Tech Support Forum - View Single Post - System start-up change detected

Joody · 12-09-2008, 06:43 AM

Here is the log file

DDS (Version 1.0) - NTFSx86
Run by Compaq_Owner at 5:40:50.48 on Tue 12/09/2008
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.148 [GMT -8:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Shaw Secure\FSGUI\ispnews.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSGTAG\MSGTAG.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
mStart Page = hxxp://www.msn.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - c:\program files\hp\smart web printing\SmartWebPrinting.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSGTAG] "c:\program files\msgtag\MSGTAG.exe" /startup
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [IcoSet] c:\hp\bin\cloaker.exe c:\hp\bin\icoset\adjust.bat seticon
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [gcasServ] "c:\program files\microsoft antispyware\gcasServ.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [F-Secure Manager] "c:\program files\shaw secure\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\shaw secure\tnb\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [F-Secure Startup Wizard] "c:\program files\shaw secure\fsgui\FSSW.EXE" /reboot
mRun: [News Service] "c:\program files\shaw secure\fsgui\ispnews.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\6750491\program\Compaq Connections.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shawse~1.lnk - c:\program files\shaw secure\backweb\3875767\program\fspex.exe
IE: &Add animation to IncrediMail Style Box - c:\progra~1\incred~1\bin\resources\WebMenuImg.htm
IE: &Block this popup - c:\program files\shaw secure\anti-spyware\blockpopups.htm
IE: Add To Compaq Organize... - c:\progra~1\hewlet~1\compaq~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {200DB664-75B5-47c0-8B45-A44ACCF73C00} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - c:\program files\shaw secure\fspc\fspcmsie.dll
IE: {200DB664-75B5-47c0-8B45-A44ACCF73F01} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - c:\program files\shaw secure\fspc\fspcmsie.dll
IE: {200DB664-75B5-47c0-8B45-A44ACCF73F02} - {878137C3-9DAC-4a48-9625-78A054E86C1E} - c:\program files\shaw secure\fspc\fspcmsie.dll
IE: {200DB664-75B5-47c0-8B45-A44ACCF73F03} - {A7FC740A-AC46-46d2-9262-E368D619AD17} - c:\program files\shaw secure\fspc\fspcmsie.dll
IE: {200DB664-75B5-47c0-8B45-A44ACCF73F04} - {C459289E-2150-486b-8556-12C706799CAC} - c:\program files\shaw secure\fspc\fspcmsie.dll
IE: {300DB664-75B5-47c0-8B45-A44ACCF73C00} - {0928F506-07E8-470c-979D-147C296D4879} - c:\program files\shaw secure\anti-spyware\ieshield.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {9EF34FF2-3396-4527-9D27-04C8C1C67806} - c:\program files\microsoft antispyware\shellextension.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2005-3-21 70896]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\SASDIFSV.SYS [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\SASKUTIL.sys [2008-11-17 55024]
R2 BackWeb Plug-in - 3875767;Shaw Secure;c:\progra~1\shawse~1\backweb\3875767\program\SERVIC~1.EXE [2006-3-21 32807]
R2 ewido security suite control;ewido security suite control;c:\program files\ewido anti-malware\ewidoctrl.exe [2005-11-30 13888]
R2 F-Secure Filter;F-Secure File System Filter;\??\c:\program files\shaw secure\anti-virus\win2k\FSfilter.sys [2005-3-21 48720]
R2 F-Secure Gatekeeper Handler Starter;F-Secure Gatekeeper Handler Starter;"c:\program files\shaw secure\anti-virus\fsgk32st.exe" [2005-3-21 36947]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\c:\program files\shaw secure\anti-virus\win2k\FSgk.sys [2005-3-21 55424]
R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\c:\program files\shaw secure\anti-virus\win2k\FSrec.sys [2005-3-21 16816]
S2 PPSCAN;PPSCAN;c:\windows\system32\drivers\PPSCAN.sys [2005-6-8 91520]
S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\SASENUM.SYS [2008-11-17 7408]

=============== Created Last 30 ================

2008-12-08 18:26 <DIR> --d----- c:\program files\Trend Micro
2008-12-05 20:52 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-05 20:52 73,728 a------- c:\windows\system32\javacpl.cpl
2008-12-05 18:50 161,792 a------- c:\windows\SWREG.exe
2008-12-05 18:50 98,816 a------- c:\windows\sed.exe
2008-12-04 19:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-12-04 19:24 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-12-04 19:24 <DIR> --d----- c:\docume~1\compaq~1\applic~1\SUPERAntiSpyware.com
2008-12-04 19:23 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-02 19:38 250 a------- c:\windows\gmer.ini
2008-12-01 19:25 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2008-11-27 17:04 <DIR> --d----- c:\program files\Windows Media Connect 2
2008-11-11 19:29 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 19:28 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll

==================== Find3M ====================

2008-12-09 05:25 <DIR> --d----- c:\program files\Microsoft AntiSpyware
2008-12-04 19:19 <DIR> --d----- c:\program files\iTunes
2008-12-02 18:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-12-02 16:53 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-11-05 17:21 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Printer Info Cache
2008-10-01 16:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FunGames
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-15 04:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-05-21 18:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WEBREG
2006-03-31 17:35 <DIR> --d----- c:\docume~1\compaq~1\applic~1\F-Secure
2006-03-21 12:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\F-Secure
2006-02-04 11:09 <DIR> --d----- c:\docume~1\compaq~1\applic~1\MSNInstaller
2005-03-21 19:19 <DIR> --d----- c:\docume~1\compaq~1\applic~1\ispnews
2005-03-21 19:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2004-08-11 05:55 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Symantec
2004-08-10 05:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SBSI
2005-03-21 19:16 10,240 ac-sh--- c:\windows\rnapxs\rnapxs.dat
2005-02-15 20:19 0 ac-sh--- c:\windows\sminst\HPCD.sys

============= FINISH: 5:41:44.56 ===============

12-09-2008, 06:43 AM	#13 (permalink)
Joody Registered User Join Date: Feb 2005 Posts: 56 OS: Windows XP	Re: System start-up change detected Here is the log file DDS (Version 1.0) - NTFSx86 Run by Compaq_Owner at 5:40:50.48 on Tue 12/09/2008 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.148 [GMT -8:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe C:\Program Files\Shaw Secure\Common\FSMA32.EXE C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Shaw Secure\Common\FSMB32.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe C:\Program Files\Shaw Secure\Common\FCH32.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe C:\Program Files\Shaw Secure\Common\FAMEH32.EXE C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe C:\Program Files\Shaw Secure\FSPC\fspc.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Shaw Secure\Common\FSM32.EXE C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Shaw Secure\FSGUI\ispnews.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSGTAG\MSGTAG.exe C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Compaq_Owner\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.ca/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop mStart Page = hxxp://www.msn.com mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop uInternet Connection Wizard,ShellNext = iexplore BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - c:\program files\hp\smart web printing\SmartWebPrinting.dll BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSGTAG] "c:\program files\msgtag\MSGTAG.exe" /startup mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [IcoSet] c:\hp\bin\cloaker.exe c:\hp\bin\icoset\adjust.bat seticon mRun: [PS2] c:\windows\system32\ps2.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [gcasServ] "c:\program files\microsoft antispyware\gcasServ.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [F-Secure Manager] "c:\program files\shaw secure\common\FSM32.EXE" /splash mRun: [F-Secure TNB] "c:\program files\shaw secure\tnb\TNBUtil.exe" /CHECKALL /WAITFORSW mRun: [F-Secure Startup Wizard] "c:\program files\shaw secure\fsgui\FSSW.EXE" /reboot mRun: [News Service] "c:\program files\shaw secure\fsgui\ispnews.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\6750491\program\Compaq Connections.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shawse~1.lnk - c:\program files\shaw secure\backweb\3875767\program\fspex.exe IE: &Add animation to IncrediMail Style Box - c:\progra~1\incred~1\bin\resources\WebMenuImg.htm IE: &Block this popup - c:\program files\shaw secure\anti-spyware\blockpopups.htm IE: Add To Compaq Organize... - c:\progra~1\hewlet~1\compaq~1\bin\core.hp.main\SendTo.html IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {200DB664-75B5-47c0-8B45-A44ACCF73C00} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - c:\program files\shaw secure\fspc\fspcmsie.dll IE: {200DB664-75B5-47c0-8B45-A44ACCF73F01} - {D68926FD-18FD-4B0E-A1C7-917D13FAB760} - c:\program files\shaw secure\fspc\fspcmsie.dll IE: {200DB664-75B5-47c0-8B45-A44ACCF73F02} - {878137C3-9DAC-4a48-9625-78A054E86C1E} - c:\program files\shaw secure\fspc\fspcmsie.dll IE: {200DB664-75B5-47c0-8B45-A44ACCF73F03} - {A7FC740A-AC46-46d2-9262-E368D619AD17} - c:\program files\shaw secure\fspc\fspcmsie.dll IE: {200DB664-75B5-47c0-8B45-A44ACCF73F04} - {C459289E-2150-486b-8556-12C706799CAC} - c:\program files\shaw secure\fspc\fspcmsie.dll IE: {300DB664-75B5-47c0-8B45-A44ACCF73C00} - {0928F506-07E8-470c-979D-147C296D4879} - c:\program files\shaw secure\anti-spyware\ieshield.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: {9EF34FF2-3396-4527-9D27-04C8C1C67806} - c:\program files\microsoft antispyware\shellextension.dll SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL ============= SERVICES / DRIVERS =============== R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2005-3-21 70896] R1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\SASDIFSV.SYS [2008-11-17 8944] R1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\SASKUTIL.sys [2008-11-17 55024] R2 BackWeb Plug-in - 3875767;Shaw Secure;c:\progra~1\shawse~1\backweb\3875767\program\SERVIC~1.EXE [2006-3-21 32807] R2 ewido security suite control;ewido security suite control;c:\program files\ewido anti-malware\ewidoctrl.exe [2005-11-30 13888] R2 F-Secure Filter;F-Secure File System Filter;\??\c:\program files\shaw secure\anti-virus\win2k\FSfilter.sys [2005-3-21 48720] R2 F-Secure Gatekeeper Handler Starter;F-Secure Gatekeeper Handler Starter;"c:\program files\shaw secure\anti-virus\fsgk32st.exe" [2005-3-21 36947] R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\c:\program files\shaw secure\anti-virus\win2k\FSgk.sys [2005-3-21 55424] R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\c:\program files\shaw secure\anti-virus\win2k\FSrec.sys [2005-3-21 16816] S2 PPSCAN;PPSCAN;c:\windows\system32\drivers\PPSCAN.sys [2005-6-8 91520] S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\SASENUM.SYS [2008-11-17 7408] =============== Created Last 30 ================ 2008-12-08 18:26 <DIR> --d----- c:\program files\Trend Micro 2008-12-05 20:52 410,984 a------- c:\windows\system32\deploytk.dll 2008-12-05 20:52 73,728 a------- c:\windows\system32\javacpl.cpl 2008-12-05 18:50 161,792 a------- c:\windows\SWREG.exe 2008-12-05 18:50 98,816 a------- c:\windows\sed.exe 2008-12-04 19:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2008-12-04 19:24 <DIR> --d----- c:\program files\SUPERAntiSpyware 2008-12-04 19:24 <DIR> --d----- c:\docume~1\compaq~1\applic~1\SUPERAntiSpyware.com 2008-12-04 19:23 <DIR> --d----- c:\program files\common files\Wise Installation Wizard 2008-12-02 19:38 250 a------- c:\windows\gmer.ini 2008-12-01 19:25 102,664 a------- c:\windows\system32\drivers\tmcomm.sys 2008-11-27 17:04 <DIR> --d----- c:\program files\Windows Media Connect 2 2008-11-11 19:29 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys 2008-11-11 19:28 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll ==================== Find3M ==================== 2008-12-09 05:25 <DIR> --d----- c:\program files\Microsoft AntiSpyware 2008-12-04 19:19 <DIR> --d----- c:\program files\iTunes 2008-12-02 18:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2008-12-02 16:53 <DIR> --d----- c:\program files\Spybot - Search & Destroy 2008-11-05 17:21 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Printer Info Cache 2008-10-01 16:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FunGames 2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll 2008-09-15 04:12 1,846,400 a------- c:\windows\system32\win32k.sys 2008-05-21 18:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WEBREG 2006-03-31 17:35 <DIR> --d----- c:\docume~1\compaq~1\applic~1\F-Secure 2006-03-21 12:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\F-Secure 2006-02-04 11:09 <DIR> --d----- c:\docume~1\compaq~1\applic~1\MSNInstaller 2005-03-21 19:19 <DIR> --d----- c:\docume~1\compaq~1\applic~1\ispnews 2005-03-21 19:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec 2004-08-11 05:55 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Symantec 2004-08-10 05:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SBSI 2005-03-21 19:16 10,240 ac-sh--- c:\windows\rnapxs\rnapxs.dat 2005-02-15 20:19 0 ac-sh--- c:\windows\sminst\HPCD.sys ============= FINISH: 5:41:44.56 ===============