[desarae]

I have a spy ware problem , I have gone through the 5 steps and keep getting froze half way through the panda program. Settings are now starting to change and history is gone. As we go through the 5 steps the unline scvans are not working. My norton has somehow been uninstalled. Good news is step 3 none of the items were in my program files. Windows update doesn't appear to be working.

Logfile of HijackThis v1.99.1
Scan saved at 19:30:15, on Jan-18-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\DOCUME~1\Name\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [DSS] C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: CleanUp.lnk = C:\CleanUp.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

 

[Ried]

Hello desarae and welcome,

Please download SREng.
Alternate link if needed.

**You may receive a message "The bandwidth limit for this site has been exceeded", please keep trying--eventually you'll get through.

1. Extract it to Desktop & double click SREng.exe to run it

2. Select 'Smart Scan' & tick "Verify Digital Signatures"

3. Click on the [Scan] button

4. When finished, click on the [Save Reports] button & save the log to Desktop

5. Attach the log in your next reply. Dont post it.

You may have to rename SREngLOG.log to SREngLOG.txt to upload it.

 

[desarae]

Logs

Here are the logs from the scan you told me to run...


2007-01-22,10:08:04

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
- Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IntelliPoint><"C:\Program Files\Microsoft IntelliPoint\point32.exe"> [Microsoft Corporation]
<USB Storage Toolbox><C:\Program Files\USB Disk Win98 Driver\Res.EXE> [ali]
<SunJavaUpdateSched><"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"> [Sun Microsystems, Inc.]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A]
<F-Secure Manager><"C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash> [F-Secure Corporation]
<F-Secure TNB><"C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW> [F-Secure Corporation]
<F-Secure Startup Wizard><"C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot> [F-Secure Corporation]
<News Service><"C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"> [F-Secure Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<NeroFilterCheck><; C:\WINDOWS\system32\NeroCheck.exe> [N/A]
<SoundMan><; SOUNDMAN.EXE> [(Verified)Realtek Semiconductor Corp.]

==================================
Startup Folders
[CleanUp]
<C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CleanUp.lnk --> C:\CLEANUP.EXE [user]><N>
[Shaw Secure]
<C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shaw Secure.lnk --> C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\fspex.exe [BackWeb Technologies Inc. ]><N>

==================================
Services
[Application Management / AppMgmt][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Shaw Secure / BackWeb Plug-in - 3875767][Running/Auto Start]
<C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE><BackWeb Technologies Inc.>
[FSGKHS / F-Secure Gatekeeper Handler Starter][Running/Auto Start]
<"C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe"><F-Secure Corporation>
[FSBWSYS / FSBWSYS][Running/Auto Start]
<"C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe"><F-Secure Corp.>
[F-Secure Anti-Virus Firewall Daemon / FSDFWD][Running/Manual Start]
<"C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe"><F-Secure Corporation>
[F-Secure Management Agent / FSMA][Running/Auto Start]
<"C:\Program Files\Shaw Secure\Common\FSMA32.EXE"><F-Secure Corporation>
[LexBce Server / LexBceS][Running/Auto Start]
<C:\WINDOWS\system32\LEXBCES.EXE><Lexmark International, Inc.>

==================================
Drivers
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
<system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[F-Secure File System Filter / F-Secure Filter][Running/Auto Start]
<\??\C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FSfilter.sys><N/A>
[F-Secure Gatekeeper / F-Secure Gatekeeper][Running/Auto Start]
<\??\C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FSgk.sys><N/A>
[F-Secure File System Recognizer / F-Secure Recognizer][Running/Auto Start]
<\??\C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FSrec.sys><N/A>
[F-Secure Firewall Driver / FSFW][Running/Boot Start]
<\SystemRoot\System32\drivers\fsdfw.sys><F-Secure Corporation>
[HCF_MSFT / HCF_MSFT][Stopped/Manual Start]
<system32\DRIVERS\HCF_MSFT.sys><Conexant>
[iMSPCLOj / iMSPCLOj][Stopped/Manual Start]
<\??\C:\DOCUME~1\Name\LOCALS~1\Temp\iMSPCLOj.sys><N/A>
[mdmxsdk / mdmxsdk][Running/Auto Start]
<system32\DRIVERS\mdmxsdk.sys><Conexant>
[nv / nv][Running/Manual Start]
<System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Running/Auto Start]
<System32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SiS PCI Fast Ethernet Adapter Driver / SISNIC][Running/Manual Start]
<System32\DRIVERS\sisnic.sys><SiS Corporation>
[tmcomm / tmcomm][Stopped/Auto Start]
<\??\C:\WINDOWS\system32\drivers\tmcomm.sys><N/A>
[Winachcf / Winachcf][Running/Manual Start]
<system32\DRIVERS\winachcf.sys><Conexant>

