Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

fssm32 is hogging my memory [RESOLVED]

Started by Mongocat , Jan 23 2008 05:54 PM

This topic is locked

#1
Mongocat

Posted 23 January 2008 - 05:54 PM

New Member

Member
6 posts

HELP! I have followed all the instructions before posting. The file fssm32.exe is sucking my system dry of memory. Sometimes my computer runs great and sometimes it is slow. I look at the task manager and it shows 90-98% usage for the fssm32.exe file. I am running F-Secure along with Spybot, AVG, SUPERAntiSpyware, and I have run the Panda and HiJackThis. Here are the logs I have saved:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:06:30 PM, on 1/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Setup.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\INSNTMSI.EXE
C:\WINDOWS\system32\dumprep.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Sonic INSTALLit! Setup.lnk = C:\Documents and Settings\Russ\Local Settings\Temp\VIES535D\Setup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1200350479340
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

--
End of file - 6468 bytes

Incident Status Location

Virus:Trj/Downloader.PLF Disinfected C:\install.exe
Virus:Trj/Vb.TT Disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP923\A0059002.exe
Virus:Trj/Vb.TT Disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP923\A0059003.exe
Virus:Trj/Vb.TT Disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP923\A0059004.exe
Virus:Bck/VBBot.C Disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP925\A0059119.exe
Virus:Trj/Vb.TT Disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP925\A0059162.exe
Virus:Trj/Vb.TT Disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP925\A0059163.exe
Virus:Trj/Vb.TT Disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP925\A0059164.exe
Virus:Bck/VBBot.C Disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP925\A0059170.exe
Spyware:Spyware/Vundo Not disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP925\A0059171.0XE
Adware:Adware/AdRotator Not disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP925\A0059176.dll
Virus:Trj/Vb.TT Disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP929\A0059785.exe
Virus:Trj/Vb.TT Disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP929\A0059786.exe
Virus:Trj/Vb.TT Disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP929\A0059787.exe
Spyware:Spyware/Vundo Not disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP929\A0059789.0XE
Adware:Adware/Yazzle Not disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP929\A0059795.0XE
Virus:Trj/Popopo.A Disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP929\A0059854.0XE
Virus:Trj/Vb.TT Disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP929\A0059855.exe
Virus:Trj/Vb.TT Disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP929\A0059856.exe
Virus:Trj/Vb.TT Disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP929\A0059857.exe
Adware:Adware/Yazzle Not disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP929\A0059863.0XE
Virus:Trj/Vb.TT Disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP939\A0059887.exe
Virus:Trj/Vb.TT Disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP939\A0059888.exe
Virus:Trj/Vb.TT Disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP939\A0059889.exe
Adware:Adware/Yazzle Not disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP939\A0059896.0XE
Adware:Adware/Yazzle Not disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP939\A0059903.0XE
Spyware:Spyware/Virtumonde Not disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060298.0XE
Spyware:Spyware/Virtumonde Not disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060313.0LL
Virus:Trj/Popopo.A Disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060315.0XE
Virus:Bck/VBBot.C Disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060316.exe
Spyware:Spyware/Virtumonde Not disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060320.0XE
Spyware:Spyware/Virtumonde Not disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060321.0XE
Spyware:Spyware/Virtumonde Not disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060322.0XE
Spyware:Spyware/Virtumonde Not disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060323.0XE
Spyware:Spyware/Virtumonde Not disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060324.0XE
Virus:Trj/Vb.TT Disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060333.exe
Virus:Trj/Vb.TT Disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060334.exe
Virus:Bck/VBBot.C Disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060335.exe
Virus:Trj/Vb.TT Disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060336.exe
Virus:Generic Malware Disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060340.exe
Adware:Adware/DollarRevenue Not disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060347.dll
Adware:Adware/Yazzle Not disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060362.exe
Adware:Adware/PurityScan Not disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060363.0XE
Adware:Adware/DollarRevenue Not disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060573.dll
Virus:Trj/Vb.TT Disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060581.exe
Adware:Adware/InternetSpeedMonitor Not disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP946\A0060947.exe
Adware:Adware/Adband Not disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP946\A0060948.dll
Possible Virus. Not disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP946\A0060949.exe
Adware:Adware/InternetSpeedMonitor Not disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP946\A0060953.exe[QdrPack11.exe]
Virus:Trj/Downloader.PLF Not disinfected C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP947\A0061083.0XE[ardCo071084.exe]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/21/2008 at 08:41 PM

Application Version : 3.9.1008

Core Rules Database Version : 3384
Trace Rules Database Version: 1378

Scan type : Complete Scan
Total Scan Time : 02:44:52

Memory items scanned : 400
Memory threats detected : 0
Registry items scanned : 3848
Registry threats detected : 0
File items scanned : 55184
File threats detected : 27

Adware.ClickSpring/Outer Info Network
C:\Program Files\Outerinfo\OiUninstaller.exe
C:\Program Files\Outerinfo

Adware.Unknown Origin
C:\PROGRAM FILES\COMMON FILES\OWFR\OWFRD\CLASS-BARREL

Unclassified.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP925\A0059175.DLL

Trojan.Unclassified/PackedInstaller
C:\SYSTEM VOLUME INFORMATION\_RESTORE{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP929\A0059794.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060342.EXE

Adware.Vundo-Variant/Small-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP929\A0059844.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060314.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060325.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060328.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060329.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060330.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP952\A0064026.DLL

Adware.SprtAds/AdRotator
C:\SYSTEM VOLUME INFORMATION\_RESTORE{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP929\A0059845.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP942\A0059938.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060283.DLL

Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060295.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP949\A0062493.DLL

Trojan.Downloader-Gen/BundleBase
C:\SYSTEM VOLUME INFORMATION\_RESTORE{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060338.EXE

RelevantKnowledge Spyware Component
C:\SYSTEM VOLUME INFORMATION\_RESTORE{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060349.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060350.DLL

TargetSaver, Inc. Process
C:\SYSTEM VOLUME INFORMATION\_RESTORE{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060361.EXE

Adware.AdSponsor/ISM
C:\SYSTEM VOLUME INFORMATION\_RESTORE{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP946\A0060950.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP946\A0060951.EXE

Unclassified.Unknown Origin/System
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F96AE63F-3B5B-4B3A-AC63-55D381DD3B2B}\RP19\A0005573.DLL

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F96AE63F-3B5B-4B3A-AC63-55D381DD3B2B}\RP19\A0005574.EXE
C:\WINLOGON.EXE

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:53:29 AM 1/21/2008

+ Scan result:

