15 processes must be terminated on startup.

View previous topic View next topic Go down

15 processes must be terminated on startup.

Post by Uthanak on Wed May 05, 2010 3:02 am

I have ajor issues with my computer, it will not even function properly in safe mode with networking and the latest version of malwarebytes anti malware cannot solve it. I have problems making my computer slow and unable to make anything that is connected to the internet function. On startup of windows, there is 15 messages of proccesses that must be terminated, here is the list:

Language.exe

backweb-8876480.exe

qhask.exe

googleupdate.exe

nmbgmonitor.exe

pdvbserv.exe

nmiz.exe

realsched.exe

officekb.exe

axcmd.exe

ituneshelper.exe

adobearm.exe

neurockeck.exe

pmb.exe

smax4pnp.exe

Once malwarebyte<s anti malware fails to solve the problem, I do not know what to do. Please help me out, thank you for your time.

Uthanak
Intermediate
Intermediate

Status :
Online
Offline

Posts : 66
Joined : 2009-08-09
OS : windows xp

View user profile

Back to top Go down

Re: 15 processes must be terminated on startup.

Post by Uthanak on Wed May 05, 2010 12:47 pm

here is the requested logs, took me a while to figure out how to get the program into the infected computer.

OTL logfile created on: 5/5/2010 8:30:35 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Maxim\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 134.47 Gb Free Space | 45.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 1.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 245.23 Mb Total Space | 137.71 Mb Free Space | 56.16% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAXIM-9C1E76C15
Current User Name: Maxim
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/05 08:21:22 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maxim\Desktop\OTL.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/05/05 08:21:22 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maxim\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2009/08/09 18:35:32 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)


========== Driver Services (SafeList) ==========

DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/11/03 18:00:25 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/08/21 16:24:10 | 000,057,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2009/08/17 09:38:37 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/06/05 13:23:27 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/09/11 07:45:38 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/09/11 07:45:36 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/08/21 06:24:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/06/18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/05/02 05:12:06 | 000,229,376 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/03/17 06:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2004/10/21 13:31:14 | 000,038,691 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004/10/21 13:31:06 | 000,054,851 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2004/10/21 13:30:56 | 000,071,535 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2004/10/21 13:30:38 | 000,024,671 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/09/14 03:27:50 | 000,018,838 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2003/07/23 15:16:48 | 000,022,821 | ---- | M] (Belkin Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcgame.sys -- (bcgame)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:7.0.20100326W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/29 15:51:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext [2010/02/02 13:50:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/13 12:31:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/14 04:08:07 | 000,000,000 | ---D | M]

[2008/08/26 16:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maxim\Application Data\Mozilla\Extensions
[2008/08/26 16:23:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Maxim\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/05/04 00:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maxim\Application Data\Mozilla\Firefox\Profiles\pu9jai39.default\extensions
[2009/09/02 22:48:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Maxim\Application Data\Mozilla\Firefox\Profiles\pu9jai39.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/30 11:18:24 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Maxim\Application Data\Mozilla\Firefox\Profiles\pu9jai39.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/09/16 23:20:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Maxim\Application Data\Mozilla\Firefox\Profiles\pu9jai39.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/01/03 00:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Maxim\Application Data\Mozilla\Firefox\Profiles\pu9jai39.default\extensions\firefox@tvunetworks.com
[2010/05/04 00:04:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/06/22 16:38:17 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/03 09:54:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/12/13 21:50:58 | 000,000,000 | ---D | M] (AdVantage) -- C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}
[2007/08/19 17:42:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/07 15:54:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/04/06 21:58:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/08/03 14:02:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/04/29 15:51:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/09 14:23:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/03 22:24:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/01/27 06:58:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010/04/03 09:54:05 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/03 09:54:06 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/05/01 17:02:48 | 001,044,480 | ---- | M] (The OpenSSL Project, [You must be registered and logged in to see this link.] -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2007/08/15 20:05:00 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2009/12/17 18:14:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/05/12 14:46:20 | 001,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009/05/18 18:41:32 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2007/06/23 02:21:33 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll
[2008/03/20 18:21:26 | 001,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2010/04/03 09:54:06 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/04/03 19:43:36 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/02/02 13:50:28 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2008/06/19 22:00:09 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2008/06/19 22:00:09 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2008/06/19 22:00:09 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2008/06/19 22:00:09 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2008/06/19 22:00:09 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2008/06/19 22:00:09 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2008/06/19 22:00:09 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/02/02 13:50:34 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2010/02/02 13:50:25 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2008/11/11 02:54:07 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/05/01 17:02:48 | 000,200,704 | ---- | M] (The OpenSSL Project, [You must be registered and logged in to see this link.] -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2010/03/12 12:23:17 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/03/12 12:23:17 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/03/12 12:23:17 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/03/12 12:23:17 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/03/12 12:23:17 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/03/12 12:23:17 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/03/12 12:23:17 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/08/10 17:12:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net\tbfre0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe ()
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\nerocheck.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [OfficeKB] C:\Program Files\OfficeKB\officekb.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe ()
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe ()
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe ()
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Maxim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe ()
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backweb-8876480.exe ()
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\pmb.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\Maxim\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Documents and Settings\Maxim\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Maxim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Maxim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/21 00:56:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/04/30 06:03:45 | 000,000,045 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2008/06/25 02:50:03 | 000,152,848 | R--- | M] (KOEI Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/07/01 06:35:52 | 000,914,704 | R--- | M] (KOEI Co., Ltd.) - F:\AutoRunInstall.exe -- [ CDFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/06/25 02:50:03 | 000,152,848 | R--- | M] (KOEI Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/05 08:25:35 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Maxim\Desktop\OTL.exe
[2010/05/04 22:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
[2010/05/04 21:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/05/04 21:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/05/04 19:52:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/04 19:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/04 19:48:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Conduit
[2010/05/04 19:48:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/05/04 19:48:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/05/04 19:48:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\free-downloads.net
[2010/05/04 19:47:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maxim\Local Settings\Application Data\jodpehbio
[2010/05/04 19:47:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maxim\Local Settings\Application Data\wngpefagk
[2010/04/16 16:08:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Maxim\Local Settings\Application Data\PMB Files
[2010/04/16 16:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/04/16 16:07:53 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010/04/10 15:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle
[2010/04/09 23:05:37 | 000,000,891 | ---- | C] () -- C:\Documents and Settings\Maxim\.recently-used.xbel
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/05 08:30:52 | 000,823,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\qnzdbec.sys
[2010/05/05 08:21:22 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Maxim\Desktop\OTL.exe
[2010/05/05 08:20:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/04 22:53:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/04 22:38:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/04 22:36:55 | 005,505,024 | ---- | M] () -- C:\Documents and Settings\Maxim\ntuser.dat
[2010/05/04 22:36:32 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Maxim\ntuser.ini
[2010/05/04 22:34:27 | 000,249,230 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/05/04 22:34:08 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/05/04 22:08:03 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\Maxim\Desktop\Eusing Free Registry Cleaner.lnk
[2010/05/04 22:07:42 | 000,963,815 | ---- | M] () -- C:\Documents and Settings\Maxim\Desktop\EFRCSetup.exe
[2010/05/04 22:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/05/04 21:01:40 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1801674531-839522115-1004UA.job
[2010/05/04 21:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/05/04 20:00:05 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/05/04 10:49:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/04 00:49:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1801674531-839522115-1004Core.job
[2010/05/03 12:08:48 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/05/03 02:27:18 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/21 00:28:59 | 000,000,056 | ---- | M] () -- C:\WINDOWS\kgt2k.INI
[2010/04/18 18:25:40 | 000,154,624 | ---- | M] () -- C:\Documents and Settings\Maxim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/16 16:07:40 | 002,178,224 | ---- | M] () -- C:\Documents and Settings\Maxim\Desktop\TestRealmInstallerDownloader.04_05_2010.exe
[2010/04/14 04:08:07 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/14 03:02:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/10 15:11:12 | 011,048,840 | ---- | M] () -- C:\Documents and Settings\Maxim\Desktop\veetle-0.9.17.exe
[2010/04/09 23:05:37 | 000,000,891 | ---- | M] () -- C:\Documents and Settings\Maxim\.recently-used.xbel
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/04 22:08:03 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\Maxim\Desktop\Eusing Free Registry Cleaner.lnk
[2010/05/04 22:07:47 | 000,963,815 | ---- | C] () -- C:\Documents and Settings\Maxim\Desktop\EFRCSetup.exe
[2010/05/04 19:47:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/05/04 19:47:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/05/04 19:46:45 | 000,823,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\qnzdbec.sys
[2010/04/21 00:05:49 | 000,000,056 | ---- | C] () -- C:\WINDOWS\kgt2k.INI
[2010/04/16 16:07:40 | 002,178,224 | ---- | C] () -- C:\Documents and Settings\Maxim\Desktop\TestRealmInstallerDownloader.04_05_2010.exe
[2010/04/10 15:10:55 | 011,048,840 | ---- | C] () -- C:\Documents and Settings\Maxim\Desktop\veetle-0.9.17.exe
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/08/24 18:00:27 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/08/24 18:00:27 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/08/24 18:00:27 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/08/10 14:31:47 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\kdvegt.sys
[2009/08/10 14:22:39 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\zfibn.sys
[2009/07/03 14:31:54 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2009/04/16 03:01:55 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/02/02 18:59:03 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/12/13 00:28:01 | 000,722,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/07/15 19:04:34 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/07/03 02:05:51 | 000,008,272 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/06/23 19:48:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SetSel.INI
[2007/06/21 01:01:47 | 000,000,396 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2007/06/21 01:01:46 | 000,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2007/06/21 01:01:35 | 000,024,816 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/06/21 01:01:35 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/06/21 01:01:25 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/03/13 14:43:02 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2000/04/27 15:14:02 | 000,004,500 | ---- | C] () -- C:\WINDOWS\System32\FILTRCOI.DLL

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/05/05 08:31:22 | 000,823,808 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\qnzdbec.sys
[2009/08/17 09:38:37 | 000,722,416 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2007/06/21 20:45:27 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/06/21 20:45:27 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/06/21 20:45:27 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2006/02/28 08:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2006/02/28 08:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2006/02/28 08:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2006/02/28 08:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2006/02/28 08:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2006/02/28 08:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2006/02/28 08:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2006/02/28 08:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2006/02/28 08:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2006/02/28 08:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2006/02/28 08:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2006/02/28 08:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2006/02/28 08:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2006/02/28 08:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2006/02/28 08:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 14:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2009/08/14 09:21:25 | 001,850,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 20:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 20:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 20:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 20:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 20:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 20:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 20:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 20:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 20:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 20:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 20:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 20:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 20:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 20:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 20:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

Uthanak
Intermediate
Intermediate

Status :
Online
Offline

Posts : 66
Joined : 2009-08-09
OS : windows xp

View user profile

Back to top Go down

Re: 15 processes must be terminated on startup.

Post by Uthanak on Wed May 05, 2010 12:48 pm

< %SYSTEMDRIVE%\*.* >
[2009/09/18 11:25:18 | 000,003,911 | ---- | M] () -- C:\ATMA_config.ini
[2007/06/21 00:56:20 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/06/21 01:03:27 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2009/08/10 14:46:39 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2007/12/18 00:30:41 | 000,001,249 | ---- | M] () -- C:\ClientLog.txt
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2009/08/10 17:15:03 | 000,015,663 | ---- | M] () -- C:\ComboFix.txt
[2007/06/21 00:56:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/06/21 00:56:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/04/29 09:35:58 | 000,000,809 | -H-- | M] () -- C:\IPH.PH
[2010/05/04 20:07:19 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2007/06/21 00:56:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/02/28 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/04 00:12:27 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/05 08:19:55 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2007/10/02 12:23:55 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/06/21 20:49:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2007/10/02 12:23:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/06/21 20:49:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm

< %PROGRAMFILES%\*. >
[2009/11/15 16:47:29 | 000,000,000 | ---D | M] -- C:\Program Files\Absolute Poker
[2010/01/18 23:55:09 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/03/18 04:41:53 | 000,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
[2009/08/23 23:51:56 | 000,000,000 | ---D | M] -- C:\Program Files\Alcohol Soft
[2007/06/21 01:05:06 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2008/06/19 21:57:27 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/08/09 19:02:59 | 000,000,000 | ---D | M] -- C:\Program Files\Apprentice
[2009/08/09 19:18:13 | 000,000,000 | ---D | M] -- C:\Program Files\Atari
[2009/08/29 10:17:14 | 000,000,000 | ---D | M] -- C:\Program Files\ATMA V
[2010/02/18 14:20:41 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/02/20 22:17:48 | 000,000,000 | ---D | M] -- C:\Program Files\Belkin
[2007/11/11 19:44:09 | 000,000,000 | ---D | M] -- C:\Program Files\BitTorrent
[2010/02/02 13:50:22 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2007/06/21 00:54:14 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/08/23 23:52:02 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2007/06/21 01:17:15 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2009/08/17 10:00:09 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Pro
[2009/03/18 04:58:17 | 000,000,000 | ---D | M] -- C:\Program Files\Dawn of War 2
[2010/02/20 22:17:36 | 000,000,000 | ---D | M] -- C:\Program Files\Diablo II
[2007/06/21 01:03:33 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2009/07/09 10:12:02 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2009/08/09 22:01:40 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2010/05/04 22:08:03 | 000,000,000 | ---D | M] -- C:\Program Files\Eusing Free Registry Cleaner
[2010/05/04 19:47:15 | 000,000,000 | ---D | M] -- C:\Program Files\free-downloads.net
[2009/07/03 14:30:52 | 000,000,000 | ---D | M] -- C:\Program Files\Futuremark
[2010/01/03 19:34:26 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP-2.0
[2007/07/03 02:04:26 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2007/09/05 00:52:49 | 000,000,000 | ---D | M] -- C:\Program Files\Google Video
[2010/02/27 13:55:30 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/05/04 20:43:30 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/06/19 22:00:21 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/05/04 19:47:20 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/01/27 06:57:58 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/11/15 22:44:10 | 000,000,000 | ---D | M] -- C:\Program Files\Koei
[2008/05/01 10:49:31 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2007/06/23 02:20:11 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2009/10/15 11:15:45 | 000,000,000 | ---D | M] -- C:\Program Files\Magic Workstation
[2009/08/17 10:01:47 | 000,000,000 | ---D | M] -- C:\Program Files\MagicDisc
[2009/08/09 18:16:39 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/09/04 00:18:57 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/11/10 12:25:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2007/06/21 00:56:36 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/03/18 01:53:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2009/08/14 17:06:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SDKs
[2010/01/22 04:21:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/08/14 17:09:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2009/08/14 17:08:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 9.0
[2009/08/14 17:07:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/02/06 01:32:22 | 000,000,000 | ---D | M] -- C:\Program Files\mIRC
[2010/03/10 04:01:54 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/05/04 19:47:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2007/06/21 01:50:07 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2007/06/21 00:53:16 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2007/06/21 00:53:44 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2007/08/16 03:00:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/06/21 02:00:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2010/02/20 22:18:49 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2007/06/21 01:20:48 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2008/09/04 00:13:50 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/02/27 11:43:45 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2007/12/17 14:11:29 | 000,000,000 | ---D | M] -- C:\Program Files\Ocean Technology
[2010/05/04 19:47:19 | 000,000,000 | ---D | M] -- C:\Program Files\OfficeKB
[2007/06/21 00:53:51 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2008/03/02 22:21:39 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 2.3
[2009/08/13 03:01:31 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/04/16 16:07:53 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2009/11/15 16:47:44 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStars
[2010/05/04 19:47:19 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/11/21 02:30:15 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2007/06/21 01:48:03 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2007/08/12 23:40:09 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2007/08/12 23:39:28 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Setup
[2010/04/21 01:15:33 | 000,000,000 | ---D | M] -- C:\Program Files\Steam
[2009/03/18 04:32:35 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2007/12/13 21:54:45 | 000,000,000 | ---D | M] -- C:\Program Files\THQ
[2008/08/05 22:44:06 | 000,000,000 | ---D | M] -- C:\Program Files\Tortun
[2009/08/09 20:44:22 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2007/08/12 23:41:14 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/02/11 00:30:04 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2010/01/03 20:57:07 | 000,000,000 | ---D | M] -- C:\Program Files\Vector Magic
[2010/04/10 15:11:26 | 000,000,000 | ---D | M] -- C:\Program Files\Veetle
[2007/11/14 17:47:00 | 000,000,000 | ---D | M] -- C:\Program Files\Ventrilo
[2008/08/08 13:55:45 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2008/04/01 10:47:11 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2009/08/09 17:42:07 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2007/08/12 23:40:19 | 000,000,000 | ---D | M] -- C:\Program Files\Vstplugins
[2009/08/13 21:17:51 | 000,000,000 | ---D | M] -- C:\Program Files\Warcraft III
[2009/08/14 15:32:39 | 000,000,000 | ---D | M] -- C:\Program Files\Wesnoth
[2009/06/05 13:14:31 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/06/05 13:14:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2007/06/21 01:47:26 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/09/04 00:13:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/09/04 00:13:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2007/06/21 00:55:30 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2007/07/01 00:28:39 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/05/03 12:08:48 | 000,000,000 | ---D | M] -- C:\Program Files\World of Warcraft
[2007/06/21 00:56:36 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/02/26 21:59:26 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2009/11/12 20:50:12 | 000,000,000 | ---D | M] -- C:\Program Files\_uninstallation_info

< %appdata%\*.* >
[2007/06/21 20:48:34 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Maxim\Application Data\desktop.ini
[2009/06/06 02:32:36 | 000,002,119 | ---- | M] () -- C:\Documents and Settings\Maxim\Application Data\waQ1P0bNat.gif
[2009/06/06 02:32:36 | 000,000,598 | ---- | M] () -- C:\Documents and Settings\Maxim\Application Data\waQ1P0bNby.gif
[2009/06/06 02:32:36 | 000,000,607 | ---- | M] () -- C:\Documents and Settings\Maxim\Application Data\waQ1P0bNzn.gif


< MD5 for: AGP440.SYS >
[2006/02/28 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/04 00:10:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/04 00:10:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/02/28 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/04 00:10:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/04 00:10:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/02/28 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/02/28 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2006/02/28 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/09/04 00:10:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/09/04 00:10:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2006/02/28 08:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006/02/28 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2006/02/28 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATA.SYS >
[2006/08/21 06:24:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) MD5=4D6C6B46B3EDF6F2E219A86B61D104AE -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: SCECLI.DLL >
[2006/02/28 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2006/02/28 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/09/04 00:10:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/09/04 00:10:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-04-14 07:02:41

========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
< End of report >

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/05/05 08:36:43 | 000,823,808 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\qnzdbec.sys
[2009/08/17 09:38:37 | 000,722,416 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2007/06/21 20:45:27 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/06/21 20:45:27 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/06/21 20:45:27 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2006/02/28 08:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2006/02/28 08:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2006/02/28 08:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2006/02/28 08:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2006/02/28 08:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2006/02/28 08:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2006/02/28 08:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2006/02/28 08:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2006/02/28 08:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2006/02/28 08:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2006/02/28 08:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2006/02/28 08:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2006/02/28 08:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2006/02/28 08:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2006/02/28 08:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 14:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2009/08/14 09:21:25 | 001,850,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 20:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 20:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 20:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 20:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 20:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 20:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 20:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 20:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 20:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 20:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 20:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 20:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 20:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 20:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 20:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2009/09/18 11:25:18 | 000,003,911 | ---- | M] () -- C:\ATMA_config.ini
[2007/06/21 00:56:20 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/06/21 01:03:27 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2009/08/10 14:46:39 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2007/12/18 00:30:41 | 000,001,249 | ---- | M] () -- C:\ClientLog.txt
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2009/08/10 17:15:03 | 000,015,663 | ---- | M] () -- C:\ComboFix.txt
[2007/06/21 00:56:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/06/21 00:56:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/04/29 09:35:58 | 000,000,809 | -H-- | M] () -- C:\IPH.PH
[2010/05/04 20:07:19 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2007/06/21 00:56:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/02/28 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/04 00:12:27 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/05 08:19:55 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2007/10/02 12:23:55 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/06/21 20:49:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2007/10/02 12:23:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/06/21 20:49:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm

< %PROGRAMFILES%\*. >
[2009/11/15 16:47:29 | 000,000,000 | ---D | M] -- C:\Program Files\Absolute Poker
[2010/01/18 23:55:09 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/03/18 04:41:53 | 000,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
[2009/08/23 23:51:56 | 000,000,000 | ---D | M] -- C:\Program Files\Alcohol Soft
[2007/06/21 01:05:06 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2008/06/19 21:57:27 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/08/09 19:02:59 | 000,000,000 | ---D | M] -- C:\Program Files\Apprentice
[2009/08/09 19:18:13 | 000,000,000 | ---D | M] -- C:\Program Files\Atari
[2009/08/29 10:17:14 | 000,000,000 | ---D | M] -- C:\Program Files\ATMA V
[2010/02/18 14:20:41 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/02/20 22:17:48 | 000,000,000 | ---D | M] -- C:\Program Files\Belkin
[2007/11/11 19:44:09 | 000,000,000 | ---D | M] -- C:\Program Files\BitTorrent
[2010/02/02 13:50:22 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2007/06/21 00:54:14 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/08/23 23:52:02 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2007/06/21 01:17:15 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2009/08/17 10:00:09 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Pro
[2009/03/18 04:58:17 | 000,000,000 | ---D | M] -- C:\Program Files\Dawn of War 2
[2010/02/20 22:17:36 | 000,000,000 | ---D | M] -- C:\Program Files\Diablo II
[2007/06/21 01:03:33 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2009/07/09 10:12:02 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2009/08/09 22:01:40 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2010/05/04 22:08:03 | 000,000,000 | ---D | M] -- C:\Program Files\Eusing Free Registry Cleaner
[2010/05/04 19:47:15 | 000,000,000 | ---D | M] -- C:\Program Files\free-downloads.net
[2009/07/03 14:30:52 | 000,000,000 | ---D | M] -- C:\Program Files\Futuremark
[2010/01/03 19:34:26 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP-2.0
[2007/07/03 02:04:26 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2007/09/05 00:52:49 | 000,000,000 | ---D | M] -- C:\Program Files\Google Video
[2010/02/27 13:55:30 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/05/04 20:43:30 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/06/19 22:00:21 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/05/04 19:47:20 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/01/27 06:57:58 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/11/15 22:44:10 | 000,000,000 | ---D | M] -- C:\Program Files\Koei
[2008/05/01 10:49:31 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2007/06/23 02:20:11 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2009/10/15 11:15:45 | 000,000,000 | ---D | M] -- C:\Program Files\Magic Workstation
[2009/08/17 10:01:47 | 000,000,000 | ---D | M] -- C:\Program Files\MagicDisc
[2009/08/09 18:16:39 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/09/04 00:18:57 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/11/10 12:25:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2007/06/21 00:56:36 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/03/18 01:53:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2009/08/14 17:06:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SDKs
[2010/01/22 04:21:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/08/14 17:09:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2009/08/14 17:08:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 9.0
[2009/08/14 17:07:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/02/06 01:32:22 | 000,000,000 | ---D | M] -- C:\Program Files\mIRC
[2010/03/10 04:01:54 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/05/04 19:47:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2007/06/21 01:50:07 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2007/06/21 00:53:16 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2007/06/21 00:53:44 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2007/08/16 03:00:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/06/21 02:00:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2010/02/20 22:18:49 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2007/06/21 01:20:48 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2008/09/04 00:13:50 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/02/27 11:43:45 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2007/12/17 14:11:29 | 000,000,000 | ---D | M] -- C:\Program Files\Ocean Technology
[2010/05/04 19:47:19 | 000,000,000 | ---D | M] -- C:\Program Files\OfficeKB
[2007/06/21 00:53:51 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2008/03/02 22:21:39 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 2.3
[2009/08/13 03:01:31 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/04/16 16:07:53 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2009/11/15 16:47:44 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStars
[2010/05/04 19:47:19 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/11/21 02:30:15 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2007/06/21 01:48:03 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2007/08/12 23:40:09 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2007/08/12 23:39:28 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Setup
[2010/04/21 01:15:33 | 000,000,000 | ---D | M] -- C:\Program Files\Steam
[2009/03/18 04:32:35 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2007/12/13 21:54:45 | 000,000,000 | ---D | M] -- C:\Program Files\THQ
[2008/08/05 22:44:06 | 000,000,000 | ---D | M] -- C:\Program Files\Tortun
[2009/08/09 20:44:22 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2007/08/12 23:41:14 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/02/11 00:30:04 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2010/01/03 20:57:07 | 000,000,000 | ---D | M] -- C:\Program Files\Vector Magic
[2010/04/10 15:11:26 | 000,000,000 | ---D | M] -- C:\Program Files\Veetle
[2007/11/14 17:47:00 | 000,000,000 | ---D | M] -- C:\Program Files\Ventrilo
[2008/08/08 13:55:45 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2008/04/01 10:47:11 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2009/08/09 17:42:07 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2007/08/12 23:40:19 | 000,000,000 | ---D | M] -- C:\Program Files\Vstplugins
[2009/08/13 21:17:51 | 000,000,000 | ---D | M] -- C:\Program Files\Warcraft III
[2009/08/14 15:32:39 | 000,000,000 | ---D | M] -- C:\Program Files\Wesnoth
[2009/06/05 13:14:31 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/06/05 13:14:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2007/06/21 01:47:26 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/09/04 00:13:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/09/04 00:13:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2007/06/21 00:55:30 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2007/07/01 00:28:39 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/05/03 12:08:48 | 000,000,000 | ---D | M] -- C:\Program Files\World of Warcraft
[2007/06/21 00:56:36 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/02/26 21:59:26 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2009/11/12 20:50:12 | 000,000,000 | ---D | M] -- C:\Program Files\_uninstallation_info

< %appdata%\*.* >
[2007/06/21 20:48:34 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Maxim\Application Data\desktop.ini
[2009/06/06 02:32:36 | 000,002,119 | ---- | M] () -- C:\Documents and Settings\Maxim\Application Data\waQ1P0bNat.gif
[2009/06/06 02:32:36 | 000,000,598 | ---- | M] () -- C:\Documents and Settings\Maxim\Application Data\waQ1P0bNby.gif
[2009/06/06 02:32:36 | 000,000,607 | ---- | M] () -- C:\Documents and Settings\Maxim\Application Data\waQ1P0bNzn.gif


< MD5 for: AGP440.SYS >
[2006/02/28 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/04 00:10:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/04 00:10:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/02/28 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/04 00:10:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/04 00:10:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/02/28 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/02/28 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2006/02/28 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/09/04 00:10:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/09/04 00:10:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2006/02/28 08:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2006/02/28 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2006/02/28 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATA.SYS >
[2006/08/21 06:24:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) MD5=4D6C6B46B3EDF6F2E219A86B61D104AE -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: SCECLI.DLL >
[2006/02/28 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2006/02/28 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/09/04 00:10:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/09/04 00:10:58 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-04-14 07:02:41

< End of report >

Uthanak
Intermediate
Intermediate

Status :
Online
Offline

Posts : 66
Joined : 2009-08-09
OS : windows xp

View user profile

Back to top Go down

Re: 15 processes must be terminated on startup.

Post by Uthanak on Wed May 05, 2010 12:49 pm

OTL Extras logfile created on: 5/5/2010 8:30:35 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Maxim\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 134.47 Gb Free Space | 45.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 1.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 245.23 Mb Total Space | 137.71 Mb Free Space | 56.16% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAXIM-9C1E76C15
Current User Name: Maxim
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"58328:TCP" = 58328:TCP:*:Enabled:Pando Media Booster
"58328:UDP" = 58328:UDP:*:Enabled:Pando Media Booster
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"7921:TCP" = 7921:TCP:*:Enabled:Services
"7922:TCP" = 7922:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"4000:TCP" = 4000:TCP:*:Enabled:diablo
"8375:TCP" = 8375:TCP:*:Enabled:League of Legends Launcher
"8375:UDP" = 8375:UDP:*:Enabled:League of Legends Launcher
"8376:TCP" = 8376:TCP:*:Enabled:League of Legends Launcher
"8376:UDP" = 8376:UDP:*:Enabled:League of Legends Launcher
"6987:TCP" = 6987:TCP:*:Enabled:League of Legends Launcher
"6987:UDP" = 6987:UDP:*:Enabled:League of Legends Launcher
"8377:TCP" = 8377:TCP:*:Enabled:League of Legends Launcher
"8377:UDP" = 8377:UDP:*:Enabled:League of Legends Launcher
"6943:TCP" = 6943:TCP:*:Enabled:League of Legends Launcher
"6943:UDP" = 6943:UDP:*:Enabled:League of Legends Launcher
"58328:TCP" = 58328:TCP:*:Enabled:Pando Media Booster
"58328:UDP" = 58328:UDP:*:Enabled:Pando Media Booster
"6926:TCP" = 6926:TCP:*:Enabled:League of Legends Launcher
"6926:UDP" = 6926:UDP:*:Enabled:League of Legends Launcher
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"7921:TCP" = 7921:TCP:*:Enabled:Services
"7922:TCP" = 7922:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"8393:TCP" = 8393:TCP:*:Enabled:League of Legends Lobby
"8393:UDP" = 8393:UDP:*:Enabled:League of Legends Lobby
"8390:TCP" = 8390:TCP:*:Enabled:League of Legends Game Client
"8390:UDP" = 8390:UDP:*:Enabled:League of Legends Game Client
"6960:TCP" = 6960:TCP:*:Enabled:League of Legends Launcher
"6960:UDP" = 6960:UDP:*:Enabled:League of Legends Launcher
"6971:TCP" = 6971:TCP:*:Enabled:League of Legends Launcher
"6971:UDP" = 6971:UDP:*:Enabled:League of Legends Launcher

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Apprentice\Appr.exe" = C:\Program Files\Apprentice\Appr.exe:*:Enabled:Appr -- ()
"C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe" = C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade -- (THQ Canada Inc.)
"C:\Program Files\THQ\Dawn Of War\W40kWA.exe" = C:\Program Files\THQ\Dawn Of War\W40kWA.exe:*:Enabled:W40kWA -- (THQ Canada Inc.)
"C:\Program Files\Ocean Technology\GG E-Sports Platform\GGclient.exe" = C:\Program Files\Ocean Technology\GG E-Sports Platform\GGclient.exe:*:Enabled:GG E-Sports Platform Client -- (Ocean Technology & Media)
"C:\Program Files\THQ\Dawn Of War\W40k.exe" = C:\Program Files\THQ\Dawn Of War\W40k.exe:*:Enabled:W40k -- (THQ Canada Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Tortun\gui.exe" = C:\Program Files\Tortun\gui.exe:*:Enabled:gui -- ()
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Documents and Settings\Maxim\Desktop\Max\Pokemon Game.exe" = C:\Documents and Settings\Maxim\Desktop\Max\Pokemon Game.exe:*:Enabled:Pokemon Game -- (Kyrocorp)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Dawn of War 2\DOW2.exe" = C:\Program Files\Dawn of War 2\DOW2.exe:*:Enabled:DOW2 -- (THQ Canada Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Diablo II\Diablo II.exe" = C:\Program Files\Diablo II\Diablo II.exe:*:Enabled:Diablo II - Lord of Destruction -- File not found
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- ()
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"C:\Program Files\Steam\steam.exe" = C:\Program Files\Steam\steam.exe:*:Enabled:Steam 732897 -- (Valve Corporation)
"C:\Program Files\Steam\steamapps\common\dawn of war 2\DOW2.exe" = C:\Program Files\Steam\steamapps\common\dawn of war 2\DOW2.exe:*:Enabled:Dawn of War II -- (THQ Canada Inc.)
"C:\Program Files\Steam\steamapps\common\aliens vs predator\AvP_CLI.exe" = C:\Program Files\Steam\steamapps\common\aliens vs predator\AvP_CLI.exe:*:Enabled:Aliens vs Predator Dedicated Server - Beta -- ()
"C:\Program Files\Steam\steamapps\common\aliens vs predator\AvP_Launcher.exe" = C:\Program Files\Steam\steamapps\common\aliens vs predator\AvP_Launcher.exe:*:Enabled:Aliens vs Predator -- (Sega Europe Limited)
"C:\Program Files\Steam\steamapps\common\aliens vs predator\AvP_DX11.exe" = C:\Program Files\Steam\steamapps\common\aliens vs predator\AvP_DX11.exe:*:Enabled:Aliens vs Predator -- (Sega Europe Limited)
"C:\Program Files\Steam\steamapps\common\aliens vs predator\AvP.exe" = C:\Program Files\Steam\steamapps\common\aliens vs predator\AvP.exe:*:Enabled:Aliens vs Predator -- (Sega Europe Limited)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Riot Games\League of Legends\lol.launcher.exe" = C:\Riot Games\League of Legends\lol.launcher.exe:*:Enabled:League of Legends Launcher -- (Solid State Networks)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0F3A1C5A-DA6A-4536-A058-CBB857CAC20C}" = Nostromo Array Programming Software
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1DAFF305-A88A-40AC-A882-EB2C6F53AF94}" = League of Legends
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 18
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2F29D6D2-824E-4FEF-8AED-7013F39F642A}" = OpenOffice.org 2.3
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3CEFBABE-61CC-4612-AE76-CB70C34B7D45}" = Urdu Phonetic Keyboard Layout
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{64893225-ADBA-469E-B114-F3B2C1FBBA77}" = RTKXI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{760E3EF8-577D-483E-9CB2-E759880AD82E}" = League of Legends
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F12F73-D52E-40C0-93B1-463C311C4E17}" = Warhammer 40,000: Dawn Of War - Gold Edition
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{878D2EB2-2D55-42A9-955E-1E08F28529FD}" = Sony Media Manager 2.2
"{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}" = GG E-Sports Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9F70BF98-003C-491D-81FC-FF9792206AF0}" = iTunes
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAB93551-3FFE-42B2-8315-96252BBC1033}" = Nero 7 Essentials
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{DFB951D6-4270-42D8-B4B7-AA4B01911DC3}" = Sony Vegas 7.0e
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E9E3EE81-6E7F-47A3-8D38-3470256704DB}_is1" = Tortun 0.8
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE™ Creature Creator Trial Edition
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATMA V" = ATMA V 5.05
"Battle for Wesnoth_is1" = Battle for Wesnoth 1.3.6a
"BitTorrent" = BitTorrent 5.0.9
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Fraps" = Fraps (remove only)
"free-downloads.net Toolbar" = free-downloads.net Toolbar
"Google Updater" = Google Updater
"Google Video Uploader" = Google Video Uploader
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"LimeWire" = LimeWire 4.16.6
"Magic Workstation_is1" = Magic Workstation 0.94f
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"mIRC" = mIRC
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PokerStars" = PokerStars
"RealArcade 1.2" = RealArcade
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.83
"Steam App 10680" = Aliens vs Predator
"Steam App 20570" = Warhammer 40,000: Dawn of War II - Chaos Rising
"Steam App 34120" = Aliens vs Predator Dedicated Server - Beta
"SystemRequirementsLab" = System Requirements Lab
"Tyranid_Mod_v04" = Dawn of War - Tyranid Mod v0.45DC
"Vector Magic" = Vector Magic
"Veetle TV" = Veetle TV 0.9.17
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.8a
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{DBFF7A38-F460-419A-A2E7-2D55BD2D9AD4}" = Dynasty Warriors 4 Hyper
"Absolute Poker" = absoƖute Poker
"Google Chrome" = Google Chrome
"InstallShield_{64893225-ADBA-469E-B114-F3B2C1FBBA77}" = RTKXI
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/4/2010 10:34:28 PM | Computer Name = MAXIM-9C1E76C15 | Source = Application Error | ID = 1000
Description = Faulting application officekb.exe, version 0.0.0.0, faulting module
officekb.exe, version 0.0.0.0, fault address 0x000018bd.

Error - 5/4/2010 10:34:28 PM | Computer Name = MAXIM-9C1E76C15 | Source = Application Error | ID = 1000
Description = Faulting application nwiz.exe, version 0.0.0.0, faulting module nwiz.exe,
version 0.0.0.0, fault address 0x000018bd.

Error - 5/4/2010 10:34:28 PM | Computer Name = MAXIM-9C1E76C15 | Source = Application Error | ID = 1000
Description = Faulting application axcmd.exe, version 0.0.0.0, faulting module axcmd.exe,
version 0.0.0.0, fault address 0x000018bd.

Error - 5/4/2010 10:34:28 PM | Computer Name = MAXIM-9C1E76C15 | Source = Application Error | ID = 1000
Description = Faulting application nerocheck.exe, version 0.0.0.0, faulting module
nerocheck.exe, version 0.0.0.0, fault address 0x000018bd.

Error - 5/4/2010 10:34:28 PM | Computer Name = MAXIM-9C1E76C15 | Source = Application Error | ID = 1000
Description = Faulting application backweb-8876480.exe, version 0.0.0.0, faulting
module backweb-8876480.exe, version 0.0.0.0, fault address 0x000018bd.

Error - 5/4/2010 10:34:28 PM | Computer Name = MAXIM-9C1E76C15 | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 0.0.0.0, faulting module
googleupdate.exe, version 0.0.0.0, fault address 0x000018bd.

Error - 5/4/2010 10:34:28 PM | Computer Name = MAXIM-9C1E76C15 | Source = Application Error | ID = 1000
Description = Faulting application language.exe, version 0.0.0.0, faulting module
language.exe, version 0.0.0.0, fault address 0x000018bd.

Error - 5/4/2010 10:34:28 PM | Computer Name = MAXIM-9C1E76C15 | Source = Application Error | ID = 1000
Description = Faulting application pdvdserv.exe, version 0.0.0.0, faulting module
pdvdserv.exe, version 0.0.0.0, fault address 0x000018bd.

Error - 5/4/2010 10:34:28 PM | Computer Name = MAXIM-9C1E76C15 | Source = Application Error | ID = 1000
Description = Faulting application nmbgmonitor.exe, version 0.0.0.0, faulting module
nmbgmonitor.exe, version 0.0.0.0, fault address 0x000018bd.

Error - 5/4/2010 10:34:28 PM | Computer Name = MAXIM-9C1E76C15 | Source = Application Error | ID = 1000
Description = Faulting application qttask.exe, version 0.0.0.0, faulting module
qttask.exe, version 0.0.0.0, fault address 0x000018bd.

[ System Events ]
Error - 5/5/2010 8:20:19 AM | Computer Name = MAXIM-9C1E76C15 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 5/5/2010 8:20:19 AM | Computer Name = MAXIM-9C1E76C15 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 5/5/2010 8:20:32 AM | Computer Name = MAXIM-9C1E76C15 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/5/2010 8:21:38 AM | Computer Name = MAXIM-9C1E76C15 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 5/5/2010 8:21:38 AM | Computer Name = MAXIM-9C1E76C15 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 5/5/2010 8:21:38 AM | Computer Name = MAXIM-9C1E76C15 | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 5/5/2010 8:21:38 AM | Computer Name = MAXIM-9C1E76C15 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 5/5/2010 8:21:38 AM | Computer Name = MAXIM-9C1E76C15 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 5/5/2010 8:21:38 AM | Computer Name = MAXIM-9C1E76C15 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdK8 Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 5/5/2010 8:27:33 AM | Computer Name = MAXIM-9C1E76C15 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.


< End of report >

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"58328:TCP" = 58328:TCP:*:Enabled:Pando Media Booster
"58328:UDP" = 58328:UDP:*:Enabled:Pando Media Booster
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"7921:TCP" = 7921:TCP:*:Enabled:Services
"7922:TCP" = 7922:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"4000:TCP" = 4000:TCP:*:Enabled:diablo
"8375:TCP" = 8375:TCP:*:Enabled:League of Legends Launcher
"8375:UDP" = 8375:UDP:*:Enabled:League of Legends Launcher
"8376:TCP" = 8376:TCP:*:Enabled:League of Legends Launcher
"8376:UDP" = 8376:UDP:*:Enabled:League of Legends Launcher
"6987:TCP" = 6987:TCP:*:Enabled:League of Legends Launcher
"6987:UDP" = 6987:UDP:*:Enabled:League of Legends Launcher
"8377:TCP" = 8377:TCP:*:Enabled:League of Legends Launcher
"8377:UDP" = 8377:UDP:*:Enabled:League of Legends Launcher
"6943:TCP" = 6943:TCP:*:Enabled:League of Legends Launcher
"6943:UDP" = 6943:UDP:*:Enabled:League of Legends Launcher
"58328:TCP" = 58328:TCP:*:Enabled:Pando Media Booster
"58328:UDP" = 58328:UDP:*:Enabled:Pando Media Booster
"6926:TCP" = 6926:TCP:*:Enabled:League of Legends Launcher
"6926:UDP" = 6926:UDP:*:Enabled:League of Legends Launcher
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"7921:TCP" = 7921:TCP:*:Enabled:Services
"7922:TCP" = 7922:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"8393:TCP" = 8393:TCP:*:Enabled:League of Legends Lobby
"8393:UDP" = 8393:UDP:*:Enabled:League of Legends Lobby
"8390:TCP" = 8390:TCP:*:Enabled:League of Legends Game Client
"8390:UDP" = 8390:UDP:*:Enabled:League of Legends Game Client
"6960:TCP" = 6960:TCP:*:Enabled:League of Legends Launcher
"6960:UDP" = 6960:UDP:*:Enabled:League of Legends Launcher
"6971:TCP" = 6971:TCP:*:Enabled:League of Legends Launcher
"6971:UDP" = 6971:UDP:*:Enabled:League of Legends Launcher

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Apprentice\Appr.exe" = C:\Program Files\Apprentice\Appr.exe:*:Enabled:Appr -- ()
"C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe" = C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade -- (THQ Canada Inc.)
"C:\Program Files\THQ\Dawn Of War\W40kWA.exe" = C:\Program Files\THQ\Dawn Of War\W40kWA.exe:*:Enabled:W40kWA -- (THQ Canada Inc.)
"C:\Program Files\Ocean Technology\GG E-Sports Platform\GGclient.exe" = C:\Program Files\Ocean Technology\GG E-Sports Platform\GGclient.exe:*:Enabled:GG E-Sports Platform Client -- (Ocean Technology & Media)
"C:\Program Files\THQ\Dawn Of War\W40k.exe" = C:\Program Files\THQ\Dawn Of War\W40k.exe:*:Enabled:W40k -- (THQ Canada Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Tortun\gui.exe" = C:\Program Files\Tortun\gui.exe:*:Enabled:gui -- ()
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Documents and Settings\Maxim\Desktop\Max\Pokemon Game.exe" = C:\Documents and Settings\Maxim\Desktop\Max\Pokemon Game.exe:*:Enabled:Pokemon Game -- (Kyrocorp)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Dawn of War 2\DOW2.exe" = C:\Program Files\Dawn of War 2\DOW2.exe:*:Enabled:DOW2 -- (THQ Canada Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Diablo II\Diablo II.exe" = C:\Program Files\Diablo II\Diablo II.exe:*:Enabled:Diablo II - Lord of Destruction -- File not found
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- ()
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"C:\Program Files\Steam\steam.exe" = C:\Program Files\Steam\steam.exe:*:Enabled:Steam 732897 -- (Valve Corporation)
"C:\Program Files\Steam\steamapps\common\dawn of war 2\DOW2.exe" = C:\Program Files\Steam\steamapps\common\dawn of war 2\DOW2.exe:*:Enabled:Dawn of War II -- (THQ Canada Inc.)
"C:\Program Files\Steam\steamapps\common\aliens vs predator\AvP_CLI.exe" = C:\Program Files\Steam\steamapps\common\aliens vs predator\AvP_CLI.exe:*:Enabled:Aliens vs Predator Dedicated Server - Beta -- ()
"C:\Program Files\Steam\steamapps\common\aliens vs predator\AvP_Launcher.exe" = C:\Program Files\Steam\steamapps\common\aliens vs predator\AvP_Launcher.exe:*:Enabled:Aliens vs Predator -- (Sega Europe Limited)
"C:\Program Files\Steam\steamapps\common\aliens vs predator\AvP_DX11.exe" = C:\Program Files\Steam\steamapps\common\aliens vs predator\AvP_DX11.exe:*:Enabled:Aliens vs Predator -- (Sega Europe Limited)
"C:\Program Files\Steam\steamapps\common\aliens vs predator\AvP.exe" = C:\Program Files\Steam\steamapps\common\aliens vs predator\AvP.exe:*:Enabled:Aliens vs Predator -- (Sega Europe Limited)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Riot Games\League of Legends\lol.launcher.exe" = C:\Riot Games\League of Legends\lol.launcher.exe:*:Enabled:League of Legends Launcher -- (Solid State Networks)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0F3A1C5A-DA6A-4536-A058-CBB857CAC20C}" = Nostromo Array Programming Software
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1DAFF305-A88A-40AC-A882-EB2C6F53AF94}" = League of Legends
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 18
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2F29D6D2-824E-4FEF-8AED-7013F39F642A}" = OpenOffice.org 2.3
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3CEFBABE-61CC-4612-AE76-CB70C34B7D45}" = Urdu Phonetic Keyboard Layout
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{64893225-ADBA-469E-B114-F3B2C1FBBA77}" = RTKXI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{760E3EF8-577D-483E-9CB2-E759880AD82E}" = League of Legends
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F12F73-D52E-40C0-93B1-463C311C4E17}" = Warhammer 40,000: Dawn Of War - Gold Edition
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{878D2EB2-2D55-42A9-955E-1E08F28529FD}" = Sony Media Manager 2.2
"{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}" = GG E-Sports Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9F70BF98-003C-491D-81FC-FF9792206AF0}" = iTunes
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAB93551-3FFE-42B2-8315-96252BBC1033}" = Nero 7 Essentials
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{DFB951D6-4270-42D8-B4B7-AA4B01911DC3}" = Sony Vegas 7.0e
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E9E3EE81-6E7F-47A3-8D38-3470256704DB}_is1" = Tortun 0.8
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE™ Creature Creator Trial Edition
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATMA V" = ATMA V 5.05
"Battle for Wesnoth_is1" = Battle for Wesnoth 1.3.6a
"BitTorrent" = BitTorrent 5.0.9
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Fraps" = Fraps (remove only)
"free-downloads.net Toolbar" = free-downloads.net Toolbar
"Google Updater" = Google Updater
"Google Video Uploader" = Google Video Uploader
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"LimeWire" = LimeWire 4.16.6
"Magic Workstation_is1" = Magic Workstation 0.94f
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"mIRC" = mIRC
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PokerStars" = PokerStars
"RealArcade 1.2" = RealArcade
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.83
"Steam App 10680" = Aliens vs Predator
"Steam App 20570" = Warhammer 40,000: Dawn of War II - Chaos Rising
"Steam App 34120" = Aliens vs Predator Dedicated Server - Beta
"SystemRequirementsLab" = System Requirements Lab
"Tyranid_Mod_v04" = Dawn of War - Tyranid Mod v0.45DC
"Vector Magic" = Vector Magic
"Veetle TV" = Veetle TV 0.9.17
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.8a
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{DBFF7A38-F460-419A-A2E7-2D55BD2D9AD4}" = Dynasty Warriors 4 Hyper
"Absolute Poker" = absoƖute Poker
"Google Chrome" = Google Chrome
"InstallShield_{64893225-ADBA-469E-B114-F3B2C1FBBA77}" = RTKXI
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/4/2010 10:34:28 PM | Computer Name = MAXIM-9C1E76C15 | Source = Application Error | ID = 1000
Description = Faulting application officekb.exe, version 0.0.0.0, faulting module
officekb.exe, version 0.0.0.0, fault address 0x000018bd.

Error - 5/4/2010 10:34:28 PM | Computer Name = MAXIM-9C1E76C15 | Source = Application Error | ID = 1000
Description = Faulting application nwiz.exe, version 0.0.0.0, faulting module nwiz.exe,
version 0.0.0.0, fault address 0x000018bd.

Error - 5/4/2010 10:34:28 PM | Computer Name = MAXIM-9C1E76C15 | Source = Application Error | ID = 1000
Description = Faulting application axcmd.exe, version 0.0.0.0, faulting module axcmd.exe,
version 0.0.0.0, fault address 0x000018bd.

Error - 5/4/2010 10:34:28 PM | Computer Name = MAXIM-9C1E76C15 | Source = Application Error | ID = 1000
Description = Faulting application nerocheck.exe, version 0.0.0.0, faulting module
nerocheck.exe, version 0.0.0.0, fault address 0x000018bd.

Error - 5/4/2010 10:34:28 PM | Computer Name = MAXIM-9C1E76C15 | Source = Application Error | ID = 1000
Description = Faulting application backweb-8876480.exe, version 0.0.0.0, faulting
module backweb-8876480.exe, version 0.0.0.0, fault address 0x000018bd.

Error - 5/4/2010 10:34:28 PM | Computer Name = MAXIM-9C1E76C15 | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 0.0.0.0, faulting module
googleupdate.exe, version 0.0.0.0, fault address 0x000018bd.

Error - 5/4/2010 10:34:28 PM | Computer Name = MAXIM-9C1E76C15 | Source = Application Error | ID = 1000
Description = Faulting application language.exe, version 0.0.0.0, faulting module
language.exe, version 0.0.0.0, fault address 0x000018bd.

Error - 5/4/2010 10:34:28 PM | Computer Name = MAXIM-9C1E76C15 | Source = Application Error | ID = 1000
Description = Faulting application pdvdserv.exe, version 0.0.0.0, faulting module
pdvdserv.exe, version 0.0.0.0, fault address 0x000018bd.

Error - 5/4/2010 10:34:28 PM | Computer Name = MAXIM-9C1E76C15 | Source = Application Error | ID = 1000
Description = Faulting application nmbgmonitor.exe, version 0.0.0.0, faulting module
nmbgmonitor.exe, version 0.0.0.0, fault address 0x000018bd.

Error - 5/4/2010 10:34:28 PM | Computer Name = MAXIM-9C1E76C15 | Source = Application Error | ID = 1000
Description = Faulting application qttask.exe, version 0.0.0.0, faulting module
qttask.exe, version 0.0.0.0, fault address 0x000018bd.

[ System Events ]
Error - 5/5/2010 8:20:19 AM | Computer Name = MAXIM-9C1E76C15 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 5/5/2010 8:20:19 AM | Computer Name = MAXIM-9C1E76C15 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 5/5/2010 8:20:32 AM | Computer Name = MAXIM-9C1E76C15 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/5/2010 8:21:38 AM | Computer Name = MAXIM-9C1E76C15 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 5/5/2010 8:21:38 AM | Computer Name = MAXIM-9C1E76C15 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 5/5/2010 8:21:38 AM | Computer Name = MAXIM-9C1E76C15 | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 5/5/2010 8:21:38 AM | Computer Name = MAXIM-9C1E76C15 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 5/5/2010 8:21:38 AM | Computer Name = MAXIM-9C1E76C15 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 5/5/2010 8:21:38 AM | Computer Name = MAXIM-9C1E76C15 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdK8 Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 5/5/2010 8:27:33 AM | Computer Name = MAXIM-9C1E76C15 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.


< End of report >

Uthanak
Intermediate
Intermediate

Status :
Online
Offline

Posts : 66
Joined : 2009-08-09
OS : windows xp

View user profile

Back to top Go down

Re: 15 processes must be terminated on startup.

Post by Belahzur on Wed May 05, 2010 6:44 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: 15 processes must be terminated on startup.

Post by Uthanak on Wed May 05, 2010 7:51 pm

ComboFix 10-05-05.02 - Maxim 05/05/2010 15:25:11.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2975 [GMT -4:00]
Running from: c:\documents and settings\Maxim\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Maxim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
c:\documents and settings\Maxim\Local Settings\Temporary Internet Files\_tm4C4.tmp
c:\documents and settings\Maxim\Local Settings\Temporary Internet Files\_tm5B8.tmp
c:\documents and settings\Maxim\Local Settings\Temporary Internet Files\_tm610.tmp
c:\documents and settings\Maxim\Local Settings\Temporary Internet Files\stb06759.tmp
c:\documents and settings\Maxim\Start Menu\Programs\Startup\MagicDisc.lnk
c:\progra~1\OfficeKB\OfficeKB.EXE
c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe
c:\program files\Analog Devices\Core\smax4pnp.exe
c:\program files\Common Files\Adobe\ARM\1.0\adobearm.exe
c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
c:\program files\Common Files\Real\Update_OB\realsched.exe
c:\program files\CyberLink\PowerDVD\Language\Language.exe
c:\program files\CyberLink\PowerDVD\pdvdserv.exe
c:\program files\iTunes\ituneshelper.exe
c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
c:\program files\Mozilla Firefox\khalmnpr.exe
c:\program files\Mozilla Firefox\rundll32 .exe
c:\program files\NVIDIA Corporation\nView\nwiz.exe
c:\program files\Pando Networks\Media Booster\PMB.exe
c:\program files\QuickTime\qttask.exe
c:\program files\WindowsUpdate
c:\windows\run.log
c:\windows\system32\ctfmon .exe
c:\windows\system32\drivers\kdvegt.sys
c:\windows\system32\driVERs\qnzdbec.sys
c:\windows\system32\drivers\zfibn.sys

----- File Replicators -----

c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\athena02\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\athena02\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\CammyCustom\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\CammyCustom\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\CIEL\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\CIEL\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\jotaroanmc\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\jotaroanmc\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\Judith\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\Judith\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\juggy2\charsffdtow.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\juggy2\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\shinobi\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\shinobi\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\spiderman\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\spiderman\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\superman01\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\superman01\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\WARCUEID\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\WARCUEID\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\athena02\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\athena02\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\CammyCustom\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\CammyCustom\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\CIEL\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\CIEL\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\jotaroanmc\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\jotaroanmc\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\Judith\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\Judith\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\juggy2\charsffdtow.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\juggy2\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\shinobi\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\shinobi\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\spiderman\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\spiderman\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\superman01\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\superman01\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\WARCUEID\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\WARCUEID\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\Abyss2\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\Abyss2\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\AOSHI\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\AOSHI\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\Armored Spiderman\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\Armored Spiderman\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\Baby Bonnie Hood\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\Baby Bonnie Hood\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\Chang\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\clara\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\cvsbenimaru\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\cvsbenimaru\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\cvsbison2\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\cvsbison2\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\EvilRanger\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\EvilRanger\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\FOXY\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\hken\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\kensou\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\pepe\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\ProfessorZoom\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\ProfessorZoom\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\ProfessorZoom\ProfessorZoom\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\ProfessorZoom\ProfessorZoom\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\RedRanger\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\RedRanger\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_blaze\act\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_blaze\act\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_blaze\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_blaze\cns\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_blaze\cns\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_blaze\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_dark\act\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_dark\act\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_dark\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_dark\cns\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_dark\cns\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_dark\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_sonic\act\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_sonic\act\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_sonic\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_sonic\cns\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_sonic\cns\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_sonic\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\The Kingpin v1.0bk\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\The Kingpin v1.0bk\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\TigreNegro\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\TigreNegro\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\usagent\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\usagent\dos2win.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\victor\CharSffDtoW.exe
c:\documents and settings\HelpAssistant\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\victor\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\athena02\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\athena02\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\CammyCustom\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\CammyCustom\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\CIEL\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\CIEL\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\jotaroanmc\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\jotaroanmc\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\Judith\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\Judith\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\juggy2\charsffdtow.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\juggy2\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\shinobi\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\shinobi\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\spiderman\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\spiderman\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\superman01\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\superman01\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\WARCUEID\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen Fighting Jam v2 slim\chars\WARCUEID\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\athena02\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\athena02\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\CammyCustom\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\CammyCustom\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\CIEL\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\CIEL\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\jotaroanmc\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\jotaroanmc\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\Judith\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\Judith\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\juggy2\charsffdtow.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\juggy2\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\shinobi\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\shinobi\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\spiderman\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\spiderman\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\superman01\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\superman01\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\WARCUEID\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\Mugen fighting jam v2\Mugen Fighting Jam v2 slim\chars\WARCUEID\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\Abyss2\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\Abyss2\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\AOSHI\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\AOSHI\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\Armored Spiderman\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\Armored Spiderman\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\Baby Bonnie Hood\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\Baby Bonnie Hood\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\Chang\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\clara\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\cvsbenimaru\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\cvsbenimaru\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\cvsbison2\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\cvsbison2\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\EvilRanger\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\EvilRanger\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\FOXY\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\hken\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\kensou\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\pepe\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\ProfessorZoom\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\ProfessorZoom\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\ProfessorZoom\ProfessorZoom\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\ProfessorZoom\ProfessorZoom\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\RedRanger\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\RedRanger\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_blaze\act\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_blaze\act\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_blaze\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_blaze\cns\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_blaze\cns\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_blaze\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_dark\act\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_dark\act\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_dark\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_dark\cns\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_dark\cns\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_dark\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_sonic\act\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_sonic\act\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_sonic\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_sonic\cns\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_sonic\cns\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\so_sonic\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\The Kingpin v1.0bk\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\The Kingpin v1.0bk\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\TigreNegro\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\TigreNegro\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\usagent\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\usagent\dos2win.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\victor\CharSffDtoW.exe
c:\documents and settings\Maxim\Desktop\Max\Games\MUGEN Fury - Battle Of The Masses\chars\victor\dos2win.exe
.
Infected copy of c:\windows\system32\drivers\isapnp.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_qnzdbec
-------\Service_qnzdbec


((((((((((((((((((((((((( Files Created from 2010-04-05 to 2010-05-05 )))))))))))))))))))))))))))))))
.

2010-05-05 19:13 . 2010-05-05 19:15 -------- d-----w- C:\Combo-Fix
2010-05-05 02:08 . 2010-05-05 02:08 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-05-05 01:31 . 2010-05-05 01:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2010-05-05 00:35 . 2010-05-05 00:35 -------- d-----w- c:\documents and settings\HelpAssistant\Incomplete
2010-05-05 00:35 . 2010-05-05 00:35 -------- d-----w- c:\documents and settings\HelpAssistant\ImperialGuard5thEdition
2010-05-05 00:35 . 2010-05-05 00:35 -------- d-----w- c:\documents and settings\HelpAssistant\Hentai Legacy Megapack uncen.dvdrip.dual.audio.complete
2010-05-05 00:35 . 2010-05-05 00:35 -------- d-----w- c:\documents and settings\HelpAssistant\Dynasty Warrirors 4 Hper
2010-05-05 00:35 . 2010-05-05 00:35 -------- d-----w- c:\documents and settings\HelpAssistant\Diablo 2
2010-05-05 00:23 . 2010-05-05 00:23 -------- d-----w- c:\documents and settings\HelpAssistant\D2 Keygens
2010-05-05 00:22 . 2010-05-05 00:23 -------- d-----w- c:\documents and settings\HelpAssistant\Contacts
2010-05-05 00:22 . 2010-05-05 00:22 -------- d-----w- c:\documents and settings\HelpAssistant\Bible Black Complete
2010-05-05 00:22 . 2010-05-05 00:22 -------- d-----w- c:\documents and settings\HelpAssistant\Baki - Son of Ogre
2010-05-04 23:48 . 2010-05-04 23:48 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Conduit
2010-05-04 23:48 . 2010-05-04 23:48 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\free-downloads.net
2010-05-04 23:47 . 2010-05-04 23:47 -------- d-----w- c:\documents and settings\Maxim\Local Settings\Application Data\jodpehbio
2010-05-04 23:47 . 2010-05-04 23:47 -------- d-----w- c:\documents and settings\Maxim\Local Settings\Application Data\wngpefagk
2010-04-16 20:08 . 2010-04-16 20:40 -------- d-----w- c:\documents and settings\Maxim\Local Settings\Application Data\PMB Files
2010-04-16 20:08 . 2010-04-16 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-04-16 20:07 . 2010-04-16 20:07 -------- d-----w- c:\program files\Pando Networks
2010-04-10 19:11 . 2010-04-10 19:11 -------- d-----w- c:\program files\Veetle

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-05 19:36 . 2008-03-03 02:24 -------- d-----w- c:\documents and settings\Maxim\Application Data\OpenOffice.org2
2010-05-05 19:31 . 2008-06-20 01:59 -------- d-----w- c:\program files\QuickTime
2010-05-05 19:31 . 2008-06-20 02:00 -------- d-----w- c:\program files\iTunes
2010-05-05 19:31 . 2007-06-23 23:47 -------- d-----w- c:\program files\OfficeKB
2010-05-05 19:24 . 2007-07-03 06:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-05-04 23:47 . 2009-08-24 03:52 -------- d-----w- c:\program files\free-downloads.net
2010-05-03 16:08 . 2007-06-22 20:40 -------- d-----w- c:\program files\World of Warcraft
2010-04-29 19:39 . 2009-08-09 21:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-08-09 21:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-21 05:15 . 2009-03-18 06:15 -------- d-----w- c:\program files\Steam
2010-03-11 12:38 . 2006-02-28 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2006-02-28 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2006-02-28 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-27 02:27 . 2009-08-09 20:36 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-24 13:11 . 2006-02-28 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2006-02-28 12:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2006-02-28 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2006-02-28 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2009-08-10 18:31 . 2009-08-10 18:31 286 ----a-w- c:\program files\qjhnfze.txt
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
Code:
<pre>
c:\program files\Alcohol Soft\Alcohol 120\axcmd .exe
c:\program files\Analog Devices\Core\smax4pnp .exe
c:\program files\Common Files\Adobe\ARM\1.0\adobearm .exe
c:\program files\Common Files\Ahead\Lib\nerocheck .exe
c:\program files\Common Files\Ahead\Lib\nmbgmonitor .exe
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\CyberLink\PowerDVD\pdvdserv .exe
c:\program files\CyberLink\PowerDVD\Language\language .exe
c:\program files\iTunes\ituneshelper .exe
c:\program files\OfficeKB\officekb .exe
c:\program files\Pando Networks\Media Booster\pmb .exe
c:\program files\QuickTime\qttask .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2010-05-04 2349080]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2010-05-04 2349080]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfre0.dll" [2010-05-04 2349080]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [N/A]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\Maxim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [N/A]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [N/A]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [N/A]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [N/A]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [N/A]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [N/A]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [N/A]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-10-21 29696]
"OfficeKB"="c:\progra~1\OfficeKB\OfficeKB.EXE" [N/A]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [N/A]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [N/A]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [N/A]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [N/A]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [N/A]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2010-02-02 136744]

c:\documents and settings\Maxim\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Loadout Manager.lnk - c:\program files\Belkin\Nostromo\nost_LM.exe [2003-6-24 442368]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-6-23 450560]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2007-6-23 581632]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Apprentice\\Appr.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"c:\\Program Files\\THQ\\Dawn Of War\\W40kWA.exe"=
"c:\\Program Files\\Ocean Technology\\GG E-Sports Platform\\GGclient.exe"=
"c:\\Program Files\\THQ\\Dawn Of War\\W40k.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Tortun\\gui.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Documents and Settings\\Maxim\\Desktop\\Max\\Pokemon Game.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe"=
"c:\\Program Files\\Dawn of War 2\\DOW2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dawn of war 2\\DOW2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator\\AvP_CLI.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator\\AvP_Launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator\\AvP_DX11.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\aliens vs predator\\AvP.exe"=
"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"4000:TCP"= 4000:TCP:diablo
"8375:TCP"= 8375:TCP:League of Legends Launcher
"8375:UDP"= 8375:UDP:League of Legends Launcher
"8376:TCP"= 8376:TCP:League of Legends Launcher
"8376:UDP"= 8376:UDP:League of Legends Launcher
"6987:TCP"= 6987:TCP:League of Legends Launcher
"6987:UDP"= 6987:UDP:League of Legends Launcher
"8377:TCP"= 8377:TCP:League of Legends Launcher
"8377:UDP"= 8377:UDP:League of Legends Launcher
"6943:TCP"= 6943:TCP:League of Legends Launcher
"6943:UDP"= 6943:UDP:League of Legends Launcher
"58328:TCP"= 58328:TCP:Pando Media Booster
"58328:UDP"= 58328:UDP:Pando Media Booster
"6926:TCP"= 6926:TCP:League of Legends Launcher
"6926:UDP"= 6926:UDP:League of Legends Launcher
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"7921:TCP"= 7921:TCP:Services
"7922:TCP"= 7922:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"6960:TCP"= 6960:TCP:League of Legends Launcher
"6960:UDP"= 6960:UDP:League of Legends Launcher
"6971:TCP"= 6971:TCP:League of Legends Launcher
"6971:UDP"= 6971:UDP:League of Legends Launcher
"8020:TCP"= 8020:TCP:Services
"8021:TCP"= 8021:TCP:Services

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/9/2009 6:35 PM 297752]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/1/2008 10:47 AM 24652]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2/27/2010 11:44 AM 57248]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [7/23/2003 3:16 PM 22821]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/9/2009 5:50 PM 38224]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/13/2007 12:28 AM 722416]
.
Contents of the 'Scheduled Tasks' folder

2010-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 21:57]

2010-05-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-03 21:27]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = localhost
FF - ProfilePath - c:\documents and settings\Maxim\Application Data\Mozilla\Firefox\Profiles\pu9jai39.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\Maxim\Application Data\Mozilla\Firefox\Profiles\pu9jai39.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Maxim\Application Data\Mozilla\Firefox\Profiles\pu9jai39.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Maxim\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-05-05 15:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A9B3C18]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28
\Driver\ACPI -> 0x8a9b3c18
\Driver\atapi -> atapi.sys @ 0xb7e00852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> 0x8a27f5c0
PacketIndicateHandler -> NDIS.sys @ 0xb7d11a21
SendHandler -> NDIS.sys @ 0xb7cef87b
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x02542D6C1
malicious code @ sector 0x02542D6C4 !
PE file found in sector at 0x02542D6DA !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3024)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Belkin\Nostromo\nost_FSH.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Logitech\SetPoint\KHALMNPR.EXE
c:\program files\OpenOffice.org 2.3\program\soffice.exe
c:\program files\OpenOffice.org 2.3\program\soffice.BIN
.
**************************************************************************
.
Completion time: 2010-05-05 15:46:19 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-05 19:46
ComboFix2.txt 2009-08-10 21:15

Pre-Run: 144,844,152,832 bytes free
Post-Run: 145,845,043,200 bytes free

- - End Of File - - C9B502AC6B8039981D7FD36151FD9387

Uthanak
Intermediate
Intermediate

Status :
Online
Offline

Posts : 66
Joined : 2009-08-09
OS : windows xp

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum