|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
01-23-2007, 09:06 AM
|
#1 (permalink) |
|
Registered User
Join Date: Jan 2007
Posts: 35
OS: WinXP
|
5 steps but still have spyware
I have taken the 5 steps and removed some of my spyware but Panda Scan still shows that I have 9 spyware, 1 rootkit/hacking tool and 1 dialer. I am attaching my hijack this logfile. Sorry but I have no names of the spyware etc. to give you. I do have the Panda scan when you want it. Thanks so much.
Logfile of HijackThis v1.99.1 Scan saved at 9:00:59 AM, on 1/23/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0007) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Shaw Secure\Common\FSM32.EXE C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe C:\WINDOWS\system32\ctfmon.exe C:\Palm\HOTSYNC.EXE C:\Program Files\QUICKENW\QWDLLS.EXE C:\Program Files\SpywareGuard\sgmain.exe C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe C:\Program Files\Shaw Secure\Common\FSMA32.EXE C:\Program Files\Shaw Secure\Common\FSMB32.EXE C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Shaw Secure\Common\FCH32.EXE C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe C:\Program Files\Shaw Secure\Common\FAMEH32.EXE C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.shaw.ca/start/enCA/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.averatec.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Shaw Internet O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbautoupdate.exe" O4 - HKCU\..\Run: [WeatherEye] C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.averatec.com O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.4.0.3...-ob-assets.cab O16 - DPF: Animal Ark by pogo - http://www.pogo.com/applet-6.5.3.44/...imal-en_US.cab O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.4.1.4...-ob-assets.cab O16 - DPF: Command and Conquer Comanche by pogo - http://game1.pogo.com/applet-6.4.1.4...-ob-assets.cab O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.4.4.2...-ob-assets.cab O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.5.3.3...ingo-en_US.cab O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.3.4.6...-ob-assets.cab O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.5.4.2...gsaw-en_US.cab O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.4.1.5...-ob-assets.cab O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.1.2...jong-en_US.cab O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.4.0.3...-ob-assets.cab O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.4.3.3...-ob-assets.cab O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.4.0.4...-ob-assets.cab O16 - DPF: Pirate's Gold by pogo - http://game1.pogo.com/applet-6.5.3.4...gold-en_US.cab O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.4.0.3...-ob-assets.cab O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.3.4.6...-ob-assets.cab O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.6.0.2...pit2-en_US.cab O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.4.4.2...-ob-assets.cab O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.4.0.3...-ob-assets.cab O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.5.3.4...stax-en_US.cab O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.4.4.2...-ob-assets.cab O16 - DPF: Tank Hunter by pogo - http://www.pogo.com/applet-6.4.1.46/...-ob-assets.cab O16 - DPF: TruePass EPF 7,0,100,684 - https://blrscr3.egs-seg.gc.ca/applet...applet-epf.cab O16 - DPF: Vert Skater by pogo - http://game1.pogo.com/applet-6.4.1.4...-ob-assets.cab O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.5.4.2...ries-en_US.cab O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.4.0.3...-ob-assets.cab O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://symantec.atgnow.com/sdccommon...ad/tgctlsi.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...l/LSSupCtl.cab O16 - DPF: {2119940C-F1CE-4258-8B96-41ECCA2BB184} (FTUploaderCtlX Control) - http://www.realphotovideo.com/ftweb/...oadControl.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1125698134519 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/6...l/gtdownls.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://12.36.103.133/push.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playweb06.pogo.com/game/delux...ploader_v6.cab O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca12.custhelp.com/7530-b3.../java/RntX.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
01-23-2007, 10:35 AM
|
#3 (permalink) |
|
Registered User
Join Date: Jan 2007
Posts: 35
OS: WinXP
|
Incident Status Location
Dialer:dialer.asl Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1426AC5-8CE5-4A00-B71E-011D35709AC6} Potentially unwanted tool:application/zango Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} Adware:adware/sahagent Not disinfected Windows Registry Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Kristi **\Cookies\kristi_ *****@atwola[2].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Kristi **\Cookies\kristi_ *****@burstnet[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Kristi **\Cookies\kristi_ ******@com[1].txt Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Kristi **\Cookies\kristi_ *****@www.burstbeacon[2].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Kristi **\Local Settings\Temp\Cookies\kristi <font color="blue"> *****</fo...ger[2].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Kristi **\Local Settings\Temp\Cookies\kristi *****@burstnet[1].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Kristi **\Local Settings\Temp\Cookies\kristi *****@go[1].txt Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Kristi **\Local Settings\Temp\Cookies\kristi *****@target[1].txt Last edited by Ried; 01-23-2007 at 04:08 PM. Reason: edited surname for privacy |
|
|
|
|
01-23-2007, 04:20 PM
|
#4 (permalink) | |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 27,079
OS: WinXP and Vista
|
Hiya,
We'll get rid of those dialers as well as putting this laptop through the same cleansing excercise as your other PC.  Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. ****************************************************** Download AVG Anti Spyware Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows" 
-------------------------------------------------------------------- Download and install CleanUp! but do not run it yet. (Not Recommended for XP64). -------------------------------------------------------------------- Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Use the up arrow key to highlight Safe Mode and press Enter. 5) Login with your usual account. Make sure to close any open browsers. -------------------------------------------------------------------- *WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! or move them to a permanent location. Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: *Click "Options..." *Move the arrow down to "Custom CleanUp!" *Put a check next to the following:
Press the CleanUp! button to start the program. Do NOT reboot/logoff when prompted. -------------------------------------------------------------------- IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess: Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
-------------------------------------------------------------------- Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Open notepad and copy/paste the text in the quotebox below: (don't forget to copy and paste REGEDIT4) Quote:
Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files" It should look like this:  Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards. -------------------------------------------------------------------- Reboot into Normal Mode. -------------------------------------------------------------------- I'd like a second online scan done at Kaspersky and see if it finds anything further. Please perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component.
Run a new scan with HijackThis and save the log. -------------------------------------------------------------------- Please include the following in your next reply: AVG Anti-Spyware results Kaspersky results New HijackThis log |
|
|
|
|
|
01-24-2007, 12:55 PM
|
#5 (permalink) |
|
Registered User
Join Date: Jan 2007
Posts: 35
OS: WinXP
|
Ok, I have gotten as far as Kaspersky but have hit a dead end. I get to the online scanner and click to install active x controls but then I end up on the page with requirements & limitations and nowhere to go except downloading the file scanner or antivirus software. Neither of these are what your instructions talk about, is this what I should do?
|
|
|
|
|
01-24-2007, 08:19 PM
|
#6 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 27,079
OS: WinXP and Vista
|
You are clicking on the magnifying glass icon for online scanner..correct? If so, then click 'Accept' on that pop up dialog box. It will then download the Active X and definitions--it is not installing Kaspersky Anti Virus on your system--just what it needs to be able to scan your system.
|
|
|
|
|
01-24-2007, 09:59 PM
|
#8 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 27,079
OS: WinXP and Vista
|
Try this link and see if the window is large enough for you to get at that 'Accept' button. http://www.kaspersky.com/kos/eng/par...avwebscan.html
|
|
|
|
|
01-25-2007, 07:06 AM
|
#9 (permalink) |
|
Registered User
Join Date: Jan 2007
Posts: 35
OS: WinXP
|
Thanks, that link worked.....I thought I was losing my mind! Here are the logs
Logfile of HijackThis v1.99.1 Scan saved at 7:01:09 AM, on 1/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0007) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE C:\Program Files\Shaw Secure\Common\FSMA32.EXE C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe C:\Program Files\Shaw Secure\Common\FSMB32.EXE C:\WINDOWS\system32\slserv.exe C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe C:\Program Files\Shaw Secure\Common\FCH32.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Shaw Secure\Common\FAMEH32.EXE C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Shaw Secure\Common\FSM32.EXE C:\Program Files\Shaw Secure\FSGUI\ispnews.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe C:\WINDOWS\System32\svchost.exe C:\Palm\HOTSYNC.EXE C:\Program Files\QUICKENW\QWDLLS.EXE C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.shaw.ca/start/enCA/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.averatec.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Shaw Internet O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbautoupdate.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [WeatherEye] C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.averatec.com O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.4.0.3...-ob-assets.cab O16 - DPF: Animal Ark by pogo - http://www.pogo.com/applet-6.5.3.44/...imal-en_US.cab O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.4.1.4...-ob-assets.cab O16 - DPF: Command and Conquer Comanche by pogo - http://game1.pogo.com/applet-6.4.1.4...-ob-assets.cab O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.4.4.2...-ob-assets.cab O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.5.3.3...ingo-en_US.cab O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.3.4.6...-ob-assets.cab O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.5.4.2...gsaw-en_US.cab O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.4.1.5...-ob-assets.cab O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.1.2...jong-en_US.cab O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.4.0.3...-ob-assets.cab O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.4.3.3...-ob-assets.cab O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.4.0.4...-ob-assets.cab O16 - DPF: Pirate's Gold by pogo - http://game1.pogo.com/applet-6.5.3.4...gold-en_US.cab O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.4.0.3...-ob-assets.cab O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.3.4.6...-ob-assets.cab O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.6.0.2...pit2-en_US.cab O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.4.4.2...-ob-assets.cab O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.4.0.3...-ob-assets.cab O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.5.3.4...stax-en_US.cab O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.4.4.2...-ob-assets.cab O16 - DPF: Tank Hunter by pogo - http://www.pogo.com/applet-6.4.1.46/...-ob-assets.cab O16 - DPF: TruePass EPF 7,0,100,684 - https://blrscr3.egs-seg.gc.ca/applet...applet-epf.cab O16 - DPF: Vert Skater by pogo - http://game1.pogo.com/applet-6.4.1.4...-ob-assets.cab O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.5.4.2...ries-en_US.cab O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.4.0.3...-ob-assets.cab O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://symantec.atgnow.com/sdccommon...ad/tgctlsi.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...l/LSSupCtl.cab O16 - DPF: {2119940C-F1CE-4258-8B96-41ECCA2BB184} (FTUploaderCtlX Control) - http://www.realphotovideo.com/ftweb/...oadControl.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1125698134519 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/6...l/gtdownls.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://12.36.103.133/push.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playweb06.pogo.com/game/delux...ploader_v6.cab O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca12.custhelp.com/7530-b3.../java/RntX.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe Thursday, January 25, 2007 6:58:07 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 25/01/2007 Kaspersky Anti-Virus database records: 261851 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ D:\ Scan Statistics Total number of scanned objects 67669 Number of viruses found 0 Number of infected objects 0 / 0 Number of suspicious objects 0 Duration of the scan process 01:22:43 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped C:\Documents and Settings\Kristi Rogers\Application Data\ispnews\ispn.ini Object is locked skipped C:\Documents and Settings\Kristi Rogers\Application Data\ispnews\ispnc.items Object is locked skipped C:\Documents and Settings\Kristi Rogers\Application Data\ispnews\ispnr.items Object is locked skipped C:\Documents and Settings\Kristi Rogers\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Kristi Rogers\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Kristi Rogers\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Kristi Rogers\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Kristi Rogers\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Kristi Rogers\Local Settings\History\History.IE5\MSHist012007012520070126\index.dat Object is locked skipped C:\Documents and Settings\Kristi Rogers\Local Settings\Temp\~DF1629.tmp Object is locked skipped C:\Documents and Settings\Kristi Rogers\Local Settings\Temp\~DFE1EA.tmp Object is locked skipped C:\Documents and Settings\Kristi Rogers\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Kristi Rogers\ntuser.dat Object is locked skipped C:\Documents and Settings\Kristi Rogers\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Shaw Secure\Anti-Virus\dbupdate.log Object is locked skipped C:\Program Files\Shaw Secure\Anti-Virus\Qrt.log Object is locked skipped C:\Program Files\Shaw Secure\backweb\3875767\Users\Default\Data\cache.dat Object is locked skipped C:\Program Files\Shaw Secure\backweb\3875767\Users\Default\Data\chandir.dat Object is locked skipped C:\Program Files\Shaw Secure\backweb\3875767\Users\Default\Data\chandir.idx Object is locked skipped C:\Program Files\Shaw Secure\backweb\3875767\Users\Default\Data\chn.dat Object is locked skipped C:\Program Files\Shaw Secure\backweb\3875767\Users\Default\Data\chn.idx Object is locked skipped C:\Program Files\Shaw Secure\backweb\3875767\Users\Default\Data\D0000000.FCS Object is locked skipped C:\Program Files\Shaw Secure\backweb\3875767\Users\Default\Data\fsbwupst.log Object is locked skipped C:\Program Files\Shaw Secure\backweb\3875767\Users\Default\Data\inuse.txt Object is locked skipped C:\Program Files\Shaw Secure\backweb\3875767\Users\Default\Data\L0000019.FCS Object is locked skipped C:\Program Files\Shaw Secure\backweb\3875767\Users\Default\Data\main.log Object is locked skipped C:\Program Files\Shaw Secure\backweb\3875767\Users\Default\Data\prs.dat Object is locked skipped C:\Program Files\Shaw Secure\backweb\3875767\Users\Default\Data\prs.idx Object is locked skipped C:\Program Files\Shaw Secure\backweb\3875767\Users\Default\Data\prs_die.dat Object is locked skipped C:\Program Files\Shaw Secure\backweb\3875767\Users\Default\Data\prs_die.idx Object is locked skipped C:\Program Files\Shaw Secure\backweb\3875767\Users\Default\Data\prs_dnd.dat Object is locked skipped C:\Program Files\Shaw Secure\backweb\3875767\Users\Default\Data\prs_dnd.idx Object is locked skipped C:\Program Files\Shaw Secure\backweb\3875767\Users\Default\Data\prs_ext.dat Object is locked skipped C:\Program Files\Shaw Secure\backweb\3875767\Users\Default\Data\prs_ext.idx Object is locked skipped C:\Program Files\Shaw Secure\backweb\3875767\Users\Default\Data\prs_rcv.dat Object is locked skipped C:\Program Files\Shaw Secure\backweb\3875767\Users\Default\Data\prs_rcv.idx Object is locked skipped C:\Program Files\Shaw Secure\backweb\3875767\Users\Default\Data\storydb.dat Object is locked skipped C:\Program Files\Shaw Secure\backweb\3875767\Users\Default\Data\storydb.idx Object is locked skipped C:\Program Files\Shaw Secure\Common\admin.pub Object is locked skipped C:\Program Files\Shaw Secure\Common\policy.bpf Object is locked skipped C:\Program Files\Shaw Secure\Common\policy.ipf Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{D62CA84F-F786-4600-AE5E-DE1A847A28BF}\RP662\change.log Object is locked skipped C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\hh.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\html32.cnv Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\itss.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\locator.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\magnify.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\narrator.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\newdev.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\ole32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\osk.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\rpcrt4.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\rpcss.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\shell32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\srv.sys Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\user32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\win32k.sys Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826942$\ndis.sys Object is locked skipped C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys Object is locked skipped C:\WINDOWS\$NtUninstallKB826942$\netshell.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB829558$\dao360.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB829558$\expsrv.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB829558$\msexch40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB829558$\msexcl40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB829558$\msjet40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB829558$\msjetol1.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB829558$\msjetoledb40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB829558$\msjint40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB829558$\msjter40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB829558$\msjtes40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB829558$\msltus40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB829558$\mspbde40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB829558$\msrd2x40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB829558$\msrd3x40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB829558$\msrepl40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB829558$\mstext40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB829558$\mswdat10.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB829558$\mswstr10.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB829558$\msxbde40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB829558$\vbajet32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB833998$\shell32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB833998$\sxs.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped C:\WINDOWS\$NtUninstallQ828026$\wmp.dll Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 11:52:49 AM 1/24/2007 + Scan result: C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined). ::Report end |
|
|
|
|
01-25-2007, 07:26 AM
|
#10 (permalink) | |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 27,079
OS: WinXP and Vista
|
Quote:
 I must admit, that's the first time I've seen that happen with Kaspersky's pop up box. I do know that some users have issues with Kaspersky online scan and IE7... The good news is all these logs are clean. You do however have a corrupted McAfee Toolbar. Run a scan with HijackThis and fix the following entry: O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) Click 'Fix Checked' and close HijackThis. ---------------------------------------------------- Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links. Create a new System Restore point Click Start >> Run - type SYSDM.CPL & press Enter * Select the System Restore Tab * Tick on the checkbox - "Turn off System Restore on all drives" Click Apply * Then untick the same checkbox & click OK This will prevent any reinfection from previous restore points. To help protect this system in the future, I recommend that you get the following free programs if you do not already have them: Download SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items . Download Spyware Guard to catch and block spyware before it can execute. Download IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)
Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released. In light of your recent issue, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles: PC Safety and Security--What Do I Need? HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER Understanding and Using Firewalls **Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. Follow this list and your potential for being infected will reduce dramatically. |
|
|
|
|
|
01-28-2007, 09:32 AM
|
#11 (permalink) |
|
Registered User
Join Date: Jan 2007
Posts: 35
OS: WinXP
|
Hey Ried, I was reading on the IE spyad web page that there could be issues with using it in conjunction with Spyware Blaster. What is your opinion? Thanks for all your help! Also, should I continue to use AVG or F-Secure which I have free through my ISP?
|
|
|
|
|
01-28-2007, 10:52 AM
|
#12 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 27,079
OS: WinXP and Vista
|
Hiya,
I've used IESpyAd along with Spyware Blaster for about 3 yrs now and have not had any trouble at all. For a more detailed explanation of these programs, please refer to the IESpyAd readme file. Keep both AVG A-S and F-Secure. The AVG product I had you download and install is their Anti-Spyware program, not their Anti-Virus. AVG A-S will work fine with F-Secure and will provide another level of protection for you. After the trial period has ended with AVG A-S, you will lose the 'Resident Shield' (active protection) but you will still be able to update it's database and it will continue to remove malware from your system. I hope this answers your questions satisfactorily--just let me know if you need more info. 
|
|
|
|
| Thread Tools | |
|
|