C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060348.ocx -> Adware.Coupons : Cleaned with backup (quarantined).
C:\Program Files\Common Files\owfr\owfrd\owfrc.dll -> Adware.TargetServer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP930\A0059869.0XE -> Downloader.Adload.ni : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP939\A0059909.0XE -> Downloader.Adload.ni : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060317.exe -> Downloader.Adload.pn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060579.exe -> Downloader.Agent.buo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP939\A0059907.exe -> Downloader.Agent.cbx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060303.exe -> Downloader.Agent.cbx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP941\A0059925.exe -> Downloader.Agent.epl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP930\A0059868.exe -> Downloader.Agent.erf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP947\A0061094.exe -> Downloader.Agent.erf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP939\A0059910.exe -> Downloader.Agent.ezc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060306.exe -> Downloader.Agent.ezc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP939\A0059913.exe -> Downloader.Agent.fjn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060309.exe -> Downloader.Agent.fjn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060305.exe -> Downloader.Agent.fjv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP928\A0059360.exe -> Downloader.Agent.gat : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP928\A0059361.exe -> Downloader.Agent.gat : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060310.exe -> Downloader.Agent.gat : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060294.0XE -> Downloader.Agent.gdi : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060311.exe -> Downloader.Agent.gwh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060312.exe -> Downloader.Agent.gwh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP939\A0059908.exe -> Downloader.Agent.gxj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060307.exe -> Downloader.Agent.hbd : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Desktop\Don\My Documents\Μіcrosoft\WUAUCLT.0XE -> Downloader.PurityScan.fa : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP939\A0059911.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP947\A0061088.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP947\A0061095.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\Program Files\Common Files\owfr\owfrp.0xe -> Downloader.TSUpdate.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP947\A0061084.exe -> Downloader.TSUpdate.f : Cleaned with backup (quarantined).
C:\Program Files\Common Files\owfr\owfrd\vocabulary -> Downloader.TSUpdate.j : Cleaned with backup (quarantined).
C:\Program Files\Common Files\owfr\owfra.0xe -> Downloader.TSUpdate.l : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP947\A0061086.exe -> Downloader.TSUpdate.l : Cleaned with backup (quarantined).
C:\Program Files\Common Files\owfr\OWFRM.0XE -> Downloader.TSUpdate.n : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP947\A0061075.exe -> Downloader.TSUpdate.n : Cleaned with backup (quarantined).
C:\Program Files\Common Files\owfr\owfrl.0xe -> Downloader.TSUpdate.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP947\A0061085.exe -> Downloader.TSUpdate.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060326.exe -> Downloader.VB.ccs : Cleaned with backup (quarantined).
C:\Program Files\Words\UnInstall.exe -> Not-A-Virus.Adware.Agent : Cleaned with backup (quarantined).
C:\Program Files\Words\Words.exe -> Not-A-Virus.Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP946\A0060946.exe -> Not-A-Virus.Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP946\A0060952.exe -> Not-A-Virus.Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP926\A0059317.exe -> Not-A-Virus.Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP927\A0059336.dll -> Not-A-Virus.Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP927\A0059337.exe -> Not-A-Virus.Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP928\A0059353.dll -> Not-A-Virus.Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP928\A0059354.exe -> Not-A-Virus.Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP929\A0059376.dll -> Not-A-Virus.Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP929\A0059377.exe -> Not-A-Virus.Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP929\A0059772.dll -> Not-A-Virus.Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP941\A0059919.exe -> Not-A-Virus.Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060293.exe -> Not-A-Virus.Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060331.dll -> Not-A-Virus.Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP939\A0059914.exe -> Not-A-Virus.Adware.Rond : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060304.exe -> Not-A-Virus.Adware.Rond : Cleaned with backup (quarantined).
C:\Program Files\TTX.exe -> Not-A-Virus.Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP925\A0059294.dll -> Not-A-Virus.Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060332.dll -> Not-A-Virus.Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060339.exe -> Not-A-Virus.Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060341.exe -> Not-A-Virus.Adware.TTC : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP923\A0058990.dll -> Not-A-Virus.Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP923\A0058991.dll -> Not-A-Virus.Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP923\A0058992.exe -> Not-A-Virus.Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP926\A0059322.dll -> Not-A-Virus.Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP927\A0059342.dll -> Not-A-Virus.Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP928\A0059359.dll -> Not-A-Virus.Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP929\A0059382.dll -> Not-A-Virus.Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP941\A0059924.dll -> Not-A-Virus.Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060327.dll -> Not-A-Virus.Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP952\A0065030.dll -> Not-A-Virus.Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060352.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP950\A0062913.exe -> Not-A-Virus.PSWTool.Win32.FirePass.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060607.sys -> Rootkit.Agent.sg : Cleaned with backup (quarantined).
C:\Documents and Settings\Russ\Cookies\[email protected][1].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Russ\Cookies\[email protected][2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP924\A0059011.0XE -> Trojan.Agent.crf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP947\A0061087.exe -> Trojan.Pakes.bvs : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP926\A0059320.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP927\A0059340.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP928\A0059357.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP929\A0059380.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP941\A0059922.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060351.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP946\A0060853.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP947\A0061061.exe -> Trojan.Whispy.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP947\A0061062.exe -> Trojan.Whispy.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP947\A0061089.exe -> Trojan.Whispy.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP947\A0061090.exe -> Trojan.Whispy.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP947\A0061091.exe -> Trojan.Whispy.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP947\A0061092.exe -> Trojan.Whispy.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP947\A0061093.exe -> Trojan.Whispy.a : Cleaned with backup (quarantined).

::Report end

I thank you in advance for any help I can get. I am a newbie to this sort of thing, so I am sorry if I have left anything out or given too much information.

Thanks,

Russ

#2
Rorschach112

Posted 29 January 2008 - 09:59 AM

Ralphie

Retired Staff
47,710 posts

FSSM32 is related to F-Secure anti-virus, it is a legit process

Few scans to do

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

Download rootchk by Ejvindh to your desktop.

Temporarily Disable Real Time Monitoring Programs you have running that are listed here, such as TeaTimer, Adwatch, and HIPs programs like Prevx, while we complete the fixes (see **Note below).
Disconnect from the internet
Double click rootchk.exe to run the program
After a short time a logfile will open.
Copy the contents of the log into your next reply.
Re-enable active protection on any program you have disabled while completing the scan

**Note:If you are using the ZoneAlarm Pro firewall or any other security program that protects your registry (Teatimer, Adwatch, Prevx), rootchk may produce false positives. That is why it is important for you to disable these programs before running a rootchk scan. To prevent ZoneAlarm Pro conflicts, first enable the Windows Firewall (click start | Control Panel | Windows Firewall and select the checkbox to turn it on). Then disable ZoneAlarm Pro before running the rootchk. Also, disable any other active protection programs including HIPs that block registry write access. After the scan, be sure re-enable ZoneAlarm Pro and any other active protection programs you have temporarily disabled.

#3
Mongocat

Posted 01 February 2008 - 04:18 AM

New Member

Topic Starter
Member
6 posts

Thank you for all your help. It is greatly appreciated. I followed your instructions. Here are the logs from the checks I ran:

Deckard's System Scanner v20071014.68
Run by Russ on 2008-01-29 19:06:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
14: 2008-01-30 00:07:03 UTC - RP32 - Deckard's System Scanner Restore Point
13: 2008-01-29 18:05:30 UTC - RP31 - System Checkpoint
12: 2008-01-28 16:52:27 UTC - RP30 - System Checkpoint
11: 2008-01-27 15:53:48 UTC - RP29 - System Checkpoint
10: 2008-01-26 15:29:53 UTC - RP28 - System Checkpoint

-- First Restore Point --
1: 2008-01-20 21:49:23 UTC - RP19 - BUDDY

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Russ.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:07:39 PM, on 1/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Russ\Local Settings\Temporary Internet Files\Content.IE5\VQSUZ6PJ\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Russ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1200350479340
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

--
End of file - 6844 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 F-Secure Filter (F-Secure File System Filter) - c:\program files\f-secure\anti-virus\win2k\fsfilter.sys
R2 F-Secure Gatekeeper - c:\program files\f-secure\anti-virus\win2k\fsgk.sys
R2 F-Secure Recognizer (F-Secure File System Recognizer) - c:\program files\f-secure\anti-virus\win2k\fsrec.sys
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 BackWeb Plug-in - 7681197 (F-Secure Automatic Update) - c:\progra~1\f-secure\backweb\7681197\program\servic~1.exe
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 fsbwsys - "c:\program files\f-secure\backweb\7681197\program\fsbwsys.exe" <Not Verified; F-Secure Corp.; F-Secure BackWeb>
R2 F-Secure Gatekeeper Handler Starter - "c:\program files\f-secure\anti-virus\fsgk32st.exe" <Not Verified; F-Secure Corp.; F-Secure Corp. Startup service>
R2 FSMA (F-Secure Management Agent) - "c:\program files\f-secure\common\fsma32.exe" <Not Verified; F-Secure Corporation; F-Secure Management Agent>
R2 spkrmon - c:\program files\analog devices\soundmax\spkrmon.exe <Not Verified; ; spkrmon Module>
R3 F-Secure Network Request Broker - "c:\program files\f-secure\common\fnrb32.exe" <Not Verified; F-Secure Corporation; F-Secure Management Agent>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_1002&DEV_5B60&SUBSYS_03021002&REV_00\4&166AB6CD&0&0008
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_1002&DEV_5B60&SUBSYS_03021002&REV_00\4&166AB6CD&0&0008
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller
Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_03031002&REV_00\4&166AB6CD&0&0108
Manufacturer:
Name: Video Controller
PNP Device ID: PCI\VEN_1002&DEV_5B70&SUBSYS_03031002&REV_00\4&166AB6CD&0&0108
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_1102&DEV_0007&SUBSYS_10071102&REV_00\4&10416D21&0&00F0
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_1102&DEV_0007&SUBSYS_10071102&REV_00\4&10416D21&0&00F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200F14F1&REV_00\4&10416D21&0&08F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200F14F1&REV_00\4&10416D21&0&08F0
Service:

-- Scheduled Tasks -------------------------------------------------------------

2008-01-29 19:04:10 544 --a------ C:\WINDOWS\Tasks\Scheduled scanning task.job
2008-01-18 05:09:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2007-12-29 and 2008-01-29 -----------------------------

2008-01-23 19:48:19 0 d-------- C:\Documents and Settings\Russ\Application Data\Sonic
2008-01-23 18:57:00 0 d-------- C:\Documents and Settings\Russ\Application Data\CyberLink
2008-01-22 16:03:03 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-01-22 05:02:19 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-21 17:54:00 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-01-21 17:53:40 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-21 17:53:40 0 d-------- C:\Documents and Settings\Russ\Application Data\SUPERAntiSpyware.com
2008-01-21 17:52:59 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-20 17:50:19 0 d-------- C:\Documents and Settings\Russ\Application Data\Grisoft
2008-01-20 17:50:08 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-01-20 16:27:29 0 d-------- C:\Program Files\Trend Micro
2008-01-19 16:37:30 0 d--h----- C:\Documents and Settings\Administrator.RUSS-E892CBEA65\Templates
2008-01-19 16:37:30 0 dr------- C:\Documents and Settings\Administrator.RUSS-E892CBEA65\Start Menu
2008-01-19 16:37:30 0 dr-h----- C:\Documents and Settings\Administrator.RUSS-E892CBEA65\SendTo
2008-01-19 16:37:30 0 d--h----- C:\Documents and Settings\Administrator.RUSS-E892CBEA65\Recent
2008-01-19 16:37:30 0 d--h----- C:\Documents and Settings\Administrator.RUSS-E892CBEA65\PrintHood
2008-01-19 16:37:30 524288 --ah----- C:\Documents and Settings\Administrator.RUSS-E892CBEA65\NTUSER.DAT
2008-01-19 16:37:30 0 d--h----- C:\Documents and Settings\Administrator.RUSS-E892CBEA65\NetHood
2008-01-19 16:37:30 0 d-------- C:\Documents and Settings\Administrator.RUSS-E892CBEA65\My Documents
2008-01-19 16:37:30 0 d--h----- C:\Documents and Settings\Administrator.RUSS-E892CBEA65\Local Settings
2008-01-19 16:37:30 0 d-------- C:\Documents and Settings\Administrator.RUSS-E892CBEA65\Favorites
2008-01-19 16:37:30 0 d-------- C:\Documents and Settings\Administrator.RUSS-E892CBEA65\Desktop
2008-01-19 16:37:30 0 d--hs---- C:\Documents and Settings\Administrator.RUSS-E892CBEA65\Cookies
2008-01-19 16:37:30 0 dr-h----- C:\Documents and Settings\Administrator.RUSS-E892CBEA65\Application Data
2008-01-19 16:37:30 0 d---s---- C:\Documents and Settings\Administrator.RUSS-E892CBEA65\Application Data\Microsoft
2008-01-19 09:32:28 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
2008-01-18 06:03:15 0 d-------- C:\Documents and Settings\Russ\Application Data\Apple Computer
2008-01-18 05:27:38 0 d-------- C:\Program Files\Bonjour
2008-01-18 05:22:36 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-01-18 05:06:27 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-01-15 04:57:59 25600 --a------ C:\WINDOWS\system32\TwcToolInstDll.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
2008-01-15 04:57:59 262144 --a------ C:\WINDOWS\system32\TwcToolbarIe7.dll <Not Verified; ; Weather Channel Toolbar>
2008-01-15 04:57:59 73728 --a------ C:\WINDOWS\system32\TwcToolbarBho.dll <Not Verified; ; Weather Channel Toolbar BHO>
2008-01-14 18:16:57 0 dr-h----- C:\MSOCache
2008-01-14 18:13:24 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-01-14 17:48:52 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink
2008-01-14 17:40:41 0 d--hs---- C:\Documents and Settings\Russ\UserData
2008-01-14 17:27:28 0 d-------- C:\Documents and Settings\Russ\Application Data\Macromedia
2008-01-14 17:27:28 0 d-------- C:\Documents and Settings\Russ\Application Data\Adobe
2008-01-14 17:15:14 532594 --a------ C:\WINDOWS\system32\xerces-c_1_40_0_DDR.dll
2008-01-14 17:15:14 524377 --a------ C:\WINDOWS\system32\stlport_4_0_0_DDR.dll
2008-01-14 17:15:14 159744 --a------ C:\WINDOWS\system32\ssleay32_1-1-0_DDR.dll
2008-01-14 17:15:14 663552 --a------ C:\WINDOWS\system32\libeay32_1-1-0_DDR.dll
2008-01-14 17:15:14 307329 --a------ C:\WINDOWS\system32\BJBase_2-2-2_DDR.dll <Not Verified; BroadJump, Inc.; >
2008-01-14 17:15:13 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-01-14 17:12:54 49152 --a------ C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>
2008-01-14 17:12:54 45056 --a------ C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>
2008-01-14 17:12:54 765952 --a------ C:\WINDOWS\system\crlds3d.dll <Not Verified; Sensaura Ltd; Sensaura 3DPA>
2008-01-14 17:11:28 176128 --a------ C:\WINDOWS\system32\RcdScan.dll <Not Verified; Dell Computer Corporation; RcdScan Module>
2008-01-14 17:11:28 446464 -ra------ C:\WINDOWS\system32\hhactivex.dll <Not Verified; Blue Sky Software Corporation.; RoboHELP HTML 2000>
2008-01-14 17:11:25 13632 -----n--- C:\WINDOWS\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
2008-01-14 17:05:01 0 d-------- C:\Documents and Settings\Russ\Application Data\Identities
2008-01-14 17:04:52 0 d--h----- C:\Documents and Settings\Russ\Templates
2008-01-14 17:04:52 0 dr------- C:\Documents and Settings\Russ\Start Menu
2008-01-14 17:04:52 0 dr-h----- C:\Documents and Settings\Russ\SendTo
2008-01-14 17:04:52 0 dr-h----- C:\Documents and Settings\Russ\Recent
2008-01-14 17:04:52 0 d--h----- C:\Documents and Settings\Russ\PrintHood
2008-01-14 17:04:52 2621440 --ah----- C:\Documents and Settings\Russ\NTUSER.DAT
2008-01-14 17:04:52 0 d--h----- C:\Documents and Settings\Russ\NetHood
2008-01-14 17:04:52 0 dr------- C:\Documents and Settings\Russ\My Documents
2008-01-14 17:04:52 0 d--h----- C:\Documents and Settings\Russ\Local Settings
2008-01-14 17:04:52 0 dr------- C:\Documents and Settings\Russ\Favorites
2008-01-14 17:04:52 0 d-------- C:\Documents and Settings\Russ\Desktop
2008-01-14 17:04:52 0 d--hs---- C:\Documents and Settings\Russ\Cookies
2008-01-14 17:04:52 0 dr-h----- C:\Documents and Settings\Russ\Application Data
2008-01-14 17:03:46 1572864 --ah----- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
2008-01-14 17:03:46 0 d--h----- C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings
2008-01-14 17:03:46 0 d--hs---- C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies
2008-01-14 17:03:46 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data
2008-01-14 17:03:46 0 d---s---- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Microsoft
2008-01-14 17:03:25 1572864 --ah----- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
2008-01-14 17:03:25 0 d--h----- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings
2008-01-14 17:03:25 0 d---s---- C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies
2008-01-14 17:03:25 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data
2008-01-14 17:03:25 0 d---s---- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Microsoft
2008-01-14 17:00:24 225280 ---h----- C:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT
2008-01-14 16:59:02 0 d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
2008-01-14 16:57:17 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-14 16:29:20 0 d-------- C:\WINDOWS\setup.pss
2008-01-14 10:49:15 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Templates
2008-01-14 10:49:15 0 dr------- C:\Documents and Settings\Default User.WINDOWS\Start Menu
2008-01-14 10:49:15 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\SendTo
2008-01-14 10:49:15 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Recent
2008-01-14 10:49:15 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\PrintHood
2008-01-14 10:49:15 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\NetHood
2008-01-14 10:49:15 0 d-------- C:\Documents and Settings\Default User.WINDOWS\My Documents
2008-01-14 10:49:15 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\Local Settings
2008-01-14 10:49:15 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Favorites
2008-01-14 10:49:15 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Desktop
2008-01-14 10:49:15 0 d---s---- C:\Documents and Settings\Default User.WINDOWS\Cookies
2008-01-14 10:49:15 0 d--h----- C:\Documents and Settings\All Users.WINDOWS\Templates
2008-01-14 10:49:15 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Start Menu
2008-01-14 10:49:15 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Favorites
2008-01-14 10:49:15 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Documents
2008-01-14 10:49:15 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Desktop
2008-01-14 10:48:56 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\Application Data
2008-01-14 10:48:56 0 d---s---- C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft
2008-01-14 10:48:56 0 dr-h----- C:\Documents and Settings\All Users.WINDOWS\Application Data
2008-01-14 10:48:56 0 d---s---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2008-01-13 17:33:29 0 d-------- C:\HEATNIGHT
2008-01-13 09:50:46 0 d-------- C:\Documents and Settings\Buddy\Application Data\CyberLink
2008-01-13 08:37:29 0 d-------- C:\Program Files\The Weather Channel Toolbar
2008-01-13 08:15:37 0 d-------- C:\Documents and Settings\Buddy\Application Data\Ipswitch
2008-01-12 19:02:03 0 d-------- C:\Documents and Settings\Buddy\Application Data\Macromedia
2008-01-12 18:59:15 0 d-------- C:\Documents and Settings\Buddy\Application Data\Apple Computer
2008-01-12 18:54:48 0 d-------- C:\Documents and Settings\Buddy\Application Data\Identities
2008-01-12 18:53:42 0 d--h----- C:\Documents and Settings\Buddy\PrintHood
2008-01-12 18:53:42 0 d--h----- C:\Documents and Settings\Buddy\NetHood
2008-01-12 18:53:42 0 dr------- C:\Documents and Settings\Buddy\My Documents
2008-01-12 18:53:42 0 d--h----- C:\Documents and Settings\Buddy\Local Settings
2008-01-12 18:53:42 0 dr------- C:\Documents and Settings\Buddy\Favorites
2008-01-12 18:53:42 0 d-------- C:\Documents and Settings\Buddy\Desktop
2008-01-12 18:53:42 0 d--hs---- C:\Documents and Settings\Buddy\Cookies
2008-01-12 18:53:42 0 dr-h----- C:\Documents and Settings\Buddy\Application Data
2008-01-12 18:53:42 0 d---s---- C:\Documents and Settings\Buddy\Application Data\Microsoft
2008-01-12 18:53:41 0 d--h----- C:\Documents and Settings\Buddy\Templates
2008-01-12 18:53:41 0 dr------- C:\Documents and Settings\Buddy\Start Menu
2008-01-12 18:53:41 0 dr-h----- C:\Documents and Settings\Buddy\SendTo
2008-01-12 18:53:41 0 dr-h----- C:\Documents and Settings\Buddy\Recent
2008-01-12 18:53:41 2359296 --ah----- C:\Documents and Settings\Buddy\NTUSER.DAT
2008-01-11 07:27:16 0 d-------- C:\Program Files\F-Secure
2008-01-11 07:26:34 0 d-------- C:\WINDOWS\?ssembly
2008-01-10 13:05:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-01-09 14:21:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-01-09 14:19:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ipswitch
2008-01-09 14:18:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-09 13:37:36 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-01-09 13:37:36 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-01-09 13:37:36 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-01-09 13:37:36 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-01-09 13:37:36 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-01-09 13:37:35 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-01-09 13:37:35 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-01-09 13:37:35 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-01-09 13:37:35 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-01-09 13:37:35 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-01-09 13:37:35 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-01-09 13:37:35 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-01-09 13:37:35 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-01-09 13:37:35 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-01-03 18:41:37 0 d-------- C:\Program Files\kernel
2008-01-03 18:27:27 0 d-------- C:\Program Files\RcvSystem
2008-01-03 18:27:12 0 d-------- C:\WINDOWS\system32\ardCo07

-- Find3M Report ---------------------------------------------------------------

2008-01-23 18:32:15 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-01-22 17:06:54 0 d-------- C:\Program Files\iTunes
2008-01-22 15:42:47 0 d-------- C:\Program Files\PCFriendly
2008-01-21 17:52:59 0 d-------- C:\Program Files\Common Files
2008-01-21 04:53:09 0 d-------- C:\Program Files\Words
2008-01-18 17:32:00 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-01-18 05:26:19 0 d-------- C:\Program Files\QuickTime
2008-01-18 05:08:56 0 d-------- C:\Program Files\Apple Software Update
2008-01-15 04:56:53 0 d-------- C:\Program Files\The Weather Channel FW
2008-01-15 03:17:28 0 d-------- C:\Program Files\Messenger
2008-01-14 19:36:36 1023 --a------ C:\Documents and Settings\Russ\Application Data\EmailConfig.log
2008-01-14 17:48:52 0 d-------- C:\Program Files\DVD Shrink
2008-01-14 10:49:15 62 --ahs---- C:\Documents and Settings\Russ\Application Data\desktop.ini
2008-01-11 13:57:28 0 d-------- C:\Program Files\EarthLink TotalAccess
2008-01-11 10:38:03 0 d-------- C:\Program Files\Common Files\owfr
2008-01-10 14:45:44 0 d-------- C:\Program Files\Motive
2008-01-10 11:37:11 0 d-------- C:\Program Files\Router
2008-01-09 14:29:49 25214 --a------ C:\Program Files\A.ico
2008-01-09 14:29:47 25214 --a------ C:\Program Files\B.ico
2008-01-03 18:43:37 0 d-------- C:\Program Files\Temporary
2007-12-19 04:53:26 0 d-------- C:\Program Files\LimeWire
2007-12-18 09:10:23 244 --a------ C:\ituninst.bat
2007-12-17 07:32:31 134 --a------ C:\n.bat
2007-12-17 07:31:22 0 --a------ C:\x.dat
2007-12-17 07:30:34 0 --a------ C:\z.dat
2007-12-11 18:16:43 0 d-------- C:\Program Files\ZIM

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [01/27/2003 05:16 PM]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [09/09/2004 04:03 AM]
"F-Secure TNB"="C:\Program Files\F-Secure\TNB\TNBUtil.exe" [05/27/2004 03:57 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/10/2008 03:27 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/15/2008 03:22 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [08/23/2004 06:19 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [08/13/2004 01:05 AM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 01:01 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [12/20/2007 08:10 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/12/2004 08:56 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

7840 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-01-29 19:08:59 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 1534.08 MiB / 995.07 MiB
Pagefile Memory (total/avail): 3433.76 MiB / 2997.18 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.76 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.5 GiB total, 24.77 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800JD-75JNA0 - 74.5 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.5 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: F-Secure Anti-Virus Client Security 5.55 v5.55 (F-Secure Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\F-Secure Automatic Update.exe"="C:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\F-Secure Automatic Update.exe:*:Enabled:F-Secure Automatic Update"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\Russ\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RUSS-E892CBEA65
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Russ
LOGONSERVER=\\RUSS-E892CBEA65
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\PROGRA~1\COMMON~1\SONICS~1\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Russ\LOCALS~1\Temp
TMP=C:\DOCUME~1\Russ\LOCALS~1\Temp
USERDOMAIN=RUSS-E892CBEA65
USERNAME=Russ
USERPROFILE=C:\Documents and Settings\Russ
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Russ (admin)
Administrator.RUSS-E892CBEA65 (new local, admin)

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Policy Manager Support"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
--> C:\WINDOWS\BWUnin-6.3.2.62-7681197L.exe -AppId 7681197
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
F-Secure Anti-Virus Client Security - Automatic Update Agent --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Backweb"
F-Secure Anti-Virus Client Security - Virus Protection --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PCFriendly --> C:\Program Files\PCFriendly\inuninst.exe
PowerDVD 5.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
The Weather Channel Desktop --> C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe
The Weather Channel Toolbar --> C:\PROGRA~1\THEWEA~2\UNWISE.EXE C:\PROGRA~1\THEWEA~2\TWCINS~1.LOG
Weather Services --> C:\WINDOWS\system32\control.exe C:\PROGRA~1\THEWEA~1\FRAMEW~1\wxfw.cpl,4
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

-- Application Event Log -------------------------------------------------------

Event Record #/Type4011 / Error
Event Submitted/Written: 01/29/2008 06:46:11 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
107 2008-01-29 18:46:11-04:00 russ-e892cbea65 RUSS-E892CBEA65\Russ F-Secure Anti-Virus
Scanning of C:\WINDOWS\INSTALLER\19CB0E.MSP\stream 665\MSACCESS.EXE was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).

Event Record #/Type4010 / Error
Event Submitted/Written: 01/29/2008 06:46:11 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
106 2008-01-29 18:46:11-04:00 russ-e892cbea65 RUSS-E892CBEA65\Russ F-Secure Anti-Virus
Scanning of C:\WINDOWS\INSTALLER\19CB0E.MSP\stream 665\MSACCESS.EXE was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).

Event Record #/Type4009 / Error
Event Submitted/Written: 01/29/2008 06:46:11 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
105 2008-01-29 18:46:11-04:00 russ-e892cbea65 RUSS-E892CBEA65\Russ F-Secure Anti-Virus
Scanning of C:\WINDOWS\INSTALLER\19CB0E.MSP\stream 665\MSACCESS.EXE was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).

Event Record #/Type4008 / Error
Event Submitted/Written: 01/29/2008 06:46:10 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
104 2008-01-29 18:46:10-04:00 russ-e892cbea65 RUSS-E892CBEA65\Russ F-Secure Anti-Virus
Scanning of C:\WINDOWS\INSTALLER\19CB0E.MSP\stream 665\MSACCESS.EXE was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).

Event Record #/Type4007 / Error
Event Submitted/Written: 01/29/2008 06:46:10 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
103 2008-01-29 18:46:10-04:00 russ-e892cbea65 RUSS-E892CBEA65\Russ F-Secure Anti-Virus
Scanning of C:\WINDOWS\INSTALLER\19CB0E.MSP\stream 665\MSACCESS.EXE was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type976 / Error
Event Submitted/Written: 01/29/2008 05:12:30 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.2.2 for the Network Card with network address 001111530B7E has been
denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type975 / Warning
Event Submitted/Written: 01/29/2008 05:12:19 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001111530B7E. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type970 / Warning
Event Submitted/Written: 01/26/2008 10:22:39 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type969 / Error
Event Submitted/Written: 01/26/2008 10:45:29 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {80EE4901-33A8-11D1-A213-0080C88593A5} did not register with DCOM within the required timeout.

Event Record #/Type805 / Warning
Event Submitted/Written: 01/23/2008 08:50:15 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

-- End of Deckard's System Scanner: finished at 2008-01-29 19:08:59 ------------

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, January 31, 2008 4:53:15 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 30/01/2008
Kaspersky Anti-Virus database records: 536855
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 61931
Number of viruses found: 3
Number of infected objects: 6
Number of suspicious objects: 0
Duration of the scan process: 02:46:04

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\backup\DOCUME~1\Russ\LOCALS~1\Temp\~DF339E.tmp Object is locked skipped
C:\Deckard\System Scanner\backup\DOCUME~1\Russ\LOCALS~1\Temp\~DF33B6.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6e6658cfb53e6f4e49033ea71bfff819_78730b55-66e0-4a4e-b409-b2ff0812101d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Russ\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\Russ\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Russ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Russ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Russ\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Russ\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Russ\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Russ\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Russ\ntuser.dat.LOG Object is locked skipped
C:\Program Files\AWS\WeatherBug\Install\WxBugSetup60b6.04.0.9m.EXE/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.MyWay.j skipped
C:\Program Files\AWS\WeatherBug\Install\WxBugSetup60b6.04.0.9m.EXE WiseSFX: infected - 1 skipped
C:\Program Files\AWS\WeatherBug\Install\WxBugSetup60b6.04.0.9m.EXE WiseSFXDropper: infected - 1 skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\cache.dat Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\L0000005.FCS Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\F-Secure\BackWeb\7681197\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\F-Secure\common\policy.ipf Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP925\A0059171.0XE Object is locked skipped
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP929\A0059789.0XE Object is locked skipped
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP929\A0059795.0XE Object is locked skipped
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP929\A0059863.0XE Object is locked skipped
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP939\A0059896.0XE Object is locked skipped
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP939\A0059903.0XE Object is locked skipped
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP941\A0059917.0XE Object is locked skipped
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060298.0XE Object is locked skipped
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060308.0XE Object is locked skipped
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060313.0LL Object is locked skipped
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060318.0LL Object is locked skipped
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060319.0LL Object is locked skipped
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060320.0XE Object is locked skipped
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060321.0XE Object is locked skipped
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060322.0XE Object is locked skipped
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060323.0XE Object is locked skipped
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060324.0XE Object is locked skipped
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060337.0XE Object is locked skipped
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060343.0XE Object is locked skipped
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060362.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060362.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060363.0XE Object is locked skipped
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP944\A0060580.0XE Object is locked skipped
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP946\A0060948.dll Infected: not-a-virus:AdWare.Win32.AdBand.e skipped
C:\System Volume Information\_restore{743A5A71-0AFE-488E-AA64-978180A4CE55}\RP947\A0061083.0XE Object is locked skipped

#4
Rorschach112

Posted 01 February 2008 - 06:35 AM

Ralphie

Retired Staff
47,710 posts

Hello

Can you post the Rootchk report as well

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\WINDOWS\?ssembly /u
C:\Program Files\kernel
C:\Program Files\RcvSystem
C:\WINDOWS\system32\ardCo07
C:\n.bat
C:\x.dat
C:\z.dat
C:\Program Files\AWS\WeatherBug\Install\WxBugSetup60b6.04.0.9m.EXE

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
purity
```
Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Reboot and post a new DSS log

#5
Mongocat

Posted 02 February 2008 - 08:58 AM

New Member

Topic Starter
Member
6 posts

Here is the Rootchk log.

********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh
Fri 02/01/2008 5:02:47.25

NOTICE!! Rootchk is not being updated anymore, and is thus gradually getting outdated.
Last update was made 28-12-07

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 05:02:47
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.

scanning hidden services & system hive ...
IPC error: 2 The system cannot find the file specified.

scanning hidden registry entries ...

scanning hidden files ...
IPC error: 2 The system cannot find the file specified.

hidden processes: 0
hidden services: 0
hidden files: 0

I ran HiJackThis. Here is the log fromOTMoveIt2.

File/Folder C:\WINDOWS\?ssembly /u not found.
C:\Program Files\kernel moved successfully.
C:\Program Files\RcvSystem moved successfully.
C:\WINDOWS\system32\ardCo07 moved successfully.
C:\n.bat moved successfully.
C:\x.dat moved successfully.
C:\z.dat moved successfully.
C:\Program Files\AWS\WeatherBug\Install\WxBugSetup60b6.04.0.9m.EXE moved successfully.
[Custom Input]
< purity >
C:\WINDOWS\Αdobe moved successfully.
C:\WINDOWS\ΑрpPatch moved successfully.
C:\WINDOWS\system32\Μicrosoft.NET moved successfully.
C:\WINDOWS\system32\Мicrosoft moved successfully.

OTMoveIt2 v1.0.17 log created on 02012008_155141

Thanks!

Russ

#6
Rorschach112

Posted 02 February 2008 - 08:59 AM

Ralphie

Retired Staff
47,710 posts

Can you post a new DSS log

#7
Mongocat

Posted 02 February 2008 - 10:00 AM

New Member

Topic Starter
Member
6 posts

Deckard's System Scanner v20071014.68
Run by Russ on 2008-02-02 10:45:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Russ.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:52 AM, on 2/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Documents and Settings\Russ\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Russ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [getPlusUninstall_ocx] rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1200350479340
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe

--
End of file - 7856 bytes

-- Files created between 2008-01-02 and 2008-02-02 -----------------------------

2008-02-02 10:44:20 0 d-------- C:\Documents and Settings\Russ\Application Data\Google
2008-02-02 10:42:00 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2008-02-02 10:39:07 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2008-02-02 10:38:54 0 d-------- C:\Program Files\Google
2008-01-29 22:25:16 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-01-29 22:25:15 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-23 19:48:19 0 d-------- C:\Documents and Settings\Russ\Application Data\Sonic
2008-01-23 18:57:00 0 d-------- C:\Documents and Settings\Russ\Application Data\CyberLink
2008-01-22 16:03:03 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-01-22 05:02:19 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-21 17:54:00 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-01-21 17:53:40 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-21 17:53:40 0 d-------- C:\Documents and Settings\Russ\Application Data\SUPERAntiSpyware.com
2008-01-21 17:52:59 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-20 17:50:19 0 d-------- C:\Documents and Settings\Russ\Application Data\Grisoft
2008-01-20 17:50:08 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2008-01-20 16:27:29 0 d-------- C:\Program Files\Trend Micro
2008-01-19 16:37:30 0 d--h----- C:\Documents and Settings\Administrator.RUSS-E892CBEA65\Templates
2008-01-19 16:37:30 0 dr------- C:\Documents and Settings\Administrator.RUSS-E892CBEA65\Start Menu
2008-01-19 16:37:30 0 dr-h----- C:\Documents and Settings\Administrator.RUSS-E892CBEA65\SendTo
2008-01-19 16:37:30 0 d--h----- C:\Documents and Settings\Administrator.RUSS-E892CBEA65\Recent
2008-01-19 16:37:30 0 d--h----- C:\Documents and Settings\Administrator.RUSS-E892CBEA65\PrintHood
2008-01-19 16:37:30 524288 --ah----- C:\Documents and Settings\Administrator.RUSS-E892CBEA65\NTUSER.DAT
2008-01-19 16:37:30 0 d--h----- C:\Documents and Settings\Administrator.RUSS-E892CBEA65\NetHood
2008-01-19 16:37:30 0 d-------- C:\Documents and Settings\Administrator.RUSS-E892CBEA65\My Documents
2008-01-19 16:37:30 0 d--h----- C:\Documents and Settings\Administrator.RUSS-E892CBEA65\Local Settings
2008-01-19 16:37:30 0 d-------- C:\Documents and Settings\Administrator.RUSS-E892CBEA65\Favorites
2008-01-19 16:37:30 0 d-------- C:\Documents and Settings\Administrator.RUSS-E892CBEA65\Desktop
2008-01-19 16:37:30 0 d--hs---- C:\Documents and Settings\Administrator.RUSS-E892CBEA65\Cookies
2008-01-19 16:37:30 0 dr-h----- C:\Documents and Settings\Administrator.RUSS-E892CBEA65\Application Data
2008-01-19 16:37:30 0 d---s---- C:\Documents and Settings\Administrator.RUSS-E892CBEA65\Application Data\Microsoft
2008-01-19 09:32:28 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
2008-01-18 06:03:15 0 d-------- C:\Documents and Settings\Russ\Application Data\Apple Computer
2008-01-18 05:27:38 0 d-------- C:\Program Files\Bonjour
2008-01-18 05:22:36 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-01-18 05:06:27 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-01-15 04:57:59 25600 --a------ C:\WINDOWS\system32\TwcToolInstDll.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
2008-01-15 04:57:59 262144 --a------ C:\WINDOWS\system32\TwcToolbarIe7.dll <Not Verified; ; Weather Channel Toolbar>
2008-01-15 04:57:59 73728 --a------ C:\WINDOWS\system32\TwcToolbarBho.dll <Not Verified; ; Weather Channel Toolbar BHO>
2008-01-14 18:16:57 0 dr-h----- C:\MSOCache
2008-01-14 18:13:24 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-01-14 17:48:52 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink
2008-01-14 17:40:41 0 d--hs---- C:\Documents and Settings\Russ\UserData
2008-01-14 17:27:28 0 d-------- C:\Documents and Settings\Russ\Application Data\Macromedia
2008-01-14 17:27:28 0 d-------- C:\Documents and Settings\Russ\Application Data\Adobe
2008-01-14 17:15:14 532594 --a------ C:\WINDOWS\system32\xerces-c_1_40_0_DDR.dll
2008-01-14 17:15:14 524377 --a------ C:\WINDOWS\system32\stlport_4_0_0_DDR.dll
2008-01-14 17:15:14 159744 --a------ C:\WINDOWS\system32\ssleay32_1-1-0_DDR.dll
2008-01-14 17:15:14 663552 --a------ C:\WINDOWS\system32\libeay32_1-1-0_DDR.dll
2008-01-14 17:15:14 307329 --a------ C:\WINDOWS\system32\BJBase_2-2-2_DDR.dll <Not Verified; BroadJump, Inc.; >
2008-01-14 17:15:13 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-01-14 17:12:54 49152 --a------ C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>
2008-01-14 17:12:54 45056 --a------ C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>
2008-01-14 17:12:54 765952 --a------ C:\WINDOWS\system\crlds3d.dll <Not Verified; Sensaura Ltd; Sensaura 3DPA>
2008-01-14 17:11:28 176128 --a------ C:\WINDOWS\system32\RcdScan.dll <Not Verified; Dell Computer Corporation; RcdScan Module>
2008-01-14 17:11:28 446464 -ra------ C:\WINDOWS\system32\hhactivex.dll <Not Verified; Blue Sky Software Corporation.; RoboHELP HTML 2000>
2008-01-14 17:11:25 13632 -----n--- C:\WINDOWS\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
2008-01-14 17:05:01 0 d-------- C:\Documents and Settings\Russ\Application Data\Identities
2008-01-14 17:04:52 0 d--h----- C:\Documents and Settings\Russ\Templates
2008-01-14 17:04:52 0 dr------- C:\Documents and Settings\Russ\Start Menu
2008-01-14 17:04:52 0 dr-h----- C:\Documents and Settings\Russ\SendTo
2008-01-14 17:04:52 0 dr-h----- C:\Documents and Settings\Russ\Recent
2008-01-14 17:04:52 0 d--h----- C:\Documents and Settings\Russ\PrintHood
2008-01-14 17:04:52 2621440 --ah----- C:\Documents and Settings\Russ\NTUSER.DAT
2008-01-14 17:04:52 0 d--h----- C:\Documents and Settings\Russ\NetHood
2008-01-14 17:04:52 0 dr------- C:\Documents and Settings\Russ\My Documents
2008-01-14 17:04:52 0 d--h----- C:\Documents and Settings\Russ\Local Settings
2008-01-14 17:04:52 0 dr------- C:\Documents and Settings\Russ\Favorites
2008-01-14 17:04:52 0 d-------- C:\Documents and Settings\Russ\Desktop
2008-01-14 17:04:52 0 d--hs---- C:\Documents and Settings\Russ\Cookies
2008-01-14 17:04:52 0 dr-h----- C:\Documents and Settings\Russ\Application Data
2008-01-14 17:03:46 1572864 --ah----- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
2008-01-14 17:03:46 0 d--h----- C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings
2008-01-14 17:03:46 0 d--hs---- C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies
2008-01-14 17:03:46 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data
2008-01-14 17:03:46 0 d---s---- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Microsoft
2008-01-14 17:03:25 1572864 --ah----- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
2008-01-14 17:03:25 0 d--h----- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings
2008-01-14 17:03:25 0 d--hs---- C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies
2008-01-14 17:03:25 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data
2008-01-14 17:03:25 0 d---s---- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Microsoft
2008-01-14 17:00:24 225280 ---h----- C:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT
2008-01-14 16:59:02 0 d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
2008-01-14 16:57:17 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-14 16:29:20 0 d-------- C:\WINDOWS\setup.pss
2008-01-14 10:49:15 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Templates
2008-01-14 10:49:15 0 dr------- C:\Documents and Settings\Default User.WINDOWS\Start Menu
2008-01-14 10:49:15 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\SendTo
2008-01-14 10:49:15 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\Recent
2008-01-14 10:49:15 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\PrintHood
2008-01-14 10:49:15 0 d--h----- C:\Documents and Settings\Default User.WINDOWS\NetHood
2008-01-14 10:49:15 0 d-------- C:\Documents and Settings\Default User.WINDOWS\My Documents
2008-01-14 10:49:15 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\Local Settings
2008-01-14 10:49:15 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Favorites
2008-01-14 10:49:15 0 d-------- C:\Documents and Settings\Default User.WINDOWS\Desktop
2008-01-14 10:49:15 0 d---s---- C:\Documents and Settings\Default User.WINDOWS\Cookies
2008-01-14 10:49:15 0 d--h----- C:\Documents and Settings\All Users.WINDOWS\Templates
2008-01-14 10:49:15 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Start Menu
2008-01-14 10:49:15 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Favorites
2008-01-14 10:49:15 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Documents
2008-01-14 10:49:15 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Desktop
2008-01-14 10:48:56 0 dr-h----- C:\Documents and Settings\Default User.WINDOWS\Application Data
2008-01-14 10:48:56 0 d---s---- C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft
2008-01-14 10:48:56 0 dr-h----- C:\Documents and Settings\All Users.WINDOWS\Application Data
2008-01-14 10:48:56 0 d---s---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2008-01-13 17:33:29 0 d-------- C:\HEATNIGHT
2008-01-13 09:50:46 0 d-------- C:\Documents and Settings\Buddy\Application Data\CyberLink
2008-01-13 08:37:29 0 d-------- C:\Program Files\The Weather Channel Toolbar
2008-01-13 08:15:37 0 d-------- C:\Documents and Settings\Buddy\Application Data\Ipswitch
2008-01-12 19:02:03 0 d-------- C:\Documents and Settings\Buddy\Application Data\Macromedia
2008-01-12 18:59:15 0 d-------- C:\Documents and Settings\Buddy\Application Data\Apple Computer
2008-01-12 18:54:48 0 d-------- C:\Documents and Settings\Buddy\Application Data\Identities
2008-01-12 18:53:42 0 d--h----- C:\Documents and Settings\Buddy\PrintHood
2008-01-12 18:53:42 0 d--h----- C:\Documents and Settings\Buddy\NetHood
2008-01-12 18:53:42 0 dr------- C:\Documents and Settings\Buddy\My Documents
2008-01-12 18:53:42 0 d--h----- C:\Documents and Settings\Buddy\Local Settings
2008-01-12 18:53:42 0 dr------- C:\Documents and Settings\Buddy\Favorites
2008-01-12 18:53:42 0 d-------- C:\Documents and Settings\Buddy\Desktop
2008-01-12 18:53:42 0 d--hs---- C:\Documents and Settings\Buddy\Cookies
2008-01-12 18:53:42 0 dr-h----- C:\Documents and Settings\Buddy\Application Data
2008-01-12 18:53:42 0 d---s---- C:\Documents and Settings\Buddy\Application Data\Microsoft
2008-01-12 18:53:41 0 d--h----- C:\Documents and Settings\Buddy\Templates
2008-01-12 18:53:41 0 dr------- C:\Documents and Settings\Buddy\Start Menu
2008-01-12 18:53:41 0 dr-h----- C:\Documents and Settings\Buddy\SendTo
2008-01-12 18:53:41 0 dr-h----- C:\Documents and Settings\Buddy\Recent
2008-01-12 18:53:41 2359296 --ah----- C:\Documents and Settings\Buddy\NTUSER.DAT
2008-01-11 07:27:16 0 d-------- C:\Program Files\F-Secure
2008-01-11 07:26:34 0 d-------- C:\WINDOWS\?ssembly
2008-01-10 13:05:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-01-09 14:21:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-01-09 14:19:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ipswitch
2008-01-09 14:18:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-09 13:37:36 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-01-09 13:37:36 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-01-09 13:37:36 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-01-09 13:37:36 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-01-09 13:37:36 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-01-09 13:37:35 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-01-09 13:37:35 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-01-09 13:37:35 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-01-09 13:37:35 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-01-09 13:37:35 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-01-09 13:37:35 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-01-09 13:37:35 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-01-09 13:37:35 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-01-09 13:37:35 0 d--h----- C:\Documents and Settings\Administrator\Local Settings

-- Find3M Report ---------------------------------------------------------------

2008-02-02 10:42:05 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-23 18:32:15 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-01-22 17:06:54 0 d-------- C:\Program Files\iTunes
2008-01-22 15:42:47 0 d-------- C:\Program Files\PCFriendly
2008-01-21 17:52:59 0 d-------- C:\Program Files\Common Files
2008-01-21 04:53:09 0 d-------- C:\Program Files\Words
2008-01-18 17:32:00 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-01-18 05:26:19 0 d-------- C:\Program Files\QuickTime
2008-01-18 05:08:56 0 d-------- C:\Program Files\Apple Software Update
2008-01-15 04:56:53 0 d-------- C:\Program Files\The Weather Channel FW
2008-01-15 03:17:28 0 d-------- C:\Program Files\Messenger
2008-01-14 19:36:36 1023 --a------ C:\Documents and Settings\Russ\Application Data\EmailConfig.log
2008-01-14 17:48:52 0 d-------- C:\Program Files\DVD Shrink
2008-01-14 10:49:15 62 --ahs---- C:\Documents and Settings\Russ\Application Data\desktop.ini
2008-01-11 13:57:28 0 d-------- C:\Program Files\EarthLink TotalAccess
2008-01-11 10:38:03 0 d-------- C:\Program Files\Common Files\owfr
2008-01-10 14:45:44 0 d-------- C:\Program Files\Motive
2008-01-10 11:37:11 0 d-------- C:\Program Files\Router
2008-01-09 14:29:49 25214 --a------ C:\Program Files\A.ico
2008-01-09 14:29:47 25214 --a------ C:\Program Files\B.ico
2008-01-03 18:43:37 0 d-------- C:\Program Files\Temporary
2007-12-19 04:53:26 0 d-------- C:\Program Files\LimeWire
2007-12-18 09:10:23 244 --a------ C:\ituninst.bat
2007-12-11 18:16:43 0 d-------- C:\Program Files\ZIM

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [01/27/2003 05:16 PM]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [09/09/2004 04:03 AM]
"F-Secure TNB"="C:\Program Files\F-Secure\TNB\TNBUtil.exe" [05/27/2004 03:57 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/10/2008 03:27 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/15/2008 03:22 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [08/23/2004 06:19 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [08/13/2004 01:05 AM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 01:01 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [12/20/2007 08:10 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/12/2004 08:56 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [02/02/2008 10:39 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"getPlusUninstall_ocx"=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

-- End of Deckard's System Scanner: finished at 2008-02-02 10:46:56 ------------

#8
Rorschach112

Posted 02 February 2008 - 10:09 AM

Ralphie

Retired Staff
47,710 posts

Hello

Download and scan with SUPERAntiSpyware Free for Home Users

Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Also tell me how your PC is running

#9
Mongocat

Posted 02 February 2008 - 07:14 PM

New Member

Topic Starter
Member
6 posts

Here is the log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/02/2008 at 02:17 PM

Application Version : 3.9.1008

Core Rules Database Version : 3394
Trace Rules Database Version: 1386

Scan type : Complete Scan
Total Scan Time : 02:53:31

Memory items scanned : 435
Memory threats detected : 0
Registry items scanned : 4158
Registry threats detected : 0
File items scanned : 63433
File threats detected : 5

Adware.Tracking Cookie
C:\Documents and Settings\Russ\Cookies\russ@2o7[2].txt
C:\Documents and Settings\Russ\Cookies\russ@atdmt[2].txt
C:\Documents and Settings\Russ\Cookies\[email protected][1].txt
C:\Documents and Settings\Russ\Cookies\russ@specificclick[2].txt
C:\Documents and Settings\Russ\Cookies\[email protected][1].txt

The PC seems to be running better. I tried to insert a DVD to see if it would play and it went back to slow motion mode. I am not sure why. I used to have no problems playing DVDs. I am using the Dell DVD player. It seems like the computer will run fine for a while and then go back to being slow. It never was like this before.

Thanks,

Russ

#10
Rorschach112

Posted 03 February 2008 - 08:04 AM

Ralphie

Retired Staff
47,710 posts

Your logs are clean ! We need to do a few things

Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

Make sure you have an Internet Connection.
Double-click OTMoveIt2.exe to run it.
Click on the CleanUp! button
A list of tool components used in the Cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
Click Yes to beging the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

#11
Rorschach112

Posted 08 February 2008 - 08:05 AM

Ralphie

Retired Staff
47,710 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.