==================================
Browser Add-ons
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[]
{53707962-6F74-2D53-2644-206D7942484F} <C:\Program Files\Spybot - Search & Destroy\SDHelper.dll, Safer Networking Limited>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Java Plug-in 1.5.0_10]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.>
[F-Secure IE Shield COM button]
{300DB664-75B5-47c0-8B45-A44ACCF73C00} <C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll, F-Secure Corporation>
[]
{85d1f590-48f4-11d9-9669-0800200c9a66} <%windir%\bdoscandel.exe, N/A>
[&Research]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[BDSCANONLINE Control]
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\WINDOWS\DOWNLO~1\oscan8.ocx, SOFTWIN>
[Symantec RuFSI Utility Class]
{644E432F-49D3-41A1-8DD5-E099162EEEC5} <C:\WINDOWS\Downloaded Program Files\rufsi.dll, Symantec Corporation>
[Java Plug-in 1.5.0_10]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.>
[ActiveScan Installer Class]
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} <C:\WINDOWS\Downloaded Program Files\asinst.dll, Panda Software>
[Java Plug-in 1.5.0_10]
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_10]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Photo Upload Plugin Class]
{F127B9BA-89EA-4B04-9C67-2074A9DF61FD} <C:\WINDOWS\Downloaded Program Files\Photochannel.dll, PhotoChannel Networks>
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <, N/A>
[Microsoft Office Template and Media Control]
{02BCC737-B171-4746-94C9-0D8A0B2C0089} <C:\PROGRA~1\MICROS~3\OFFICE11\IEAWSDC.DLL, N/A>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\System32\mshtml.dll, N/A>
[Tabular Data Control]
{333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\System32\tdc.ocx, Microsoft Corporation>
[Microsoft Office Control]
{4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <C:\PROGRA~1\MICROS~3\OFFICE11\AUTHZAX.DLL, Microsoft Corporation>
[Reporte Class]
{4A2A4430-3967-4461-94C7-BD95C419F3CF} <C:\WINDOWS\system32\ActiveScan\ascontrol.dll, Panda Software>
[]
{53707962-6F74-2D53-2644-206D7942484F} <C:\Program Files\Spybot - Search & Destroy\SDHelper.dll, Safer Networking Limited>
[BDSCANONLINE Control]
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\WINDOWS\DOWNLO~1\oscan8.ocx, SOFTWIN>
[Symantec RuFSI Utility Class]
{644E432F-49D3-41A1-8DD5-E099162EEEC5} <C:\WINDOWS\Downloaded Program Files\rufsi.dll, Symantec Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Seleccion Class]
{6CEC0297-FAFB-41FB-97EA-77E3081B1DFE} <C:\WINDOWS\system32\ActiveScan\ascontrol.dll, Panda Software>
[ControlConexion Class]
{6FDCDD41-6C97-4A3B-9E6D-0144B66A1CE4} <C:\WINDOWS\system32\ActiveScan\ascontrol.dll, Panda Software>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_10]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Panda ActiveScan]
{96567F65-E04C-4611-AF29-7CDEA6FA6A84} <C:\WINDOWS\system32\ACTIVE~1\as.dll, Panda Software>
[ActiveScan Installer Class]
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} <C:\WINDOWS\Downloaded Program Files\asinst.dll, Panda Software>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
[OWSClientMiscApis Class]
{BDEADE3F-C265-11D0-BCED-00A0C90AB50F} <C:\PROGRA~1\MICROS~3\OFFICE11\OWSCLT.DLL, Microsoft Corporation>
[OWSBrowserUI Class]
{BDEADE43-C265-11D0-BCED-00A0C90AB50F} <C:\PROGRA~1\MICROS~3\OFFICE11\OWSCLT.DLL, Microsoft Corporation>
[Symantec RuFSI File information Class]
{C2FCEF4E-ACE9-11D3-BEBD-00105AA9B6AE} <C:\WINDOWS\Downloaded Program Files\rufsi.dll, Symantec Corporation>
[Symantec RuFSI Registry Information Class]
{C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} <C:\WINDOWS\Downloaded Program Files\rufsi.dll, Symantec Corporation>
[Adobe Acrobat Control for ActiveX]
{CA8A9780-280D-11CF-A24D-444553540000} <C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\pdf.ocx, Adobe Systems Incorporated>
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Windows Live Sign-in Control]
{D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[&Yahoo! Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <, N/A>
[Photo Upload Plugin Class]
{F127B9BA-89EA-4B04-9C67-2074A9DF61FD} <C:\WINDOWS\Downloaded Program Files\Photochannel.dll, PhotoChannel Networks>
[&Block this popup]
<C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm, N/A>
[E&xport to Microsoft Excel]
<res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 412][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 468][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Shaw Secure\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 492][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Shaw Secure\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 536][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Shaw Secure\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 548][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Shaw Secure\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 704][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Shaw Secure\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 756][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Shaw Secure\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 820][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Shaw Secure\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 876][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Shaw Secure\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 920][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Shaw Secure\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 1204][C:\WINDOWS\system32\LEXBCES.EXE] [Lexmark International, Inc., 9.35]
[C:\WINDOWS\system32\lexp2p32.dll] [Lexmark International, Inc., 9.35]
[C:\WINDOWS\system32\lex2kusb.dll] [Lexmark International, Inc., 9.35]
[C:\Program Files\Shaw Secure\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 1228][C:\WINDOWS\system32\LEXPPS.EXE] [Lexmark International, Inc., 9.35]
[C:\WINDOWS\system32\LEXBCE.DLL] [Lexmark International, Inc., 9.35]
[C:\Program Files\Shaw Secure\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 1236][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\LEXLMPM.DLL] [Lexmark International, Inc., 9.35]
[C:\WINDOWS\system32\LexBce.dll] [Lexmark International, Inc., 9.35]
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LXBLPP5C.dll] [, 1.0.0.0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0]
[C:\WINDOWS\system32\LXBLpwr.dll] [Lexmark International, Inc., 0, 1, 61, 1]
[C:\Program Files\Shaw Secure\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBLUI5C.DLL] [Lexmark International, 0,3,0,0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBLSTRN.DLL] [Lexmark International, 1.0.11.0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBLDR5C.DLL] [Lexmark International, 0,3,0,0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBLICUR.DLL] [Lexmark International Inc., 1.0.43.0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxblfc5c.dll] [, 1.0.43.0]
[PID: 1392][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Shaw Secure\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[C:\Program Files\Shaw Secure\Common\fpshx.dll] [F-Secure Corporation, 5.50.9200]
[C:\Program Files\Shaw Secure\Common\FSMA32.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\Shaw Secure\Common\FSPMAPI.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\DOCUME~1\Name\LOCALS~1\Temp\CmdLineExt02.dll] [N/A, N/A]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBLUI5C.DLL] [Lexmark International, 0,3,0,0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBLSTRN.DLL] [Lexmark International, 1.0.11.0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBLDR5C.DLL] [Lexmark International, 0,3,0,0]
[C:\Program Files\Spybot - Search & Destroy\SDHelper.dll] [Safer Networking Limited, 1, 4, 0, 0]
[PID: 1492][C:\Program Files\Microsoft IntelliPoint\point32.exe] [Microsoft Corporation, 5.40.633.0]
[C:\Program Files\Microsoft IntelliPoint\point32.dll] [Microsoft Corporation, 5.40.633.0]
[C:\Program Files\Microsoft IntelliPoint\dpgmkb.dll] [Microsoft Corporation, 5.40.633.0]
[C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll] [Microsoft Corporation, 5.40.633.0]
[C:\Program Files\Microsoft IntelliPoint\srres.dll] [Microsoft Corporation, 5.40.633.0]
[C:\Program Files\Microsoft IntelliPoint\ipres.dll] [Microsoft Corporation, 5.40.633.0]
[C:\Program Files\Shaw Secure\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 1500][C:\Program Files\USB Disk Win98 Driver\Res.EXE] [ali, 1, 0, 0, 1]
[C:\Program Files\Shaw Secure\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 1508][C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe] [Sun Microsystems, Inc., 5.0.100.3]
[C:\Program Files\Shaw Secure\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 1660][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Shaw Secure\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 1756][C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE] [BackWeb Technologies Inc. , Version 6.3.2 (Build 123R)]
[C:\Program Files\Shaw Secure\backweb\3875767\6.3.2.123-3875767L\Program\ServiceWrapper.dll] [, Version 6.3.2 (Build 123R)]
[C:\Program Files\Shaw Secure\backweb\3875767\6.3.2.123-3875767L\Program\clntutil.dll] [N/A, N/A]
[C:\Program Files\Shaw Secure\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 1824][C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe] [F-Secure Corp., 6.90.881]
[C:\Program Files\Shaw Secure\Common\fsexc.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwupst.dll] [F-Secure Corporation, 6.90.891]
[c:\program files\shaw secure\common\fspmapi.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\shaw secure\common\fsma32.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\shaw secure\tnb\fstnb.dll] [F-Secure Corporation, 1.0.126 ]
[PID: 1844][C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe] [BackWeb Technologies Inc. , Version 6.3.2 (Build 123R)]
[C:\Program Files\Shaw Secure\backweb\3875767\6.3.2.123-3875767L\Program\backWeb.dll] [BackWeb Technologies Inc., Version 6.3.2 (Build 123R)]
[C:\Program Files\Shaw Secure\backweb\3875767\6.3.2.123-3875767L\Program\bwsec.dll] [BackWeb, Version 6.3.2 (Build 123R)]
[C:\Program Files\Shaw Secure\backweb\3875767\6.3.2.123-3875767L\Program\clntutil.dll] [N/A, N/A]
[C:\PROGRA~1\SHAWSE~1\backweb\3875767\632~1.123\program\EN\ClientRC.dll] [BackWeb Technologies Inc., Version 6.3.2 (Build 123R)]
[C:\Program Files\Shaw Secure\backweb\3875767\Program\BWfiles-3875767.dll] [BackWeb Technologies Inc. , Version 6.3.2 (Build 123R)]
[C:\Program Files\Shaw Secure\backweb\3875767\6.3.2.123-3875767L\Program\BWfiles.dll] [, Version 6.3.2 (Build 123R)]
[C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwce.dll] [F-Secure Corporation, 6.90.891]
[C:\Program Files\Shaw Secure\backweb\3875767\program\FSLD32.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\Shaw Secure\Common\fsexc.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\shaw secure\tnb\fstnb.dll] [F-Secure Corporation, 1.0.126 ]
[C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwres.ENG] [F-Secure Corporation, 6.90.871]
[C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwres.dll] [F-Secure Corporation, 6.70.707]
[c:\program files\shaw secure\common\fspmapi.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\shaw secure\common\fsma32.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\Shaw Secure\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 1896][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
[C:\Program Files\Shaw Secure\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 2008][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Shaw Secure\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 2040][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[C:\Program Files\Shaw Secure\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 2748][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Shaw Secure\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 4088][C:\Program Files\Shaw Secure\Common\FSMA32.EXE] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\Shaw Secure\Common\FSPMAPI.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\Shaw Secure\Common\FSMA32.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\Shaw Secure\Common\fsexc.dll] [F-Secure Corporation, 6.05.8452 ]
[PID: 132][C:\Program Files\Shaw Secure\Common\FSMB32.EXE] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\Shaw Secure\Common\fsexc.dll] [F-Secure Corporation, 6.05.8452 ]
[PID: 752][C:\Program Files\Shaw Secure\Common\FCH32.EXE] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\Shaw Secure\Common\FSPMAPI.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\Shaw Secure\Common\FSMA32.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\Shaw Secure\Common\fsexc.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\Shaw Secure\Common\FSPMENG.DLL] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\shaw secure\daas\fsclm.dll] [F-Secure Corporation, 2.2.5 ]
[PID: 1348][C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe] [F-Secure Corporation, 1.00.11280]
[C:\Program Files\Shaw Secure\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 1568][C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE] [F-Secure Corp., 6.10.12200]
[c:\program files\shaw secure\common\fspmapi.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\shaw secure\common\fsma32s.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\Shaw Secure\Anti-Virus\FSGKIAPI.dll] [F-Secure Corp., 6.00.11230]
[PID: 1088][C:\Program Files\Shaw Secure\Common\FAMEH32.EXE] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\Shaw Secure\Common\FSPMAPI.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\Shaw Secure\Common\FSLD32.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\Shaw Secure\Common\FSMA32.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\Shaw Secure\Common\fsexc.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\Shaw Secure\Common\AMEHEVN.DLL] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\Shaw Secure\Common\AMEHLOG.DLL] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\Shaw Secure\Common\AMEHSMT.DLL] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\Shaw Secure\Common\AMEHTVL.DLL] [F-Secure Corporation, 6.05.8452 ]
[PID: 1668][C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe] [F-Secure Corporation, 6.00.11240 ]
[c:\program files\shaw secure\common\fsma32.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\shaw secure\common\fspmapi.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\Shaw Secure\Anti-Virus\Qrt.dll] [F-Secure Corporation, 1.01.11104]
[C:\Program Files\Shaw Secure\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 1984][C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe] [F-Secure Corporation, 1.1.222 ]
[C:\Program Files\Shaw Secure\Common\fsexc.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\shaw secure\common\fsma32.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\shaw secure\common\fspmapi.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\shaw secure\tnb\fstnb.dll] [F-Secure Corporation, 1.0.126 ]
[C:\Program Files\Shaw Secure\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 2244][C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe] [F-Secure Corporation, 5.91.210]
[C:\Program Files\Shaw Secure\Common\fsexc.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\shaw secure\common\fsma32.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\shaw secure\common\fspmapi.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\shaw secure\tnb\fstnb.dll] [F-Secure Corporation, 1.0.126 ]
[c:\program files\shaw secure\common\fsld32.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\shaw secure\common\fswscs.dll] [F-Secure Corporation, 1.00.170]
[C:\Program Files\Shaw Secure\FWES\Program\fsmirror.dll] [F-Secure Corporation, 2.0.134.0]
[c:\program files\shaw secure\anti-virus\fsgkiapi.dll] [F-Secure Corp., 6.00.11230]
[C:\PROGRA~1\SHAWSE~1\Common\fsdfwres.ENG] [F-Secure Corporation, 5.91.210]
[C:\Program Files\Shaw Secure\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]
[PID: 2868][C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe] [F-Secure Corp., 6.10.12200]
[C:\Program Files\Shaw Secure\Anti-Virus\FM4AV.dll] [N/A, N/A]
[C:\Program Files\Shaw Secure\Anti-Virus\avpproxy.dll] [F-Secure Corporation, 1.2.11430]
[C:\Program Files\Shaw Secure\Anti-Virus\avpfpi0.dll] [Kaspersky Labs, 6.0.169.7050]
[C:\Program Files\Shaw Secure\Anti-Virus\avp_iont.dll] [Kaspersky Labs, 5.0.0.0]
[C:\Program Files\Shaw Secure\Anti-Virus\avpfpi1.dll] [Kaspersky Labs, 6.0.169.7050]
[C:\Program Files\Shaw Secure\Anti-Spyware\LSSE.DLL] [Lavasoft, 1.0.35.0]
[C:\Program Files\Shaw Secure\Anti-Virus\fslfpi.dll] [F-Secure Corporation, 2.03.11]
[C:\Program Files\Shaw Secure\Anti-Virus\dffpi.dll] [F-Secure Corporation, 1.02.37]
[PID: 3720][C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe] [F-Secure Corporation, 6.10.11370]
[C:\Program Files\Shaw Secure\Anti-Virus\fsched.dll] [F-Secure Corporation, 5.50.9110]
[C:\Program Files\Shaw Secure\Anti-Virus\FSTSM.DLL] [F-Secure Corporation, 5.40.8160]
[c:\program files\shaw secure\common\fsma32.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\shaw secure\common\fspmapi.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\Shaw Secure\Common\fswscs.dll] [F-Secure Corporation, 1.00.170]
[C:\Program Files\Shaw Secure\TNB\fstnb.dll] [F-Secure Corporation, 1.0.126 ]
[c:\program files\shaw secure\common\fsld32.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\Shaw Secure\Anti-Virus\FSAVHRES.ENG] [N/A, N/A]
[c:\program files\shaw secure\daas\fsclm.dll] [F-Secure Corporation, 2.2.5 ]
[PID: 2104][C:\Program Files\Shaw Secure\Common\FSM32.EXE] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\Shaw Secure\Common\FSPMAPI.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\Shaw Secure\Common\FSMA32.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\Shaw Secure\Common\FSLD32.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\Shaw Secure\Common\fsexc.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\Shaw Secure\FSGUI\about.dll] [, 6, 0, 0, 140]
[C:\Program Files\Shaw Secure\Common\fsmres.ENG] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\Shaw Secure\Anti-Spyware\fsawfsm.dll] [F-Secure Corporation, 1.1.160 ]
[C:\Program Files\Shaw Secure\FWES\Program\fsdfwpi.dll] [F-Secure Corporation, 5.91.210]
[C:\Program Files\Shaw Secure\Anti-Virus\fsmuiav.dll] [F-Secure Corporation, 6.10.11510]
[C:\Program Files\Shaw Secure\Anti-Virus\FSAVURES.ENG] [N/A, N/A]
[C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwui.dll] [F-Secure Corporation, 6.90.7]
[C:\Program Files\Shaw Secure\Common\FSMA32S.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\Shaw Secure\TNB\fstnb.dll] [F-Secure Corporation, 1.0.126 ]
[C:\Program Files\Shaw Secure\FSGUI\guilaunc.dll] [F-Secure Corporation, 6, 20, 350, 0]
[C:\Program Files\Shaw Secure\Common\fsmaui32.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\Shaw Secure\Common\fsmaures.ENG] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\Shaw Secure\Anti-Virus\fsuipx.dll] [F-Secure Corporation, 1.1.176 ]
[c:\program files\shaw secure\fsgui\flycomm.dll] [F-Secure Corporation, 6, 20, 350, 0]
[C:\Program Files\Shaw Secure\FSGUI\gres.dll] [F-Secure Corporation, 6, 20, 350, 0]
[C:\Program Files\Shaw Secure\Common\fsdfwpi.ENG] [F-Secure Corporation, 5.91.210]
[C:\Program Files\Shaw Secure\Common\fsdfwpi2.eng] [F-Secure Corporation, 5.91.210]
[PID: 1368][C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe] [F-Secure Corporation, 1.1.197 ]
[C:\Program Files\Shaw Secure\Common\fsexc.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\shaw secure\common\fsma32.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\shaw secure\common\fspmapi.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\shaw secure\tnb\fstnb.dll] [F-Secure Corporation, 1.0.126 ]
[C:\PROGRA~1\SHAWSE~1\ANTI-S~1\FSAWLIST.dll] [F-Secure Corporation, 1.1.133 ]
[c:\program files\shaw secure\fsgui\flycomm.dll] [F-Secure Corporation, 6, 20, 350, 0]
[C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.dll] [Lavasoft, 1.0.17.0]
[PID: 1604][C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe] [F-Secure Corporation, 6, 20, 350, 0]
[C:\Program Files\Shaw Secure\Common\fsexc.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\shaw secure\common\fsld32.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\Shaw Secure\FSGUI\guiplugn.dll] [F-Secure Corporation, 6, 20, 350, 0]
[C:\Program Files\Shaw Secure\FSGUI\gres.dll] [F-Secure Corporation, 6, 20, 350, 0]
[C:\Program Files\Shaw Secure\FSGUI\flyer.dll] [F-Secure Corporation, 6, 20, 350, 0]
[c:\program files\shaw secure\common\fsma32.dll] [F-Secure Corporation, 6.05.8452 ]
[c:\program files\shaw secure\common\fspmapi.dll] [F-Secure Corporation, 6.05.8452 ]
[C:\Program Files\Shaw Secure\FSGUI\fsavesui.dll] [F-Secure Corporation, 6, 20, 350, 0]
[C:\Program Files\Shaw Secure\FSGUI\guilares.ENG] [F-Secure Corporation, 1, 1, 410, 16]
[c:\program files\shaw secure\tnb\fstnb.dll] [F-Secure Corporation, 1.0.126 ]
[C:\Program Files\Shaw Secure\FSGUI\fsesres.ENG] [, 1, 0, 1, 0]
[C:\Program Files\Shaw Secure\FSGUI\fsesres.dll] [N/A, N/A]
[C:\Program Files\Shaw Secure\FSGUI\flyerres.ENG] [N/A, N/A]
[C:\Program Files\Shaw Secure\FSGUI\flyerres.dll] [N/A, N/A]
[PID: 1428][C:\WINDOWS\system32\WISPTIS.EXE] [Microsoft Corporation, 1.0.2201.0 (xpsp1.020828-1920)]
[C:\Program Files\Common Files\Microsoft Shared\INK\TPCPS.DLL] [Microsoft Corporation, 1.0.2201.0 (xpsp1.020828-1920)]
[PID: 3696][C:\DOCUME~1\Name\LOCALS~1\Temp\Temporary Directory 1 for sreng2.zip\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[C:\Program Files\Shaw Secure\FWES\Program\fsdc.dll] [F-Secure Corporation, 5.91.210]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
API HOOK
N/A

==================================

 

[Ried]

Hi desarae,

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Before we begin, you need to move SREng.exe to a permanent location such as your desktop. The tools we'll be using to clean your system will also clean your Temp files and with the program in that location, you will lose the program.

***************************************************

Launch SREng (System Repair Engineer)

- Click on 'Services'
-- Click 'Drivers' which shall bring up a new window
--- Select the following entry listed below & click the [Delete Service] + the [Set] button

[iMSPCLOj / iMSPCLOj][Stopped/Manual Start]

------------------------------------------------------------------

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

-------------------------------------

Close any open browsers.

-------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Post the ComboFix.txt in your next reply along with a new HijackThis log.

 

[desarae]

combo fix

Here's the logs from the combo fix. I didn't realize anyone had gotten back to me...sorry thanks for the help.
"Name" - 07-01-30 10:21:16 Service Pack 2
ComboFix 07.01.30 - Running from: "C:\Documents and Settings\Name\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-30 to 2007-01-30 ))))))))))))))))))))))))))))))))))


2007-01-19 21:26 <DIR> d-------- C:\DOCUME~1\Name\Application Data\WholeSecurity
2007-01-19 17:52 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-01-19 10:50 <DIR> d-------- C:\DOCUME~1\Name\Application Data\F-Secure
2007-01-19 10:48 <DIR> d-------- C:\DOCUME~1\Name\Application Data\ispnews
2007-01-19 10:45 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2007-01-19 10:45 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2007-01-19 10:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\F-Secure
2007-01-19 10:39 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-3875767L.exe
2007-01-19 10:39 <DIR> d-------- C:\Program Files\Shaw Secure
2007-01-19 10:38 7,117,688 --a------ C:\ShawSecure.exe
2007-01-19 09:45 <DIR> d-------- C:\WINDOWS\WBEM
2007-01-19 09:45 <DIR> d-------- C:\WINDOWS\system32\en-US
2007-01-19 09:43 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2007-01-19 09:43 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-01-19 09:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Google
2007-01-19 09:30 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-01-19 09:29 <DIR> d-------- C:\WINDOWS\Sun
2007-01-19 09:29 <DIR> d-------- C:\DOCUME~1\Name\Application Data\Sun
2007-01-19 09:29 <DIR> d-------- C:\DOCUME~1\Name\.housecall6.6
2007-01-19 09:28 <DIR> d-------- C:\Program Files\Java
2007-01-19 09:28 <DIR> d-------- C:\Program Files\Google
2007-01-19 09:28 <DIR> d-------- C:\DOCUME~1\Name\Application Data\Google
2007-01-19 09:27 <DIR> d-------- C:\Program Files\Common Files\Java
2007-01-19 08:45 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-01-19 08:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-01-18 21:22 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-01-18 21:22 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-01-18 21:14 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-01-18 20:01 <DIR> d-------- C:\DOCUME~1\Name\Application Data\Lavasoft
2007-01-18 19:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-26 09:17 -------- d-------- C:\DOCUME~1\Name\Application Data\adobeum
2007-01-23 18:33 -------- d---s---- C:\DOCUME~1\Name\Application Data\microsoft
2007-01-23 08:18 -------- d-------- C:\Program Files\usb disk win98 driver
2007-01-23 08:16 -------- d-------- C:\Program Files\microsoft intellipoint
2007-01-19 11:24 -------- d-------- C:\Program Files\Common Files\ahead
2007-01-19 10:02 -------- d-------- C:\Program Files\ultimatebet
2007-01-19 10:01 -------- d--h----- C:\Program Files\installshield installation information
2007-01-19 09:58 -------- d-------- C:\Program Files\gamespy arcade
2007-01-19 08:37 -------- d-------- C:\Program Files\messenger
2006-12-17 21:54 -------- d-------- C:\Program Files\canon
2006-12-06 23:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-07 22:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"USB Storage Toolbox"="C:\\Program Files\\USB Disk Win98 Driver\\Res.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"F-Secure Manager"="\"C:\\Program Files\\Shaw Secure\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\Shaw Secure\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"F-Secure Startup Wizard"="\"C:\\Program Files\\Shaw Secure\\FSGUI\\FSSW.EXE\" /reboot"
"News Service"="\"C:\\Program Files\\Shaw Secure\\FSGUI\\ispnews.exe\""
"NeroFilterCheck"="; C:\\WINDOWS\\system32\\NeroCheck.exe"
"SoundMan"="; SOUNDMAN.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Scheduled scanning task.job

Completion time: 07-01-30 10:24:13

 

[Ried]

Hi desarae,

Thank you--let's continue. :sayyes:

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

***************************************************

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

• Install AVG Anti Spyware
• Double-click the icon on Desktop to launch AVG
• On the top of the main screen click Shield
• Click the word active to change it to inactive
• On the top of the main screen click Update.
• Then click on Start Update. The update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

--------------------------------------------------------------------

Please download ATF Cleaner by Atribune.

--------------------------------------------------------------------

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Double-click ATF-Cleaner.exe to run the program.

• Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

--------------------------------------------------------------------

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Run AVG Anti-Spyware with it's updated definitions...it's important that all windows must be closed)

• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
  Once the scan is complete do the following:
• If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
• Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

**AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

--------------------------------------------------------------------

Reboot into Normal Mode.

--------------------------------------------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan

1. Click on
   located at the bottom of the page.
2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
• Click on
  then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------------

Run a new scan with HijackThis and save the log.

--------------------------------------------------------------------

Please include the following in your next reply:

AVG Anti-Spyware results
Panda results
New HijackThis log

 

[desarae]

AVG results:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 22:51:05 Jan-30-2007

+ Scan result:



Nothing found.


::Report end

PANDA RESULTS:
Nothing found

NEW HIJACKTHIS LOG:
Logfile of HijackThis v1.99.1
Scan saved at 23:17:37, on Jan-30-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
C:\Program Files\Shaw Secure\FSGUI\ispnews.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsrw.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\PROGRA~1\SHAWSE~1\ANTI-S~1\fsaw.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\DOCUME~1\Name\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Shaw Secure\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] ; C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] ; SOUNDMAN.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: CleanUp.lnk = C:\CleanUp.exe
O4 - Global Startup: Shaw Secure.lnk = C:\Program Files\Shaw Secure\backweb\3875767\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Shaw Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Shaw Secure (BackWeb Plug-in - 3875767) - BackWeb Technologies Inc. - C:\PROGRA~1\SHAWSE~1\backweb\3875767\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Shaw Secure\backweb\3875767\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

 

[Ried]

These logs appear clean. How is your system behaving?

 

[desarae]

seems to be fine at this point.....

 

[Ried]

Glad to hear that. :sayyes:

Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links.


Reset hidden/system files and folders
Windows XP
===============
Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Deselect the Show hidden files and folders option.
* Select the Hide file extensions for known types option.
* Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Enable Windows Auto Update
*Go to Start>Run - type wuaucpl.cpl
*Tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Create a new System Restore point
Click Start >> Run - type SYSDM.CPL & press Enter
* Select the System Restore Tab
* Tick on the checkbox - "Turn off System Restore on all drives"
Click Apply
* Then untick the same checkbox & click OK
This will prevent any reinfection from previous restore points.


To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

Download the McAfee Site Advisor--free. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, Bad.

Download SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

Download Spyware Guard to catch and block spyware before it can execute.

Download IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)

• Now navigate to C:\ie-spyad. Double click to open it.
• From within the folder, double-click install.bat
• Select Option #2 - Install the new IE-SPYAD list, by typing 2
• Then return to the main menu.
• Select option #4 - Add the old porn sites domain, by typing 4

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

In light of your recent issue, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Follow this list and your potential for being infected again will reduce dramatically. :smile: