Okay, I posted the file to the spykiller forum, then downloaded RSIT and ran it. Here are the log files:
info.txt logfile of random's system information tool 2008-09-06 18:56:17
Uninstall list
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC067AB0-2594-4A7E-A1DE-ADEB7D15EB4B}\setup.exe" -l0x9
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Adobe Acrobat 6.0 Standard-->MsiExec.exe /I{AC76BA86-1033-0000-BA7E-000000000001}
Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Aloha Solitaire-->C:\PROGRA~1\YAHOO!~1\ALOHAS~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!~1\ALOHAS~1\INSTALL.LOG
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
ArcSoft Multimedia Email-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD54CF66-090B-43E7-97C1-110EF526474D}\SETUP.EXE" -l0x9 -uninst
ArcSoft PhotoImpression 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC888095-A35E-4993-A9E0-366BF6F0CCE0}\SETUP.EXE" -l0x9
Aveyond 2 (remove only)-->"C:\Program Files\Yahoo! Games\Aveyond 2\Uninstall.exe"
Belle's Beauty Boutique (remove only)-->"C:\Program Files\Yahoo! Games\Belle's Beauty Boutique\Uninstall.exe"
Build in Time (remove only)-->"C:\Program Files\Yahoo! Games\Build in Time\Uninstall.exe"
Build-a-lot (remove only)-->"C:\Program Files\Yahoo! Games\Build-a-lot\Uninstall.exe"
Build-a-lot 2 - Town of the Year (remove only)-->"C:\Program Files\Yahoo! Games\Build-a-lot 2 - Town of the Year\Uninstall.exe"
Cake Mania (remove only)-->"C:\Program Files\Yahoo! Games\Cake Mania\Uninstall.exe"
Cake Mania 2-->"C:\Program Files\Cake Mania 2\Uninstall.exe"
Carrie the Caregiver (remove only)-->"C:\Program Files\Yahoo! Games\Carrie the Caregiver\Uninstall.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Ciao Bella (remove only)-->"C:\Program Files\Yahoo! Games\Ciao Bella\Uninstall.exe"
Clearview Software CSWEB-->C:\WINDOWS\IsUninst.exe -f\"C:\Program Files\Clearview Software\CSWEB\Uninst.isu\"
Costar 3.0k-->"c:\Costar32\unins000.exe"
Creative WebCam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x9 /remove
Creative WebCam Instant Driver (1.01.02.0729)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script PD0620.uns -unsext NT -plugin P0620Pin.dll -pluginres P0620Pin.crl
Creative WebCam Instant User's Guide (English)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam Instant\Creative WebCam Instant User's Guide\English\CTManual.isu"
Cute Knight (remove only)-->"C:\Program Files\Yahoo! Games\Cute Knight\Uninstall.exe"
Dairy Dash (remove only)-->"C:\Program Files\Yahoo! Games\Dairy Dash\Uninstall.exe"
Delicious 2 Deluxe-->C:\PROGRA~1\YAHOO!~1\DELICI~2\UNWISE.EXE /U C:\PROGRA~1\YAHOO!~1\DELICI~2\INSTALL.LOG
Delicious Deluxe-->C:\PROGRA~1\YAHOO!~1\DELICI~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!~1\DELICI~1\INSTALL.LOG
Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Diablo-->C:\WINDOWS\DiabUnin.exe C:\WINDOWS\DiabUnin.dat
Digital Media Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
Diner Dash - Flo on the Go (remove only)-->"C:\Program Files\Yahoo! Games\Diner Dash - Flo on the Go\Uninstall.exe"
Diner Dash (remove only)-->"C:\Program Files\Yahoo! Games\Diner Dash\Uninstall.exe"
Diner Dash 2 (remove only)-->"C:\Program Files\Yahoo! Games\Diner Dash 2\Uninstall.exe"
Direct Show Ogg Vorbis Filter (remove only)-->"C:\WINDOWS\system32\OggDSuninst.exe"
DivX ;-) Audio Compressor 4.02-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_DivX 132 C:\WINDOWS\INF\DivXAudioCompressor4.02.inf
DivX Codec 3.1alpha release-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_DivX 132 C:\WINDOWS\INF\DivX.inf
Dungeon Keeper-->C:\WINDOWS\uninst.exe -fC:\WINDOWS\SYSTEM\KEEPER\DeIsL1.isu
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Escape From Paradise (remove only)-->"C:\Program Files\Yahoo! Games\Escape From Paradise\Uninstall.exe"
Fairy Godmother Tycoon (remove only)-->"C:\Program Files\Yahoo! Games\Fairy Godmother Tycoon\Uninstall.exe"
Farm Frenzy (remove only)-->"C:\Program Files\Yahoo! Games\Farm Frenzy\Uninstall.exe"
Fashion Fits (remove only)-->"C:\Program Files\Yahoo! Games\Fashion Fits\Uninstall.exe"
FATE from Yahoo! (remove only)-->"C:\Program Files\Yahoo! Games\FATE\Uninstall.exe"
Flower Shop (remove only)-->"C:\Program Files\Yahoo! Games\Flower Shop\Uninstall.exe"
Flower Stand Tycoon (remove only)-->"C:\Program Files\Yahoo! Games\Flower Stand Tycoon\Uninstall.exe"
Get Yahoo! Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC067AB0-2594-4A7E-A1DE-ADEB7D15EB4B}\setup.exe" -l0x9 /remove
Gift Shop (remove only)-->"C:\Program Files\Yahoo! Games\Gift Shop\Uninstall.exe"
Go Go Gourmet - Chef of the Year (remove only)-->"C:\Program Files\Yahoo! Games\Go Go Gourmet - Chef of the Year\Uninstall.exe"
Go-Go Gourmet (remove only)-->"C:\Program Files\Yahoo! Games\Go-Go Gourmet\Uninstall.exe"
[bleep]'s Kitchen (remove only)-->"C:\Program Files\Yahoo! Games\[bleep]'s Kitchen\Uninstall.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Deskjet 6900 series-->C:\Program Files\HP\Digital Imaging\{7ADE9F27-A175-447F-A4B4-B05FA82735E1}\setup\hpzscr01.exe -datfile hpfscr09.dat
HP Imaging Device Functions 6.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.0-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Software Update-->MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
HP Solution Center and Imaging Support Tools 6.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Insaniquarium Deluxe 1.0-->C:\Program Files\Yahoo! Games\Insaniquarium Deluxe\PopUninstall.exe "C:\Program Files\Yahoo! Games\Insaniquarium Deluxe\Install.log"
Jane's Hotel (remove only)-->"C:\Program Files\Yahoo! Games\Jane's Hotel\Uninstall.exe"
Jane's Hotel Family Hero (remove only)-->"C:\Program Files\Yahoo! Games\Jane's Hotel Family Hero\Uninstall.exe"
Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
JEOPARDY! (remove only)-->"C:\Program Files\Yahoo! Games\JEOPARDY!\Uninstall.exe"
Kermit 95 2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{86AAEC2E-997D-46E5-98CD-7246496AB72F}\Setup.exe" -l0x9
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Luxor 2 (remove only)-->"C:\Program Files\Yahoo! Games\Luxor 2\Uninstall.exe"
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Money 2007-->"C:\Program Files\Microsoft Money 2007\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Money Shared Libraries-->MsiExec.exe /X{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}
Microsoft Office XP Professional-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Picture It! Photo Premium 9-->c:\WINDOWS\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903}
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mirror Magic Deluxe (remove only)-->"C:\Program Files\Yahoo! Games\Mirror Magic Deluxe\Uninstall.exe"
Miss Management (remove only)-->"C:\Program Files\Yahoo! Games\Miss Management\Uninstall.exe"
Mpeg Layer3 Codec FHG-Radium v1.263-->C:\WINDOWS\UNWISE.EXE C:\audio\L3CODE~1\INSTALL.LOG
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Multimedia Keyboard Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF262740-C85A-11D5-BBEC-00D0B740900A}\Setup.exe" -l0x9
Mystery Case Files Huntsville (remove only)-->"C:\Program Files\Yahoo! Games\Mystery Case Files Huntsville\Uninstall.exe"
Nero BurnRights-->C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Display Driver-->C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Drivers-->C:\WINDOWS\system32\nvuaudio.exe UninstallGUI
NVIDIA Ethernet Driver-->C:\WINDOWS\System32\nvuenet.exe Uninstall C:\WINDOWS\System32\Nvenet.nvu,NVIDIA Ethernet Driver
NVIDIA nForce Drivers-->C:\WINDOWS\System32\NVUninst.exe Uninstall C:\WINDOWS\System32\NVU001.nvu,NVIDIA nForce Drivers
OpenVPN 2.0.7-gui-1.0.3-->C:\Program Files\OpenVPN\Uninstall.exe
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Panda ActiveScan-->C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Paradise Pet Salon (remove only)-->"C:\Program Files\Yahoo! Games\Paradise Pet Salon\Uninstall.exe"
PDFPrint 2.0-->"c:\PDFPrint\unins000.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Profitville (remove only)-->"C:\Program Files\Yahoo! Games\Profitville\Uninstall.exe"
Puppy Luv a New Breed (remove only)-->"C:\Program Files\Yahoo! Games\Puppy Luv a New Breed\Uninstall.exe"
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
Ranch Rush (remove only)-->"C:\Program Files\Yahoo! Games\Ranch Rush\Uninstall.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Sally's Salon (remove only)-->"C:\Program Files\Yahoo! Games\Sally's Salon\Uninstall.exe"
Sally's Spa (remove only)-->"C:\Program Files\Yahoo! Games\Sally's Spa\Uninstall.exe"
Slingo Deluxe-->C:\PROGRA~1\YAHOO!~1\SLINGO~1\UNWISE.EXE C:\PROGRA~1\YAHOO!~1\SLINGO~1\INSTALL.LOG
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IPDRSLSM5K.inf
Spark 2.5.4-->C:\Program Files\Spark\uninstall.exe
TaxACT 2005-->C:\PROGRA~1\2NDSTO~1\TAXACT~1\Unta05.exe C:\PROGRA~1\2NDSTO~1\TAXACT~1\Install.log
TaxACT 2006-->C:\PROGRA~1\2NDSTO~1\TAXACT~2\Unta06.exe C:\PROGRA~1\2NDSTO~1\TAXACT~2\Install.log
The 80's Game (remove only)-->"C:\Program Files\Yahoo! Games\The 80's Game\Uninstall.exe"
The Lost Cases of Sherlock Holmes (remove only)-->"C:\Program Files\Yahoo! Games\The Lost Cases of Sherlock Holmes\Uninstall.exe"
The Princess Bride Game (remove only)-->C:\Program Files\Yahoo! Games\PrincessBride\Uninstall.exe {36DD7F44-24D9-480A-A777-C69D9FB3C5D3}
The Princess Bride Game-->MsiExec.exe /X{36DD7F44-24D9-480A-A777-C69D9FB3C5D3}
The Stone of Destiny (remove only)-->"C:\Program Files\Yahoo! Games\The Stone of Destiny\Uninstall.exe"
Trojan Remover 6.7.2-->"C:\Program Files\Trojan Remover\unins000.exe"
Turbo Pizza (remove only)-->"C:\Program Files\Yahoo! Games\Turbo Pizza\Uninstall.exe"
Turbo Subs (remove only)-->"C:\Program Files\Yahoo! Games\Turbo Subs\Uninstall.exe"
USB Driver Vers. 3.2-->C:\Program Files\USB Driver Vers. 3.2\uninstall.exe
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Virtual Villagers - The Secret City (remove only)-->"C:\Program Files\Yahoo! Games\Virtual Villagers - The Secret City\Uninstall.exe"
Virtual Villagers (remove only)-->"C:\Program Files\Yahoo! Games\Virtual Villagers\Uninstall.exe"
Wal-Mart Digital Photo Manager-->MsiExec.exe /X{E8E9A39C-6F70-4261-816F-2B2DE8F7BB13}
Wedding Dash (remove only)-->"C:\Program Files\Yahoo! Games\Wedding Dash\Uninstall.exe"
Wedding Dash 2 - Rings Around the World (remove only)-->"C:\Program Files\Yahoo! Games\Wedding Dash 2 - Rings Around the World\Uninstall.exe"
Westward (remove only)-->"C:\Program Files\Yahoo! Games\Westward\Uninstall.exe"
Westward II Heroes of the Frontier-->C:\PROGRA~1\PLAYFI~1\WESTWA~1\UNWISE.EXE C:\PROGRA~1\PLAYFI~1\WESTWA~1\INSTALL.LOG
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Media Connect-->msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Connect-->MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
XP / Linux Filesharing Fix-->"C:\WINDOWS\unins000.exe"
XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Hosts File
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
Security center information
AV: McAfee VirusScan
FW: McAfee Personal Firewall
Environment variables
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
-----------------EOF-----------------
Logfile of random's system information tool (written by random/random)
Run by Owner at 2008-09-06 18:55:46
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 136 GB (89%) free of 153 GB
Total RAM: 447 MB (32% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:56:12 PM, on 9/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Costar32\CSLServer.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\zHotkey.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PDFPRINT\PDFPRINTSERVICE.EXE
C:\PDFPrint\PDFPrint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Citrix\GoToMeeting\198\g2mcomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Citrix\GoToMeeting\198\g2mlauncher.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\internet explorer\iexplore.exe
c:\program files\common files\mozilla shared\firefox.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {C28F8BDB-CF8E-4091-8D67-8651D03E934B} - c:\windows\system32\tmwpkzn.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [PDFPrint Tray Helper] C:\PDFPrint\PDFPrint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe "/Trigger RunAtLogon"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) -
http://www.comcastsu...asp/tgctlsr.cabO16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) -
http://www.worldwinn...rabblecubes.cabO16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.t...all/xscan60.cabO16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=58813O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) -
http://www.worldwinn...am/skillgam.cabO16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) -
http://www.worldwinn...GamesLoader.cabO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.t...ivex/hcImpl.cabO16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoft...s/as2stubie.cabO16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) -
http://download.game...nx.1.0.0.55.cabO16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) -
http://www.worldwinn...gsaw/jigsaw.cabO16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) -
http://www.worldwinn...jattack/bja.cabO16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) -
http://www.worldwinn...d/bejeweled.cabO16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) -
http://www.worldwinn...x/blockwerx.cabO16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} (FreeCell Control) -
http://www.worldwinn...ll/freecell.cabO16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) -
http://www.worldwinn...be/wordcube.cabO16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) -
http://secure2.comne...login-devel.cabO16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) -
http://support.f-sec...m/ols/fscax.cabO16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) -
http://chat.yahoo.com/cab/yvwrctl.cabO16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcaf...368/mcfscan.cabO20 - Winlogon Notify: ulswvluw - C:\WINDOWS\SYSTEM32\tmwpkzn.dll
O23 - Service: Co*STAR License Server (CSLServer) - Clearview Software Intl., Inc. - c:\Costar32\CSLServer.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PDFPrint Listener Service (PDFPrint) - Unknown owner - C:\PDFPRINT\PDFPRINTSERVICE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 10211 bytes
Scheduled tasks folder
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
Registry dump
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-15 50376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C28F8BDB-CF8E-4091-8D67-8651D03E934B}]
c:\windows\system32\tmwpkzn.dll [2003-03-31 121344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
ID
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=C:\WINDOWS\system32\nwiz.exe [2004-03-03 782336]
"nForce Tray Options"=C:\WINDOWS\system32\sstray.exe [2003-09-02 73728]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2003-06-07 50688]
"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe [2008-08-21 914512]
"CHotkey"=C:\WINDOWS\zHotkey.exe [2004-05-17 543232]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-03-03 2904064]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"MBkLogOnHook"=C:\Program Files\McAfee\MBK\LogOnHook.exe [2007-01-08 20480]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-02-21 155648]
"WinVNC"=C:\Program Files\TightVNC\WinVNC.exe -servicehelper []
"PDFPrint Tray Helper"=C:\PDFPrint\PDFPrint.exe [2007-03-23 690176]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]
"GoToMeeting"=C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe [2007-12-12 31816]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ulswvluw]
C:\WINDOWS\system32\tmwpkzn.dll [2003-03-31 121344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-05-09 52224]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll schannel.dll digest.dll msnsspc.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Yahoo! Games\Insaniquarium Deluxe\InsaniquariumDeluxe.exe"="C:\Program Files\Yahoo! Games\Insaniquarium Deluxe\InsaniquariumDeluxe.exe:*:Disabled:Insaniquarium"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Yahoo! Games\Slingo Deluxe\Slingo.exe"="C:\Program Files\Yahoo! Games\Slingo Deluxe\Slingo.exe:*:Enabled:Slingo ®"
"C:\Program Files\Yahoo! Games\JEOPARDY!\JEOPARDY!.exe"="C:\Program Files\Yahoo! Games\JEOPARDY!\JEOPARDY!.exe:*:Enabled:JEOPARDY!"
"C:\WINDOWS\system32"="C:\WINDOWS\system32:*:Enabled:lockx"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\BearShare\BearShare.exe"="C:\Program Files\BearShare\BearShare.exe:*:Enabled:BearShare"
"c:\PDFPrint\PDFPrintService.exe"="c:\PDFPrint\PDFPrintService.exe:*:Enabled:PDFPrint Listner Service"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
File associations
.scr - open - "%1" %*
List of files/folders created in the last three months
2008-09-06 18:55:46 ----D---- C:\rsit
2008-09-05 23:25:58 ----D---- C:\Program Files\ERUNT
2008-09-05 13:33:44 ----D---- C:\Documents and Settings\Owner\Application Data\ITTNord
2008-09-05 08:58:46 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-09-04 22:32:16 ----D---- C:\Documents and Settings\Owner\Application Data\iolo
2008-09-04 22:32:16 ----D---- C:\Documents and Settings\All Users\Application Data\iolo
2008-09-04 18:00:49 ----D---- C:\WINDOWS\pss
2008-09-01 19:43:57 ----A---- C:\WINDOWS\msoffice.ini
2008-09-01 19:10:27 ----A---- C:\WINDOWS\system32\tmp.txt
2008-09-01 19:10:14 ----A---- C:\rapport.txt
2008-09-01 19:08:18 ----D---- C:\Documents and Settings\Owner\Application Data\ptunzybl
2008-09-01 18:12:58 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-09-01 18:12:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-01 18:12:49 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-01 15:45:10 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-01 15:44:39 ----D---- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-09-01 15:04:03 ----A---- C:\rundll32.txt
2008-08-31 18:32:57 ----D---- C:\Documents and Settings\Owner\Application Data\McAfee
2008-08-23 16:52:42 ----D---- C:\Documents and Settings\Owner\Application Data\Go-Go Gourmet Chef of the Year
2008-08-23 09:47:33 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt
2008-08-23 09:32:39 ----A---- C:\WINDOWS\system32\dunzip32.dll
2008-08-23 09:27:57 ----D---- C:\Program Files\McAfee.com
2008-08-23 09:27:31 ----D---- C:\Program Files\Common Files\McAfee
2008-08-23 09:27:05 ----D---- C:\Program Files\McAfee
2008-08-23 09:19:11 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-23 07:51:04 ----D---- C:\WINDOWS\McAfee.com
2008-08-21 09:32:15 ----A---- C:\WINDOWS\COSTAR.TMP
2008-08-21 06:50:58 ----D---- C:\WINDOWS\Prefetch
2008-08-20 20:45:15 ----D---- C:\WINDOWS\system32\en-us
2008-08-20 20:45:14 ----D---- C:\WINDOWS\system32\scripting
2008-08-20 20:45:12 ----D---- C:\WINDOWS\l2schemas
2008-08-20 20:45:11 ----D---- C:\WINDOWS\system32\en
2008-08-20 20:38:39 ----D---- C:\WINDOWS\network diagnostic
2008-08-20 19:27:23 ----D---- C:\98ef2acd623800fc40
2008-08-20 13:45:13 ----A---- C:\C28F8BDB-CF8E-4091-8D67-8651D03E934B.txt
2008-08-19 00:05:24 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-08-19 00:05:20 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-08-19 00:05:19 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-08-19 00:05:17 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-19 00:05:17 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-08-19 00:05:10 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-08-19 00:05:10 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-08-19 00:04:58 ----N---- C:\WINDOWS\system32\setupn.exe
2008-08-19 00:04:55 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-08-19 00:04:54 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-08-19 00:04:52 ----N---- C:\WINDOWS\system32\qutil.dll
2008-08-19 00:04:51 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-08-19 00:04:51 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-08-19 00:04:51 ----N---- C:\WINDOWS\system32\qagent.dll
2008-08-19 00:04:50 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-19 00:04:47 ----N---- C:\WINDOWS\system32\onex.dll
2008-08-19 00:04:38 ----N---- C:\WINDOWS\system32\napstat.exe
2008-08-19 00:04:38 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-08-19 00:04:38 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-08-19 00:04:37 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-08-19 00:04:36 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-08-19 00:04:34 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-08-19 00:04:34 ----N---- C:\WINDOWS\system32\mssha.dll
2008-08-19 00:04:20 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-08-19 00:04:20 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-19 00:04:20 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-08-19 00:04:19 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-19 00:04:09 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-08-19 00:04:08 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-08-19 00:04:08 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-08-19 00:04:08 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-08-19 00:04:07 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-08-19 00:04:07 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-08-19 00:03:49 ----A---- C:\WINDOWS\005432_.tmp
2008-08-19 00:03:48 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-08-19 00:03:48 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-08-19 00:03:48 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-08-19 00:03:48 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-08-19 00:03:48 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-08-19 00:03:48 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-08-19 00:03:48 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-08-19 00:03:48 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-08-19 00:03:44 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-08-19 00:03:44 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-08-19 00:03:44 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-08-19 00:03:44 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-19 00:03:44 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-08-19 00:03:44 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-08-19 00:03:44 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-08-19 00:03:42 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-08-19 00:03:42 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-08-19 00:03:42 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-08-19 00:03:38 ----N---- C:\WINDOWS\system32\credssp.dll
2008-08-19 00:03:33 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-08-19 00:03:32 ----N---- C:\WINDOWS\system32\azroles.dll
2008-08-19 00:03:24 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-08-10 22:02:24 ----D---- C:\Program Files\Google
2008-08-05 18:50:58 ----D---- C:\Program Files\StorageSync
2008-08-05 18:50:54 ----D---- C:\StorageSync 1.41
2008-07-20 09:40:22 ----D---- C:\Documents and Settings\Owner\Application Data\Ludia
2008-07-20 09:40:22 ----D---- C:\Documents and Settings\All Users\Application Data\Ludia
2008-07-20 09:08:10 ----D---- C:\Documents and Settings\All Users\Application Data\PBGsavesDirectory
2008-07-20 09:06:43 ----D---- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
2008-07-18 19:39:54 ----D---- C:\Documents and Settings\All Users\Application Data\FreshGames
2008-06-21 18:21:56 ----D---- C:\Documents and Settings\Owner\Application Data\Aveyond II
2008-06-21 16:13:32 ----D---- C:\Documents and Settings\Owner\Application Data\Sandlot Games
2008-06-07 22:26:11 ----D---- C:\Documents and Settings\Owner\Application Data\Jane s Hotel Family Hero
List of drivers
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []
R2 CdaD10BA;CdaD10BA; \??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-03-17 1033600]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2005-03-17 221440]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-03-03 1893536]
R3 nvax;Service for NVIDIA® nForce Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-10-22 53376]
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2003-08-15 72771]
R3 nvnforce;Service for NVIDIA® nForce Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-10-22 413824]
R3 tap0801;TAP-Win32 Adapter V8; C:\WINDOWS\system32\DRIVERS\tap0801.sys [2004-06-24 23552]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2005-03-17 705280]
S1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys []
S1 ip6fww;ip6fww; C:\WINDOWS\system32\drivers\ip6fww.sys []
S2 SVKP;SVKP; C:\WINDOWS\system32\drivers\SVKP.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FINEPIX_PCC;FinePix Digital Camera 020717; C:\WINDOWS\System32\Drivers\V4CB011D.SYS [2002-05-07 81700]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
S3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-11-13 1042816]
S3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-04 606684]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera; C:\WINDOWS\system32\drivers\MR97310_VGA_DUAL_CAMERA.sys []
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PD0620VID;Creative WebCam Instant; C:\WINDOWS\system32\DRIVERS\P0620Vid.sys [2004-07-29 91577]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
S3 SunkFilt39;Alcor Micro Corp - 3239; \??\C:\WINDOWS\System32\Drivers\sunkfilt39.sys []
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; C:\WINDOWS\system32\drivers\Sunkfiltp.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WlanUIB;NETGEAR 802.11b USB Driver; C:\WINDOWS\system32\DRIVERS\MA111nd5.sys [2004-03-03 666624]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-04-11 82944]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-04-11 87808]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
List of services
R2 CSLServer;Co*STAR License Server; c:\Costar32\CSLServer.exe [2001-05-14 53248]
R2 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2007-01-16 71208]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF