Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

MRT.exe eating CPU [Closed]


  • This topic is locked This topic is locked

#1
solley

solley

    Member

  • Member
  • PipPip
  • 24 posts
Hello -

MRT.exe is eating my CPU. It comes and goes as a running process. I'm running XP, as you'll see below.

I don't believe it is the malware removal tool, b/c of the CPU issues.

Thanks for looking.

Here's my OTL.txt log and the extra.txt log.

================
OTL.txt
================

OTL logfile created on: 6/13/2012 3:44:34 PM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

638.48 Mb Total Physical Memory | 213.41 Mb Available Physical Memory | 33.42% Memory free
1.53 Gb Paging File | 1.03 Gb Available in Paging File | 67.73% Paging File free
Paging file location(s): c:\pagefile.sys 960 1920 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 28.60 Gb Total Space | 12.58 Gb Free Space | 43.98% Space Free | Partition Type: NTFS
Drive I: | 1.27 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 465.76 Gb Total Space | 347.25 Gb Free Space | 74.56% Space Free | Partition Type: NTFS

Computer Name: DELL-XP-BOX | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/13 15:44:04 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2012/06/13 07:14:57 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/05/18 11:37:40 | 000,780,184 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2012/05/18 11:37:40 | 000,116,632 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2012/04/26 12:28:28 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/12 13:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- J:\Storage\LeapPad\LeapFrog Connect\Monitor.exe
PRC - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- J:\Storage\LeapPad\LeapFrog Connect\CommandService.exe
PRC - [2011/09/08 07:50:41 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2009/01/27 16:21:32 | 002,143,232 | ---- | M] (TiVo Inc.) -- C:\Program Files\TiVo\Desktop\TiVoServer.exe
PRC - [2009/01/27 16:18:12 | 000,425,472 | ---- | M] (TiVo Inc.) -- C:\Program Files\TiVo\Desktop\TiVoNotify.exe
PRC - [2009/01/27 16:05:46 | 000,315,392 | ---- | M] (TiVo Inc.) -- C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
PRC - [2009/01/27 16:03:54 | 000,520,192 | ---- | M] (TiVo Inc.) -- C:\Program Files\TiVo\Desktop\TranscodingService.exe
PRC - [2008/04/14 05:42:42 | 000,196,608 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/03 02:37:32 | 000,364,629 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2005/10/17 16:02:54 | 000,139,264 | ---- | M] (MXI) -- C:\Program Files\Common Files\MXI\SSDService.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/30 23:49:51 | 008,797,856 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012/05/18 11:37:40 | 000,780,184 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
MOD - [2012/05/18 11:37:40 | 000,116,632 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
MOD - [2012/04/26 12:28:27 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/14 10:19:06 | 008,500,224 | ---- | M] () -- J:\Storage\LeapPad\LeapFrog Connect\QtGui4.dll
MOD - [2011/09/14 10:19:06 | 002,348,544 | ---- | M] () -- J:\Storage\LeapPad\LeapFrog Connect\QtCore4.dll
MOD - [2010/11/17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/01/27 16:07:12 | 000,259,584 | ---- | M] () -- C:\Program Files\TiVo\Desktop\Id3Lib.dll
MOD - [2008/12/22 14:54:24 | 000,425,984 | ---- | M] () -- C:\Program Files\TiVo\Desktop\libmatroska.dll
MOD - [2008/12/22 13:49:50 | 000,188,416 | ---- | M] () -- C:\Program Files\TiVo\Desktop\libebml.dll
MOD - [2008/12/22 13:43:04 | 000,684,032 | ---- | M] () -- C:\Program Files\TiVo\Desktop\LibEay32.dll
MOD - [2008/12/22 13:43:04 | 000,155,648 | ---- | M] () -- C:\Program Files\TiVo\Desktop\SslEay32.dll
MOD - [2008/12/22 13:41:48 | 000,716,800 | ---- | M] () -- C:\Program Files\TiVo\Desktop\loudmouth.dll
MOD - [2008/04/14 05:42:42 | 000,196,608 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE
MOD - [2008/04/14 05:42:10 | 000,214,528 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\wbemcomn.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003/03/28 06:20:50 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBKPP5C.DLL
MOD - [2003/02/11 10:56:20 | 000,049,152 | ---- | M] () -- C:\Program Files\Lexmark X1100 Series\ConvDIB.dll
MOD - [2003/01/30 06:04:00 | 000,618,496 | ---- | M] () -- C:\Program Files\TiVo\Desktop\StlpMt45.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\iijwrg.dll -- (NATServices)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/05/31 00:04:29 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/18 11:37:40 | 000,116,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2012/04/26 12:28:28 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- J:\Storage\LeapPad\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/09/08 07:50:41 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2007/08/03 02:37:32 | 000,364,629 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2005/10/17 16:02:54 | 000,139,264 | ---- | M] (MXI) [Auto | Running] -- C:\Program Files\Common Files\MXI\SSDService.exe -- (SSDSDKService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\OCDE.sys -- (OCDE)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\ntcdrdrv.sys -- (ntcdrdrv)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/11/12 12:18:10 | 000,033,792 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btblan.sys -- (Leapfrog-USBLAN)
DRV - [2011/09/08 07:50:30 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/09/08 07:50:29 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/05/22 16:42:52 | 000,017,296 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\easytthr.sys -- (easytether)
DRV - [2010/06/09 18:13:25 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/07/13 17:51:12 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUsb)
DRV - [2007/07/26 13:19:22 | 000,547,904 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/07/03 19:46:22 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/06/15 10:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2005/09/08 16:24:46 | 000,065,152 | ---- | M] (Memory Experts Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SSDADM.sys -- (USBSSDADM)
DRV - [2005/01/21 13:31:44 | 000,069,810 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FLMckUSB.sys -- (FLMCKUSB) AuthenTec TruePrint USB Driver (AES3400, AES3500, AES4000)
DRV - [2005/01/10 18:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 18:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/11/29 16:53:18 | 000,258,560 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211U.sys -- (WLAN(WLAN)) 802.11b+g USB Wireless LAN Adapter Driver(WLAN)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/06/04 14:12:10 | 000,379,488 | ---- | M] (NETGEAR, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111nd5.sys -- (wg111nd5)
DRV - [2004/01/14 11:30:00 | 000,017,151 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ZDPNDIS5.sys -- (ZDPNDIS5)
DRV - [2003/06/30 18:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/02/26 11:40:24 | 000,058,224 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox...aspx?tbid=80308
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox...id=80308&lng=en

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox...tb_id&%language
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://lawson.hhsys.../lawson/portal/
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {C04B7D22-5AEC-4561-8F49-27F6269208F6}
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox...id=80308&lng=en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "Inbox Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.12.2.44172
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:3.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.2
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://toolbar.inbox...nguage=en&qkw="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/26 12:28:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/13 10:43:59 | 000,000,000 | ---D | M]

[2008/06/21 10:30:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/06/13 09:11:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p0080x4r.default\extensions
[2010/06/20 09:38:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p0080x4r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/23 16:40:49 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p0080x4r.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2012/03/29 16:40:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p0080x4r.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/06/13 07:21:52 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p0080x4r.default\extensions\[email protected]
[2009/05/29 19:57:59 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p0080x4r.default\extensions\[email protected]
[2012/02/11 12:23:35 | 000,000,000 | ---D | M] (Cooliris) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p0080x4r.default\extensions\[email protected]
[2009/01/06 11:51:38 | 000,001,447 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\p0080x4r.default\searchplugins\userlogos.xml
[2012/06/13 10:44:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/13 10:44:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/06/13 09:11:03 | 000,030,312 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\P0080X4R.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
[2012/01/05 19:44:24 | 000,634,964 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\P0080X4R.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/06/13 10:43:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/04/26 12:28:29 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/01/25 16:30:45 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/01/25 16:30:45 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll
[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/07/28 11:20:04 | 000,124,200 | ---- | M] (DeLorme) -- C:\Program Files\mozilla firefox\plugins\nppnplugin.dll
[2008/09/15 12:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2012/04/26 12:28:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/26 12:28:22 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2008/05/29 23:12:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DeLorme Send To GPS) - {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - C:\Program Files\DeLorme\SendToGPS\PNPluginForIE.dll (DeLorme)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [Monitor] J:\Storage\LeapPad\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKCU..\Run: [EasyTether] C:\Program Files\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)
O4 - HKCU..\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TivoNotify] C:\Program Files\TiVo\Desktop\TiVoNotify.exe (TiVo Inc.)
O4 - HKCU..\Run: [TivoServer] C:\Program Files\TiVo\Desktop\TiVoServer.exe (TiVo Inc.)
O4 - HKCU..\Run: [TranscodingService] C:\Program Files\TiVo\Desktop\TranscodingService.exe (TiVo Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\GoZone iSync.lnk = C:\Program Files\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: download.microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] https in Trusted sites)
O15 - HKCU\..Trusted Domains: update.microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: update.microsoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.microsoft.com ([]http in Trusted sites)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky...can_unicode.cab (CKAVWebScan Object)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.1.30.43 69.1.30.42
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CECA0B80-1704-429D-9B90-8CD211B037D9}: DhcpNameServer = 69.1.30.43 69.1.30.42
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/08 18:25:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/05/25 13:36:19 | 000,000,111 | R--- | M] () - I:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{f3dc2d28-ed2e-11dc-a1ac-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{f3dc2d28-ed2e-11dc-a1ac-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f3dc2d28-ed2e-11dc-a1ac-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Click_Here_to_Install_LeapPad_LFConnect.html
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/13 07:14:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/05/31 00:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2012/05/31 00:22:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2012/05/31 00:08:01 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Mobility
[2012/05/30 23:22:01 | 000,000,000 | ---D | C] -- C:\Temp
[2012/05/30 23:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Motorola Mobility
[2012/05/30 23:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2012/05/30 23:19:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Motorola
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/13 15:36:30 | 000,441,890 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/13 15:36:30 | 000,071,700 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/13 15:29:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/13 15:04:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/13 14:59:18 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/13 13:32:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/13 07:12:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/13 07:12:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/31 00:56:40 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012/05/31 00:55:42 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/05/31 00:25:37 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/05/31 00:25:37 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/05/31 00:22:10 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2012/05/30 23:53:51 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/31 00:56:40 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012/05/31 00:22:10 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2012/05/30 23:49:53 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

========== LOP Check ==========

[2008/09/11 18:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnGenius
[2008/08/05 23:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2011/12/21 08:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2009/01/17 17:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2009/05/03 11:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TiVo
[2011/02/16 00:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/01/25 16:30:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Catalina Marketing Corp
[2010/06/01 21:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Facebook
[2012/03/11 12:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Fisher-Price
[2009/04/27 23:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FotoWire
[2008/03/08 21:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2008/11/20 01:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2012/05/30 23:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Motorola
[2012/05/30 23:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Motorola Mobility
[2009/04/19 15:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MP3Rocket
[2010/11/23 15:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2009/03/02 21:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish

========== Purity Check ==========



< End of report >


==================
extras.txt
==================

OTL Extras logfile created on: 6/13/2012 3:44:34 PM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

638.48 Mb Total Physical Memory | 213.41 Mb Available Physical Memory | 33.42% Memory free
1.53 Gb Paging File | 1.03 Gb Available in Paging File | 67.73% Paging File free
Paging file location(s): c:\pagefile.sys 960 1920 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 28.60 Gb Total Space | 12.58 Gb Free Space | 43.98% Space Free | Partition Type: NTFS
Drive I: | 1.27 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 465.76 Gb Total Space | 347.25 Gb Free Space | 74.56% Space Free | Partition Type: NTFS

Computer Name: DELL-XP-BOX | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL %1,%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL %1,%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:UDP" = 5353:UDP:LocalSubNet:Enabled:mDNS-SD/Bonjour
"7288:TCP" = 7288:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7288
"7289:TCP" = 7289:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7289
"7290:TCP" = 7290:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7290
"7291:TCP" = 7291:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7291
"7292:TCP" = 7292:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7292
"7293:TCP" = 7293:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7293
"7294:TCP" = 7294:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7294
"7295:TCP" = 7295:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7295
"7296:TCP" = 7296:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7296
"7297:TCP" = 7297:TCP:LocalSubNet:Enabled:TiVo HME Host: Port 7297

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"J:\Storage\LeapPad\LeapFrog Connect\LeapFrogConnect.exe" = J:\Storage\LeapPad\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" = C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe:LocalSubNet:Enabled:TiVo Transfer Service -- (TiVo Inc.)
"C:\Program Files\TiVo\Desktop\TiVoServer.exe" = C:\Program Files\TiVo\Desktop\TiVoServer.exe:LocalSubNet:Enabled:TiVo Server Service -- (TiVo Inc.)
"C:\Program Files\TiVo\Desktop\TiVoDesktop.exe" = C:\Program Files\TiVo\Desktop\TiVoDesktop.exe:LocalSubNet:Enabled:TiVo Desktop User Interface -- (TiVo Inc.)
"C:\Program Files\TiVo\Desktop\curl.exe" = C:\Program Files\TiVo\Desktop\curl.exe:LocalSubNet:Enabled:TiVo Curl Service -- ()
"C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe" = C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe:*:Enabled:AllShare
"C:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe" = C:\Program Files\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe:*:Enabled:PCSM_http_ss_win_pro
"J:\Storage\LeapPad\LeapFrog Connect\LeapFrogConnect.exe" = J:\Storage\LeapPad\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B8FF60F-C012-4459-AADF-A3AD4E3757DE}" = Dell Picture Studio - Dell Image Expert
"{0F60FD8E-3E58-4F8E-BF2C-DFA4C9987AE2}_is1" = DeLorme Send To GPS 1.2
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1A2DDF67-3FA4-451C-8BF1-21CA4E546AEF}" = Motorola Device Software Update
"{243E9065-1DA0-4786-B3BD-B8030277F214}" = Logitech Harmony Remote Software 7
"{26A24AE4-039D-4CA4-87B4-2F83216015F0}" = Java™ 6 Update 15
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java™ 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 33
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = EnGenius Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35EAEF3F-6FCA-4150-A872-33EAF6F06080}" = MXI ACCESS Client 5.0
"{44170B31-F47A-4FF9-9D77-382D1FE2A728}" = FP3 Player
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E839090-3B68-436A-B3CF-A2A08C38DD26}" = TiVo Desktop 2.7
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.09
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{581CE7EA-A30D-0000-1211-088635773309}" = 802.11b+g USB Wireless LAN Adapter
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3FAE73B-4474-4A1D-A343-2FE248F05265}" = EasyTether
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE7AAFD1-C631-4B60-B62E-434F0A435317}" = Motorola Mobile Drivers Installation 5.6.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E07B7A31-E160-466D-A003-3BB7B8989D52}" = Full Tilt Poker.Net
"{EBC91840-41E1-4CC3-AC11-0B889546223C}" = Microsoft IntelliPoint 5.5
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect
"{FE5ED1C0-A340-4EAC-B4BE-FA0AB173436C}" = LeapFrog LeapPad Explorer Plugin
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Athena" = WebCam for MSN Messenger
"CCleaner" = CCleaner
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Device Control" = Device Control
"EAXSet" = Creative EAX Settings
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"GoZone iSync" = GoZone iSync
"HijackThis" = HijackThis 2.0.2
"Hijackthis_is1" = Hijackthis 1.99.1
"InstallShield_{44170B31-F47A-4FF9-9D77-382D1FE2A728}" = FP3 Player
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"IrfanView" = IrfanView (remove only)
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.8.5
"LeapPadExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
"Lexmark X1100 Series" = Lexmark X1100 Series
"LimeWire" = LimeWire 4.12.14
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate1.7" = LiveUpdate 1.7 (Symantec Corporation)
"Logitech Print Service" = Logitech Print Service
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWSnap 3" = MWSnap 3
"PokerStars.net" = PokerStars.net
"Recover Files_is1" = Recover Files 2.0
"Savings Bond Wizard" = Savings Bond Wizard
"SPEAKER" = Creative Speaker Settings
"TiVo Desktop 2.7" = TiVo Desktop 2.7
"UPCShell" = LeapFrog Connect
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"winusb0200" = Microsoft WinUsb 2.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"TiVo Photos 2.0" = TiVo Photos 2.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/9/2009 11:28:24 AM | Computer Name = DELL-XP-BOX | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/16/2009 5:48:17 PM | Computer Name = DELL-XP-BOX | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3593, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/16/2009 5:52:09 PM | Computer Name = DELL-XP-BOX | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3593, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/3/2009 8:58:45 PM | Computer Name = DELL-XP-BOX | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: An internal certificate chaining error has occurred.

Error - 12/13/2009 3:07:31 PM | Computer Name = DELL-XP-BOX | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00180ff3.

Error - 12/13/2009 9:15:49 PM | Computer Name = DELL-XP-BOX | Source = Application Hang | ID = 1002
Description = Hanging application wireshark.exe, version 1.2.4.30978, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/13/2009 9:15:51 PM | Computer Name = DELL-XP-BOX | Source = Application Hang | ID = 1002
Description = Hanging application wireshark.exe, version 1.2.4.30978, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/5/2010 8:36:04 PM | Computer Name = DELL-XP-BOX | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 9.0.0.4503, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/14/2010 8:46:15 PM | Computer Name = DELL-XP-BOX | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/30/2010 5:10:54 PM | Computer Name = DELL-XP-BOX | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 9.0.0.4503, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/25/2012 5:08:21 PM | Computer Name = DELL-XP-BOX | Source = Service Control Manager | ID = 7034
Description = The LeapFrog Connect Device Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/3/2012 11:30:45 AM | Computer Name = DELL-XP-BOX | Source = Service Control Manager | ID = 7023
Description = The NATServicesware service terminated with the following error: %%126

Error - 5/12/2012 1:01:20 PM | Computer Name = DELL-XP-BOX | Source = Service Control Manager | ID = 7023
Description = The NATServicesware service terminated with the following error: %%126

Error - 5/12/2012 1:01:26 PM | Computer Name = DELL-XP-BOX | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 5/12/2012 1:01:26 PM | Computer Name = DELL-XP-BOX | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 5/13/2012 5:05:27 PM | Computer Name = DELL-XP-BOX | Source = Print | ID = 6161
Description = The document Coupon Print 000017297374-210016174 owned by Owner failed
to print on printer HP LaserJet 4P. Data type: NT EMF 1.008. Size of the spool
file in bytes: 0. Number of bytes printed: 0. Total number of pages in the document:
1. Number of pages printed: 0. Client machine: \\DELL-XP-BOX. Win32 error code
returned by the print processor: 259 (0x103).

Error - 5/31/2012 12:47:03 AM | Computer Name = DELL-XP-BOX | Source = Service Control Manager | ID = 7023
Description = The NATServicesware service terminated with the following error: %%126

Error - 5/31/2012 9:22:41 AM | Computer Name = DELL-XP-BOX | Source = Service Control Manager | ID = 7023
Description = The NATServicesware service terminated with the following error: %%126

Error - 6/13/2012 8:12:48 AM | Computer Name = DELL-XP-BOX | Source = Service Control Manager | ID = 7023
Description = The NATServicesware service terminated with the following error: %%126

Error - 6/13/2012 4:31:46 PM | Computer Name = DELL-XP-BOX | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on
Windows Server 2003 and Windows XP x86 (KB2656369).


< End of report >
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello solley and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\iijwrg.dll -- (NATServices)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
    O33 - MountPoints2\{f3dc2d28-ed2e-11dc-a1ac-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{f3dc2d28-ed2e-11dc-a1ac-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{f3dc2d28-ed2e-11dc-a1ac-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Click_Here_to_Install_LeapPad_LFConnect.html

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • GMER log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
solley

solley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
All processes killed
========== OTL ==========
Service NATServices stopped successfully!
Service NATServices deleted successfully!
File %SystemRoot%\System32\iijwrg.dll not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3dc2d28-ed2e-11dc-a1ac-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3dc2d28-ed2e-11dc-a1ac-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3dc2d28-ed2e-11dc-a1ac-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3dc2d28-ed2e-11dc-a1ac-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3dc2d28-ed2e-11dc-a1ac-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3dc2d28-ed2e-11dc-a1ac-806d6172696f}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Click_Here_to_Install_LeapPad_LFConnect.html not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Carey
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 456 bytes

User: Default User
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temporary Internet Files folder emptied: 106846476 bytes
->Java cache emptied: 30275112 bytes
->Flash cache emptied: 36490 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4304997 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8553092 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 231533872 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 132920 bytes

Total Files Cleaned = 364.00 mb


OTL by OldTimer - Version 3.2.48.0 log created on 06202012_184848

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#4
solley

solley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-21 07:10:06
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6E030L0 rev.NAR61590
Running: fez00s9u.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kxddypod.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEEEEE640]

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF738BF80]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat EC93DD20

---- EOF - GMER 1.0.15 ----
  • 0

#5
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Let's do two scans. Let me know how is your system after this.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Verify Driver Digital Signature
    • Detect TDLFS file system
  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 3

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • Malwarebytes log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#6
solley

solley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
20:08:31.0546 2564 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
20:08:31.0953 2564 ============================================================
20:08:31.0953 2564 Current date / time: 2012/06/22 20:08:31.0953
20:08:31.0953 2564 SystemInfo:
20:08:31.0953 2564
20:08:31.0953 2564 OS Version: 5.1.2600 ServicePack: 3.0
20:08:31.0953 2564 Product type: Workstation
20:08:31.0953 2564 ComputerName: DELL-XP-BOX
20:08:31.0953 2564 UserName: Owner
20:08:31.0953 2564 Windows directory: C:\WINDOWS
20:08:31.0953 2564 System windows directory: C:\WINDOWS
20:08:31.0953 2564 Processor architecture: Intel x86
20:08:31.0953 2564 Number of processors: 1
20:08:31.0953 2564 Page size: 0x1000
20:08:31.0953 2564 Boot type: Normal boot
20:08:31.0953 2564 ============================================================
20:08:34.0421 2564 Drive \Device\Harddisk0\DR0 - Size: 0x728D84000 (28.64 Gb), SectorSize: 0x200, Cylinders: 0xE9A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:08:34.0500 2564 Drive \Device\Harddisk1\DR3 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:08:34.0500 2564 ============================================================
20:08:34.0500 2564 \Device\Harddisk0\DR0:
20:08:34.0515 2564 MBR partitions:
20:08:34.0515 2564 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x3931455
20:08:34.0515 2564 \Device\Harddisk1\DR3:
20:08:34.0515 2564 MBR partitions:
20:08:34.0515 2564 \Device\Harddisk1\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
20:08:34.0515 2564 ============================================================
20:08:34.0609 2564 C: <-> \Device\Harddisk0\DR0\Partition0
20:08:34.0656 2564 J: <-> \Device\Harddisk1\DR3\Partition0
20:08:34.0687 2564 ============================================================
20:08:34.0687 2564 Initialize success
20:08:34.0687 2564 ============================================================
20:08:56.0546 2320 ============================================================
20:08:56.0546 2320 Scan started
20:08:56.0546 2320 Mode: Manual; SigCheck; TDLFS;
20:08:56.0546 2320 ============================================================
20:08:56.0781 2320 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
20:08:57.0078 2320 !SASCORE - ok
20:08:57.0187 2320 Abiosdsk - ok
20:08:57.0218 2320 abp480n5 - ok
20:08:57.0265 2320 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:08:59.0234 2320 ACPI - ok
20:08:59.0265 2320 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:08:59.0843 2320 ACPIEC - ok
20:08:59.0953 2320 ACS (fe92f2f7122c0f7e0c6a47d9c7cf3aaa) C:\WINDOWS\system32\acs.exe
20:09:00.0031 2320 ACS ( UnsignedFile.Multi.Generic ) - warning
20:09:00.0031 2320 ACS - detected UnsignedFile.Multi.Generic (1)
20:09:00.0031 2320 adpu160m - ok
20:09:00.0078 2320 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:09:00.0328 2320 aec - ok
20:09:00.0375 2320 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:09:00.0437 2320 AFD - ok
20:09:00.0437 2320 Aha154x - ok
20:09:00.0453 2320 aic78u2 - ok
20:09:00.0468 2320 aic78xx - ok
20:09:00.0515 2320 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:09:00.0750 2320 Alerter - ok
20:09:00.0781 2320 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:09:00.0906 2320 ALG - ok
20:09:00.0906 2320 AliIde - ok
20:09:00.0921 2320 amsint - ok
20:09:01.0015 2320 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:09:01.0046 2320 Apple Mobile Device - ok
20:09:01.0046 2320 AppMgmt - ok
20:09:01.0125 2320 AR5211 (89873aebbf0309393f0737e26d891209) C:\WINDOWS\system32\DRIVERS\ar5211.sys
20:09:01.0187 2320 AR5211 ( UnsignedFile.Multi.Generic ) - warning
20:09:01.0187 2320 AR5211 - detected UnsignedFile.Multi.Generic (1)
20:09:01.0203 2320 asc - ok
20:09:01.0218 2320 asc3350p - ok
20:09:01.0234 2320 asc3550 - ok
20:09:01.0375 2320 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:09:01.0406 2320 aspnet_state - ok
20:09:01.0437 2320 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:09:01.0734 2320 AsyncMac - ok
20:09:01.0781 2320 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:09:02.0046 2320 atapi - ok
20:09:02.0062 2320 Atdisk - ok
20:09:02.0078 2320 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:09:02.0375 2320 Atmarpc - ok
20:09:02.0421 2320 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:09:02.0687 2320 AudioSrv - ok
20:09:02.0734 2320 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:09:03.0000 2320 audstub - ok
20:09:03.0031 2320 bcm4sbxp (b60f57b4d9cdbc663cc03eb8af7ec34e) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
20:09:03.0109 2320 bcm4sbxp - ok
20:09:03.0140 2320 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:09:03.0421 2320 Beep - ok
20:09:03.0484 2320 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:09:03.0796 2320 BITS - ok
20:09:03.0921 2320 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files\Bonjour\mDNSResponder.exe
20:09:03.0968 2320 Bonjour Service - ok
20:09:04.0015 2320 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:09:04.0296 2320 Browser - ok
20:09:04.0343 2320 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:09:04.0640 2320 cbidf2k - ok
20:09:04.0671 2320 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:09:04.0937 2320 CCDECODE - ok
20:09:04.0953 2320 cd20xrnt - ok
20:09:04.0984 2320 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:09:05.0671 2320 Cdaudio - ok
20:09:05.0734 2320 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:09:06.0000 2320 Cdfs - ok
20:09:06.0031 2320 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:09:06.0312 2320 Cdrom - ok
20:09:06.0359 2320 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
20:09:06.0390 2320 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
20:09:06.0390 2320 cercsr6 - detected UnsignedFile.Multi.Generic (1)
20:09:06.0406 2320 Changer - ok
20:09:06.0453 2320 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:09:07.0437 2320 CiSvc - ok
20:09:07.0453 2320 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:09:07.0765 2320 ClipSrv - ok
20:09:08.0171 2320 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:09:08.0218 2320 clr_optimization_v2.0.50727_32 - ok
20:09:08.0546 2320 CmdIde - ok
20:09:08.0546 2320 COMSysApp - ok
20:09:08.0578 2320 Cpqarray - ok
20:09:08.0640 2320 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:09:09.0328 2320 CryptSvc - ok
20:09:09.0375 2320 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
20:09:09.0453 2320 ctsfm2k - ok
20:09:09.0453 2320 dac2w2k - ok
20:09:09.0468 2320 dac960nt - ok
20:09:09.0531 2320 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:09:09.0656 2320 DcomLaunch - ok
20:09:09.0703 2320 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:09:10.0015 2320 Dhcp - ok
20:09:10.0062 2320 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:09:10.0343 2320 Disk - ok
20:09:10.0359 2320 dmadmin - ok
20:09:10.0437 2320 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:09:10.0812 2320 dmboot - ok
20:09:10.0843 2320 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:09:11.0171 2320 dmio - ok
20:09:11.0218 2320 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:09:11.0500 2320 dmload - ok
20:09:11.0562 2320 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:09:11.0890 2320 dmserver - ok
20:09:11.0968 2320 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:09:12.0234 2320 DMusic - ok
20:09:12.0296 2320 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:09:12.0359 2320 Dnscache - ok
20:09:12.0437 2320 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:09:12.0765 2320 Dot3svc - ok
20:09:12.0781 2320 dpti2o - ok
20:09:12.0828 2320 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:09:13.0093 2320 drmkaud - ok
20:09:13.0156 2320 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:09:13.0515 2320 EapHost - ok
20:09:13.0562 2320 easytether (5d67e5f2ca692f7dba2568182b394541) C:\WINDOWS\system32\DRIVERS\easytthr.sys
20:09:13.0656 2320 easytether - ok
20:09:13.0703 2320 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:09:14.0046 2320 ERSvc - ok
20:09:14.0109 2320 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:09:14.0156 2320 Eventlog - ok
20:09:14.0203 2320 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
20:09:14.0265 2320 EventSystem - ok
20:09:14.0328 2320 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:09:14.0640 2320 Fastfat - ok
20:09:14.0671 2320 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:09:14.0765 2320 FastUserSwitchingCompatibility - ok
20:09:14.0796 2320 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:09:15.0093 2320 Fdc - ok
20:09:15.0125 2320 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:09:15.0390 2320 Fips - ok
20:09:15.0453 2320 FLMCKUSB (7b854c3d489f38b5a031a5330d356ac3) C:\WINDOWS\system32\Drivers\FLMckUSB.sys
20:09:15.0531 2320 FLMCKUSB - ok
20:09:15.0562 2320 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:09:16.0437 2320 Flpydisk - ok
20:09:16.0718 2320 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:09:17.0250 2320 FltMgr - ok
20:09:17.0343 2320 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:09:17.0390 2320 FontCache3.0.0.0 - ok
20:09:17.0437 2320 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:09:17.0687 2320 Fs_Rec - ok
20:09:17.0703 2320 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:09:17.0984 2320 Ftdisk - ok
20:09:18.0031 2320 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:09:18.0046 2320 GEARAspiWDM - ok
20:09:18.0109 2320 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:09:18.0375 2320 Gpc - ok
20:09:18.0453 2320 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:09:18.0703 2320 helpsvc - ok
20:09:18.0750 2320 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
20:09:19.0000 2320 HidServ - ok
20:09:19.0046 2320 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:09:19.0312 2320 HidUsb - ok
20:09:19.0375 2320 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:09:19.0718 2320 hkmsvc - ok
20:09:19.0718 2320 hpn - ok
20:09:19.0765 2320 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:09:19.0843 2320 HTTP - ok
20:09:19.0875 2320 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:09:20.0156 2320 HTTPFilter - ok
20:09:20.0156 2320 i2omgmt - ok
20:09:20.0171 2320 i2omp - ok
20:09:20.0281 2320 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:09:20.0546 2320 i8042prt - ok
20:09:20.0609 2320 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:09:20.0718 2320 ialm - ok
20:09:20.0890 2320 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:09:21.0000 2320 idsvc - ok
20:09:21.0093 2320 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:09:21.0375 2320 Imapi - ok
20:09:21.0437 2320 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:09:21.0703 2320 ImapiService - ok
20:09:21.0734 2320 ini910u - ok
20:09:21.0781 2320 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:09:22.0046 2320 IntelIde - ok
20:09:22.0093 2320 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:09:22.0328 2320 intelppm - ok
20:09:22.0375 2320 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:09:22.0640 2320 Ip6Fw - ok
20:09:22.0671 2320 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:09:22.0937 2320 IpFilterDriver - ok
20:09:22.0984 2320 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:09:23.0250 2320 IpInIp - ok
20:09:23.0281 2320 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:09:23.0562 2320 IpNat - ok
20:09:23.0671 2320 iPod Service (e51bd095b2fdf56b17ee010bb794d6ed) C:\Program Files\iPod\bin\iPodService.exe
20:09:23.0734 2320 iPod Service - ok
20:09:23.0781 2320 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:09:24.0062 2320 IPSec - ok
20:09:24.0093 2320 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:09:24.0203 2320 IRENUM - ok
20:09:24.0234 2320 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:09:24.0468 2320 isapnp - ok
20:09:24.0578 2320 JavaQuickStarterService (de5d05fd449798ef88cc34ad4b1e7f85) C:\Program Files\Java\jre6\bin\jqs.exe
20:09:24.0609 2320 JavaQuickStarterService - ok
20:09:24.0640 2320 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:09:24.0906 2320 Kbdclass - ok
20:09:24.0953 2320 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:09:25.0187 2320 kbdhid - ok
20:09:25.0250 2320 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:09:25.0500 2320 kmixer - ok
20:09:25.0562 2320 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:09:25.0656 2320 KSecDD - ok
20:09:25.0718 2320 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:09:26.0140 2320 lanmanserver - ok
20:09:26.0187 2320 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:09:26.0250 2320 lanmanworkstation - ok
20:09:26.0265 2320 lbrtfdc - ok
20:09:27.0828 2320 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) J:\Storage\LeapPad\LeapFrog Connect\CommandService.exe
20:09:28.0437 2320 LeapFrog Connect Device Service - ok
20:09:28.0484 2320 Leapfrog-USBLAN (5cffda921fe0c9e9ebde3150d3c81594) C:\WINDOWS\system32\DRIVERS\btblan.sys
20:09:28.0578 2320 Leapfrog-USBLAN - ok
20:09:28.0656 2320 LexBceS (1a787cea43afc33f433d84c25fd4ac68) C:\WINDOWS\system32\LEXBCES.EXE
20:09:28.0750 2320 LexBceS - ok
20:09:28.0796 2320 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:09:29.0031 2320 LmHosts - ok
20:09:29.0156 2320 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
20:09:29.0203 2320 McComponentHostService - ok
20:09:29.0250 2320 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:09:29.0531 2320 Messenger - ok
20:09:29.0562 2320 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:09:29.0796 2320 mnmdd - ok
20:09:29.0843 2320 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
20:09:30.0125 2320 mnmsrvc - ok
20:09:30.0171 2320 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:09:30.0421 2320 Modem - ok
20:09:30.0484 2320 Motorola Device Manager (5ddce3fc5a54a4a58ee693046ebfaef3) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
20:09:30.0531 2320 Motorola Device Manager - ok
20:09:30.0578 2320 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:09:30.0843 2320 Mouclass - ok
20:09:30.0875 2320 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:09:31.0109 2320 mouhid - ok
20:09:31.0156 2320 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:09:31.0421 2320 MountMgr - ok
20:09:31.0515 2320 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:09:31.0546 2320 MozillaMaintenance - ok
20:09:31.0546 2320 mraid35x - ok
20:09:31.0578 2320 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:09:31.0812 2320 MRxDAV - ok
20:09:31.0890 2320 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:09:31.0953 2320 MRxSmb - ok
20:09:32.0000 2320 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
20:09:32.0250 2320 MSDTC - ok
20:09:32.0296 2320 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:09:32.0531 2320 Msfs - ok
20:09:32.0546 2320 MSIServer - ok
20:09:32.0578 2320 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:09:32.0812 2320 MSKSSRV - ok
20:09:32.0828 2320 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:09:33.0093 2320 MSPCLOCK - ok
20:09:33.0109 2320 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:09:33.0359 2320 MSPQM - ok
20:09:33.0390 2320 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:09:33.0625 2320 mssmbios - ok
20:09:33.0671 2320 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:09:33.0906 2320 MSTEE - ok
20:09:33.0953 2320 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:09:34.0000 2320 Mup - ok
20:09:34.0046 2320 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:09:34.0312 2320 NABTSFEC - ok
20:09:34.0390 2320 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:09:34.0625 2320 napagent - ok
20:09:34.0687 2320 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:09:34.0953 2320 NDIS - ok
20:09:34.0984 2320 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:09:35.0234 2320 NdisIP - ok
20:09:35.0281 2320 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:09:35.0328 2320 NdisTapi - ok
20:09:35.0343 2320 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:09:35.0578 2320 Ndisuio - ok
20:09:35.0609 2320 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:09:36.0187 2320 NdisWan - ok
20:09:36.0234 2320 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:09:36.0281 2320 NDProxy - ok
20:09:36.0328 2320 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:09:36.0593 2320 NetBIOS - ok
20:09:36.0625 2320 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:09:36.0859 2320 NetBT - ok
20:09:36.0906 2320 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:09:37.0156 2320 NetDDE - ok
20:09:37.0171 2320 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:09:37.0406 2320 NetDDEdsdm - ok
20:09:37.0734 2320 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:09:38.0015 2320 Netlogon - ok
20:09:38.0046 2320 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:09:38.0281 2320 Netman - ok
20:09:38.0406 2320 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:09:38.0437 2320 NetTcpPortSharing - ok
20:09:38.0500 2320 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:09:38.0546 2320 Nla - ok
20:09:38.0593 2320 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:09:38.0828 2320 Npfs - ok
20:09:38.0843 2320 ntcdrdrv - ok
20:09:38.0890 2320 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:09:39.0187 2320 Ntfs - ok
20:09:39.0203 2320 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:09:39.0468 2320 NtLmSsp - ok
20:09:39.0531 2320 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:09:39.0875 2320 NtmsSvc - ok
20:09:39.0921 2320 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
20:09:39.0953 2320 NuidFltr - ok
20:09:40.0000 2320 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:09:40.0265 2320 Null - ok
20:09:40.0312 2320 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:09:40.0578 2320 NwlnkFlt - ok
20:09:40.0687 2320 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:09:40.0921 2320 NwlnkFwd - ok
20:09:40.0937 2320 OCDE - ok
20:09:41.0015 2320 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
20:09:41.0031 2320 OMCI ( UnsignedFile.Multi.Generic ) - warning
20:09:41.0031 2320 OMCI - detected UnsignedFile.Multi.Generic (1)
20:09:41.0078 2320 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
20:09:41.0125 2320 ossrv - ok
20:09:41.0203 2320 P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys
20:09:41.0312 2320 P17 - ok
20:09:41.0375 2320 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:09:41.0593 2320 Parport - ok
20:09:41.0625 2320 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:09:41.0875 2320 PartMgr - ok
20:09:41.0921 2320 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:09:42.0125 2320 ParVdm - ok
20:09:42.0156 2320 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:09:42.0390 2320 PCI - ok
20:09:42.0406 2320 PCIDump - ok
20:09:42.0468 2320 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
20:09:42.0703 2320 PCIIde - ok
20:09:42.0750 2320 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:09:42.0984 2320 Pcmcia - ok
20:09:43.0000 2320 PDCOMP - ok
20:09:43.0031 2320 PDFRAME - ok
20:09:43.0046 2320 PDRELI - ok
20:09:43.0062 2320 PDRFRAME - ok
20:09:43.0093 2320 perc2 - ok
20:09:43.0109 2320 perc2hib - ok
20:09:43.0203 2320 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:09:43.0218 2320 PlugPlay - ok
20:09:43.0265 2320 Point32 (d0be72557de73acabbab536496d23115) C:\WINDOWS\system32\DRIVERS\point32.sys
20:09:43.0328 2320 Point32 - ok
20:09:43.0375 2320 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:09:43.0625 2320 PolicyAgent - ok
20:09:43.0671 2320 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:09:43.0890 2320 PptpMiniport - ok
20:09:43.0906 2320 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:09:44.0156 2320 ProtectedStorage - ok
20:09:44.0171 2320 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:09:44.0390 2320 PSched - ok
20:09:44.0437 2320 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:09:44.0671 2320 Ptilink - ok
20:09:44.0687 2320 ql1080 - ok
20:09:44.0703 2320 Ql10wnt - ok
20:09:44.0718 2320 ql12160 - ok
20:09:44.0750 2320 ql1240 - ok
20:09:44.0765 2320 ql1280 - ok
20:09:44.0796 2320 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:09:45.0031 2320 RasAcd - ok
20:09:45.0078 2320 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:09:45.0312 2320 RasAuto - ok
20:09:45.0343 2320 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:09:45.0578 2320 Rasl2tp - ok
20:09:45.0640 2320 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:09:45.0875 2320 RasMan - ok
20:09:45.0921 2320 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:09:46.0140 2320 RasPppoe - ok
20:09:46.0171 2320 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:09:46.0390 2320 Raspti - ok
20:09:46.0453 2320 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:09:46.0671 2320 Rdbss - ok
20:09:46.0703 2320 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:09:46.0921 2320 RDPCDD - ok
20:09:47.0015 2320 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
20:09:47.0062 2320 RDPWD - ok
20:09:47.0109 2320 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:09:47.0343 2320 RDSessMgr - ok
20:09:47.0390 2320 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:09:47.0625 2320 redbook - ok
20:09:47.0671 2320 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:09:47.0921 2320 RemoteAccess - ok
20:09:47.0953 2320 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
20:09:48.0203 2320 RpcLocator - ok
20:09:48.0265 2320 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
20:09:48.0343 2320 RpcSs - ok
20:09:48.0390 2320 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
20:09:48.0625 2320 RSVP - ok
20:09:48.0671 2320 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:09:48.0921 2320 SamSs - ok
20:09:49.0031 2320 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:09:49.0046 2320 SASDIFSV - ok
20:09:49.0109 2320 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
20:09:49.0125 2320 SASENUM - ok
20:09:49.0156 2320 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
20:09:49.0171 2320 SASKUTIL - ok
20:09:49.0218 2320 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:09:49.0437 2320 SCardSvr - ok
20:09:49.0515 2320 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:09:49.0781 2320 Schedule - ok
20:09:49.0828 2320 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:09:49.0921 2320 Secdrv - ok
20:09:49.0984 2320 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:09:50.0187 2320 seclogon - ok
20:09:50.0265 2320 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
20:09:50.0390 2320 senfilt - ok
20:09:50.0421 2320 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:09:50.0625 2320 SENS - ok
20:09:50.0656 2320 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:09:50.0906 2320 serenum - ok
20:09:50.0937 2320 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:09:51.0140 2320 Serial - ok
20:09:51.0218 2320 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:09:51.0468 2320 Sfloppy - ok
20:09:51.0531 2320 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:09:51.0796 2320 SharedAccess - ok
20:09:51.0843 2320 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:09:51.0890 2320 ShellHWDetection - ok
20:09:51.0906 2320 Simbad - ok
20:09:51.0968 2320 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:09:52.0187 2320 SLIP - ok
20:09:52.0250 2320 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
20:09:52.0281 2320 smwdm - ok
20:09:52.0296 2320 Sparrow - ok
20:09:52.0343 2320 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:09:52.0578 2320 splitter - ok
20:09:52.0625 2320 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:09:52.0671 2320 Spooler - ok
20:09:52.0687 2320 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:09:52.0781 2320 sr - ok
20:09:52.0843 2320 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:09:52.0953 2320 srservice - ok
20:09:53.0000 2320 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:09:53.0093 2320 Srv - ok
20:09:53.0156 2320 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:09:53.0265 2320 SSDPSRV - ok
20:09:53.0328 2320 SSDSDKService - ok
20:09:53.0390 2320 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:09:53.0656 2320 stisvc - ok
20:09:53.0687 2320 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:09:53.0937 2320 streamip - ok
20:09:54.0000 2320 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:09:54.0234 2320 swenum - ok
20:09:54.0250 2320 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:09:54.0484 2320 swmidi - ok
20:09:54.0500 2320 SwPrv - ok
20:09:54.0531 2320 symc810 - ok
20:09:54.0546 2320 symc8xx - ok
20:09:54.0625 2320 SymEvent (a3e7deab1ec157750ed8041d0eaddb3c) C:\Program Files\Symantec\SYMEVENT.SYS
20:09:54.0656 2320 SymEvent ( UnsignedFile.Multi.Generic ) - warning
20:09:54.0656 2320 SymEvent - detected UnsignedFile.Multi.Generic (1)
20:09:54.0687 2320 sym_hi - ok
20:09:54.0703 2320 sym_u3 - ok
20:09:54.0734 2320 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:09:54.0968 2320 sysaudio - ok
20:09:55.0015 2320 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:09:55.0218 2320 SysmonLog - ok
20:09:55.0265 2320 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:09:55.0500 2320 TapiSrv - ok
20:09:55.0578 2320 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:09:55.0656 2320 Tcpip - ok
20:09:55.0687 2320 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:09:55.0906 2320 TDPIPE - ok
20:09:55.0937 2320 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:09:56.0187 2320 TDTCP - ok
20:09:56.0218 2320 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:09:56.0421 2320 TermDD - ok
20:09:56.0484 2320 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:09:56.0718 2320 TermService - ok
20:09:56.0765 2320 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:09:56.0796 2320 Themes - ok
20:09:56.0796 2320 TosIde - ok
20:09:56.0859 2320 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:09:57.0078 2320 TrkWks - ok
20:09:57.0109 2320 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:09:57.0343 2320 Udfs - ok
20:09:57.0375 2320 ultra - ok
20:09:57.0437 2320 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:09:57.0703 2320 Update - ok
20:09:57.0734 2320 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:09:57.0859 2320 upnphost - ok
20:09:57.0906 2320 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:09:58.0156 2320 UPS - ok
20:09:58.0203 2320 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:09:58.0250 2320 USBAAPL - ok
20:09:58.0296 2320 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:09:58.0515 2320 usbaudio - ok
20:09:58.0546 2320 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:09:58.0765 2320 usbccgp - ok
20:09:58.0812 2320 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:09:59.0015 2320 usbehci - ok
20:09:59.0078 2320 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:09:59.0312 2320 usbhub - ok
20:09:59.0328 2320 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:09:59.0546 2320 usbprint - ok
20:09:59.0609 2320 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:09:59.0812 2320 usbscan - ok
20:09:59.0859 2320 USBSSDADM (1ccbcfe8bc1dcc7ec423c657270e1741) C:\WINDOWS\system32\DRIVERS\SSDADM.sys
20:09:59.0890 2320 USBSSDADM ( UnsignedFile.Multi.Generic ) - warning
20:09:59.0890 2320 USBSSDADM - detected UnsignedFile.Multi.Generic (1)
20:09:59.0953 2320 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:10:00.0171 2320 usbstor - ok
20:10:00.0203 2320 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:10:00.0421 2320 usbuhci - ok
20:10:00.0453 2320 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:10:00.0687 2320 VgaSave - ok
20:10:00.0703 2320 ViaIde - ok
20:10:00.0750 2320 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:10:00.0953 2320 VolSnap - ok
20:10:01.0031 2320 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:10:01.0156 2320 VSS - ok
20:10:01.0203 2320 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:10:01.0437 2320 W32Time - ok
20:10:01.0468 2320 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:10:01.0671 2320 Wanarp - ok
20:10:01.0750 2320 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
20:10:01.0796 2320 Wdf01000 - ok
20:10:01.0828 2320 WDICA - ok
20:10:01.0859 2320 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:10:02.0093 2320 wdmaud - ok
20:10:02.0156 2320 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:10:02.0375 2320 WebClient - ok
20:10:02.0437 2320 wg111nd5 (5dc04e2badf701d7a9d00365b623df2f) C:\WINDOWS\system32\DRIVERS\wg111nd5.sys
20:10:02.0500 2320 wg111nd5 - ok
20:10:02.0593 2320 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:10:02.0812 2320 winmgmt - ok
20:10:02.0890 2320 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\WINDOWS\system32\DRIVERS\WinUsb.sys
20:10:02.0937 2320 WinUsb - ok
20:10:02.0984 2320 WLAN(WLAN) (36eb7336d06acfc684ca7e148f802412) C:\WINDOWS\system32\DRIVERS\zd1211u.sys
20:10:03.0078 2320 WLAN(WLAN) - ok
20:10:03.0125 2320 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
20:10:03.0203 2320 WmdmPmSN - ok
20:10:03.0265 2320 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:10:03.0500 2320 WmiApSrv - ok
20:10:03.0656 2320 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
20:10:03.0750 2320 WMPNetworkSvc - ok
20:10:03.0796 2320 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:10:03.0843 2320 WpdUsb - ok
20:10:03.0890 2320 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
20:10:04.0156 2320 wscsvc - ok
20:10:04.0187 2320 WSIMD (2ea107f535b0b7bfb1d8d6bd79325dbb) C:\WINDOWS\system32\DRIVERS\wsimd.sys
20:10:04.0250 2320 WSIMD - ok
20:10:04.0281 2320 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:10:04.0515 2320 WSTCODEC - ok
20:10:04.0546 2320 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:10:04.0750 2320 wuauserv - ok
20:10:04.0812 2320 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:10:04.0859 2320 WudfPf - ok
20:10:04.0906 2320 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:10:04.0968 2320 WudfRd - ok
20:10:05.0000 2320 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
20:10:05.0031 2320 WudfSvc - ok
20:10:05.0125 2320 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:10:05.0406 2320 WZCSVC - ok
20:10:05.0453 2320 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:10:05.0687 2320 xmlprov - ok
20:10:05.0734 2320 ZDPNDIS5 (29c917279d79848b3dd94909fc00e2a8) C:\WINDOWS\system32\ZDPNDIS5.SYS
20:10:05.0765 2320 ZDPNDIS5 ( UnsignedFile.Multi.Generic ) - warning
20:10:05.0765 2320 ZDPNDIS5 - detected UnsignedFile.Multi.Generic (1)
20:10:05.0890 2320 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:10:06.0750 2320 \Device\Harddisk0\DR0 - ok
20:10:06.0781 2320 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR3
20:10:06.0984 2320 \Device\Harddisk1\DR3 - ok
20:10:07.0015 2320 Boot (0x1200) (414158e21459ae5da54990d079327d88) \Device\Harddisk0\DR0\Partition0
20:10:07.0015 2320 \Device\Harddisk0\DR0\Partition0 - ok
20:10:07.0031 2320 Boot (0x1200) (f5be19ff9c8180b47456d5912a05aaed) \Device\Harddisk1\DR3\Partition0
20:10:07.0031 2320 \Device\Harddisk1\DR3\Partition0 - ok
20:10:07.0046 2320 ============================================================
20:10:07.0046 2320 Scan finished
20:10:07.0046 2320 ============================================================
20:10:07.0187 3724 Detected object count: 7
20:10:07.0187 3724 Actual detected object count: 7
20:11:09.0046 3724 ACS ( UnsignedFile.Multi.Generic ) - skipped by user
20:11:09.0046 3724 ACS ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:11:09.0046 3724 AR5211 ( UnsignedFile.Multi.Generic ) - skipped by user
20:11:09.0046 3724 AR5211 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:11:09.0046 3724 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
20:11:09.0046 3724 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:11:09.0062 3724 OMCI ( UnsignedFile.Multi.Generic ) - skipped by user
20:11:09.0062 3724 OMCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:11:09.0062 3724 SymEvent ( UnsignedFile.Multi.Generic ) - skipped by user
20:11:09.0062 3724 SymEvent ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:11:09.0078 3724 USBSSDADM ( UnsignedFile.Multi.Generic ) - skipped by user
20:11:09.0078 3724 USBSSDADM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:11:09.0078 3724 ZDPNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
20:11:09.0078 3724 ZDPNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:11:14.0156 0692 Deinitialize success
  • 0

#7
solley

solley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.22.12

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Owner :: DELL-XP-BOX [administrator]

6/22/2012 8:18:08 PM
mbam-log-2012-06-22 (20-18-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231387
Time elapsed: 9 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\WINDOWS\BM97928998.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

(end)
  • 0

#8
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Good work. Do you have any problems now?
  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Are you still with me? How is your system now?
  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP