 13696]
S3 mvvideoexta;MaxiVista Virtual Video ExtA;c:\windows\system32\DRIVERS\mvvideoexta.sys [2009-08-20 12544]
S3 mvvideoextb;MaxiVista Virtual Video ExtB;c:\windows\system32\DRIVERS\mvvideoextb.sys [2009-08-20 12544]
S3 mvvideoextc;MaxiVista Virtual Video ExtC;c:\windows\system32\DRIVERS\mvvideoextc.sys [2009-08-20 12544]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3658682615-243027084-529734419-1000Core.job
- c:\users\Ramzi Faris\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-28 02:42]
.
2011-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3658682615-243027084-529734419-1000UA.job
- c:\users\Ramzi Faris\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-28 02:42]
.
2011-04-03 c:\windows\Tasks\User_Feed_Synchronization-{68315E47-8C9B-439A-81FA-FC19851C789D}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Ramzi Faris\AppData\Roaming\Mozilla\Firefox\Profiles\swl2b39h.default\
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-VetStart - c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-03 20:11
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\TEMP\TMP0000002B5252EE51254EE9E4 524288 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(6028)
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\program files\SugarSync\SugarSyncShellExt.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Common Files\Microsoft Shared\OFFICE11\MSOXEV.DLL
c:\windows\system32\igfxsrvc.dll
.
Completion time: 2011-04-03 20:17:06
ComboFix-quarantined-files.txt 2011-04-04 00:16
.
Pre-Run: 43,647,582,208 bytes free
Post-Run: 43,064,016,896 bytes free
.
- - End Of File - - 818CC0B38736A86574E72312F2A69F79

#8 User is offline   ramzo19 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 11
  • Joined: 28-March 11

Posted 03 April 2011 - 07:21 PM

Also worth noting that Combofix made me uninstall AVG 2011 to run.

#9 User is offline   myrti 

  • bleepin' _temp_
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 27,518
  • Joined: 25-January 08
  • Gender:Female
  • Location:At home

Posted 04 April 2011 - 07:14 AM

Hi,

yes, sorry I should probably have warned you about that. ComboFix and AVG don't go along well together at the moment and since AVG is reluctant to fix the issues we have little choice but to uninstall it before running ComboFix.

Are you still getting redirected? Do you use a router to connect to the internet?

regarsd myrti
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

Posted Image
Please don't send help request via PM, unless I am already helping you. Use the forums!

I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein

#10 User is offline   ramzo19 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 11
  • Joined: 28-March 11

Posted 04 April 2011 - 08:52 AM

Not being redirected anymore so far and it looks like the 2 instances of iexplore.exe are no longer showing up in my task manager. If the logs appear ok to you then I think my PC is all set! Thanks so much for the help.

#11 User is offline   myrti 

  • bleepin' _temp_
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 27,518
  • Joined: 25-January 08
  • Gender:Female
  • Location:At home

Posted 04 April 2011 - 01:46 PM

Hi,

I'm happy to hear that! :) PLease run a scan with Eset to check for leftovers:

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Quote

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

Posted Image
Please don't send help request via PM, unless I am already helping you. Use the forums!

I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein

#12 User is offline   ramzo19 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 11
  • Joined: 28-March 11

Posted 04 April 2011 - 08:30 PM

Log pasted below - It identified a few keygen from old files I have on my system that I've had for a long time. The first threat though is obviously news to me, as is the Nero one.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=60b980feecbb5443a65ea6a1f10c4ce7
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-04-04 11:12:22
# local_time=2011-04-04 07:12:22 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 0 138552204 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=294014
# found=6
# cleaned=0
# scan_time=14065
C:\Users\Ramzi Faris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\55cbe509-6aafd22b multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Ramzi Faris\Desktop\keygen.exe a variant of Win32/Keygen.AH application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Ramzi Faris\Desktop\Nero-8.3.2.1b_eng_trial.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Ramzi Faris\Desktop\BACKUP\Desktop\Faris Publishers\Adobe Acrobat 8 Professional\Adobe Acrobat 8 Professional.iso a variant of Win32/Keygen.AH application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Ramzi Faris\Desktop\BACKUP\Desktop\Faris Publishers\Business Software\Sibelius 3.1.zip probably a variant of Win32/Agent.FDPFUWD trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Ramzi Faris\Desktop\BACKUP\Desktop\Faris Publishers\Setup Files\Sibelius 4.0 - Windows (With Keygen And Instructions).iso probably a variant of Win32/Agent.FDPFUWD trojan (unable to clean) 00000000000000000000000000000000 I

#13 User is offline   myrti 

  • bleepin' _temp_
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 27,518
  • Joined: 25-January 08
  • Gender:Female
  • Location:At home

Posted 05 April 2011 - 08:04 AM

Hi,

Nero comes bundled with a toolbar, that is classified as adware by some. The entry in java cache doesn't pose a threat:
Clear the Java cache:
  • Go to Start -> Control Panel.
  • In the Control Panel, double-click the Java icon.
      The Java Control Panel appears.

  • Click Settings... under "Temporary Internet Files".
      The Temporary Files Settings dialog box appears.

  • Click Delete Files...
      The Delete Temporary Files dialog box appears.

  • Click OK on the Delete Temporary Files window.
    NOTE: This deletes all the Downloaded Applications and Applets from the cache!
  • Click OK on the Temporary Files Settings window.
  • Close the Java Control Panel.

    You can also view these instructions along with screenshots here.



The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Quote

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

http://www.trendmicro.com/vinfo/grayware/v...=CRCK_KEYGEN.BB

Quote

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

http://blog.trendmicro.com/crack-sites-dis...rux-and-fakeav/


When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a lot of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.


If you still need assistance please remove all cracked software from your system.

regards myrti
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

Posted Image
Please don't send help request via PM, unless I am already helping you. Use the forums!

I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein

#14 User is offline   ramzo19 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 11
  • Joined: 28-March 11

Posted 05 April 2011 - 10:35 AM

Thanks again - I cleared the Java cache and deleted the other files. Should I run ESET again and if all clear am I good to go again and able to reinstall AVG?

#15 User is offline   myrti 

  • bleepin' _temp_
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 27,518
  • Joined: 25-January 08
  • Gender:Female
  • Location:At home

Posted 05 April 2011 - 10:56 AM

Hi,

You have an outdated java install on your PC: Java™ SE Runtime Environment 6 Update 1. I would advise to remove it, and also advise to upgrade your Adobe Reader to a recent version, the one you currently have has known vulnerabilities.

There's no need to rerun Eset, but feel free to do so if you want to.

regards myrti
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!

Posted Image
Please don't send help request via PM, unless I am already helping you. Use the forums!

I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users