Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91520 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Web Pages being redirected


  • This topic is locked This topic is locked
10 replies to this topic

#1 bogey418

bogey418

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 05 March 2007 - 01:58 AM

Hello guys. When surfing I notice that web pages are were being redirected to unrelated stuff. I did a little research and downloaded HijackThis. I had an R3 - URLSearchHook that I had HijackThis fix but I am not sure if I have other stuff that needs to be removed. My PC has been a little slow but It could be the amount of RAM. I have and used CW Schredder, AD-Aware, CCleaner and RegScrub. Can you let me know if there is a problem from my log? Thanks in advance.




Logfile of HijackThis v1.99.1
Scan saved at 11:42:10 PM, on 3/4/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
c:\program files\ge security supra\syncservice.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
C:\Program Files\GE Security Supra\ProxyDaemon.exe
C:\SSL\stunnel-4.10.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\WINNT\system32\gearsec.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsrw.exe
C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
D:\Program Files\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\PROGRA~1\CHARTE~1\ANTI-S~1\fsaw.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe
C:\Program Files\Google\Web Accelerator\googlewebaccwarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O1 - Hosts: 207.137.190.100 notessdo01
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [SmartDefrag] "D:\Program Files\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [FreeRAM XP] "D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Charter High-Speed Security Suite.lnk = C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Block this popup - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...ee/cm/ICSCM.cab
O16 - DPF: {4169B5A0-9048-11D6-BDFF-00C0F024AF20} (ActiveXTester.TesterControl) - http://www.jasons-to...tiveXTester.ocx
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {56C9629A-C33F-11D3-BBFB-00105A1FAD68} - http://www.eyetide.c...e Installer.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1131764818812
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...es/abasetup.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?316
O17 - HKLM\System\CCS\Services\Tcpip\..\{A90C960A-3A17-4EB2-AF3F-BC0DC7D92F6E}: NameServer = 85.255.114.25,85.255.112.69
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.25 85.255.112.69
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.25 85.255.112.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.25 85.255.112.69
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Charter High-Speed Security Suite (BackWeb Client - 3528733) - BackWeb Technologies Inc. - C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
O23 - Service: DkeySync - GE Security Supra - c:\program files\ge security supra\syncservice.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    Advertisements

Register to Remove


#2 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 05 March 2007 - 08:19 AM

Hello bogey418 and Welcome to TomCoyote,

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.sub.../Fixwareout.exe
http://www.bleepingc.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

At the end of the fix, you may need to restart your computer again.

Scan with HijackThis. Place a check against each of the following:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: (no name) - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - (no file)
O4 - Startup: PowerReg Scheduler.exe
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.25 85.255.112.69
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.25 85.255.112.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.25 85.255.112.69

Close all windows or browsers except for Hijackthis. Click on Fix Checked when finished and exit HijackThis.

Finally, please post a fresh HijackThis log, along with the contents of the logfile C:\fixwareout\report.txt

Now lets check some settings on your system.
(2000/XP) Only
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be avaiable on some systems
Next Go start run type cmd and hit OK
type
ipconfig /flushdns
then hit enter, type exit hit enter
(that space between g and / is needed)
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#3 bogey418

bogey418

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 06 March 2007 - 03:39 AM

First of all thanks for helping me out Susan. ;) I did what you told me and in the order you told me. Here are the two logs. I hope all is well with my PC. Please let me know any news.

Thanks




Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kddjn.exe"

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.



Click browse, find the file then click submit.
http://www.virustota...h/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other
C:\WINNT\TEMP\kddjn.ren 63456 06/19/03



»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="\"C:\\Program Files\\Charter High-Speed Security Suite\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\Charter High-Speed Security Suite\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"F-Secure Startup Wizard"="\"C:\\Program Files\\Charter High-Speed Security Suite\\FSGUI\\FSSW.EXE\" /reboot"
"SmartDefrag"="\"D:\\Program Files\\IObit SmartDefrag\\IObit SmartDefrag.exe\" /startup"
"Synchronization Manager"="mobsync.exe /logon"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Logitech Utility"="Logi_MwX.Exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"FreeRAM XP"="\"D:\\Program Files\\YourWare Solutions\\FreeRAM XP Pro\\FreeRAM XP Pro.exe\" -win"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»










Logfile of HijackThis v1.99.1
Scan saved at 1:23:05 AM, on 3/6/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
c:\program files\ge security supra\syncservice.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
C:\Program Files\GE Security Supra\ProxyDaemon.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\SSL\stunnel-4.10.exe
C:\WINNT\system32\gearsec.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\WINNT\system32\regsvc.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsrw.exe
C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
D:\Program Files\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\CHARTE~1\ANTI-S~1\fsaw.exe
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [SmartDefrag] "D:\Program Files\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [FreeRAM XP] "D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Charter High-Speed Security Suite.lnk = C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Block this popup - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...ee/cm/ICSCM.cab
O16 - DPF: {4169B5A0-9048-11D6-BDFF-00C0F024AF20} (ActiveXTester.TesterControl) - http://www.jasons-to...tiveXTester.ocx
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {56C9629A-C33F-11D3-BBFB-00105A1FAD68} - http://www.eyetide.c...e Installer.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1131764818812
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...es/abasetup.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?316
O17 - HKLM\System\CCS\Services\Tcpip\..\{A90C960A-3A17-4EB2-AF3F-BC0DC7D92F6E}: NameServer = 85.255.114.25,85.255.112.69
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Charter High-Speed Security Suite (BackWeb Client - 3528733) - BackWeb Technologies Inc. - C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
O23 - Service: DkeySync - GE Security Supra - c:\program files\ge security supra\syncservice.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

Edited by bogey418, 06 March 2007 - 03:41 AM.


#4 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 06 March 2007 - 07:02 AM

Updating Java
  • Download the latest version of Java Runtime Environment (JRE) 6.0.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
  • The following explains how to remove items from your computer that are malware. These items must be fixed!

    Scan with HijackThis. Place a check against each of the following:
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A90C960A-3A17-4EB2-AF3F-BC0DC7D92F6E}: NameServer = 85.255.114.25,85.255.112.69
    Close all windows or browsers except for Hijackthis. Click on Fix Checked when finished and exit HijackThis.

    ==========
    This is a check just to make sure no rootkit is present –sometimes rootkits are present with wareout infections.
    GMER
    Please create a new subfolder in the Program Files folder called GMER. If you have an older version of GMER installed, you must delete it.
  • Download GMER and extract it to the C:\program files\GMER folder.
  • Please rename the GMER file
    Note: You can rename gmer.exe to anything you like as long as you keep the .exe ending.
    Run the Gmer.exe renamed program by double-clicking the executable file (gmer.exe) in Windows Explorer.
    You may be prompted to scan immediately if GMER detects rootkit activity.
  • If you are prompted to scan your system click "yes" to begin the scan.
  • If you are not prompted, Click the "Rootkit" tab, then click "Scan".
DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

At the end of the scan, click "Copy" to copy the scan results to the clipboard. Then paste the results in a notepad file and also paste them back in your next reply.

===============
Now run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner

* Turn off the real time scanner of any existing antivirus program while performing the online scan
Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Standard
  • Scan Options:
  • Scan Archives
  • Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
  • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.
Copy and paste that information from Kapersky in your next post.

**Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.

Please post (reply) with the results from the GMER scan, Kapersky, and a fresh hijackthis log.
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#5 bogey418

bogey418

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 07 March 2007 - 01:55 AM

Susan here are the results from the scans. Let me know what to do next. I hope we will whip this PC into shape.




GMER 1.0.12.12027 - http://www.gmer.net
Rootkit scan 2007-03-06 20:46:27
Windows 5.0.2195 Service Pack 4


---- System - GMER 1.0.12 ----

SSDT \WINNT\System32\drivers\fsndis5.sys ZwCreateProcess
SSDT \WINNT\System32\drivers\fsndis5.sys ZwCreateSection
SSDT \WINNT\System32\drivers\fsndis5.sys ZwCreateThread
SSDT \WINNT\System32\drivers\fsndis5.sys ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.12 ----

PAGE ntoskrnl.exe!IoCreateDevice 8049F346 5 Bytes JMP ED040FD0 \WINNT\System32\drivers\fsndis5.sys
PAGENDSI NDIS.SYS!NdisOpenAdapter BFEA4EB6 5 Bytes JMP ED040EB4 \WINNT\System32\drivers\fsndis5.sys
PAGENDSI NDIS.SYS!NdisRegisterProtocol BFEA5410 5 Bytes JMP ED040C49 \WINNT\System32\drivers\fsndis5.sys
PAGENDSI NDIS.SYS!NdisDeregisterProtocol BFEACDF8 5 Bytes JMP ED040CB0 \WINNT\System32\drivers\fsndis5.sys
PAGENDSI NDIS.SYS!NdisCloseAdapter BFEACE69 5 Bytes JMP ED040EE4 \WINNT\System32\drivers\fsndis5.sys
PAGENDSP NDIS.SYS!NdisReturnPackets BFEAD97D 5 Bytes JMP ED04513A \WINNT\System32\drivers\fsndis5.sys
PAGENDSP NDIS.SYS!NdisSend BFEAF9BD 5 Bytes JMP ED0453FE \WINNT\System32\drivers\fsndis5.sys
PAGENDSP NDIS.SYS!NdisSendPackets BFEAF9D4 5 Bytes JMP ED0454D0 \WINNT\System32\drivers\fsndis5.sys
PAGENDSP NDIS.SYS!NdisTransferData BFEAF9E7 5 Bytes JMP ED04525C \WINNT\System32\drivers\fsndis5.sys
PAGENDSP NDIS.SYS!NdisRequest BFEAFA2E 5 Bytes JMP ED043578 \WINNT\System32\drivers\fsndis5.sys

---- User code sections - GMER 1.0.12 ----

.text D:\Program Files\IObit SmartDefrag\IObit SmartDefrag.exe[1996] KERNEL32.dll!CreateThread + 19 7C59B865 3 Bytes [ 8B, 06, 84 ]

---- Devices - GMER 1.0.12 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_READ [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_POWER [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_READ [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_PNP [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_READ [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_POWER [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_PNP [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_READ [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_PNP [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_NAMED_PIPE [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_READ [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_WRITE [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_INFORMATION [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_INFORMATION [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_EA [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_EA [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FLUSH_BUFFERS [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_VOLUME_INFORMATION [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_VOLUME_INFORMATION [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DIRECTORY_CONTROL [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FILE_SYSTEM_CONTROL [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_LOCK_CONTROL [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_MAILSLOT [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_SECURITY [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_SECURITY [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_POWER [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SYSTEM_CONTROL [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CHANGE [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_QUOTA [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_QUOTA [BFEC69E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_PNP [BFEC69E8] fsdfw.sys

---- EOF - GMER 1.0.12 ----







-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, March 06, 2007 11:36:13 PM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 7/03/2007
Kaspersky Anti-Virus database records: 261678
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 72150
Number of viruses found: 1
Number of infected objects: 3 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:27:28

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{93E1A941-57F1-4CC6-AE52-865368ED69B4}\Microsoft\Outlook Express\A's.dbx/[From "Russ Jones" <rcjones2@my-deja.com>][Date Fri, 6 Jun 2003 19:15:02 -0700 (PDT)]/UNNAMED/SBC1.doc.exe Infected: Email-Worm.Win32.Tanatos.b skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{93E1A941-57F1-4CC6-AE52-865368ED69B4}\Microsoft\Outlook Express\A's.dbx/[From "Russ Jones" <rcjones2@my-deja.com>][Date Fri, 6 Jun 2003 19:15:02 -0700 (PDT)]/UNNAMED Infected: Email-Worm.Win32.Tanatos.b skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{93E1A941-57F1-4CC6-AE52-865368ED69B4}\Microsoft\Outlook Express\A's.dbx Mail MS Outlook 5: infected - 2 skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\googlewebaccclient.exe.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\GoogleWebAccelerator.pac Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\GoogleWebAcceleratorCache Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\GoogleWebAccWarden.exe.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\dbupdate.log Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\Qrt.log Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\cache.dat Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\fsbwupst.log Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\L0000125.FCS Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\Common\admin.pub Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\Common\policy.bpf Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\Common\policy.ipf Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\Spam Control\log\fs_sa_log.txt Object is locked skipped
C:\Program Files\GE Security Supra\DaemonLog.txt Object is locked skipped
C:\Program Files\GE Security Supra\SyncLog.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\L0000053.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\storydb.idx Object is locked skipped
C:\WINNT\CSC\00000001 Object is locked skipped
C:\WINNT\Debug\ipsecpa.log Object is locked skipped
C:\WINNT\Debug\oakley.log Object is locked skipped
C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
C:\WINNT\rnapxs\rnapxs.dat Object is locked skipped
C:\WINNT\SchedLgU.Txt Object is locked skipped
C:\WINNT\SoftwareDistribution\EventCache\{872D6A22-82BE-4DD1-89D4-354DD2BA4FF1}.bin Object is locked skipped
C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINNT\Sti_Trace.log Object is locked skipped
C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
C:\WINNT\system32\config\default Object is locked skipped
C:\WINNT\system32\config\default.LOG Object is locked skipped
C:\WINNT\system32\config\SAM Object is locked skipped
C:\WINNT\system32\config\SAM.LOG Object is locked skipped
C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
C:\WINNT\system32\config\SECURITY Object is locked skipped
C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
C:\WINNT\system32\config\software Object is locked skipped
C:\WINNT\system32\config\software.LOG Object is locked skipped
C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
C:\WINNT\system32\config\system Object is locked skipped
C:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped
C:\WINNT\WindowsUpdate.log Object is locked skipped

Scan process completed.






Logfile of HijackThis v1.99.1
Scan saved at 11:52:28 PM, on 3/6/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
c:\program files\ge security supra\syncservice.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
C:\Program Files\GE Security Supra\ProxyDaemon.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\SSL\stunnel-4.10.exe
C:\WINNT\system32\gearsec.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\WINNT\system32\regsvc.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsrw.exe
C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
C:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
D:\Program Files\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\PROGRA~1\CHARTE~1\ANTI-S~1\fsaw.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [SmartDefrag] "D:\Program Files\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [FreeRAM XP] "D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Charter High-Speed Security Suite.lnk = C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Block this popup - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...ee/cm/ICSCM.cab
O16 - DPF: {4169B5A0-9048-11D6-BDFF-00C0F024AF20} (ActiveXTester.TesterControl) - http://www.jasons-to...tiveXTester.ocx
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {56C9629A-C33F-11D3-BBFB-00105A1FAD68} - http://www.eyetide.c...e Installer.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1131764818812
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...es/abasetup.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?316
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Charter High-Speed Security Suite (BackWeb Client - 3528733) - BackWeb Technologies Inc. - C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
O23 - Service: DkeySync - GE Security Supra - c:\program files\ge security supra\syncservice.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

#6 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 07 March 2007 - 02:59 AM

Everything looks good except you have this old infected email hanging around.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{93E1A941-57F1-4CC6-AE52-865368ED69B4}\Microsoft\Outlook Express\A's.dbx/[From "Russ Jones" <rcjones2@my-deja.com>][Date Fri, 6 Jun 2003 19:15:02 -0700 (PDT)]/UNNAMED/SBC1.doc.exe Infected: Email-Worm.Win32.Tanatos.b skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{93E1A941-57F1-4CC6-AE52-865368ED69B4}\Microsoft\Outlook Express\A's.dbx/[From "Russ Jones" <rcjones2@my-deja.com>][Date Fri, 6 Jun 2003 19:15:02 -0700 (PDT)]/UNNAMED Infected: Email-Worm.Win32.Tanatos.b skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{93E1A941-57F1-4CC6-AE52-865368ED69B4}\Microsoft\Outlook Express\A's.dbx Mail MS Outlook 5: infected - 2 skipped

You may need to compact folders in order to delete it from your system.
http://support.micro....com/kb/289987/
How to Manually Start PST Compaction
  • On the File menu, click Data File Management.
  • Click to select your Personal Folder, and then click Settings.
  • On the General tab, click Compact Now.
  • Click OK, and then click Close.
How to Manually Start OST Compaction
  • On the Tools menu, click to select E-mail Accounts.
  • Click View or change existing e-mail account, and then click Next.
  • Click Microsoft Exchange Server, and then click Change.
  • Click More Settings.
  • On the Advanced tab, click Offline Folder File Settings.
  • Click Compact Now.
  • When the compact operation is finished, click OK twice.
  • Click [b]Next, and then click [b]Finish.
You may want to run Kapersky again to verify that you got rid of it. Let me know when you have gotten rid of it and I will give you the final clean-up instructions.
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#7 bogey418

bogey418

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 07 March 2007 - 06:38 PM

Susan, Outlook express was my email program I used to use. I started using Outlook but just kept Outlook Express. I hadn't opened it in years. When I saw that old email I opened Outlook Express and deleted all the those old emails. I ran Kaspersky again and it came up clean. Here is the scan and a fresh HijackThis scan. So does my PC pass the grade now? :scratch:


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, March 07, 2007 4:22:44 PM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 7/03/2007
Kaspersky Anti-Virus database records: 262751
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 72881
Number of viruses found: 0
Number of infected objects: 0 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:10:18

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\UserData\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007030720070308\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\googlewebaccclient.exe.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\GoogleWebAccelerator.pac Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\GoogleWebAcceleratorCache Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\GoogleWebAccWarden.exe.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\hsperfdata_Administrator\2820 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\dbupdate.log Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\Qrt.log Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\fsbwupst.log Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\L0000125.FCS Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\Common\admin.pub Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\Common\policy.bpf Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\Common\policy.ipf Object is locked skipped
C:\Program Files\Charter High-Speed Security Suite\Spam Control\log\fs_sa_log.txt Object is locked skipped
C:\Program Files\GE Security Supra\DaemonLog.txt Object is locked skipped
C:\Program Files\GE Security Supra\SyncLog.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\L0000053.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrator\Data\storydb.idx Object is locked skipped
C:\WINNT\CSC\00000001 Object is locked skipped
C:\WINNT\Debug\ipsecpa.log Object is locked skipped
C:\WINNT\Debug\oakley.log Object is locked skipped
C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
C:\WINNT\rnapxs\rnapxs.dat Object is locked skipped
C:\WINNT\SchedLgU.Txt Object is locked skipped
C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINNT\Sti_Trace.log Object is locked skipped
C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
C:\WINNT\system32\config\default Object is locked skipped
C:\WINNT\system32\config\default.LOG Object is locked skipped
C:\WINNT\system32\config\SAM Object is locked skipped
C:\WINNT\system32\config\SAM.LOG Object is locked skipped
C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
C:\WINNT\system32\config\SECURITY Object is locked skipped
C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
C:\WINNT\system32\config\software Object is locked skipped
C:\WINNT\system32\config\software.LOG Object is locked skipped
C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
C:\WINNT\system32\config\system Object is locked skipped
C:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped
C:\WINNT\WindowsUpdate.log Object is locked skipped

Scan process completed.








Logfile of HijackThis v1.99.1
Scan saved at 4:34:43 PM, on 3/7/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
c:\program files\ge security supra\syncservice.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
C:\Program Files\GE Security Supra\ProxyDaemon.exe
C:\SSL\stunnel-4.10.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\WINNT\system32\gearsec.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsrw.exe
C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
D:\Program Files\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\CHARTE~1\ANTI-S~1\fsaw.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [SmartDefrag] "D:\Program Files\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [FreeRAM XP] "D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Charter High-Speed Security Suite.lnk = C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Block this popup - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...ee/cm/ICSCM.cab
O16 - DPF: {4169B5A0-9048-11D6-BDFF-00C0F024AF20} (ActiveXTester.TesterControl) - http://www.jasons-to...tiveXTester.ocx
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {56C9629A-C33F-11D3-BBFB-00105A1FAD68} - http://www.eyetide.c...e Installer.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1131764818812
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...es/abasetup.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?316
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Charter High-Speed Security Suite (BackWeb Client - 3528733) - BackWeb Technologies Inc. - C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
O23 - Service: DkeySync - GE Security Supra - c:\program files\ge security supra\syncservice.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

#8 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 07 March 2007 - 10:42 PM

So does my PC pass the grade now?



Yes, hope I haven't been too picky but don't like infected items on a computer. I think of Pandora's box.

STEP 1.
======
System Restore for Windows XP
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
  • Turn off System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
Reboot.

Turn ON System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check *Turn off System Restore*.
  • Click Apply, and then click OK.

STEP 2.
======
DON’T BECOME OVERCONFIDENT WITH ANTIVIRUS APPLICATIONS INSTALLED!!!

http://forum.malware...39eba6ea0b5e8ee

Stay up to date on security patches and be extremely wary of clicking on links and attachments that arrive unbidden in instant messages and e-mail.

"The number one thing the majority of the malicious code we're seeing now does is disable or delete anti-virus and other security software," Dunham said. "In a lot of cases, once the user clicks on that attachment, it's already too late."


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Visit Microsoft's Update Site Frequently - It is important that you visit Windows Updates regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
    A tutorial on installing & using this product can be found here:
    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
    A tutorial on installing & using this product can be found here:
    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
    A tutorial on installing & using this product can be found here:
    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

  • More info on how to prevent malware you can also find here (By Tony Klein)
Follow this list and your potential for being infected again will reduce dramatically.

Thank you for allowing me to assist you.

Susan
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#9 bogey418

bogey418

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 08 March 2007 - 11:36 PM

Susan thanks for all the help. :D I have a couple of questions though. I can't do a system restore because I am running windows 2000, or can I? I update automatically every night with my antivirus, which is F-secure. F-secure is a whole suite of protection I receive free with Charter, my internet service provider. I have Microsoft notify me when there is a new update, so I am on top of that. I used to have Spybot Search & Destroy, and I liked it, but F-Secure could not run with Spybot, so I no longer have it. I have Ad-aware, Spywareblaster, CCleaner, CWShredder, RegscrubXE and I update and run them regularly. Also on my last HijackThis post I saw this:O16 - DPF: {56C9629A-C33F-11D3-BBFB-00105A1FAD68} - http://www.eyetide.c...e Installer.cab I removed the Eyetide program a while ago , so can i have HijackThis fix this or must I delete it another way or is it not a problem? One other question does the Google Web Accelerator really work if I am cleaning my cache and history? Hope that you can respond.

Bogey

Edited by bogey418, 09 March 2007 - 12:09 AM.


#10 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 09 March 2007 - 08:51 AM

Sorry, the System Restore is for Windows XP and ME. I am so used to working on XP logs that I slip sometimes.

You can fix the O16 - DPF: {56C9629A-C33F-11D3-BBFB-00105A1FAD68} - http://www.eyetide.c...e Installer.cab with hijackthis.

I really do not know about the Google Web Accelerator. I guess I would see what happens with it and without it.
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#11 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 19 March 2007 - 11:24 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users