[Tkahms]

OTListlt2 Log
Problem with system resources running consistently at 100%. Computer is bogged down.
I suspect iexplore.exe file dominating system resources at 60-80%

OTListIt logfile created on: 5/1/2009 12:33:03 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.1 Folder = C:\Documents and Settings\Tim Kahms\Local Settings\Temporary Internet Files\Content.IE5\VTYWLYQO
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

990.42 Mb Total Physical Memory | 305.67 Mb Available Physical Memory | 30.86% Memory free
2.33 Gb Paging File | 1.74 Gb Available in Paging File | 74.45% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.95 Gb Total Space | 30.85 Gb Free Space | 33.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 149.05 Gb Total Space | 16.31 Gb Free Space | 10.94% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: LAPTOPKRG
Current User Name: Tim Kahms
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\McShield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Intuit\QuickBooks\Components\QBAgent\QBDAgent.exe ()
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\mrtMngr.EXE (Marimba Inc.)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hpoevm07.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Tim Kahms\Local Settings\Temporary Internet Files\Content.IE5\VTYWLYQO\OTListIt2[1].exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqwmi [On_Demand | Stopped]) -- C:\Program Files\HPQ\SHARED\HPQWMI.exe (Hewlett-Packard Development Company, L.P.)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (MBackMonitor [Auto | Running]) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\McShield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (npggsvc [On_Demand | Stopped]) -- C:\WINDOWS\system32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (QBCFMonitorService [Auto | Running]) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QBFCService [On_Demand | Stopped]) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (YahooAUService [Auto | Running]) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (Afc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\Afc.sys (Arcsoft, Inc.)
DRV - (AliIde [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (BTWUSB [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (WIDCOMM, Inc.)
DRV - (CAMCAUD [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\camcaud.sys (Conexant Systems Inc.)
DRV - (CAMCHALA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\camchal.sys (Conexant Systems Inc.)
DRV - (eabfiltr [System | Running]) -- C:\WINDOWS\system32\drivers\EABFiltr.sys (Hewlett-Packard Company)
DRV - (eabusb [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\eabusb.sys (Hewlett-Packard Company)
DRV - (ENUM1394 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\enum1394.sys (Microsoft Corporation)
DRV - (HPZid412 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWICH [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MotDev [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\motodrv.sys (Motorola Inc)
DRV - (MotoSwitchService [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\motswch.sys (Motorola INC.)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (P2k [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\P2k.sys (Motorola Inc)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTL8023xp [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SMCIRDA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\smcirda.sys (SMC)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tifm21 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (usb_rndisx [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV - (w29n51 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\w29n51.sys (Intel® Corporation)
DRV - (wceusbsh [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wceusbsh.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..keyword.URL: "http://mystart.incre...ss_bar&search="
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"


FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/01/07 10:33:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/04/27 21:43:46 | 00,000,000 | ---D | M]

[2008/09/10 19:40:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tim Kahms\Application Data\mozilla\Firefox\Profiles\tt5xjs04.default\extensions
[2008/07/28 20:20:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tim Kahms\Application Data\mozilla\Firefox\Profiles\tt5xjs04.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/12/15 20:31:20 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\Tim Kahms\Application Data\Mozilla\FireFox\Profiles\tt5xjs04.default\searchplugins\MyStart Search.xml
[2008/05/16 15:54:28 | 00,000,275 | ---- | M] () -- C:\Documents and Settings\Tim Kahms\Application Data\Mozilla\FireFox\Profiles\tt5xjs04.default\searchplugins\search.xml
[2009/01/29 13:53:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/05/28 16:50:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2008/02/16 11:46:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/04/12 09:25:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/11/29 10:49:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/01/07 10:34:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

O1 HOSTS File: (231240 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8106 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Copernic Agent) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start (Hewlett-Packard )
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe (McAfee)
O4 - HKLM..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r (Sonic Solutions)
O4 - HKCU..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks\Components\QBAgent\QBDAgent.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT (Copernic Technologies Inc.)
O8 - Extra context menu item: Summarize Using Copernic Summarizer - C:\Program Files\Copernic Summarizer\Web\SummarizePage.htm ()
O9 - Extra Button: Summarize - {0F2D17A0-E7DF-4847-995B-6F3ABF5BF187} - C:\Program Files\Copernic Summarizer\CopernicSummarizerApp.dll (Copernic Technologies Inc.)
O9 - Extra 'Tools' menuitem : Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: LiveSummarizer - {6170AB22-F1E5-4D4F-8F6C-826C73838581} - C:\Program Files\Copernic Summarizer\CopernicSummarizerApp.dll (Copernic Technologies Inc.)
O9 - Extra Button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Summarize Using Copernic Summarizer - {B533C4C2-3FE2-4728-8661-AC93DF5D35A2} - C:\Program Files\Copernic Summarizer\CopernicSummarizerApp.dll (Copernic Technologies Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O12 - Plugin for: .fpx - C:\Program Files\Internet Explorer\PLUGINS\NPRVRT32.dll (iSee Media, Inc.)
O12 - Plugin for: .ivr - C:\Program Files\Internet Explorer\PLUGINS\NPRVRT32.dll (iSee Media, Inc.)
O15 - HKLM\..Trusted Domains: pcrecruiter.com ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: pcrecruiter.net ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: pcrecruiter.net ([]https in Local intranet)
O15 - HKLM\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: pcrecruiter.com ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: pcrecruiter.net ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: pcrecruiter.net ([]https in Local intranet)
O15 - HKCU\..Trusted Domains: pcrecruiter.net ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook....ls/contactx.dll (ContactExtractor Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.otoy.com/.../CAB/OTOYAX.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (Reg Error: Key error.)
O16 - DPF: RaptisoftGameLoader http://www.miniclip....tgameloader.cab (Reg Error: Key error.)
O18 - Protocol\Handler\copernicagent {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\copernicagentcache {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks Basic\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINDOWS\system32\wzcdlg.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0d2c8f74-783e-11dd-8521-000e35cb5d5c}\Shell - "" = AutoRun
O33 - MountPoints2\{0d2c8f74-783e-11dd-8521-000e35cb5d5c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0d2c8f74-783e-11dd-8521-000e35cb5d5c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8e00e6d0-f8e3-11db-848c-000e35cb5d5c}\Shell - "" = AutoRun
O33 - MountPoints2\{8e00e6d0-f8e3-11db-848c-000e35cb5d5c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8e00e6d0-f8e3-11db-848c-000e35cb5d5c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[20 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/05/01 12:14:42 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/01 11:31:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tim Kahms\Application Data\Malwarebytes
[2009/05/01 11:31:19 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/01 11:31:19 | 00,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/01 11:31:15 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/01 11:31:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/01 11:31:10 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/01 11:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/01 11:25:55 | 00,000,648 | ---- | C] () -- C:\Documents and Settings\Tim Kahms\Desktop\NTREGOPT.lnk
[2009/05/01 11:25:55 | 00,000,629 | ---- | C] () -- C:\Documents and Settings\Tim Kahms\Desktop\ERUNT.lnk
[2009/05/01 11:25:51 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/30 09:46:01 | 00,000,268 | -H-- | C] () -- C:\sqmdata19.sqm
[2009/04/30 09:45:59 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt19.sqm
[2009/04/30 09:36:37 | 00,000,268 | -H-- | C] () -- C:\sqmdata18.sqm
[2009/04/30 09:36:37 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt18.sqm
[2009/04/30 09:28:21 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Tim Kahms\Desktop\setup-spybotsd162.exe
[2009/04/30 09:24:19 | 00,000,970 | ---- | C] () -- C:\Documents and Settings\Tim Kahms\Desktop\Spybot - Search & Destroy.lnk
[2009/04/29 11:36:30 | 00,000,268 | -H-- | C] () -- C:\sqmdata17.sqm
[2009/04/29 11:36:29 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt17.sqm
[2009/04/28 18:14:56 | 00,000,348 | ---- | C] () -- C:\WINDOWS\tasks\Defrag.job
[2009/04/28 18:13:35 | 00,000,346 | ---- | C] () -- C:\WINDOWS\tasks\QuickClean.job
[2009/04/28 14:02:28 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/04/27 21:40:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/04/27 21:40:23 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/04/27 21:39:29 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/04/27 21:38:08 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/04/27 21:38:08 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/04/27 21:38:08 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/04/27 21:38:07 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/04/27 21:38:07 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/04/27 21:38:07 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/04/27 21:38:07 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/04/27 21:38:06 | 00,000,000 | ---D | C] -- C:\b61e6e747208690dcd588cf222a10a
[2009/04/27 21:19:58 | 00,000,268 | -H-- | C] () -- C:\sqmdata16.sqm
[2009/04/27 21:19:57 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt16.sqm
[2009/04/27 21:04:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/04/27 20:51:52 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/04/27 20:50:23 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2009/04/27 20:34:55 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/04/27 18:43:35 | 00,000,268 | -H-- | C] () -- C:\sqmdata15.sqm
[2009/04/27 18:43:35 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt15.sqm
[2009/04/27 15:56:37 | 00,000,268 | -H-- | C] () -- C:\sqmdata14.sqm
[2009/04/27 15:56:37 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt14.sqm
[2009/04/27 15:38:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Chat Republic Games
[2009/04/26 12:51:06 | 00,057,207 | ---- | C] () -- C:\Documents and Settings\Tim Kahms\Desktop\Spiritual Gifts Analysis.htm
[2009/04/19 17:33:19 | 00,000,268 | -H-- | C] () -- C:\sqmdata13.sqm
[2009/04/19 17:33:19 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt13.sqm
[2009/04/17 14:11:39 | 00,000,842 | ---- | C] () -- C:\Documents and Settings\Tim Kahms\Desktop\CrossFire.lnk
[2009/04/17 13:54:03 | 35,001,0771 | ---- | C] (Subagames.com ) -- C:\Documents and Settings\Tim Kahms\Desktop\CrossFire_Setup_v1011.exe
[2009/04/17 10:41:48 | 00,000,268 | -H-- | C] () -- C:\sqmdata12.sqm
[2009/04/17 10:41:48 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt12.sqm
[2009/04/16 20:42:38 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/16 20:42:37 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/16 20:42:37 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/16 20:42:36 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/16 20:42:36 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/16 20:42:35 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/16 20:42:35 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/16 20:42:35 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/16 20:42:34 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/16 20:38:16 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/16 20:38:15 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/16 20:38:15 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/16 15:57:03 | 00,000,268 | -H-- | C] () -- C:\sqmdata11.sqm
[2009/04/16 15:57:02 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt11.sqm
[2009/04/16 11:14:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tim Kahms\My Documents\CFSystem
[2009/04/16 10:36:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/04/16 10:36:14 | 00,000,204 | ---- | C] () -- C:\Plugins
[2009/04/16 10:36:00 | 00,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2009/04/15 16:38:16 | 00,000,268 | -H-- | C] () -- C:\sqmdata10.sqm
[2009/04/15 16:38:16 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt10.sqm
[2009/04/08 14:21:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tim Kahms\Desktop\New Folder
[2009/04/08 14:15:28 | 00,004,217 | ---- | C] () -- C:\Documents and Settings\Tim Kahms\Desktop\frank_macielak[1].pdf
[2009/04/04 09:50:13 | 00,000,268 | -H-- | C] () -- C:\sqmdata09.sqm
[2009/04/04 09:50:13 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt09.sqm
[2009/04/03 11:06:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tim Kahms\My Documents\Cross Fire
[2009/04/03 11:06:14 | 00,000,000 | ---D | C] -- C:\CFLog
[2009/04/03 11:05:25 | 02,849,844 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des
[2009/04/03 11:03:50 | 00,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npptNT2.sys
[2009/04/03 11:03:49 | 00,005,174 | ---- | C] () -- C:\WINDOWS\System32\nppt9x.vxd
[2009/04/03 11:03:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2009/04/03 10:00:47 | 00,000,000 | ---D | C] -- C:\Program Files\Subagames
[2009/04/02 09:35:36 | 00,204,457 | ---- | C] () -- C:\Documents and Settings\Tim Kahms\Desktop\Boyle Tax Docs.pdf
[2009/02/18 14:43:50 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\wdt2u.dll
[2009/02/18 14:43:50 | 00,079,480 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2009/02/18 14:43:50 | 00,050,808 | ---- | C] () -- C:\WINDOWS\System32\wbreaker.dll
[2009/02/18 14:43:48 | 00,034,424 | ---- | C] () -- C:\WINDOWS\System32\pcrrtxtc.dll
[2009/02/18 14:43:47 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\decode.dll
[2009/02/18 10:23:24 | 00,000,091 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/01/23 15:23:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/05/17 08:28:20 | 00,000,276 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/04/07 21:41:26 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/04/07 21:36:08 | 00,000,596 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008/02/26 20:31:28 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/02/26 20:29:54 | 00,000,044 | ---- | C] () -- C:\WINDOWS\EPSPR280.ini
[2007/02/19 12:47:27 | 00,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2007/01/12 16:14:42 | 00,000,080 | RHS- | C] () -- C:\WINDOWS\System32\234F3B8F40.dll
[2006/11/02 18:22:33 | 00,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[2006/09/07 09:38:45 | 00,000,176 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/19 18:50:00 | 00,284,672 | ---- | C] () -- C:\WINDOWS\System32\SovConvAux.Dll
[2006/03/08 09:41:45 | 00,000,592 | ---- | C] () -- C:\WINDOWS\System32\snetfil.dll
[2005/11/13 21:18:51 | 00,014,712 | ---- | C] () -- C:\WINDOWS\System32\tafil.dll
[2005/11/13 21:18:51 | 00,006,830 | ---- | C] () -- C:\WINDOWS\System32\swfil.dll
[2005/11/13 21:18:51 | 00,006,050 | ---- | C] () -- C:\WINDOWS\System32\wrestfil.dll
[2005/11/13 21:18:51 | 00,002,246 | ---- | C] () -- C:\WINDOWS\System32\wzfil.dll
[2005/11/13 21:18:51 | 00,001,554 | ---- | C] () -- C:\WINDOWS\System32\tapfil.dll
[2005/11/13 21:18:50 | 00,022,618 | ---- | C] () -- C:\WINDOWS\System32\perfil.dll
[2005/11/13 21:18:50 | 00,017,488 | ---- | C] () -- C:\WINDOWS\System32\nvgamfil.dll
[2005/11/13 21:18:50 | 00,016,778 | ---- | C] () -- C:\WINDOWS\System32\popfil.dll
[2005/11/13 21:18:50 | 00,012,730 | ---- | C] () -- C:\WINDOWS\System32\psyfil.dll
[2005/11/13 21:18:50 | 00,012,266 | ---- | C] () -- C:\WINDOWS\System32\sporfil.dll
[2005/11/13 21:18:50 | 00,009,796 | ---- | C] () -- C:\WINDOWS\System32\gnfil.dll
[2005/11/13 21:18:50 | 00,009,634 | ---- | C] () -- C:\WINDOWS\System32\pkmon.dll
[2005/11/13 21:18:50 | 00,008,652 | ---- | C] () -- C:\WINDOWS\System32\jbfil.dll
[2005/11/13 21:18:50 | 00,007,778 | ---- | C] () -- C:\WINDOWS\System32\movfil.dll
[2005/11/13 21:18:50 | 00,000,724 | ---- | C] () -- C:\WINDOWS\System32\spmfil.dll
[2005/11/13 21:18:50 | 00,000,670 | ---- | C] () -- C:\WINDOWS\System32\mp3fil.dll
[2005/11/13 21:18:50 | 00,000,540 | ---- | C] () -- C:\WINDOWS\System32\srchfrgn.dll
[2005/11/13 21:18:50 | 00,000,194 | ---- | C] () -- C:\WINDOWS\System32\igefil.dll
[2005/11/13 21:18:50 | 00,000,116 | ---- | C] () -- C:\WINDOWS\System32\nfil.dll
[2005/11/13 21:18:50 | 00,000,034 | ---- | C] () -- C:\WINDOWS\System32\macfil.dll
[2005/11/13 21:18:50 | 00,000,018 | ---- | C] () -- C:\WINDOWS\System32\lastupdate.dll
[2005/11/13 21:18:49 | 00,013,146 | ---- | C] () -- C:\WINDOWS\System32\finfil.dll
[2005/11/13 21:18:49 | 00,012,422 | ---- | C] () -- C:\WINDOWS\System32\entfil.dll
[2005/11/13 21:18:49 | 00,011,338 | ---- | C] () -- C:\WINDOWS\System32\fmfil.dll
[2005/11/13 21:18:49 | 00,007,642 | ---- | C] () -- C:\WINDOWS\System32\auctfil.dll
[2005/11/13 21:18:49 | 00,001,816 | ---- | C] () -- C:\WINDOWS\System32\fshrfil.dll
[2005/11/13 21:18:49 | 00,001,790 | ---- | C] () -- C:\WINDOWS\System32\csnews.dll
[2005/11/13 21:18:49 | 00,000,400 | ---- | C] () -- C:\WINDOWS\System32\bsnlst.dll
[2005/11/13 21:18:49 | 00,000,100 | ---- | C] () -- C:\WINDOWS\System32\bnrfil.dll
[2005/11/06 21:14:37 | 00,082,276 | ---- | C] () -- C:\WINDOWS\System32\adwfil.dll
[2005/11/06 21:14:37 | 00,013,070 | ---- | C] () -- C:\WINDOWS\System32\gblfil.dll
[2005/11/06 21:14:37 | 00,010,906 | ---- | C] () -- C:\WINDOWS\System32\chtfil.dll
[2005/11/06 21:14:37 | 00,005,782 | ---- | C] () -- C:\WINDOWS\System32\vgamfil.dll
[2005/11/06 21:14:37 | 00,005,338 | ---- | C] () -- C:\WINDOWS\System32\wfileu.drv
[2005/11/06 21:14:37 | 00,005,180 | ---- | C] () -- C:\WINDOWS\System32\iawfil.dll
[2005/11/06 21:14:37 | 00,004,442 | ---- | C] () -- C:\WINDOWS\System32\hatfil.dll
[2005/11/06 21:14:37 | 00,004,162 | ---- | C] () -- C:\WINDOWS\System32\viofil.dll
[2005/11/06 21:14:37 | 00,003,444 | ---- | C] () -- C:\WINDOWS\System32\srchin.dll
[2005/11/06 21:14:37 | 00,002,902 | ---- | C] () -- C:\WINDOWS\System32\lgwfil.dll
[2005/11/06 21:14:37 | 00,001,830 | ---- | C] () -- C:\WINDOWS\System32\cultfil.dll
[2005/11/06 21:14:37 | 00,001,482 | ---- | C] () -- C:\WINDOWS\System32\gdwfil.dll
[2005/11/06 21:14:37 | 00,001,100 | ---- | C] () -- C:\WINDOWS\System32\imgfil.dll
[2005/11/06 21:14:37 | 00,000,400 | ---- | C] () -- C:\WINDOWS\bsnlst.dll
[2005/11/06 21:14:37 | 00,000,306 | ---- | C] () -- C:\WINDOWS\System32\picsfil.dll
[2005/11/06 21:14:37 | 00,000,258 | ---- | C] () -- C:\WINDOWS\System32\srchout.dll
[2005/08/16 14:17:59 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2005/06/09 22:13:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2005/05/10 23:47:23 | 00,002,699 | ---- | C] () -- C:\WINDOWS\DevMgr.ini
[2005/05/10 23:46:39 | 00,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2005/05/10 13:31:15 | 00,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2005/05/10 13:31:15 | 00,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2005/04/28 15:45:04 | 00,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2005/04/24 20:31:59 | 00,205,312 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2005/04/24 20:31:37 | 00,205,312 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2005/04/21 15:34:17 | 00,000,810 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2005/03/26 10:11:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2004/11/20 10:06:57 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/11/20 10:06:57 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/11/20 10:06:57 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/11/20 10:06:56 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/11/20 10:06:56 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/11/20 10:06:56 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/11/20 09:56:52 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/20 09:45:48 | 00,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/09/16 16:24:26 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/16 08:42:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 09:19:16 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 09:12:40 | 00,000,799 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 09:03:10 | 00,000,689 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/07 01:53:36 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 19:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/26 17:34:56 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\win2000.dll
[2001/07/07 03:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2001/04/01 02:00:00 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\carclw6s.DLL

========== Files - Modified Within 30 Days ==========

[20 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/05/01 12:35:01 | 00,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/05/01 12:29:31 | 00,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2B4786B6-8AC8-49B0-A271-421AC493FA1E}.job
[2009/05/01 12:06:06 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/01 12:05:58 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Tim Kahms\Local Settings\desktop.ini
[2009/05/01 12:04:47 | 00,032,036 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/05/01 12:04:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/01 12:03:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/01 12:03:53 | 10,386,02240 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/01 11:31:19 | 00,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/01 11:25:55 | 00,000,648 | ---- | M] () -- C:\Documents and Settings\Tim Kahms\Desktop\NTREGOPT.lnk
[2009/05/01 11:25:55 | 00,000,629 | ---- | M] () -- C:\Documents and Settings\Tim Kahms\Desktop\ERUNT.lnk
[2009/05/01 01:00:24 | 00,000,340 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/05/01 00:00:24 | 00,000,395 | ---- | M] () -- C:\WINDOWS\tasks\2 Copernic Daily ~LAPTOP Tim Kahms.job
[2009/04/30 09:46:01 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/04/30 09:45:59 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/04/30 09:36:37 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/04/30 09:36:37 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/04/30 09:36:08 | 00,000,970 | ---- | M] () -- C:\Documents and Settings\Tim Kahms\Desktop\Spybot - Search & Destroy.lnk
[2009/04/30 09:32:14 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Tim Kahms\Desktop\setup-spybotsd162.exe
[2009/04/29 11:36:30 | 00,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/04/29 11:36:29 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/04/28 18:15:50 | 00,000,348 | ---- | M] () -- C:\WINDOWS\tasks\Defrag.job
[2009/04/28 18:14:21 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\QuickClean.job
[2009/04/28 03:07:08 | 00,372,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/27 21:51:43 | 00,506,068 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/27 21:51:43 | 00,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/27 21:51:43 | 00,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/27 21:23:05 | 00,000,080 | -HS- | M] () -- C:\Documents and Settings\Tim Kahms\My Documents\desktop.ini
[2009/04/27 21:19:58 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/04/27 21:19:57 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/04/27 21:04:26 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/27 19:47:26 | 00,001,585 | ---- | M] () -- C:\Documents and Settings\Tim Kahms\Desktop\CCleaner.lnk
[2009/04/27 18:43:35 | 00,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/04/27 18:43:35 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/04/27 15:56:37 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/04/27 15:56:37 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/04/26 21:57:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/26 12:51:06 | 00,057,207 | ---- | M] () -- C:\Documents and Settings\Tim Kahms\Desktop\Spiritual Gifts Analysis.htm
[2009/04/19 17:33:19 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/04/19 17:33:19 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/04/17 14:11:39 | 00,000,842 | ---- | M] () -- C:\Documents and Settings\Tim Kahms\Desktop\CrossFire.lnk
[2009/04/17 14:04:55 | 35,001,0771 | ---- | M] (Subagames.com ) -- C:\Documents and Settings\Tim Kahms\Desktop\CrossFire_Setup_v1011.exe
[2009/04/17 10:41:48 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/04/17 10:41:48 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/04/17 03:04:15 | 00,000,689 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/16 15:57:03 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/04/16 15:57:02 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/04/16 10:36:06 | 00,000,204 | ---- | M] () -- C:\Plugins
[2009/04/15 16:38:16 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/04/15 16:38:16 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/04/15 01:23:33 | 00,000,348 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/04/08 14:15:28 | 00,004,217 | ---- | M] () -- C:\Documents and Settings\Tim Kahms\Desktop\frank_macielak[1].pdf
[2009/04/07 11:31:38 | 00,051,712 | ---- | M] () -- C:\Documents and Settings\Tim Kahms\My Documents\Tim Kahms Resume 2009.doc
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 10:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/04 09:50:13 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/04/04 09:50:13 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/04/02 09:35:36 | 00,204,457 | ---- | M] () -- C:\Documents and Settings\Tim Kahms\Desktop\Boyle Tax Docs.pdf
< End of report >

Attached Files

•  OTListIt.Txt   110.2KB   183 downloads

[Advertisements]

Extras.TXT log
System resources being used at 100%...suspect malware and iexplore.exe file taking 80%+
OTListIt log posted in separate post a few minutes ago....posting the rooter.txt next.


OTListIt Extras logfile created on: 5/1/2009 12:33:03 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.1 Folder = C:\Documents and Settings\Tim Kahms\Local Settings\Temporary Internet Files\Content.IE5\VTYWLYQO
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

990.42 Mb Total Physical Memory | 305.67 Mb Available Physical Memory | 30.86% Memory free
2.33 Gb Paging File | 1.74 Gb Available in Paging File | 74.45% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.95 Gb Total Space | 30.85 Gb Free Space | 33.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 149.05 Gb Total Space | 16.31 Gb Free Space | 10.94% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: LAPTOPKRG
Current User Name: Tim Kahms
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"56288:TCP" = 56288:TCP:*:Enabled:Pando Media Booster
"56288:UDP" = 56288:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application (Microsoft Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\WINDOWS\Cyb2k.exe:*:Enabled:CYBERsitter Control Panel File not found
C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET ()
C:\Program Files\Wireless Sync\Client\Monitor.exe:*:Enabled:Monitor File not found
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server File not found
C:\Program Files\WeType4u\Talk-N-Send\TalknSend.exe:*:Enabled:TalknSend MFC Application File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer (Microsoft Corporation)
C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player (Microsoft Corporation)
C:\Program Files\Reflexive Entertainment\Crimsonland\crimsonland.exe:*:Disabled:crimsonland File not found
C:\Program Files\Motorola\Software Update\msu.exe:*:Enabled:msu (Motorola)
D:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe File not found
D:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe File not found
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe ()
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe ( )
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires III (Ensemble Studios)
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent (McAfee, Inc.)
C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail File not found
C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail File not found
C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail File not found
C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application (Microsoft Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
C:\Program Files\Intuit\QuickBooks Basic\QBDBMgrN.exe:*:Enabled:QuickBooks 2009 Data Manager (Intuit, Inc.)
C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{138BD312-3557-40F8-BC5E-6DFF00A6880D}" = BPDSoftware_Ini
"{17E81C48-407E-499f-A105-1B49ACDB9BA4}" = ProductContext
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D429DD1-6912-4E67-9CE5-0F70F2AE5D4A}" = Motorola Software Update
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{37E31FCE-A048-4D8C-B167-31891BCF6585}" = muvee autoProducer 3.5 - SE
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4AE80E7B-6633-4046-9C15-D3B281C4F73D}" = BPDSoftware
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5BFE01FF-189F-4b75-8FA8-9B7CD7F9C529}" = L7500
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6DE9751D-3FFE-400E-8761-26A92DB734DE}" = BPD_HPSU
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7729A02E-D1AD-4830-8FC5-11853500D90D}" = HP Officejet Pro All-In-One Series
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{814172D1-FCD5-4FC0-B421-AA00541D186F}" = muvee autoProducer 4.1
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8C045626-4496-4238-B3B8-394CC6D46427}" = 7500_7600_7700_Help
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90170409-6000-11D3-8CFE-0050048383C9}" = Microsoft FrontPage 2002
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}" = Apple Software Update
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C569D686-A444-4AF0-A437-15CBB2816E34}" = TIxx21/x515
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = BPDfax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.00 C2
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D48AD533-BAD5-469B-A9AA-272C6D80E70B}" = MPM
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"3DGroove" = OTOY
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AOE Trial" = Microsoft Age of Empires Trial
"AXIS Media Control SDK_is1" = AXIS Media Control SDK 4.13
"Canon Camera WIA Driver IXY 200a, PowerShot S200, IXUS v2" = Canon IXY 200a, PowerShot S200, IXUS v2 WIA Driver
"Canon PhotoStitch 3.1" = Canon Utilities PhotoStitch 3.1
"Canon Utilities RAW Image Converter2" = Canon Utilities RAW Image Converter2
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_3080103C" = SoftV90 Data Fax Modem with SmartCP
"Conexant PCI Audio" = Conexant AC-Link Audio
"Copernic Agent Professional" = Copernic Agent Professional
"Copernic Summarizer" = Copernic Summarizer
"Cross Fire_is1" = Cross Fire En
"CutePDF Writer Installation" = CutePDF Writer 2.6
"DynaMetric Call Saver Pro™" = DynaMetric Call Saver Pro™
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 1.99.1
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"hp officejet d series 1115783240" = hp officejet d series
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"Hy-Tek's MEET MANAGER 2.0 for Swimming" = Hy-Tek's MEET MANAGER 2.0 for Swimming
"Hy-Tek's TEAM MANAGER 4.0" = Hy-Tek's TEAM MANAGER 4.0
"Hy-Tek's TEAM MANAGER II and Workout Manager" = Hy-Tek's TEAM MANAGER II and Workout Manager
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Indiana Free Worksheet Reader" = Professional Software Corporation Indiana Free Worksheet Reader 2006 A
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{C569D686-A444-4AF0-A437-15CBB2816E34}" = Texas Instruments PCIxx21/x515 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pdf Painter_is1" = Pdf Painter 2.4
"PhotoRecord" = Canon PhotoRecord
"Photovista Panorama 2.02" = Photovista Panorama 2.02
"Picasa2" = Picasa 2
"QuickBooks 2000" = QuickBooks 2000
"RemoteCapture" = Canon Utilities RemoteCapture 2.4
"Return to Castle Wolfenstein" = Return to Castle Wolfenstein
"Silent Package Run-Time Sample" = EPSON R280 User's Guide
"ST6UNST #1" = cBizOne
"ST6UNST #2" = cBizOne (C:\Program Files\cBiz\)
"Starcraft" = Starcraft
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UnityWebPlayer" = Unity Web Player
"V3815 User's Manual" = V3815 User's Manual
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Palm® Support Center
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"WorldMate® Professional" = WorldMate® Professional
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"zCBSetup" = zCBSetup
"ZoomBrowserEXDeInstall" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting/GoToWebinar 3.0.0.190

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/28/2009 6:54:44 PM | Computer Name = LAPTOPKRG | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2704 (0xa90) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.349
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\Tim
Kahms\Desktop\CrossFire_Setup_v1011.exe by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0)

7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 4/29/2009 10:57:41 AM | Computer Name = LAPTOPKRG | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6850.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/29/2009 11:43:31 AM | Computer Name = LAPTOPKRG | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2720 (0xaa0) Thread address : 0x1226EFB3 Thread message : Build VSCORE.14.0.0.349
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\Program Files\Google\Google
Desktop Search\GoogleDesktopHyper.dll by C:\Program Files\Google\Google Desktop
Search\GoogleDesktop.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 4/30/2009 9:42:34 AM | Computer Name = LAPTOPKRG | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3196 (0xc7c) Thread address : 0x1226EFB3 Thread message : Build VSCORE.14.0.0.349
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\PROGRAM FILES\GOOGLE\GOOGLE
DESKTOP SEARCH\GOOGLEDESKTOPHYPER.DLL by **\MSNMSGR.EXE 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 5/1/2009 9:35:42 AM | Computer Name = LAPTOPKRG | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2800 (0xaf0) Thread address : 0x021AB46B Thread message : Build VSCORE.14.0.0.349
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\Tim
Kahms\Desktop\CrossFire_Setup_v1011.exe by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0)

7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 5/1/2009 11:57:11 AM | Computer Name = LAPTOPKRG | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 1040 (0x410) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.349
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\Tim
Kahms\Desktop\CrossFire_Setup_v1011.exe by C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 5/1/2009 12:30:28 PM | Computer Name = LAPTOPKRG | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2[1].exe, version 2.0.15.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/1/2009 12:30:59 PM | Computer Name = LAPTOPKRG | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2[1].exe, version 2.0.15.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/1/2009 12:31:09 PM | Computer Name = LAPTOPKRG | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2[1].exe, version 2.0.15.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/1/2009 12:31:14 PM | Computer Name = LAPTOPKRG | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2[1].exe, version 2.0.15.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/1/2009 8:02:44 AM | Computer Name = LAPTOPKRG | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/1/2009 8:02:44 AM | Computer Name = LAPTOPKRG | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/1/2009 8:02:44 AM | Computer Name = LAPTOPKRG | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/1/2009 8:02:44 AM | Computer Name = LAPTOPKRG | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/1/2009 8:02:44 AM | Computer Name = LAPTOPKRG | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/1/2009 8:02:44 AM | Computer Name = LAPTOPKRG | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/1/2009 8:02:50 AM | Computer Name = LAPTOPKRG | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/1/2009 9:35:50 AM | Computer Name = LAPTOPKRG | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 2 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 5/1/2009 11:57:16 AM | Computer Name = LAPTOPKRG | Source = Service Control Manager | ID = 7034
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 3 time(s).

Error - 5/1/2009 12:04:40 PM | Computer Name = LAPTOPKRG | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AliIde IntelIde ViaIde

[ Wireless Sync Events ]
Error - 9/2/2006 8:14:42 AM | Computer Name = LAPTOPKRG | Source = Wireless Sync | ID = 0
Description =

Error - 11/15/2006 11:23:49 AM | Computer Name = LAPTOPKRG | Source = Wireless Sync | ID = 0
Description =


< End of report >

Attached Files

•  Extras.Txt   54.62KB   273 downloads

[Tkahms]

Extras.TXT log
System resources being used at 100%...suspect malware and iexplore.exe file taking 80%+
OTListIt log posted in separate post a few minutes ago....posting the rooter.txt next.


OTListIt Extras logfile created on: 5/1/2009 12:33:03 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.1 Folder = C:\Documents and Settings\Tim Kahms\Local Settings\Temporary Internet Files\Content.IE5\VTYWLYQO
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

990.42 Mb Total Physical Memory | 305.67 Mb Available Physical Memory | 30.86% Memory free
2.33 Gb Paging File | 1.74 Gb Available in Paging File | 74.45% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.95 Gb Total Space | 30.85 Gb Free Space | 33.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 149.05 Gb Total Space | 16.31 Gb Free Space | 10.94% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: LAPTOPKRG
Current User Name: Tim Kahms
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"56288:TCP" = 56288:TCP:*:Enabled:Pando Media Booster
"56288:UDP" = 56288:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application (Microsoft Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\WINDOWS\Cyb2k.exe:*:Enabled:CYBERsitter Control Panel File not found
C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET ()
C:\Program Files\Wireless Sync\Client\Monitor.exe:*:Enabled:Monitor File not found
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server File not found
C:\Program Files\WeType4u\Talk-N-Send\TalknSend.exe:*:Enabled:TalknSend MFC Application File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer (Microsoft Corporation)
C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player (Microsoft Corporation)
C:\Program Files\Reflexive Entertainment\Crimsonland\crimsonland.exe:*:Disabled:crimsonland File not found
C:\Program Files\Motorola\Software Update\msu.exe:*:Enabled:msu (Motorola)
D:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe File not found
D:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe File not found
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe ()
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe ( )
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires III (Ensemble Studios)
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent (McAfee, Inc.)
C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail File not found
C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail File not found
C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail File not found
C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application (Microsoft Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
C:\Program Files\Intuit\QuickBooks Basic\QBDBMgrN.exe:*:Enabled:QuickBooks 2009 Data Manager (Intuit, Inc.)
C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{138BD312-3557-40F8-BC5E-6DFF00A6880D}" = BPDSoftware_Ini
"{17E81C48-407E-499f-A105-1B49ACDB9BA4}" = ProductContext
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D429DD1-6912-4E67-9CE5-0F70F2AE5D4A}" = Motorola Software Update
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{37E31FCE-A048-4D8C-B167-31891BCF6585}" = muvee autoProducer 3.5 - SE
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4AE80E7B-6633-4046-9C15-D3B281C4F73D}" = BPDSoftware
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5BFE01FF-189F-4b75-8FA8-9B7CD7F9C529}" = L7500
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6DE9751D-3FFE-400E-8761-26A92DB734DE}" = BPD_HPSU
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7729A02E-D1AD-4830-8FC5-11853500D90D}" = HP Officejet Pro All-In-One Series
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{814172D1-FCD5-4FC0-B421-AA00541D186F}" = muvee autoProducer 4.1
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8C045626-4496-4238-B3B8-394CC6D46427}" = 7500_7600_7700_Help
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90170409-6000-11D3-8CFE-0050048383C9}" = Microsoft FrontPage 2002
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}" = Apple Software Update
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C569D686-A444-4AF0-A437-15CBB2816E34}" = TIxx21/x515
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = BPDfax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.00 C2
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D48AD533-BAD5-469B-A9AA-272C6D80E70B}" = MPM
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"3DGroove" = OTOY
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AOE Trial" = Microsoft Age of Empires Trial
"AXIS Media Control SDK_is1" = AXIS Media Control SDK 4.13
"Canon Camera WIA Driver IXY 200a, PowerShot S200, IXUS v2" = Canon IXY 200a, PowerShot S200, IXUS v2 WIA Driver
"Canon PhotoStitch 3.1" = Canon Utilities PhotoStitch 3.1
"Canon Utilities RAW Image Converter2" = Canon Utilities RAW Image Converter2
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_3080103C" = SoftV90 Data Fax Modem with SmartCP
"Conexant PCI Audio" = Conexant AC-Link Audio
"Copernic Agent Professional" = Copernic Agent Professional
"Copernic Summarizer" = Copernic Summarizer
"Cross Fire_is1" = Cross Fire En
"CutePDF Writer Installation" = CutePDF Writer 2.6
"DynaMetric Call Saver Pro™" = DynaMetric Call Saver Pro™
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 1.99.1
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"hp officejet d series 1115783240" = hp officejet d series
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"Hy-Tek's MEET MANAGER 2.0 for Swimming" = Hy-Tek's MEET MANAGER 2.0 for Swimming
"Hy-Tek's TEAM MANAGER 4.0" = Hy-Tek's TEAM MANAGER 4.0
"Hy-Tek's TEAM MANAGER II and Workout Manager" = Hy-Tek's TEAM MANAGER II and Workout Manager
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Indiana Free Worksheet Reader" = Professional Software Corporation Indiana Free Worksheet Reader 2006 A
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{C569D686-A444-4AF0-A437-15CBB2816E34}" = Texas Instruments PCIxx21/x515 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pdf Painter_is1" = Pdf Painter 2.4
"PhotoRecord" = Canon PhotoRecord
"Photovista Panorama 2.02" = Photovista Panorama 2.02
"Picasa2" = Picasa 2
"QuickBooks 2000" = QuickBooks 2000
"RemoteCapture" = Canon Utilities RemoteCapture 2.4
"Return to Castle Wolfenstein" = Return to Castle Wolfenstein
"Silent Package Run-Time Sample" = EPSON R280 User's Guide
"ST6UNST #1" = cBizOne
"ST6UNST #2" = cBizOne (C:\Program Files\cBiz\)
"Starcraft" = Starcraft
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UnityWebPlayer" = Unity Web Player
"V3815 User's Manual" = V3815 User's Manual
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Palm® Support Center
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"WorldMate® Professional" = WorldMate® Professional
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"zCBSetup" = zCBSetup
"ZoomBrowserEXDeInstall" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting/GoToWebinar 3.0.0.190

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/28/2009 6:54:44 PM | Computer Name = LAPTOPKRG | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2704 (0xa90) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.349
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\Tim
Kahms\Desktop\CrossFire_Setup_v1011.exe by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0)

7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 4/29/2009 10:57:41 AM | Computer Name = LAPTOPKRG | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.6850.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/29/2009 11:43:31 AM | Computer Name = LAPTOPKRG | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2720 (0xaa0) Thread address : 0x1226EFB3 Thread message : Build VSCORE.14.0.0.349
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\Program Files\Google\Google
Desktop Search\GoogleDesktopHyper.dll by C:\Program Files\Google\Google Desktop
Search\GoogleDesktop.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

Error - 4/30/2009 9:42:34 AM | Computer Name = LAPTOPKRG | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3196 (0xc7c) Thread address : 0x1226EFB3 Thread message : Build VSCORE.14.0.0.349
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\PROGRAM FILES\GOOGLE\GOOGLE
DESKTOP SEARCH\GOOGLEDESKTOPHYPER.DLL by **\MSNMSGR.EXE 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 5/1/2009 9:35:42 AM | Computer Name = LAPTOPKRG | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2800 (0xaf0) Thread address : 0x021AB46B Thread message : Build VSCORE.14.0.0.349
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\Tim
Kahms\Desktop\CrossFire_Setup_v1011.exe by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0)

7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 5/1/2009 11:57:11 AM | Computer Name = LAPTOPKRG | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 1040 (0x410) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.349
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\Tim
Kahms\Desktop\CrossFire_Setup_v1011.exe by C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 5/1/2009 12:30:28 PM | Computer Name = LAPTOPKRG | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2[1].exe, version 2.0.15.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/1/2009 12:30:59 PM | Computer Name = LAPTOPKRG | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2[1].exe, version 2.0.15.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/1/2009 12:31:09 PM | Computer Name = LAPTOPKRG | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2[1].exe, version 2.0.15.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/1/2009 12:31:14 PM | Computer Name = LAPTOPKRG | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2[1].exe, version 2.0.15.1, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/1/2009 8:02:44 AM | Computer Name = LAPTOPKRG | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/1/2009 8:02:44 AM | Computer Name = LAPTOPKRG | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/1/2009 8:02:44 AM | Computer Name = LAPTOPKRG | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/1/2009 8:02:44 AM | Computer Name = LAPTOPKRG | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/1/2009 8:02:44 AM | Computer Name = LAPTOPKRG | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/1/2009 8:02:44 AM | Computer Name = LAPTOPKRG | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/1/2009 8:02:50 AM | Computer Name = LAPTOPKRG | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 5/1/2009 9:35:50 AM | Computer Name = LAPTOPKRG | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 2 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 5/1/2009 11:57:16 AM | Computer Name = LAPTOPKRG | Source = Service Control Manager | ID = 7034
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 3 time(s).

Error - 5/1/2009 12:04:40 PM | Computer Name = LAPTOPKRG | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AliIde IntelIde ViaIde

[ Wireless Sync Events ]
Error - 9/2/2006 8:14:42 AM | Computer Name = LAPTOPKRG | Source = Wireless Sync | ID = 0
Description =

Error - 11/15/2006 11:23:49 AM | Computer Name = LAPTOPKRG | Source = Wireless Sync | ID = 0
Description =


< End of report >

Attached Files

•  Extras.Txt   54.62KB   273 downloads

[Tkahms]

Rooter log...OTListIt2 log and Extras log posted previously.
System resources being used up...suspect iexplore.exe using 60-80% of resources.

Microsoft Windows XP Professional (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:95181 Mo/Free:2918 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [Removable] (Total:0 Mo/Free:0 Mo)
H:\ [Fixed] - NTFS - (Total:152624 Mo/Free:315 Mo)

Fri 05/01/2009|12:14

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\McAfee\MBK\MBackMonitor.exe
---------- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
---------- c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
---------- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
---------- C:\Program Files\McAfee\VirusScan\McShield.exe
---------- C:\Program Files\McAfee\MPF\MPFSrv.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
---------- C:\Program Files\Windows Media Player\WMPNetwk.exe
---------- C:\WINDOWS\System32\alg.exe
---------- c:\PROGRA~1\mcafee.com\agent\mcagent.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
---------- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
---------- C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
---------- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
---------- C:\WINDOWS\system32\igfxtray.exe
---------- C:\WINDOWS\system32\hkcmd.exe
---------- C:\WINDOWS\system32\igfxpers.exe
---------- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
---------- C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
---------- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
---------- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
---------- C:\Program Files\MSN Messenger\MsnMsgr.Exe
---------- C:\Program Files\Windows Media Player\WMPNSCFG.exe
---------- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
---------- C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
---------- C:\Program Files\Intuit\QuickBooks\Components\QBAgent\QBDAgent.exe
---------- C:\PROGRA~1\MI3AA1~1\rapimgr.exe
---------- C:\WINDOWS\system32\mrtMngr.EXE
---------- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
---------- C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
---------- C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
---------- C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\WINDOWS\system32\taskmgr.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Fri 05/01/2009|12:18

----------------------\\ Scan completed at 12:18

Attached Files

•  Rooter.txt   3.99KB   172 downloads