Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

fssm32.exe [RESOLVED]

Started by DrDeisel , Apr 18 2008 09:43 AM

  • This topic is locked This topic is locked

#1
DrDeisel
Posted 18 April 2008 - 09:43 AM

DrDeisel

    New Member

  • Member
  • Pip
  • 9 posts
Hi, I'm brand new to this forum and don't want to take more of your valuable time that I absolutely have to. I'm not knowledgeable about computers at all, but even I can tell I have a problem.

I searched your logs and found this post: http://www.geekstogo...lved-t5718.html. Aside from the fact that I'm running WindowsXP and Shaw Secure (which is powered by F-Secure - presumably the newest edition as we just received a complete update in February), the problem sounds very similar - massive CPU usage, warning exclamation mark on the Shaw Secure icon, slow internet, etc. I've run other online virus and spyware scans and nothing is turning up.

Should I just go ahead and try the solution you posted for Neil, or should I start the process from the very beginning?

Many thanks,
DrDeisel

OK - I've just gone through all the initial steps that were requested. Here are all the logs:

Malwarebytes' Anti-Malware 1.11
Database version: 654

Scan type: Quick Scan
Objects scanned: 29616
Time elapsed: 6 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-----------------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/19/2008 at 09:47 AM

Application Version : 4.0.1154

Core Rules Database Version : 3442
Trace Rules Database Version: 1434

Scan type : Complete Scan
Total Scan Time : 00:41:03

Memory items scanned : 405
Memory threats detected : 0
Registry items scanned : 5174
Registry threats detected : 0
File items scanned : 63134
File threats detected : 1

Adware.Tracking Cookie
C:\Documents and Settings\ken and dee\Cookies\ken and [email protected]

-------------------------------------------------
Panda Analysis
;***********************************************************************
ANALYSIS: 2008-04-19 12:19:08
PROTECTIONS: 1
MALWARE: 0
SUSPECTS: 1
;***********************************************************************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
Shaw Secure 2.0 7.00 7.00 Yes Yes
;===============================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================
;=============================================================== SUSPECTS
Sent Location
;=============================================================== Yes C:\PROGRAM FILES\SHAW SECURE\FSGUI\FSAVURES.ENG
;=============================================================== VULNERABILITIES
Id Severity Description
;===============================================================
;===============================================================

--------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:05 PM, on 19/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE

--
End of file - 5762 bytes

------------------------------------
Hijackthis Uninstall List

Adobe Acrobat 4.0
Adobe Flash Player ActiveX
Adobe Photoshop 7.0
ATI Display Driver
EPSON CX 4200 4800 Guide
EPSON Printer Software
EPSON Scan
ESET Online Scanner
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Java™ 6 Update 3
Java™ 6 Update 5
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Nero7 Ultra Edition
Panda ActiveScan 2.0
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Shaw Secure 2.0
SUPERAntiSpyware Free Edition
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
VIA Rhine-Family Fast Ethernet Adapter
ViewSonic Monitor Drivers
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781


Can someone PLEASE help me get rid of that red X on my Shaw Secure and help stop whatever it is that's eating up my CPU usage?

Edited by DrDeisel, 19 April 2008 - 01:49 PM.

  • 0

Advertisements

#2
Tal
Posted 19 April 2008 - 02:02 PM

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Hello DrDeisel , welcome to GeeksToGo! :)

My name is Tal, and I will be assisting you in the process of removing malware from your computer. I am going through your logs now, and I'll be back soon with instructions on how to proceed.

As I'm still in training, my replies to you have to be approved before posting, so please excuse delays between replies.

Tal.
  • 0

#3
DrDeisel
Posted 19 April 2008 - 02:04 PM

DrDeisel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I'll look forward to hearing from you! Thanks very much!
  • 0

#4
Tal
Posted 20 April 2008 - 10:30 AM

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Hello Dr. Deisel ,

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
  • Please don't be afraid to ask questions! :) No question is considered dumb here. It's better to be safe than sorry!
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you witness a certain entry or program you're unsure about, please don't hesitate to ask! :)

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply. Note: It's likely that the two logs won't fit into one post. If so, please post extra.txt in a separate post.

  • 0

#5
DrDeisel
Posted 20 April 2008 - 11:37 AM

DrDeisel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Good morning, Landlord! Here is the text of the first log - the seond one is even longer, so I will posy it separately as you suggested. Thanks again!

Deckard's System Scanner v20071014.68
Run by ken and dee on 2008-04-20 10:30:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
92: 2008-04-20 17:31:11 UTC - RP221 - Deckard's System Scanner Restore Point
91: 2008-04-19 16:02:30 UTC - RP220 - Installed SUPERAntiSpyware Free Edition
90: 2008-04-19 15:39:59 UTC - RP219 - Hijackthis Restore Point
89: 2008-04-18 13:14:17 UTC - RP218 - System Checkpoint
88: 2008-04-17 05:47:02 UTC - RP217 - System Checkpoint


-- First Restore Point --
1: 2008-01-22 01:38:23 UTC - RP130 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as ken and dee.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:53 AM, on 20/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\Program Files\Adobe\Acrobat 4.0\Reader\AcroRd32.exe
C:\Documents and Settings\ken and dee\Local Settings\Temporary Internet Files\Content.IE5\MMQQ2UM6\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ken and dee.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE

--
End of file - 5815 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 FSFW (F-Secure Firewall Driver) - c:\windows\system32\drivers\fsdfw.sys <Not Verified; F-Secure Corporation; F-Secure Internet Shield>
R1 F-Secure HIPS - c:\program files\shaw secure\hips\fshs.sys
R3 F-Secure Gatekeeper - c:\program files\shaw secure\anti-virus\minifilter\fsgk.sys
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
S3 ATI Remote Wonder II - c:\windows\system32\drivers\atirwvd.sys (file missing)
S4 F-Secure Filter (F-Secure File System Filter) - c:\program files\shaw secure\anti-virus\win2k\fsfilter.sys
S4 F-Secure Recognizer (F-Secure File System Recognizer) - c:\program files\shaw secure\anti-virus\win2k\fsrec.sys
S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 F-Secure Gatekeeper Handler Starter (FSGKHS) - "c:\program files\shaw secure\anti-virus\fsgk32st.exe" <Not Verified; F-Secure Corporation; F-Secure Anti-Virus>
R2 FSMA (F-Secure Management Agent) - "c:\program files\shaw secure\common\fsma32.exe" <Not Verified; F-Secure Corporation; F-Secure Management Agent>
R3 FSAUA (F-Secure Automatic Update Agent) - "c:\program files\shaw secure\fsaua\program\fsaua.exe" <Not Verified; F-Secure Corporation; F-Secure Automatic Update Agent>
R3 FSDFWD (F-Secure Anti-Virus Firewall Daemon) - "c:\program files\shaw secure\fwes\program\fsdfwd.exe" <Not Verified; F-Secure Corporation; F-Secure Internet Shield>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-03-20 and 2008-04-20 -----------------------------

2008-04-20 04:03:06 0 dr-h----- C:\Documents and Settings\ken and dee\Recent
2008-04-19 12:33:36 0 d-------- C:\Program Files\Trend Micro
2008-04-19 10:00:41 0 d-------- C:\Program Files\Panda Security
2008-04-19 09:02:40 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-19 09:02:31 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-19 09:02:31 0 d-------- C:\Documents and Settings\ken and dee\Application Data\SUPERAntiSpyware.com
2008-04-19 09:01:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-19 08:50:09 0 d-------- C:\Documents and Settings\ken and dee\Application Data\Malwarebytes
2008-04-19 08:49:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-19 08:49:52 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-20 20:33:47 0 --a------ C:\WINDOWS\ativpsrm.bin


-- Find3M Report ---------------------------------------------------------------

2008-04-19 09:01:45 0 d-------- C:\Program Files\Common Files
2008-03-22 21:44:52 0 d-------- C:\Program Files\Java
2008-03-20 18:06:23 0 d-------- C:\Program Files\ATI Technologies
2008-03-20 18:01:27 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-20 18:00:24 0 d-------- C:\Program Files\ATI Multimedia
2008-03-17 05:49:56 0 d-------- C:\Program Files\Shaw Secure


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [27/07/2004 03:01 AM C:\WINDOWS\SOUNDMAN.EXE]
"NWEReboot"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50 AM]
"EPSON Stylus CX4200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.exe" [07/03/2005 12:00 PM]
"F-Secure Manager"="C:\Program Files\Shaw Secure\Common\FSM32.exe" [26/04/2007 04:43 AM]
"F-Secure TNB"="C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" [26/04/2007 04:41 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:00 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [29/02/2008 04:03 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [13/10/2007 10:56:29 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll




-- End of Deckard's System Scanner: finished at 2008-04-20 10:32:30 ------------
  • 0

#6
DrDeisel
Posted 20 April 2008 - 11:41 AM

DrDeisel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Didn't know you had to wait before creating a second post! Here are the results from the extra log file:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3000+
Percentage of Memory in Use: 60%
Physical Memory (total/avail): 511.48 MiB / 201.03 MiB
Pagefile Memory (total/avail): 1246.75 MiB / 824.3 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1915.46 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 149.04 GiB total, 132.43 GiB free.
D: is CDROM (No Media)
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1600BB-22GUA0 - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.04 GiB - C:

\\.\PHYSICALDRIVE1 -

\\.\PHYSICALDRIVE4 -

\\.\PHYSICALDRIVE3 -

\\.\PHYSICALDRIVE2 -



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Shaw Secure 2.0 7.00 v7.00 (F-Secure Corporation)
AV: Shaw Secure 2.0 7.00 v7.00 (F-Secure Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\ken and dee\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SEANIX-557FC013
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\ken and dee
LOGONSERVER=\\SEANIX-557FC013
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0c00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\KENAND~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\KENAND~1\LOCALS~1\Temp
USERDOMAIN=SEANIX-557FC013
USERNAME=ken and dee
USERPROFILE=C:\Documents and Settings\ken and dee
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

ken and dee (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
--> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
--> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
--> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
--> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
--> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
--> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
--> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
--> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
--> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
--> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
--> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
--> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
--> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
--> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
--> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
--> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
--> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
--> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
--> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
--> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
--> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
--> "C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
EPSON CX 4200 4800 Guide --> C:\Program Files\epson\guide\cx4200_4800_e\uninstall.exe
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
ESET Online Scanner --> C:\WINDOWS\system32\OnlineScannerUninstaller.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Nero7 Ultra Edition --> MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Shaw Secure 2.0 --> "C:\Program Files\Shaw Secure\FSGUI\PostInstall.exe" /tUnInstall
Shaw Speed Test --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://sr3so.cg.shaw.../shawrtm1.jnlp"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
ViewSonic Monitor Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}


-- Application Event Log -------------------------------------------------------

Event Record #/Type2204 / Error
Event Submitted/Written: 04/19/2008 08:42:14 AM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
3 2008-04-19 08:42:14-07:00 seanix-557fc013 SEANIX-557FC013\ken and dee F-Secure Anti-Virus
Spyware detected:
Type: riskware
Family:
Name: Downloader.Win32.WinFixer
Object: C:\Documents and Settings\ken and dee\Local Settings\Temporary Internet Files\Content.IE5\DPE0F1O5\Download_mbam-setup[1].exe

Event Record #/Type2203 / Error
Event Submitted/Written: 04/19/2008 08:42:06 AM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
2 2008-04-19 08:42:06-07:00 seanix-557fc013 SEANIX-557FC013\ken and dee F-Secure Anti-Virus
Spyware detected:
Type: riskware
Family:
Name: Downloader.Win32.WinFixer
Object: C:\Documents and Settings\ken and dee\Local Settings\Temporary Internet Files\Content.IE5\DPE0F1O5\Download_mbam-setup[1].exe

Event Record #/Type2202 / Error
Event Submitted/Written: 04/19/2008 08:41:56 AM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
1 2008-04-19 08:41:56-07:00 seanix-557fc013 SEANIX-557FC013\ken and dee F-Secure Anti-Virus
Spyware detected:
Type: riskware
Family:
Name: Downloader.Win32.WinFixer
Object: C:\Documents and Settings\ken and dee\Local Settings\Temporary Internet Files\Content.IE5\DPE0F1O5\Download_mbam-setup[1].exe

Event Record #/Type2191 / Error
Event Submitted/Written: 04/17/2008 07:02:09 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2190 / Error
Event Submitted/Written: 04/17/2008 07:00:59 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type20235 / Warning
Event Submitted/Written: 04/20/2008 04:03:29 AM
Event ID/Source: 57 / Ftdisk
Event Description:
The system failed to flush data to the transaction log. Corruption may occur.

Event Record #/Type20234 / Warning
Event Submitted/Written: 04/20/2008 03:53:08 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type20233 / Warning
Event Submitted/Written: 04/20/2008 03:23:53 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type20232 / Warning
Event Submitted/Written: 04/20/2008 03:09:47 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type20231 / Warning
Event Submitted/Written: 04/20/2008 02:05:11 AM / 04/20/2008 02:05:12 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.



-- End of Deckard's System Scanner: finished at 2008-04-20 10:32:30 ------------

I honestlt don't understand how you can make anythingout of all this - must take years of practice and forever to read! Thanks!
  • 0

#7
DrDeisel
Posted 20 April 2008 - 08:14 PM

DrDeisel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Oh, I should let you know, I have no access to this computer during the day (I'm on Pacific Time), so I think our responses to each other will have a day's delay between them.

Thanks!
  • 0

#8
DrDeisel
Posted 21 April 2008 - 07:29 AM

DrDeisel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hello - Just rebooted after shutting down for the night and all my Favourites have vanished. How do I get them back?

Please ignore the above - I figured it out. Duh!

Edited by DrDeisel, 21 April 2008 - 08:07 AM.

  • 0

#9
Tal
Posted 21 April 2008 - 08:47 AM

Tal

    Trusted Helper

  • Retired Staff
  • 2,138 posts
Hello Dr.Deisel,

I have both good news and bad news. The good news are that you appear to be clean from malware - good job on that, since most computers have some kind of an infection. Yours is totally clean, as far as I can see :) However, this leads me to the bad news - we haven't found the cause for the process stalling and taking up so much CPU.

May I suggest you visit the Windows XP Support Forum, where experts in the field could help you with your problems. You may tell them that you have been declared clean from malware, by a helper in the malware forum (and link to this topic), and provide the DSS extra.txt log which can be of use to them. Also, you can inform them of the link you found, so they can take a look at that and find a lead.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Here are some steps to prevent future re-infection!

We have a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Restart your computer.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]
System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

You should also have a good firewall. Here are 3 free ones available for personal use:
and a good antivirus (these are also free for personal use):
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit
monthly. And to keep your system clean run these free malware scanners
weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!

Tal
  • 0

#10
DrDeisel
Posted 21 April 2008 - 09:24 AM

DrDeisel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks for your help - too bad it didn't find anything obvious. I'll do the reset as discussed below, but I think my next step will be to uninstall and reinstall Shaw Secure to see if it's just something that glitched.

If that doesn't work, I'll definitely contact the Windows XP forum to see what they have to say. I know from previous experience that sometimes Windows Updates can cause Shaw Secure to hang, so some update in the past month may have caused the problem that's occurring now.

I do appreciate all the time you spent looking at this problem and really appreciate knowing that my computer is clean!

Cheers,
Deirdre
  • 0

#11
ScHwErV
Posted 24 April 2008 - 05:47 AM

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP