Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

"AntiSpyCheck" website keeps popping up and will not close!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

"AntiSpyCheck" website keeps popping up and will not close!

Unread postby hukull » August 17th, 2008, 4:29 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:26:15 PM, on 8/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ubpr01.exe
C:\Program Files\ASpyC\ASpyC.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\rikmdxit.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dlcccoms.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: (no name) - {300CF5C9-F02D-4CB8-ABED-9C229DA56825} - C:\Program Files\Applications\iebt.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: SpyWarningBHO Class - {F58FF278-2198-403b-9170-C95022A194C6} - C:\Program Files\ASpyC\SpyWarning.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Internet Service - {254B87BB-510D-41FA-A887-52C5FA9BE585} - C:\Program Files\Applications\iebr.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [ASpyC] "C:\Program Files\ASpyC\ASpyC.exe"
O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\ubpr01.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iexplorerfiles.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iexplorerfiles.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/B ... ofupld.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: vtututs - vtututs.dll (file missing)
O22 - SharedTaskScheduler: bebization - {97d2dfac-9acb-4d6f-ac2b-ab6ee090f649} - C:\WINDOWS\system32\ouhzw.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\rikmdxit.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

--
End of file - 12015 bytes
hukull
Active Member
 
Posts: 9
Joined: August 17th, 2008, 4:24 pm
Advertisement
Register to Remove

Re: "AntiSpyCheck" website keeps popping up and will not close!

Unread postby Shaba » August 19th, 2008, 2:37 am

Hi hukull

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

IMPORTANT: Do NOT run any other options until you are asked to do so!

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: "AntiSpyCheck" website keeps popping up and will not close!

Unread postby hukull » August 20th, 2008, 9:02 pm

Hey thanks for replying here are the log results from that scan (SmitFraudFix). I posted hijackthis log up above:




SmitFraudFix v2.338

Scan done at 21:04:12.65, Wed 08/20/2008
Run from C:\Documents and Settings\Sally\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ubpr01.exe
C:\Program Files\ASpyC\ASpyC.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\rikmdxit.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dlcccoms.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ubpr01.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sally


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sally\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Antivirus Scan.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Spyware Test.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Sally\FAVORI~1

C:\DOCUME~1\Sally\FAVORI~1\Antivirus Scan.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Applications\ FOUND !
C:\Program Files\ASpyC\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{97d2dfac-9acb-4d6f-ac2b-ab6ee090f649}"="bebization"

[HKEY_CLASSES_ROOT\CLSID\{97d2dfac-9acb-4d6f-ac2b-ab6ee090f649}\InProcServer32]
@="C:\WINDOWS\system32\ouhzw.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{97d2dfac-9acb-4d6f-ac2b-ab6ee090f649}\InProcServer32]
@="C:\WINDOWS\system32\ouhzw.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 68.87.73.242
DNS Server Search Order: 68.87.71.226
DNS Server Search Order: 68.87.64.196

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7B70340E-2436-4AD3-97F3-01D01960CD5A}: DhcpNameServer=68.87.73.242 68.87.71.226 68.87.64.196
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7B70340E-2436-4AD3-97F3-01D01960CD5A}: DhcpNameServer=68.87.73.242 68.87.71.226 68.87.64.196
HKLM\SYSTEM\CS3\Services\Tcpip\..\{7B70340E-2436-4AD3-97F3-01D01960CD5A}: DhcpNameServer=68.87.73.242 68.87.71.226 68.87.64.196
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.73.242 68.87.71.226 68.87.64.196
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.73.242 68.87.71.226 68.87.64.196
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.73.242 68.87.71.226 68.87.64.196


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
hukull
Active Member
 
Posts: 9
Joined: August 17th, 2008, 4:24 pm

Re: "AntiSpyCheck" website keeps popping up and will not close!

Unread postby Shaba » August 21st, 2008, 12:28 am

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
______________________________

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________

Double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________

Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Clean out your Temporary Internet files. Proceed like this:

Quit Internet Explorer, all browsers and quit any instances of Windows Explorer.

For Internet Explorer 7
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete... under Browsing History.
  • Next to Temporary Internet Files, click Delete files, and then click OK.
  • Next to Cookies, click Delete cookies, and then click OK.
  • Next to History, click Delete history, and then click OK.
  • Click the Close button.
  • Click OK.
For Internet Explorer 4.x - 6.x
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box, and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
For Netscape 4.x and Up
  • Click Edit from the Netscape menubar.
  • Click Preferences... from the Edit menu.
  • Expand the Advanced menu by clicking the triangle sign.
  • Click Cache.
  • Click both the Clear Memory Cache and the Clear Disk Cache buttons.
For Mozilla 1.x and Up
  • Click Edit from the Mozilla menubar.
  • Click Preferences... from the Edit menu.
  • Expand the Advanced menu by clicking the plus sign.
  • Click Cache.
  • Click the Clear Cache button.
For Opera
  • Click File from the Opera menubar.
  • Click Preferences... from the File menu.
  • Click the History and Cache menu.
  • Click the two Clear buttons next to Typed in addresses and Visited addresses (history) and click the Empty now button to clear the Disk cache.
  • Click Ok to close the Preferences menu.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

  • Open SUPERAntiSpyware.
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
______________________________

Please post:
  1. c:\rapport.txt
  2. SUPERAntiSpyware log
  3. A new HijackThis log
You may need several replies to post the requested logs, otherwise they might get cut off.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: "AntiSpyCheck" website keeps popping up and will not close!

Unread postby hukull » August 25th, 2008, 7:48 pm

Here are the three logs:

1: rapport.txt

SmitFraudFix v2.338

Scan done at 21:29:54.79, Sun 08/24/2008
Run from C:\Documents and Settings\Sally\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{97d2dfac-9acb-4d6f-ac2b-ab6ee090f649}"="bebization"

[HKEY_CLASSES_ROOT\CLSID\{97d2dfac-9acb-4d6f-ac2b-ab6ee090f649}\InProcServer32]
@="C:\WINDOWS\system32\ouhzw.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{97d2dfac-9acb-4d6f-ac2b-ab6ee090f649}\InProcServer32]
@="C:\WINDOWS\system32\ouhzw.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\ouhzw.dll -> Hoax.Win32.Renos.gen.p
C:\WINDOWS\system32\ouhzw.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ubpr01.exe Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Antivirus Scan.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Spyware Test.url Deleted
C:\DOCUME~1\Sally\FAVORI~1\Antivirus Scan.url Deleted
C:\Program Files\Applications\ Deleted
C:\Program Files\ASpyC\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7B70340E-2436-4AD3-97F3-01D01960CD5A}: DhcpNameServer=68.87.73.242 68.87.71.226 68.87.64.196
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7B70340E-2436-4AD3-97F3-01D01960CD5A}: DhcpNameServer=68.87.73.242 68.87.71.226 68.87.64.196
HKLM\SYSTEM\CS3\Services\Tcpip\..\{7B70340E-2436-4AD3-97F3-01D01960CD5A}: DhcpNameServer=68.87.73.242 68.87.71.226 68.87.64.196
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.73.242 68.87.71.226 68.87.64.196
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.73.242 68.87.71.226 68.87.64.196
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.73.242 68.87.71.226 68.87.64.196


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

2. SUPER AntiSpyware log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/24/2008 at 11:29 PM

Application Version : 4.20.1046

Core Rules Database Version : 3545
Trace Rules Database Version: 1534

Scan type : Complete Scan
Total Scan Time : 01:49:45

Memory items scanned : 221
Memory threats detected : 0
Registry items scanned : 5556
Registry threats detected : 19
File items scanned : 79616
File threats detected : 323

Trojan.FakeAlert-IEBT
HKU\S-1-5-21-2517306811-1982628174-4123955349-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{254B87BB-510D-41FA-A887-52C5FA9BE585}

Adware.eZula
HKLM\System\ControlSet001\Services\DomainService
C:\WINDOWS\SYSTEM32\RIKMDXIT.EXE
HKLM\System\ControlSet001\Enum\Root\LEGACY_DomainService
HKLM\System\ControlSet003\Services\DomainService
HKLM\System\ControlSet003\Enum\Root\LEGACY_DomainService
HKLM\System\CurrentControlSet\Services\DomainService
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_DomainService

Adware.Tracking Cookie
C:\Documents and Settings\Sally\Cookies\sally@advertising[3].txt
C:\Documents and Settings\Sally\Cookies\sally@bluestreak[2].txt
C:\Documents and Settings\Sally\Cookies\sally@1071896467[1].txt
C:\Documents and Settings\Sally\Cookies\sally@trafficmp[1].txt
C:\Documents and Settings\Sally\Cookies\sally@gadget[2].txt
C:\Documents and Settings\Sally\Cookies\sally@paypal.112.2o7[1].txt
C:\Documents and Settings\Sally\Cookies\sally@app.insightgrit[2].txt
C:\Documents and Settings\Sally\Cookies\sally@adopt.specificclick[2].txt
C:\Documents and Settings\Sally\Cookies\sally@libstats.arlingtonva[2].txt
C:\Documents and Settings\Sally\Cookies\sally@zedo[2].txt
C:\Documents and Settings\Sally\Cookies\sally@atdmt[1].txt
C:\Documents and Settings\Sally\Cookies\sally@meetupcom.122.2o7[1].txt
C:\Documents and Settings\Sally\Cookies\sally@chitika[2].txt
C:\Documents and Settings\Sally\Cookies\sally@realmedia[2].txt
C:\Documents and Settings\Sally\Cookies\sally@tracking.vindicosuite[2].txt
C:\Documents and Settings\Sally\Cookies\sally@mediataskmaster[1].txt
C:\Documents and Settings\Sally\Cookies\sally@ehg-theactivenetwork.hitbox[2].txt
C:\Documents and Settings\Sally\Cookies\sally@revsci[1].txt
C:\Documents and Settings\Sally\Cookies\sally@ehg-lls.hitbox[2].txt
C:\Documents and Settings\Sally\Cookies\sally@partner2profit[2].txt
C:\Documents and Settings\Sally\Cookies\sally@tacoda[1].txt
C:\Documents and Settings\Sally\Cookies\sally@ad.yieldmanager[1].txt
C:\Documents and Settings\Sally\Cookies\sally@bizrate[1].txt
C:\Documents and Settings\Sally\Cookies\sally@apmebf[1].txt
C:\Documents and Settings\Sally\Cookies\sally@atwola[2].txt
C:\Documents and Settings\Sally\Cookies\sally@handbag[1].txt
C:\Documents and Settings\Sally\Cookies\sally@tribalfusion[2].txt
C:\Documents and Settings\Sally\Cookies\sally@tripod[2].txt
C:\Documents and Settings\Sally\Cookies\sally@adlegend[2].txt
C:\Documents and Settings\Sally\Cookies\sally@www.accountonline[1].txt
C:\Documents and Settings\Sally\Cookies\sally@dynamic.media.adrevolver[2].txt
C:\Documents and Settings\Sally\Cookies\sally@edge.ru4[2].txt
C:\Documents and Settings\Sally\Cookies\sally@qksrv[2].txt
C:\Documents and Settings\Sally\Cookies\sally@counter.hitslink[1].txt
C:\Documents and Settings\Sally\Cookies\sally@media.adrevolver[2].txt
C:\Documents and Settings\Sally\Cookies\sally@revenue[2].txt
C:\Documents and Settings\Sally\Cookies\sally@backcountry[1].txt
C:\Documents and Settings\Sally\Cookies\sally@adtech[1].txt
C:\Documents and Settings\Sally\Cookies\sally@adrevolver[3].txt
C:\Documents and Settings\Sally\Cookies\sally@stats.adbrite[2].txt
C:\Documents and Settings\Sally\Cookies\sally@dcsfpkesc10000gkeho5hpjgt_7t2o[1].txt
C:\Documents and Settings\Sally\Cookies\sally@1069095226[1].txt
C:\Documents and Settings\Sally\Cookies\sally@crackberry[1].txt
C:\Documents and Settings\Sally\Cookies\sally@media.hotels[1].txt
C:\Documents and Settings\Sally\Cookies\sally@www.travelcountry[1].txt
C:\Documents and Settings\Sally\Cookies\sally@adbrite[2].txt
C:\Documents and Settings\Sally\Cookies\sally@casalemedia[2].txt
C:\Documents and Settings\Sally\Cookies\sally@ehg-rodale.hitbox[2].txt
C:\Documents and Settings\Sally\Cookies\sally@mediaplex[1].txt
C:\Documents and Settings\Sally\Cookies\sally@richmedia.yahoo[1].txt
C:\Documents and Settings\Sally\Cookies\sally@ads.pointroll[1].txt
C:\Documents and Settings\Sally\Cookies\sally@ads.adbrite[1].txt
C:\Documents and Settings\Sally\Cookies\sally@dtag.112.2o7[1].txt
C:\Documents and Settings\Sally\Cookies\sally@phg.hitbox[1].txt
C:\Documents and Settings\Sally\Cookies\sally@1071435286[1].txt
C:\Documents and Settings\Sally\Cookies\sally@saksfifthavenue.122.2o7[1].txt
C:\Documents and Settings\Sally\Cookies\sally@statse.webtrendslive[2].txt
C:\Documents and Settings\Sally\Cookies\sally@media6degrees[1].txt
C:\Documents and Settings\Sally\Cookies\sally@msnportal.112.2o7[1].txt
C:\Documents and Settings\Sally\Cookies\sally@handbag[2].txt
C:\Documents and Settings\Sally\Cookies\sally@citi.bridgetrack[1].txt
C:\Documents and Settings\Sally\Cookies\sally@ad.zanox[1].txt
C:\Documents and Settings\Sally\Cookies\sally@bravenet[1].txt
C:\Documents and Settings\Sally\Cookies\sally@ehg-kodak.hitbox[2].txt
C:\Documents and Settings\Sally\Cookies\sally@specificclick[2].txt
C:\Documents and Settings\Sally\Cookies\sally@ads.addynamix[1].txt
C:\Documents and Settings\Sally\Cookies\sally@ads.cnn[1].txt
C:\Documents and Settings\Sally\Cookies\sally@cz7.clickzs[2].txt
C:\Documents and Settings\Sally\Cookies\sally@xiti[1].txt
C:\Documents and Settings\Sally\Cookies\sally@57386690[1].txt
C:\Documents and Settings\Sally\Cookies\sally@insightexpressai[1].txt
C:\Documents and Settings\Sally\Cookies\sally@marketlive.122.2o7[1].txt
C:\Documents and Settings\Sally\Cookies\sally@statcounter[1].txt
C:\Documents and Settings\Sally\Cookies\sally@data.coremetrics[1].txt
C:\Documents and Settings\Sally\Cookies\sally@anat.tacoda[2].txt
C:\Documents and Settings\Sally\Cookies\sally@adrevolver[4].txt
C:\Documents and Settings\Sally\Cookies\sally@1072498139[1].txt
C:\Documents and Settings\Sally\Cookies\sally@test.coremetrics[1].txt
C:\Documents and Settings\Sally\Cookies\sally@html[1].txt
C:\Documents and Settings\Sally\Cookies\sally@1070585196[1].txt
C:\Documents and Settings\Sally\Cookies\sally@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Sally\Cookies\sally@fastclick[1].txt
C:\Documents and Settings\Sally\Cookies\sally@adinterax[2].txt
C:\Documents and Settings\Sally\Cookies\sally@trifind[1].txt
C:\Documents and Settings\Sally\Cookies\sally@adopt.euroclick[1].txt
C:\Documents and Settings\Sally\Cookies\sally@burstnet[1].txt
C:\Documents and Settings\Sally\Cookies\sally@1070791027[1].txt
C:\Documents and Settings\Sally\Cookies\sally@homeaway.112.2o7[1].txt
C:\Documents and Settings\Sally\Cookies\sally@www.aav2008[1].txt
C:\Documents and Settings\Sally\Cookies\sally@bs.serving-sys[1].txt
C:\Documents and Settings\Sally\Cookies\sally@50549199[2].txt
C:\Documents and Settings\Sally\Cookies\sally@interclick[1].txt
C:\Documents and Settings\Sally\Cookies\sally@cgi-bin[3].txt
C:\Documents and Settings\Sally\Cookies\sally@sales.liveperson[2].txt
C:\Documents and Settings\Sally\Cookies\sally@questionmarket[2].txt
C:\Documents and Settings\Sally\Cookies\sally@serving-sys[2].txt
C:\Documents and Settings\Sally\Cookies\sally@adserver[1].txt
C:\Documents and Settings\Sally\Cookies\sally@anad.tacoda[1].txt
C:\Documents and Settings\Sally\Cookies\sally@dealtime[1].txt
C:\Documents and Settings\Sally\Cookies\sally@247realmedia[1].txt
C:\Documents and Settings\Sally\Cookies\sally@rocku.adbureau[2].txt
C:\Documents and Settings\Sally\Cookies\sally@www.backcountry[1].txt
C:\Documents and Settings\Sally\Cookies\sally@www.backcountry[3].txt
C:\Documents and Settings\Sally\Cookies\sally@stat.dealtime[1].txt
C:\Documents and Settings\Sally\Cookies\sally@iacas.adbureau[2].txt
C:\Documents and Settings\Sally\Cookies\sally@hearstmagazines.112.2o7[1].txt
C:\Documents and Settings\Sally\Cookies\sally@tracking.keywordmax[1].txt
C:\Documents and Settings\Sally\Cookies\sally@ad.associatedcontent[1].txt
C:\Documents and Settings\Sally\Cookies\sally@hitbox[2].txt
C:\Documents and Settings\Sally\Cookies\sally@eyewonder[2].txt
C:\Documents and Settings\Sally\Cookies\sally@27814325[2].txt
C:\Documents and Settings\Sally\Cookies\sally@www.antispycheck[2].txt
C:\Documents and Settings\Sally\Cookies\sally@medhelpinternational.112.2o7[1].txt
C:\Documents and Settings\Sally\Cookies\sally@ehg-foxsports.hitbox[1].txt
C:\Documents and Settings\Sally\Cookies\sally@scan.antispyware2008scanner[1].txt
C:\Documents and Settings\Sally\Cookies\sally@msnbc.112.2o7[1].txt
C:\Documents and Settings\Sally\Cookies\sally@rotator.adjuggler[1].txt
C:\Documents and Settings\Sally\Cookies\sally@collective-media[2].txt
C:\Documents and Settings\Sally\Cookies\sally@www.wav2008[1].txt
C:\Documents and Settings\Sally\Cookies\sally@1070402687[1].txt
C:\Documents and Settings\Sally\Cookies\sally@forums.crackberry[1].txt
C:\Documents and Settings\Sally\Cookies\sally@media.medhelp[2].txt
C:\Documents and Settings\Sally\Cookies\sally@cratebarrel.112.2o7[1].txt
C:\Documents and Settings\Sally\Cookies\sally@www.clickmanage[2].txt
C:\Documents and Settings\Sally\Cookies\sally@1070448351[1].txt
C:\Documents and Settings\Sally\Cookies\sally@kontera[1].txt
C:\Documents and Settings\Sally\Cookies\sally@pro-market[1].txt
C:\Documents and Settings\Sally\Cookies\sally@overture[2].txt
C:\Documents and Settings\Sally\Cookies\sally@doubleclick[1].txt
C:\Documents and Settings\Huk\Cookies\huk@atdmt[2].txt
C:\Documents and Settings\Huk\Cookies\huk@doubleclick[1].txt
C:\Documents and Settings\Julie\Cookies\julie@247realmedia[1].txt
C:\Documents and Settings\Julie\Cookies\julie@67.15.239[1].txt
C:\Documents and Settings\Julie\Cookies\julie@accounts[2].txt
C:\Documents and Settings\Julie\Cookies\julie@ad.yieldmanager[2].txt
C:\Documents and Settings\Julie\Cookies\julie@adbrite[2].txt
C:\Documents and Settings\Julie\Cookies\julie@adinterax[1].txt
C:\Documents and Settings\Julie\Cookies\julie@adknowledge[2].txt
C:\Documents and Settings\Julie\Cookies\julie@adlegend[2].txt
C:\Documents and Settings\Julie\Cookies\julie@adopt.specificclick[1].txt
C:\Documents and Settings\Julie\Cookies\julie@adrevolver[1].txt
C:\Documents and Settings\Julie\Cookies\julie@adrevolver[2].txt
C:\Documents and Settings\Julie\Cookies\julie@ads.addynamix[1].txt
C:\Documents and Settings\Julie\Cookies\julie@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Julie\Cookies\julie@ads.cnn[1].txt
C:\Documents and Settings\Julie\Cookies\julie@ads.pointroll[1].txt
C:\Documents and Settings\Julie\Cookies\julie@ads.theendresultco[2].txt
C:\Documents and Settings\Julie\Cookies\julie@ads2.drivelinemedia[1].txt
C:\Documents and Settings\Julie\Cookies\julie@adserver.experience[2].txt
C:\Documents and Settings\Julie\Cookies\julie@adserver.pollstar[2].txt
C:\Documents and Settings\Julie\Cookies\julie@adserving.cpxinteractive[2].txt
C:\Documents and Settings\Julie\Cookies\julie@advertising[2].txt
C:\Documents and Settings\Julie\Cookies\julie@aj.petfinder[2].txt
C:\Documents and Settings\Julie\Cookies\julie@anad.tacoda[2].txt
C:\Documents and Settings\Julie\Cookies\julie@anat.tacoda[2].txt
C:\Documents and Settings\Julie\Cookies\julie@atdmt[1].txt
C:\Documents and Settings\Julie\Cookies\julie@atwola[1].txt
C:\Documents and Settings\Julie\Cookies\julie@bannerspace[1].txt
C:\Documents and Settings\Julie\Cookies\julie@belnk[1].txt
C:\Documents and Settings\Julie\Cookies\julie@bfast[2].txt
C:\Documents and Settings\Julie\Cookies\julie@bizrate[2].txt
C:\Documents and Settings\Julie\Cookies\julie@bluestreak[1].txt
C:\Documents and Settings\Julie\Cookies\julie@bravenet[1].txt
C:\Documents and Settings\Julie\Cookies\julie@burstnet[2].txt
C:\Documents and Settings\Julie\Cookies\julie@c5.zedo[2].txt
C:\Documents and Settings\Julie\Cookies\julie@casalemedia[1].txt
C:\Documents and Settings\Julie\Cookies\julie@cbs.112.2o7[1].txt
C:\Documents and Settings\Julie\Cookies\julie@citi.bridgetrack[2].txt
C:\Documents and Settings\Julie\Cookies\julie@clicks.emarketmakers[1].txt
C:\Documents and Settings\Julie\Cookies\julie@countercentral[2].txt
C:\Documents and Settings\Julie\Cookies\julie@cpvfeed[2].txt
C:\Documents and Settings\Julie\Cookies\julie@cratebarrel.112.2o7[1].txt
C:\Documents and Settings\Julie\Cookies\julie@data.coremetrics[1].txt
C:\Documents and Settings\Julie\Cookies\julie@data1.perf.overture[1].txt
C:\Documents and Settings\Julie\Cookies\julie@data3.perf.overture[2].txt
C:\Documents and Settings\Julie\Cookies\julie@dist.belnk[2].txt
C:\Documents and Settings\Julie\Cookies\julie@e-2dj6wjkoehcjcbo.stats.esomniture[1].txt
C:\Documents and Settings\Julie\Cookies\julie@edge.ru4[1].txt
C:\Documents and Settings\Julie\Cookies\julie@ehg-attworldnet.hitbox[1].txt
C:\Documents and Settings\Julie\Cookies\julie@ehg-crossfit.hitbox[2].txt
C:\Documents and Settings\Julie\Cookies\julie@ehg-informative.hitbox[1].txt
C:\Documents and Settings\Julie\Cookies\julie@ehg-legacy.hitbox[2].txt
C:\Documents and Settings\Julie\Cookies\julie@ehg-theviptour.hitbox[1].txt
C:\Documents and Settings\Julie\Cookies\julie@ehg-visionretailinginc.hitbox[2].txt
C:\Documents and Settings\Julie\Cookies\julie@ehg.hitbox[1].txt
C:\Documents and Settings\Julie\Cookies\julie@fastclick[1].txt
C:\Documents and Settings\Julie\Cookies\julie@ge.bridgetrack[1].txt
C:\Documents and Settings\Julie\Cookies\julie@goclick[2].txt
C:\Documents and Settings\Julie\Cookies\julie@hg1.hitbox[2].txt
C:\Documents and Settings\Julie\Cookies\julie@highbeam.122.2o7[1].txt
C:\Documents and Settings\Julie\Cookies\julie@hitbox[2].txt
C:\Documents and Settings\Julie\Cookies\julie@indexstats[2].txt
C:\Documents and Settings\Julie\Cookies\julie@insightexpressai[1].txt
C:\Documents and Settings\Julie\Cookies\julie@itxt.vibrantmedia[1].txt
C:\Documents and Settings\Julie\Cookies\julie@jcrew.112.2o7[1].txt
C:\Documents and Settings\Julie\Cookies\julie@kanoodle[1].txt
C:\Documents and Settings\Julie\Cookies\julie@keywordmax[1].txt
C:\Documents and Settings\Julie\Cookies\julie@klik.klikadvertising[1].txt
C:\Documents and Settings\Julie\Cookies\julie@linksynergy[2].txt
C:\Documents and Settings\Julie\Cookies\julie@marketlive.122.2o7[1].txt
C:\Documents and Settings\Julie\Cookies\julie@maxserving[1].txt
C:\Documents and Settings\Julie\Cookies\julie@media.adrevolver[1].txt
C:\Documents and Settings\Julie\Cookies\julie@media.homestore[1].txt
C:\Documents and Settings\Julie\Cookies\julie@mediaplex[2].txt
C:\Documents and Settings\Julie\Cookies\julie@msnportal.112.2o7[1].txt
C:\Documents and Settings\Julie\Cookies\julie@nextag[1].txt
C:\Documents and Settings\Julie\Cookies\julie@overture[2].txt
C:\Documents and Settings\Julie\Cookies\julie@partner2profit[1].txt
C:\Documents and Settings\Julie\Cookies\julie@perf.overture[1].txt
C:\Documents and Settings\Julie\Cookies\julie@petfinder[1].txt
C:\Documents and Settings\Julie\Cookies\julie@qnsr[1].txt
C:\Documents and Settings\Julie\Cookies\julie@questionmarket[1].txt
C:\Documents and Settings\Julie\Cookies\julie@realmedia[1].txt
C:\Documents and Settings\Julie\Cookies\julie@repeater.realtraffic.maptuit[1].txt
C:\Documents and Settings\Julie\Cookies\julie@revenue[1].txt
C:\Documents and Settings\Julie\Cookies\julie@revsci[1].txt
C:\Documents and Settings\Julie\Cookies\julie@roiservice[1].txt
C:\Documents and Settings\Julie\Cookies\julie@saksfifthavenue.122.2o7[1].txt
C:\Documents and Settings\Julie\Cookies\julie@sales.liveperson[1].txt
C:\Documents and Settings\Julie\Cookies\julie@search.petfinder[2].txt
C:\Documents and Settings\Julie\Cookies\julie@server.iad.liveperson[2].txt
C:\Documents and Settings\Julie\Cookies\julie@serving-sys[1].txt
C:\Documents and Settings\Julie\Cookies\julie@smileycentral[2].txt
C:\Documents and Settings\Julie\Cookies\julie@statcounter[2].txt
C:\Documents and Settings\Julie\Cookies\julie@statse.webtrendslive[1].txt
C:\Documents and Settings\Julie\Cookies\julie@tacoda[2].txt
C:\Documents and Settings\Julie\Cookies\julie@ticketsnow[1].txt
C:\Documents and Settings\Julie\Cookies\julie@tracking.10e20[1].txt
C:\Documents and Settings\Julie\Cookies\julie@trafficmp[2].txt
C:\Documents and Settings\Julie\Cookies\julie@traffic[1].txt
C:\Documents and Settings\Julie\Cookies\julie@tribalfusion[2].txt
C:\Documents and Settings\Julie\Cookies\julie@tripod[1].txt
C:\Documents and Settings\Julie\Cookies\julie@twci.coremetrics[1].txt
C:\Documents and Settings\Julie\Cookies\julie@vhost.oddcast[2].txt
C:\Documents and Settings\Julie\Cookies\julie@web4.realtracker[1].txt
C:\Documents and Settings\Julie\Cookies\julie@wpni.112.2o7[1].txt
C:\Documents and Settings\Julie\Cookies\julie@www.burstbeacon[2].txt
C:\Documents and Settings\Julie\Cookies\julie@www.burstnet[1].txt
C:\Documents and Settings\Julie\Cookies\julie@www.expressionsexchange[1].txt
C:\Documents and Settings\Julie\Cookies\julie@www.findarticles[2].txt
C:\Documents and Settings\Julie\Cookies\julie@www.ticketsnow[1].txt
C:\Documents and Settings\Julie\Cookies\julie@www.traffic[1].txt
C:\Documents and Settings\Julie\Cookies\julie@zedo[2].txt
C:\Documents and Settings\Sally\Cookies\sally@accounts[1].txt
C:\Documents and Settings\Sally\Cookies\sally@adrevolver[1].txt
C:\Documents and Settings\Sally\Cookies\sally@ads3.think-adz[1].txt
C:\Documents and Settings\Sally\Cookies\sally@ads3.think-adz[2].txt
C:\Documents and Settings\Sally\Cookies\sally@advertising[1].txt
C:\Documents and Settings\Sally\Cookies\sally@advertising[2].txt
C:\Documents and Settings\Sally\Cookies\sally@affiliates.ticketsnow[1].txt
C:\Documents and Settings\Sally\Cookies\sally@affiliates.ticketsnow[3].txt
C:\Documents and Settings\Sally\Cookies\sally@azjmp[1].txt
C:\Documents and Settings\Sally\Cookies\sally@azjmp[2].txt
C:\Documents and Settings\Sally\Cookies\sally@azjmp[3].txt
C:\Documents and Settings\Sally\Cookies\sally@azjmp[4].txt
C:\Documents and Settings\Sally\Cookies\sally@azjmp[5].txt
C:\Documents and Settings\Sally\Cookies\sally@azjmp[6].txt
C:\Documents and Settings\Sally\Cookies\sally@bluestreak[1].txt
C:\Documents and Settings\Sally\Cookies\sally@clickbank[10].txt
C:\Documents and Settings\Sally\Cookies\sally@clickbank[11].txt
C:\Documents and Settings\Sally\Cookies\sally@clickbank[1].txt
C:\Documents and Settings\Sally\Cookies\sally@clickbank[2].txt
C:\Documents and Settings\Sally\Cookies\sally@clickbank[3].txt
C:\Documents and Settings\Sally\Cookies\sally@clickbank[4].txt
C:\Documents and Settings\Sally\Cookies\sally@clickbank[5].txt
C:\Documents and Settings\Sally\Cookies\sally@clickbank[6].txt
C:\Documents and Settings\Sally\Cookies\sally@clickbank[7].txt
C:\Documents and Settings\Sally\Cookies\sally@clickbank[8].txt
C:\Documents and Settings\Sally\Cookies\sally@cpvfeed[1].txt
C:\Documents and Settings\Sally\Cookies\sally@ehg-crossfit.hitbox[1].txt
C:\Documents and Settings\Sally\Cookies\sally@ehg-crossfit.hitbox[2].txt
C:\Documents and Settings\Sally\Cookies\sally@ehg-theviptour.hitbox[1].txt
C:\Documents and Settings\Sally\Cookies\sally@ehg-theviptour.hitbox[3].txt
C:\Documents and Settings\Sally\Cookies\sally@ehg-theviptour.hitbox[4].txt
C:\Documents and Settings\Sally\Cookies\sally@enhance[2].txt
C:\Documents and Settings\Sally\Cookies\sally@h.starware[1].txt
C:\Documents and Settings\Sally\Cookies\sally@h.starware[2].txt
C:\Documents and Settings\Sally\Cookies\sally@linksynergy[10].txt
C:\Documents and Settings\Sally\Cookies\sally@linksynergy[11].txt
C:\Documents and Settings\Sally\Cookies\sally@linksynergy[12].txt
C:\Documents and Settings\Sally\Cookies\sally@linksynergy[13].txt
C:\Documents and Settings\Sally\Cookies\sally@linksynergy[14].txt
C:\Documents and Settings\Sally\Cookies\sally@linksynergy[1].txt
C:\Documents and Settings\Sally\Cookies\sally@linksynergy[3].txt
C:\Documents and Settings\Sally\Cookies\sally@linksynergy[4].txt
C:\Documents and Settings\Sally\Cookies\sally@linksynergy[5].txt
C:\Documents and Settings\Sally\Cookies\sally@linksynergy[6].txt
C:\Documents and Settings\Sally\Cookies\sally@linksynergy[7].txt
C:\Documents and Settings\Sally\Cookies\sally@linksynergy[8].txt
C:\Documents and Settings\Sally\Cookies\sally@linksynergy[9].txt
C:\Documents and Settings\Sally\Cookies\sally@myaccount[1].txt
C:\Documents and Settings\Sally\Cookies\sally@realmedia[1].txt
C:\Documents and Settings\Sally\Cookies\sally@stats1.reliablestats[1].txt
C:\Documents and Settings\Sally\Cookies\sally@stats1.reliablestats[2].txt
C:\Documents and Settings\Sally\Cookies\sally@winantispyware[1].txt
C:\Documents and Settings\Sally\Cookies\sally@winantispyware[3].txt
C:\Documents and Settings\Sally\Cookies\sally@www.drivecleaner[1].txt
C:\Documents and Settings\Sally\Cookies\sally@www.hornymatches[2].txt
C:\Documents and Settings\Sally\Cookies\sally@www.ticketsnow2[1].txt
C:\Documents and Settings\Sally\Cookies\sally@www.ticketsnow2[2].txt
C:\Documents and Settings\Sally\Cookies\sally@www.ticketsnow[1].txt
C:\Documents and Settings\Sally\Cookies\sally@www.ticketsnow[3].txt
C:\WINDOWS\Temp\Cookies\sally@winantivirus[1].txt

Trojan.ZenoSearch
C:\WINDOWS\system32\msnav32.ax

Trojan.Unknown Origin
HKLM\Software\xpre
HKLM\Software\xpre#execount

Adware.Think-Adz
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Enhanced Ads by Think-Adz
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Enhanced Ads by Think-Adz#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Enhanced Ads by Think-Adz#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Think-Adz Search Assistant
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Think-Adz Search Assistant#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Think-Adz Search Assistant#UninstallString

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\aoprndtws
HKLM\SOFTWARE\Microsoft\FCOVM
HKU\S-1-5-21-2517306811-1982628174-4123955349-1006\Software\Microsoft\aldd
HKU\S-1-5-21-2517306811-1982628174-4123955349-1006\Software\Microsoft\rdfa
C:\WINDOWS\SYSTEM32\BCCDD.INI
C:\WINDOWS\SYSTEM32\BCCDD.INI2

Rogue.AntiVirus 2009/Installer
C:\DOCUMENTS AND SETTINGS\SALLY\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OLI3GXIV\AV2009INSTALL_880348[1].EXE

Malware.Installer-Pkg/Gen
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{3C48F877-A164-45E9-B9DA-26A049FFC207}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6293BC00-4EB8-4C65-8548-53E2FC3BF937}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{651956B7-1969-42AA-9453-E0B813019D54}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{989E4C3B-B2C9-4486-9A09-D5A8F953837C}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C0A0AA4D-C79B-48CA-8843-2B02B626C9E6}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C2D8F0E2-6978-4409-8351-BA8785DA11EE}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{D1A6F3FD-7B40-443F-8767-BADB25A0D222}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{E0814F95-5380-4892-B8C8-7FA4B349EF46}.EXE

Browser Hijacker.Favorites
C:\RECYCLER\S-1-5-21-2517306811-1982628174-4123955349-1006\DC83.URL
C:\RECYCLER\S-1-5-21-2517306811-1982628174-4123955349-1006\DC84.URL

Adware.E404 Helper/Variant-F
C:\WINDOWS\SYSTEM32\857060\857060.DLL

Trojan.Downloader-Gen
C:\WINDOWS\SYSTEM32\WINPFZ32.SYS

Adware.Unknown Origin
C:\WINDOWS\SYSTEM32\ZXDNT3D.CFG
hukull
Active Member
 
Posts: 9
Joined: August 17th, 2008, 4:24 pm

Re: "AntiSpyCheck" website keeps popping up and will not close!

Unread postby hukull » August 25th, 2008, 7:49 pm

3. New HijackThis log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:41, on 8/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/B ... ofupld.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: vtututs - vtututs.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

--
End of file - 10795 bytes
hukull
Active Member
 
Posts: 9
Joined: August 17th, 2008, 4:24 pm

Re: "AntiSpyCheck" website keeps popping up and will not close!

Unread postby Shaba » August 26th, 2008, 3:22 am

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
    • In the Files Created Within group click 30 days
    • In the Files Modified Within group select 30 days
    • In the File String Search group select Non-Microsoft
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: "AntiSpyCheck" website keeps popping up and will not close!

Unread postby hukull » August 26th, 2008, 8:04 pm

Code: Select all
OTScanIt logfile created on: 8/26/2008 8:06:43 PM
OTScanIt by OldTimer - Version 1.0.16.2     Folder = C:\Documents and Settings\Sally\Desktop\OTScanIt
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1014.07 Mb Total Physical Memory | 536.36 Mb Available Physical Memory | 52.89% Memory free
2.38 Gb Paging File | 1.88 Gb Available in Paging File | 79.05% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.33 Gb Total Space | 125.18 Gb Free Space | 86.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANGELA
Current User Name: Sally
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Modified Date = 10/14/2005 10:46:34 PM | Attr =    ]
igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Modified Date = 10/14/2005 10:50:30 PM | Attr =    ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.30.7 | Size = 36975 bytes | Modified Date = 4/13/2005 3:48:52 AM | Attr =    ]
dmxlauncher.exe -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe ->  [Ver =  | Size = 94208 bytes | Modified Date = 10/5/2005 5:12:00 AM | Attr =    ]
realplay.exe -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 2/23/2006 3:51:28 AM | Attr =    ]
jucheck.exe -> %ProgramFiles%\Java\jre1.5.0_03\bin\jucheck.exe -> Sun Microsystems, Inc. [Ver = 5.0.30.7 | Size = 241775 bytes | Modified Date = 4/13/2005 3:48:52 AM | Attr =    ]
mm_tray.exe -> %ProgramFiles%\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe -> Musicmatch, Inc. [Ver = 10.10.1038 | Size = 110592 bytes | Modified Date = 1/18/2006 3:00:30 PM | Attr =    ]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 12:44:02 PM | Attr =    ]
dlactrlw.exe -> %SystemRoot%\system32\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Modified Date = 9/8/2005 7:20:00 AM | Attr =    ]
googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe ->  [Ver =  | Size = 169472 bytes | Modified Date = 2/23/2006 3:59:06 AM | Attr =    ]
mmdiag.exe -> %ProgramFiles%\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe -> Musicmatch, Inc. [Ver = 10.10.1038 | Size = 102400 bytes | Modified Date = 1/18/2006 3:00:30 PM | Attr =    ]
googledesktopindex.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopIndex.exe ->  [Ver =  | Size = 554496 bytes | Modified Date = 2/23/2006 3:59:06 AM | Attr =    ]
dlccmon.exe -> %ProgramFiles%\Dell Photo AIO Printer 924\dlccmon.exe -> Dell [Ver = 2.6.65.22 | Size = 430080 bytes | Modified Date = 10/21/2005 4:40:26 AM | Attr =    ]
mskagent.exe -> %ProgramFiles%\McAfee\MSK\mskagent.exe -> McAfee Inc. [Ver = 8.2.125.0 | Size = 152144 bytes | Modified Date = 1/17/2007 4:30:24 PM | Attr =    ]
googledesktopdisplay.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopDisplay.exe ->  [Ver =  | Size = 415744 bytes | Modified Date = 2/23/2006 3:59:06 AM | Attr =    ]
siteadv.exe -> %ProgramFiles%\SiteAdvisor\6261\SiteAdv.exe ->  [Ver =  | Size = 36640 bytes | Modified Date = 8/24/2007 5:57:48 PM | Attr =    ]
mim.exe -> %ProgramFiles%\MUSICMATCH\Musicmatch Jukebox\mim.exe -> Musicmatch, Inc. [Ver = 10.10.1038 | Size = 479232 bytes | Modified Date = 1/18/2006 3:00:28 PM | Attr =    ]
mediadetect.exe -> %ProgramFiles%\Corel\Corel Photo Album 6\MediaDetect.exe -> Corel, Inc. [Ver = 6.0.0 (20050831.10) | Size = 106496 bytes | Modified Date = 8/31/2005 1:06:18 PM | Attr =    ]
qttask.exe -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.4.1 | Size = 385024 bytes | Modified Date = 2/1/2008 12:13:08 AM | Attr =    ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 2/4/2008 3:18:40 PM | Attr =    ]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 11/1/2007 7:12:38 PM | Attr =    ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/21/2007 7:14:59 PM | Attr =    ]
dsagnt.exe -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 3/15/2007 11:09:36 AM | Attr =    ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 4, 20, 0, 1046 | Size = 1576176 bytes | Modified Date = 8/19/2008 11:34:18 PM | Attr =    ]
aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> America Online, Inc. [Ver = 2.0.20.1.US.1         | Size = 1135728 bytes | Modified Date = 4/7/2004 2:07:32 PM | Attr =    ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple Inc. [Ver = 2.0.28.0 | Size = 116040 bytes | Modified Date = 7/10/2008 9:47:18 AM | Attr =    ]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 4:17:08 PM | Attr =    ]
aoltray.exe -> %ProgramFiles%\America Online 9.0\aoltray.exe -> America Online, Inc. [Ver = 9.00.001 | Size = 156784 bytes | Modified Date = 9/1/2004 1:56:34 PM | Attr =  H ]
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 4:06:00 AM | Attr = R  ]
hwapi.exe -> %CommonProgramFiles%\McAfee\HackerWatch\HWAPI.exe -> McAfee, Inc. [Ver = 8.3.105.0 | Size = 540776 bytes | Modified Date = 2/13/2007 1:09:12 PM | Attr =    ]
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,1,159,0 | Size = 767976 bytes | Modified Date = 1/9/2008 4:50:22 PM | Attr =    ]
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,1,143,0 | Size = 2458128 bytes | Modified Date = 1/25/2008 1:38:12 AM | Attr =    ]
mcods.exe -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 11,2,121,0 | Size = 362064 bytes | Modified Date = 1/16/2007 7:03:36 PM | Attr =    ]
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 1,2,138,0 | Size = 353368 bytes | Modified Date = 4/12/2007 10:33:42 AM | Attr =    ]
redirsvc.exe -> %CommonProgramFiles%\McAfee\RedirSvc\RedirSvc.exe -> McAfee, Inc. [Ver = 1,3,109,0 | Size = 256096 bytes | Modified Date = 3/8/2007 4:42:42 PM | Attr =    ]
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.2.116.x86 | Size = 144960 bytes | Modified Date = 6/25/2007 11:56:42 AM | Attr =    ]
mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 11,2,131,0 | Size = 643664 bytes | Modified Date = 1/25/2007 5:01:58 PM | Attr =    ]
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 8.2.122.0 | Size = 841256 bytes | Modified Date = 6/19/2007 9:55:24 AM | Attr =    ]
mps.exe -> %ProgramFiles%\McAfee\MPS\mps.exe -> McAfee, Inc. [Ver = 9.2.134.0 | Size = 906792 bytes | Modified Date = 4/18/2007 3:08:06 PM | Attr =    ]
msksrver.exe -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> McAfee Inc. [Ver = 8.2.125.0 | Size = 29264 bytes | Modified Date = 1/17/2007 4:30:34 PM | Attr =    ]
saservice.exe -> %ProgramFiles%\SiteAdvisor\6261\SAService.exe ->  [Ver =  | Size = 345376 bytes | Modified Date = 5/23/2008 8:17:38 AM | Attr =    ]
mpsevh.exe -> %ProgramFiles%\McAfee\MPS\mpsevh.exe -> McAfee, Inc. [Ver = 9.2.134.0 | Size = 304680 bytes | Modified Date = 4/18/2007 3:08:10 PM | Attr =    ]
dlcccoms.exe -> %SystemRoot%\system32\dlcccoms.exe ->   [Ver = 1.154.24.0 | Size = 491520 bytes | Modified Date = 10/28/2005 1:41:52 AM | Attr =    ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 2/4/2008 3:18:32 PM | Attr =    ]
mcuimgr.exe -> %ProgramFiles%\McAfee\MSC\mcuimgr.exe -> McAfee, Inc. [Ver = 8,0,226,0 | Size = 265040 bytes | Modified Date = 11/1/2007 7:12:38 PM | Attr =    ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> America Online, Inc. [Ver = 2.0.20.1.US.1         | Size = 1135728 bytes | Modified Date = 4/7/2004 2:07:32 PM | Attr =    ]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple Inc. [Ver = 2.0.28.0 | Size = 116040 bytes | Modified Date = 7/10/2008 9:47:18 AM | Attr =    ]
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 4:17:08 PM | Attr =    ]
(dlcc_device) dlcc_device [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\dlcccoms.exe ->   [Ver = 1.154.24.0 | Size = 491520 bytes | Modified Date = 10/28/2005 1:41:52 AM | Attr =    ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr =    ]
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe ->  [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 3:47:46 PM | Attr =    ]
(Emproxy) McAfee E-mail Proxy [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\McAfee\EmProxy\emproxy.exe -> McAfee, Inc. [Ver = 11,2,214,0 | Size = 341328 bytes | Modified Date = 10/5/2007 6:33:26 PM | Attr =    ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.1175.1406.beta | Size = 156656 bytes | Modified Date = 7/19/2008 2:34:39 PM | Attr =    ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.0.29 | Size = 504104 bytes | Modified Date = 2/4/2008 3:18:32 PM | Attr =    ]
(McAfee HackerWatch Service) McAfee HackerWatch Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\HackerWatch\HWAPI.exe -> McAfee, Inc. [Ver = 8.3.105.0 | Size = 540776 bytes | Modified Date = 2/13/2007 1:09:12 PM | Attr =    ]
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,1,159,0 | Size = 767976 bytes | Modified Date = 1/9/2008 4:50:22 PM | Attr =    ]
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,1,143,0 | Size = 2458128 bytes | Modified Date = 1/25/2008 1:38:12 AM | Attr =    ]
(McODS) McAfee Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 11,2,121,0 | Size = 362064 bytes | Modified Date = 1/16/2007 7:03:36 PM | Attr =    ]
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 1,2,138,0 | Size = 353368 bytes | Modified Date = 4/12/2007 10:33:42 AM | Attr =    ]
(McRedirector) McAfee Redirector Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\RedirSvc\RedirSvc.exe -> McAfee, Inc. [Ver = 1,3,109,0 | Size = 256096 bytes | Modified Date = 3/8/2007 4:42:42 PM | Attr =    ]
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> %SystemDrive%\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.2.116.x86 | Size = 144960 bytes | Modified Date = 6/25/2007 11:56:42 AM | Attr =    ]
(McSysmon) McAfee SystemGuards [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 11,2,131,0 | Size = 643664 bytes | Modified Date = 1/25/2007 5:01:58 PM | Attr =    ]
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 8.2.122.0 | Size = 841256 bytes | Modified Date = 6/19/2007 9:55:24 AM | Attr =    ]
(MPS9) McAfee Privacy Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPS\mps.exe -> McAfee, Inc. [Ver = 9.2.134.0 | Size = 906792 bytes | Modified Date = 4/18/2007 3:08:06 PM | Attr =    ]
(MSK80Service) McAfee SpamKiller Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> McAfee Inc. [Ver = 8.2.125.0 | Size = 29264 bytes | Modified Date = 1/17/2007 4:30:34 PM | Attr =    ]
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\PROSetWired\NCS\Sync\NetSvc.exe -> Intel(R) Corporation [Ver = 2.2.7.0 | Size = 147456 bytes | Modified Date = 11/19/2004 1:26:40 PM | Attr =    ]
(SiteAdvisor Service) SiteAdvisor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\SiteAdvisor\6261\SAService.exe ->  [Ver =  | Size = 345376 bytes | Modified Date = 5/23/2008 8:17:38 AM | Attr =    ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
AppleSyncNotifier -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> Apple Inc. [Ver = 1, 0, 0, 9 | Size = 116040 bytes | Modified Date = 7/10/2008 9:47:28 AM | Attr =    ]
Corel Photo Downloader -> %ProgramFiles%\Corel\Corel Photo Album 6\MediaDetect.exe [C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe] -> Corel, Inc. [Ver = 6.0.0 (20050831.10) | Size = 106496 bytes | Modified Date = 8/31/2005 1:06:18 PM | Attr =    ]
DLA -> %SystemRoot%\system32\DLA\DLACTRLW.EXE [C:\WINDOWS\System32\DLA\DLACTRLW.EXE] -> Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Modified Date = 9/8/2005 7:20:00 AM | Attr =    ]
DLCCCATS -> %SystemRoot%\system32\spool\drivers\w32x86\3\dlcctime.dll [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16] ->  [Ver = 0.1.11.5 | Size = 73728 bytes | Modified Date = 9/14/2005 2:50:38 AM | Attr =    ]
dlccmon.exe -> %ProgramFiles%\Dell Photo AIO Printer 924\dlccmon.exe ["C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"] -> Dell [Ver = 2.6.65.22 | Size = 430080 bytes | Modified Date = 10/21/2005 4:40:26 AM | Attr =    ]
DMXLauncher -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe [C:\Program Files\Dell\Media Experience\DMXLauncher.exe] ->  [Ver =  | Size = 94208 bytes | Modified Date = 10/5/2005 5:12:00 AM | Attr =    ]
dscactivate -> %ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe ["C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"] ->   [Ver = 1.0.2767.18581 | Size = 16384 bytes | Modified Date = 11/15/2007 9:24:00 AM | Attr =    ]
Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] ->  [Ver =  | Size = 169472 bytes | Modified Date = 2/23/2006 3:59:06 AM | Attr =    ]
igfxhkcmd -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Modified Date = 10/14/2005 10:46:34 PM | Attr =    ]
igfxpers -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Modified Date = 10/14/2005 10:50:30 PM | Attr =    ]
igfxtray -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> Intel Corporation [Ver = 3.0.0.4410 | Size = 94208 bytes | Modified Date = 10/14/2005 10:49:46 PM | Attr =    ]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup] -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Modified Date = 6/10/2005 12:44:02 PM | Attr =    ]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 12:44:02 PM | Attr =    ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.6.0.29 | Size = 267048 bytes | Modified Date = 2/4/2008 3:18:40 PM | Attr =    ]
mcagent_exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe [C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey] -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 11/1/2007 7:12:38 PM | Attr =    ]
MimBoot -> %ProgramFiles%\MUSICMATCH\Musicmatch Jukebox\mimboot.exe [C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe] -> Musicmatch, Inc. [Ver = 10.10.1038 | Size = 8192 bytes | Modified Date = 1/18/2006 3:00:28 PM | Attr =    ]
MMTray -> %ProgramFiles%\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe ["C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"] -> Musicmatch, Inc. [Ver = 10.10.1038 | Size = 110592 bytes | Modified Date = 1/18/2006 3:00:30 PM | Attr =    ]
MskAgentexe -> %ProgramFiles%\McAfee\MSK\mskagent.exe [C:\Program Files\McAfee\MSK\MskAgent.exe] -> McAfee Inc. [Ver = 8.2.125.0 | Size = 152144 bytes | Modified Date = 1/17/2007 4:30:24 PM | Attr =    ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.4.1 | Size = 385024 bytes | Modified Date = 2/1/2008 12:13:08 AM | Attr =    ]
RealTray -> %ProgramFiles%\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER] -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 2/23/2006 3:51:28 AM | Attr =    ]
SiteAdvisor -> %ProgramFiles%\SiteAdvisor\6261\SiteAdv.exe ["C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"] ->  [Ver =  | Size = 36640 bytes | Modified Date = 8/24/2007 5:57:48 PM | Attr =    ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_03\bin\jusched.exe [C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe] -> Sun Microsystems, Inc. [Ver = 5.0.30.7 | Size = 36975 bytes | Modified Date = 4/13/2005 3:48:52 AM | Attr =    ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
DellSupport -> %ProgramFiles%\DellSupport\DSAgnt.exe ["C:\Program Files\DellSupport\DSAgnt.exe" /startup] -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 3/15/2007 11:09:36 AM | Attr =    ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 4, 20, 0, 1046 | Size = 1576176 bytes | Modified Date = 8/19/2008 11:34:18 PM | Attr =    ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/21/2007 7:14:59 PM | Attr =    ]
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ["C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9] -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 5:45:08 PM | Attr = R  ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 11:05:26 PM | Attr =    ]
%AllUsersProfile%\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk -> %ProgramFiles%\America Online 9.0\aoltray.exe -> America Online, Inc. [Ver = 9.00.001 | Size = 156784 bytes | Modified Date = 9/1/2004 1:56:34 PM | Attr =  H ]
%AllUsersProfile%\Start Menu\Programs\Startup\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 4:06:00 AM | Attr = R  ]
< Sally Startup Folder > -> C:\Documents and Settings\Sally\Start Menu\Programs\Startup -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ->  [Ver =  | Size = 111616 bytes | Modified Date = 2/23/2006 3:59:06 AM | Attr =    ]
*MultiFile Done* -> -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1012 | Size = 77824 bytes | Modified Date = 5/13/2008 10:13:36 AM | Attr =    ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 6:23:07 AM | Attr =    ]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr =    ]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr =    ]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 11:34:01 PM | Attr =    ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr =    ]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1048 | Size = 352256 bytes | Modified Date = 7/23/2008 4:28:18 PM | Attr =    ]
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4410 | Size = 135168 bytes | Modified Date = 10/14/2005 10:45:38 PM | Attr =    ]
vtututs ->  -> File not found
WgaLogon ->  -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> %SystemRoot%\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> %SystemRoot%\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/10/2004 7:00:00 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC     MBR-7    ->  -> File not found
NEC     MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomHL-DT-ST_DVD+-RW_GWA4164B_______________D108____\5&2b88f5e5&0&0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> 
< Drives - Autoruns > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 8/16/2005 6:43:04 AM | Attr =    ]
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.msn.com/ -> 
HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[gogl] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> 
online_musicmatch.com [https] -> Trusted sites -> 
2 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 53 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 30 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 5:16:42 AM | Attr =    ]
{089FD14D-132B-48FC-8861-0048AE113215} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6261\SiteAdv.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 927008 bytes | Modified Date = 5/16/2008 12:49:40 PM | Attr =    ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\DLA\DLASHX_W.DLL [DriveLetterAccess] -> Sonic Solutions [Ver = 5.20.08a | Size = 110652 bytes | Modified Date = 9/8/2005 7:20:00 AM | Attr =    ]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\VirusScan\scriptcl.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.13.3.2.116.x86 | Size = 67136 bytes | Modified Date = 6/25/2007 11:57:44 AM | Attr =    ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar Helper] ->  [Ver =  | Size = 193136 bytes | Modified Date = 7/19/2008 1:59:16 PM | Attr =    ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 4, 1, 509, 5470 | Size = 651760 bytes | Modified Date = 7/19/2008 2:34:40 PM | Attr =    ]
{CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\GoogleAFE\GoogleAE.dll [CBrowserHelperObject Object] -> Google [Ver = 1.0.0.2 | Size = 90112 bytes | Modified Date = 1/25/2006 9:36:16 PM | Attr =    ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6261\SiteAdv.dll [McAfee SiteAdvisor] ->  [Ver =  | Size = 927008 bytes | Modified Date = 5/16/2008 12:49:40 PM | Attr =    ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] ->  [Ver =  | Size = 193136 bytes | Modified Date = 7/19/2008 1:59:16 PM | Attr =    ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sun Java Console] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] ->  [Sun Java Console] -> File not found
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{9034A523-D068-4BE8-A284-9DF278BE776E} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
GoogleT5 ->  -> 
SV1 ->  -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{7B70340E-2436-4AD3-97F3-01D01960CD5A} ->    (Intel(R) PRO/100 VE Network Connection) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 7/24/2007 4:17:08 PM | Attr =    ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
siteadvisor:{3A5DC592-7723-4EAA-9EE6-AF4222BCF879} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6261\SiteAdv.dll[Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 927008 bytes | Modified Date = 5/16/2008 12:49:40 PM | Attr =    ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{6F750203-1362-4815-A476-88533DE61D0C}[HKEY_LOCAL_MACHINE] -> http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab[Kodak Gallery Easy Upload Manager Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab[Java Plug-in 1.5.0_03] -> 
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_03] -> 
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab[Java Plug-in 1.5.0_03] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/axofupld.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/axofupld.dll\\.Owner -> {6F750203-1362-4815-A476-88533DE61D0C} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/axofupld.dll\\{6F750203-1362-4815-A476-88533DE61D0C} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/easyupld.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/easyupld.dll\\.Owner -> {6F750203-1362-4815-A476-88533DE61D0C} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/easyupld.dll\\{6F750203-1362-4815-A476-88533DE61D0C} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/liborca.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/liborca.dll\\.Owner -> {6F750203-1362-4815-A476-88533DE61D0C} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/liborca.dll\\{6F750203-1362-4815-A476-88533DE61D0C} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/liborca_comm.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/liborca_comm.dll\\.Owner -> {6F750203-1362-4815-A476-88533DE61D0C} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/liborca_comm.dll\\{6F750203-1362-4815-A476-88533DE61D0C} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ofutils.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ofutils.dll\\.Owner -> {6F750203-1362-4815-A476-88533DE61D0C} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ofutils.dll\\{6F750203-1362-4815-A476-88533DE61D0C} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ofxml.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ofxml.dll\\.Owner -> {6F750203-1362-4815-A476-88533DE61D0C} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ofxml.dll\\{6F750203-1362-4815-A476-88533DE61D0C} ->  -> 



[Files/Folders - Created Within 30 days]
All three -> %SystemDrive%\All three ->  [Folder | Created Date = 8/24/2008 9:33:40 PM | Attr =    ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1063407616 bytes | Created Date = 8/25/2008 7:32:21 AM | Attr =  HS]
404Fix.exe -> %SystemRoot%\System32\404Fix.exe -> S!Ri.URZ [Ver =  | Size = 82432 bytes | Created Date = 8/20/2008 9:03:27 PM | Attr =    ]
857060 -> %SystemRoot%\System32\857060 ->  [Folder | Created Date = 8/17/2008 12:24:16 PM | Attr =    ]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
dumphive.exe -> %SystemRoot%\System32\dumphive.exe ->  [Ver =  | Size = 51200 bytes | Created Date = 8/20/2008 9:03:25 PM | Attr =    ]
IEDFix.C.exe -> %SystemRoot%\System32\IEDFix.C.exe -> S!Ri.URZ [Ver =  | Size = 82432 bytes | Created Date = 8/20/2008 9:03:27 PM | Attr =    ]
IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver =  | Size = 82944 bytes | Created Date = 8/20/2008 9:03:26 PM | Attr =    ]
Process.exe -> %SystemRoot%\System32\Process.exe ->  [Ver =  | Size = 53248 bytes | Created Date = 8/24/2008 9:29:41 PM | Attr =    ]
SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe -> S!Ri [Ver =  | Size = 288417 bytes | Created Date = 8/20/2008 9:03:25 PM | Attr =    ]
swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 8/20/2008 9:03:24 PM | Attr =    ]
swsc.exe -> %SystemRoot%\System32\swsc.exe ->  [Ver =  | Size = 40960 bytes | Created Date = 8/20/2008 9:03:25 PM | Attr =    ]
swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 8/20/2008 9:03:25 PM | Attr =    ]
tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 4616 bytes | Created Date = 8/20/2008 9:04:22 PM | Attr =    ]
VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver =  | Size = 86528 bytes | Created Date = 8/20/2008 9:03:26 PM | Attr =    ]
VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe -> S!Ri [Ver =  | Size = 289144 bytes | Created Date = 8/20/2008 9:03:25 PM | Attr =    ]
WS2Fix.exe -> %SystemRoot%\System32\WS2Fix.exe ->  [Ver =  | Size = 25600 bytes | Created Date = 8/20/2008 9:03:26 PM | Attr =    ]
LastGood -> %SystemRoot%\LastGood ->  [Folder | Created Date = 8/26/2008 8:01:24 PM | Attr =    ]

[Files/Folders - Modified Within 30 days]
All three -> %SystemDrive%\All three ->  [Folder | Modified Date = 8/24/2008 9:35:10 PM | Attr =    ]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 8/24/2008 9:22:27 PM | Attr =  HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 1063407616 bytes | Modified Date = 8/26/2008 7:59:36 PM | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 8/24/2008 9:30:06 PM | Attr =    ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 8/26/2008 8:01:24 PM | Attr =    ]
404Fix.exe -> %SystemRoot%\System32\404Fix.exe -> S!Ri.URZ [Ver =  | Size = 82432 bytes | Modified Date = 8/18/2008 12:19:03 PM | Attr =    ]
857060 -> %SystemRoot%\System32\857060 ->  [Folder | Modified Date = 8/25/2008 7:30:45 AM | Attr =    ]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
ADB816E197.sys -> %SystemRoot%\System32\ADB816E197.sys ->  [Ver =  | Size = 104 bytes | Modified Date = 8/15/2008 6:36:10 PM | Attr = RHS]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 8/26/2008 8:01:22 PM | Attr =    ]
Config.MPF -> %SystemRoot%\System32\Config.MPF ->  [Ver =  | Size = 9346 bytes | Modified Date = 8/26/2008 8:00:54 PM | Attr =    ]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 8/26/2008 8:01:40 PM | Attr = RHS]
IEDFix.C.exe -> %SystemRoot%\System32\IEDFix.C.exe -> S!Ri.URZ [Ver =  | Size = 82432 bytes | Modified Date = 8/14/2008 9:52:23 PM | Attr =    ]
KGyGaAvL.sys -> %SystemRoot%\System32\KGyGaAvL.sys ->  [Ver =  | Size = 5852 bytes | Modified Date = 8/15/2008 6:36:11 PM | Attr =  HS]
tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 4616 bytes | Modified Date = 8/24/2008 9:30:05 PM | Attr =    ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 8/26/2008 7:59:40 PM | Attr =    ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 8/16/2008 3:01:17 AM | Attr =  H ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 8/26/2008 7:59:37 PM | Attr =   S]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 8/26/2008 8:01:31 PM | Attr =    ]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 8/16/2008 3:01:21 AM | Attr =    ]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 8/26/2008 8:01:30 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 8/24/2008 9:22:25 PM | Attr =  HS]
LastGood -> %SystemRoot%\LastGood ->  [Folder | Modified Date = 8/26/2008 8:01:31 PM | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 8/25/2008 6:33:10 PM | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 8/26/2008 7:59:53 PM | Attr =  H ]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 8/26/2008 8:00:50 PM | Attr =    ]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 8/26/2008 8:01:32 PM | Attr =    ]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 8/26/2008 8:02:00 PM | Attr =    ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 8/21/2008 5:33:03 PM | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 8/26/2008 7:59:43 PM | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 2/23/2006 3:43:46 AM | Attr =    ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 8/26/2008 8:05:52 PM | Attr =    ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5528 bytes | Modified Date = 8/26/2008 8:02:21 PM | Attr =    ]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 2/23/2006 3:48:50 AM | Attr =    ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 11094 bytes | Modified Date = 4/23/2006 9:52:05 AM | Attr =    ]
C:\WINDOWS\Temp\mcu12.tmp\ -> C:\WINDOWS\Temp\mcu12.tmp\ ->  [Folder | Modified Date = 10/30/2007 10:14:40 PM | Attr =    ]
McAppIns.exe -> C:\WINDOWS\Temp\mcu12.tmp\McAppIns.exe -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 131072 bytes | Modified Date = 1/23/2006 5:55:06 PM | Attr =    ]
C:\WINDOWS\Temp\mcu3.tmp\ -> C:\WINDOWS\Temp\mcu3.tmp\ ->  [Folder | Modified Date = 9/8/2007 11:35:02 AM | Attr =    ]
McAppIns.exe -> C:\WINDOWS\Temp\mcu3.tmp\McAppIns.exe -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 131072 bytes | Modified Date = 1/23/2006 5:55:06 PM | Attr =    ]
C:\WINDOWS\Temp\mcu50.tmp\ -> C:\WINDOWS\Temp\mcu50.tmp\ ->  [Folder | Modified Date = 9/26/2007 7:30:10 AM | Attr =    ]
McAppIns.exe -> C:\WINDOWS\Temp\mcu50.tmp\McAppIns.exe -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 131072 bytes | Modified Date = 1/23/2006 5:55:06 PM | Attr =    ]
C:\WINDOWS\Temp\mcu74.tmp\ -> C:\WINDOWS\Temp\mcu74.tmp\ ->  [Folder | Modified Date = 9/12/2007 10:28:19 PM | Attr =    ]
McAppIns.exe -> C:\WINDOWS\Temp\mcu74.tmp\McAppIns.exe -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 131072 bytes | Modified Date = 1/23/2006 5:55:06 PM | Attr =    ]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\2J5QXQTI\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\2J5QXQTI ->  [Folder | Modified Date = 11/7/2007 7:47:26 AM | Attr =   S]
DMSetup[1].exe -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\2J5QXQTI\DMSetup[1].exe -> McAfee, Inc. [Ver = 2,0,132,0 | Size = 636192 bytes | Modified Date = 11/7/2007 7:43:39 AM | Attr =    ]
@Alternate Data Stream - 26 bytes -> %SystemRoot%\Temp\Temporary Internet Files\Content.IE5\2J5QXQTI\DMSetup[1].exe:Zone.Identifier
C:\WINDOWS\Temp\mcu12.tmp\ -> C:\WINDOWS\Temp\mcu12.tmp\ ->  [Folder | Modified Date = 10/30/2007 10:14:40 PM | Attr =    ]
mcinsres.dll -> C:\WINDOWS\Temp\mcu12.tmp\mcinsres.dll -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 33280 bytes | Modified Date = 1/23/2006 5:54:54 PM | Attr =    ]
C:\WINDOWS\Temp\mcu3.tmp\ -> C:\WINDOWS\Temp\mcu3.tmp\ ->  [Folder | Modified Date = 9/8/2007 11:35:02 AM | Attr =    ]
mcinsres.dll -> C:\WINDOWS\Temp\mcu3.tmp\mcinsres.dll -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 33280 bytes | Modified Date = 1/23/2006 5:54:54 PM | Attr =    ]
C:\WINDOWS\Temp\mcu50.tmp\ -> C:\WINDOWS\Temp\mcu50.tmp\ ->  [Folder | Modified Date = 9/26/2007 7:30:10 AM | Attr =    ]
mcinsres.dll -> C:\WINDOWS\Temp\mcu50.tmp\mcinsres.dll -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 33280 bytes | Modified Date = 1/23/2006 5:54:54 PM | Attr =    ]
C:\WINDOWS\Temp\mcu74.tmp\ -> C:\WINDOWS\Temp\mcu74.tmp\ ->  [Folder | Modified Date = 9/12/2007 10:28:19 PM | Attr =    ]
mcinsres.dll -> C:\WINDOWS\Temp\mcu74.tmp\mcinsres.dll -> McAfee, Inc [Ver = 6, 0, 0, 22 | Size = 33280 bytes | Modified Date = 1/23/2006 5:54:54 PM | Attr =    ]
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp ->  [Folder | Modified Date = 8/26/2008 8:06:02 PM | Attr =    ]
Perflib_Perfdata_11c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_11c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 6/20/2008 4:55:20 AM | Attr =    ]
Perflib_Perfdata_4e8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_4e8.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2/22/2008 5:56:36 AM | Attr =    ]
Perflib_Perfdata_520.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_520.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 7/18/2008 4:54:44 AM | Attr =    ]
Perflib_Perfdata_7dc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7dc.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 6/13/2008 4:56:13 AM | Attr =    ]
Perflib_Perfdata_7e0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7e0.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 3/9/2008 7:45:35 AM | Attr =    ]
Perflib_Perfdata_7f0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7f0.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 5/31/2008 3:04:34 PM | Attr =    ]
Perflib_Perfdata_7f4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7f4.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 4/9/2008 4:05:55 AM | Attr =    ]
Perflib_Perfdata_98c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_98c.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 8/2/2008 2:30:13 PM | Attr =    ]
Perflib_Perfdata_a28.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_a28.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 10/10/2007 7:05:48 PM | Attr =    ]
Perflib_Perfdata_bc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_bc.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 5/16/2008 4:57:40 AM | Attr =    ]
Perflib_Perfdata_f20.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_f20.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 10/30/2007 10:08:29 PM | Attr =    ]
31 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
C:\WINDOWS\Temp\Cookies\ -> C:\WINDOWS\Temp\Cookies ->  [Folder | Modified Date = 11/7/2007 7:43:21 AM | Attr =   S]
index.dat -> C:\WINDOWS\Temp\Cookies\index.dat ->  [Ver =  | Size = 32768 bytes | Modified Date = 11/7/2007 7:49:54 AM | Attr =    ]
C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ ->  [Folder | Modified Date = 11/12/2007 8:58:29 AM | Attr =   S]
index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat ->  [Ver =  | Size = 49152 bytes | Modified Date = 11/7/2007 7:49:54 AM | Attr =    ]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ ->  [Folder | Modified Date = 3/14/2006 9:34:15 AM | Attr =   S]
index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat ->  [Ver =  | Size = 65536 bytes | Modified Date = 11/7/2007 7:49:54 AM | Attr =    ]
C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ ->  [Folder | Modified Date = 11/12/2007 8:58:29 AM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini ->  [Ver =  | Size = 113 bytes | Modified Date = 3/14/2006 9:34:16 AM | Attr =  HS]
C:\WINDOWS\Temp\mcu10.tmp\vso\ -> C:\WINDOWS\Temp\mcu10.tmp\vso ->  [Folder | Modified Date = 11/6/2007 10:37:14 PM | Attr =    ]
mcdelta.ini -> C:\WINDOWS\Temp\mcu10.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 996 bytes | Modified Date = 11/6/2007 10:37:13 PM | Attr =    ]
C:\WINDOWS\Temp\mcu15.tmp\vso\ -> C:\WINDOWS\Temp\mcu15.tmp\vso ->  [Folder | Modified Date = 9/26/2007 5:06:15 PM | Attr =    ]
mcdelta.ini -> C:\WINDOWS\Temp\mcu15.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 997 bytes | Modified Date = 9/26/2007 5:06:15 PM | Attr =    ]
C:\WINDOWS\Temp\mcu16.tmp\vso\ -> C:\WINDOWS\Temp\mcu16.tmp\vso ->  [Folder | Modified Date = 9/19/2007 10:31:52 AM | Attr =    ]
mcdelta.ini -> C:\WINDOWS\Temp\mcu16.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 997 bytes | Modified Date = 9/19/2007 10:31:51 AM | Attr =    ]
C:\WINDOWS\Temp\mcu1C.tmp\vso\ -> C:\WINDOWS\Temp\mcu1C.tmp\vso ->  [Folder | Modified Date = 9/19/2007 3:12:13 PM | Attr =    ]
mcdelta.ini -> C:\WINDOWS\Temp\mcu1C.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 997 bytes | Modified Date = 9/19/2007 3:12:13 PM | Attr =    ]
C:\WINDOWS\Temp\mcu2.tmp\vso\ -> C:\WINDOWS\Temp\mcu2.tmp\vso ->  [Folder | Modified Date = 10/30/2007 10:13:05 PM | Attr =    ]
mcdelta.ini -> C:\WINDOWS\Temp\mcu2.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 993 bytes | Modified Date = 10/30/2007 10:12:57 PM | Attr =    ]
C:\WINDOWS\Temp\mcu23.tmp\vso\ -> C:\WINDOWS\Temp\mcu23.tmp\vso ->  [Folder | Modified Date = 9/20/2007 5:34:21 PM | Attr =    ]
mcdelta.ini -> C:\WINDOWS\Temp\mcu23.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 997 bytes | Modified Date = 9/20/2007 5:34:21 PM | Attr =    ]
C:\WINDOWS\Temp\mcu24.tmp\vso\ -> C:\WINDOWS\Temp\mcu24.tmp\vso ->  [Folder | Modified Date = 9/27/2007 3:06:23 PM | Attr =    ]
mcdelta.ini -> C:\WINDOWS\Temp\mcu24.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 997 bytes | Modified Date = 9/27/2007 3:06:22 PM | Attr =    ]
C:\WINDOWS\Temp\mcu2A.tmp\vso\ -> C:\WINDOWS\Temp\mcu2A.tmp\vso ->  [Folder | Modified Date = 11/1/2007 9:25:50 PM | Attr =    ]
mcdelta.ini -> C:\WINDOWS\Temp\mcu2A.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 993 bytes | Modified Date = 11/1/2007 9:25:50 PM | Attr =    ]
C:\WINDOWS\Temp\mcu3C.tmp\vso\ -> C:\WINDOWS\Temp\mcu3C.tmp\vso ->  [Folder | Modified Date = 9/25/2007 12:19:37 AM | Attr =    ]
mcdelta.ini -> C:\WINDOWS\Temp\mcu3C.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 997 bytes | Modified Date = 9/25/2007 12:19:37 AM | Attr =    ]
C:\WINDOWS\Temp\mcu3F.tmp\vso\ -> C:\WINDOWS\Temp\mcu3F.tmp\vso ->  [Folder | Modified Date = 9/13/2007 4:08:17 PM | Attr =    ]
mcdelta.ini -> C:\WINDOWS\Temp\mcu3F.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 999 bytes | Modified Date = 9/13/2007 4:08:17 PM | Attr =    ]
C:\WINDOWS\Temp\mcu53.tmp\vso\ -> C:\WINDOWS\Temp\mcu53.tmp\vso ->  [Folder | Modified Date = 9/10/2007 2:25:43 PM | Attr =    ]
mcdelta.ini -> C:\WINDOWS\Temp\mcu53.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 999 bytes | Modified Date = 9/10/2007 2:25:42 PM | Attr =    ]
C:\WINDOWS\Temp\mcu55.tmp\vso\ -> C:\WINDOWS\Temp\mcu55.tmp\vso ->  [Folder | Modified Date = 9/25/2007 6:31:27 PM | Attr =    ]
mcdelta.ini -> C:\WINDOWS\Temp\mcu55.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 997 bytes | Modified Date = 9/25/2007 6:31:26 PM | Attr =    ]
C:\WINDOWS\Temp\mcu57.tmp\vso\ -> C:\WINDOWS\Temp\mcu57.tmp\vso ->  [Folder | Modified Date = 9/14/2007 6:07:52 PM | Attr =    ]
mcdelta.ini -> C:\WINDOWS\Temp\mcu57.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 998 bytes | Modified Date = 9/14/2007 6:07:51 PM | Attr =    ]
C:\WINDOWS\Temp\mcu5A.tmp\vso\ -> C:\WINDOWS\Temp\mcu5A.tmp\vso ->  [Folder | Modified Date = 11/2/2007 4:10:54 PM | Attr =    ]
mcdelta.ini -> C:\WINDOWS\Temp\mcu5A.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 993 bytes | Modified Date = 11/2/2007 4:10:54 PM | Attr =    ]
C:\WINDOWS\Temp\mcu6.tmp\vso\ -> C:\WINDOWS\Temp\mcu6.tmp\vso ->  [Folder | Modified Date = 9/8/2007 11:28:13 AM | Attr =    ]
mcdelta.ini -> C:\WINDOWS\Temp\mcu6.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 999 bytes | Modified Date = 9/8/2007 11:28:12 AM | Attr =    ]
C:\WINDOWS\Temp\mcu72.tmp\vso\ -> C:\WINDOWS\Temp\mcu72.tmp\vso ->  [Folder | Modified Date = 9/21/2007 4:17:27 PM | Attr =    ]
mcdelta.ini -> C:\WINDOWS\Temp\mcu72.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 997 bytes | Modified Date = 9/21/2007 4:17:25 PM | Attr =    ]
C:\WINDOWS\Temp\mcu78.tmp\vso\ -> C:\WINDOWS\Temp\mcu78.tmp\vso ->  [Folder | Modified Date = 9/12/2007 10:26:49 PM | Attr =    ]
mcdelta.ini -> C:\WINDOWS\Temp\mcu78.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 999 bytes | Modified Date = 9/12/2007 10:26:48 PM | Attr =    ]
C:\WINDOWS\Temp\mcuB6.tmp\vso\ -> C:\WINDOWS\Temp\mcuB6.tmp\vso ->  [Folder | Modified Date = 11/1/2007 12:21:55 PM | Attr =    ]
mcdelta.ini -> C:\WINDOWS\Temp\mcuB6.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 993 bytes | Modified Date = 11/1/2007 12:21:54 PM | Attr =    ]
C:\WINDOWS\Temp\mcuDB.tmp\vso\ -> C:\WINDOWS\Temp\mcuDB.tmp\vso ->  [Folder | Modified Date = 11/6/2007 12:20:15 AM | Attr =    ]
mcdelta.ini -> C:\WINDOWS\Temp\mcuDB.tmp\vso\mcdelta.ini ->  [Ver =  | Size = 995 bytes | Modified Date = 11/6/2007 12:20:15 AM | Attr =    ]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ ->  [Folder | Modified Date = 3/14/2006 9:34:15 AM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 3/14/2006 9:34:15 AM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\0MA2MZ0G\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\0MA2MZ0G ->  [Folder | Modified Date = 11/7/2007 7:43:45 AM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\0MA2MZ0G\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 3/14/2006 9:34:15 AM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\2J5QXQTI\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\2J5QXQTI ->  [Folder | Modified Date = 11/7/2007 7:47:26 AM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\2J5QXQTI\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 3/14/2006 9:34:15 AM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\PVERBERB\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\PVERBERB ->  [Folder | Modified Date = 11/7/2007 7:43:46 AM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\PVERBERB\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 3/14/2006 9:34:15 AM | Attr =  HS]
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\YH7J5DMZ\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\YH7J5DMZ ->  [Folder | Modified Date = 11/7/2007 7:43:45 AM | Attr =   S]
desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\YH7J5DMZ\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 3/14/2006 9:34:15 AM | Attr =  HS]
mcltvers[1].ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\YH7J5DMZ\mcltvers[1].ini ->  [Ver =  | Size = 2657 bytes | Modified Date = 4/4/2006 5:28:55 PM | Attr =    ]

< End of report >
hukull
Active Member
 
Posts: 9
Joined: August 17th, 2008, 4:24 pm

Re: "AntiSpyCheck" website keeps popping up and will not close!

Unread postby Shaba » August 27th, 2008, 1:32 am

Please download ATF Cleaner by Atribune and save
it to desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit to close ATF-Cleaner.

Open OTScanIt.

Paste text below to Paste Fix here (upper right corner)

Code: Select all
[Registry - Non-Microsoft Only]
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> vtututs -> 
[Files/Folders - Created Within 30 days]
NY -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp


Click Run Fix

If it doesn't run scan automatically, click Run Scan

Post back a fresh OTScanIt log, please.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: "AntiSpyCheck" website keeps popping up and will not close!

Unread postby hukull » August 27th, 2008, 7:52 pm

[Registry - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtututs\ deleted successfully.
[Files/Folders - Created Within 30 days]
< End of fix log >
OTScanIt by OldTimer - Version 1.0.16.2 fix logfile created on 08272008_195434
hukull
Active Member
 
Posts: 9
Joined: August 17th, 2008, 4:24 pm

Re: "AntiSpyCheck" website keeps popping up and will not close!

Unread postby Shaba » August 28th, 2008, 4:08 am

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.

Then download and install Java Runtime Environment (JRE) 6 Update 7.

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: "AntiSpyCheck" website keeps popping up and will not close!

Unread postby hukull » August 29th, 2008, 7:04 am

The pop-up website is gone. Here are the logs you asked for. Sorry, it took my computer a while to do these scans. Thanks again.

JavaRa: (didn't know if you wanted this one)


JavaRa 1.11 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Aug 28 19:25:04 2008

Found and removed: C:\Program Files\Java\j2re1.4.2_03

Found and removed: C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28

Found and removed: C:\Windows\System32\jpicpl32.cpl

Found and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142030}

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4

Found and removed: Software\JavaSoft\Java2D\1.5.0_03

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510003

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510003

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510003

Found and removed: SOFTWARE\Classes\JavaPlugin.150_03

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_03

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150030}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142030}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F841731866D117AB7000B0D410203

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410203

Found and removed: SOFTWARE\Classes\JavaPlugin.142_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.2_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.4.2_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_03

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_03\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

------------------------------------

Finished reporting.


Kaspersky:


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, August 29, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, August 28, 2008 22:34:32
Records in database: 1158372
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 65565
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:24:28


File name / Threat name / Threats count
C:\Documents and Settings\Sally\Desktop\10 million miles patty griffin.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1

The selected area was scanned.




Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:03:52, on 8/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wscntfy.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/B ... ofupld.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

--
End of file - 10388 bytes
hukull
Active Member
 
Posts: 9
Joined: August 17th, 2008, 4:24 pm

Re: "AntiSpyCheck" website keeps popping up and will not close!

Unread postby Shaba » August 29th, 2008, 11:51 am

Delete this:

C:\Documents and Settings\Sally\Desktop\10 million miles patty griffin.mp3

Empty Recycle Bin.

Still problems?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: "AntiSpyCheck" website keeps popping up and will not close!

Unread postby hukull » August 29th, 2008, 7:19 pm

No more problems. Everything is working great!! Thank you so much for your time. How can one support this site?
hukull
Active Member
 
Posts: 9
Joined: August 17th, 2008, 4:24 pm

Re: "AntiSpyCheck" website keeps popping up and will not close!

Unread postby Shaba » August 30th, 2008, 4:46 am

You can always donate if you like to :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Next we remove all used tools.

Please download OTCleanIt and save it to desktop.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

  • Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and re-enable system restore here:

    Windows XP System Restore Guide

Re-enable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

    Malwarebytes' Anti-Malware Setup Guide

    Malwarebytes' Anti-Malware Scanning Guide

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean! :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 332 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware