Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93085 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Adware.Drop Spam

Started by bogey418 , Mar 16 2007 12:32 PM

  • This topic is locked This topic is locked
3 replies to this topic

#1 bogey418

bogey418

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 16 March 2007 - 12:32 PM

I ran Ad-Aware SE and came up with this:

Adware.DropSpam it is located in: HKEY_CLASSES_ROOT:typelib\de6317f7-6ef0-45c2-88d1-8e094-15817f1\

Is it legit or should it be fixed? I have it on my laptop as well. If it needs to be fixed can i use the same procedures? Here is the AD-Aware logfile and my Hijackthis log.




Ad-Aware SE Build 1.06r1
Logfile Created on:Friday, March 16, 2007 2:02:28 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R160 14.03.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.DropSpam(TAC index:6):1 total references
MRU List(TAC index:0):39 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


3-16-2007 2:02:28 AM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Administrator\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\Administrator\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-73586283-1957994488-1060284298-500\software\microsoft\automap\11.0\findmru
Description : list of recently used find queries used in microsoft automap-based products


MRU List Object Recognized!
Location: : S-1-5-21-73586283-1957994488-1060284298-500\software\microsoft\automap\11.0\recent file list
Description : list of recently used files in microsoft automap-based products


MRU List Object Recognized!
Location: : S-1-5-21-73586283-1957994488-1060284298-500\software\microsoft\clipart gallery\2.0\mrudescription
Description : most recently used description in microsoft clipart gallery


MRU List Object Recognized!
Location: : S-1-5-21-73586283-1957994488-1060284298-500\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-73586283-1957994488-1060284298-500\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-73586283-1957994488-1060284298-500\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-73586283-1957994488-1060284298-500\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-73586283-1957994488-1060284298-500\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-73586283-1957994488-1060284298-500\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-73586283-1957994488-1060284298-500\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-73586283-1957994488-1060284298-500\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-73586283-1957994488-1060284298-500\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-73586283-1957994488-1060284298-500\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-73586283-1957994488-1060284298-500\software\microsoft\mediaplayer\preferences
Description : last search path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-73586283-1957994488-1060284298-500\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-73586283-1957994488-1060284298-500\software\microsoft\office\9.0\common\open find\microsoft powerpoint\settings\insert picture\file name mru
Description : list of recent pictured inserted in microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-73586283-1957994488-1060284298-500\software\microsoft\office\9.0\common\open find\microsoft powerpoint\settings\save as\file name mru
Description : list of recent documents saved by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-73586283-1957994488-1060284298-500\software\microsoft\office\9.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-73586283-1957994488-1060284298-500\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-73586283-1957994488-1060284298-500\software\microsoft\office\9.0\excel\recent files
Description : list of recent files used by microsoft excel


MRU List Object Recognized!
Location: : S-1-5-21-73586283-1957994488-1060284298-500\software\microsoft\office\9.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-73586283-1957994488-1060284298-500\software\microsoft\office\9.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-73586283-1957994488-1060284298-500\software\microsoft\office\9.0\publisher\recent file list
Description : list of recent files used by microsoft publisher


MRU List Object Recognized!
Location: : S-1-5-21-73586283-1957994488-1060284298-500\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-73586283-1957994488-1060284298-500\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : S-1-5-21-73586283-1957994488-1060284298-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-73586283-1957994488-1060284298-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-73586283-1957994488-1060284298-500\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-73586283-1957994488-1060284298-500\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-73586283-1957994488-1060284298-500\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives


MRU List Object Recognized!
Location: : S-1-5-21-73586283-1957994488-1060284298-500\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-73586283-1957994488-1060284298-500\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-73586283-1957994488-1060284298-500\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-73586283-1957994488-1060284298-500\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 164
ThreadCreationTime : 3-14-2007 7:09:05 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 192
ThreadCreationTime : 3-14-2007 7:09:11 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 212
ThreadCreationTime : 3-14-2007 7:09:14 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINNT\system32\
ProcessID : 240
ThreadCreationTime : 3-14-2007 7:09:17 PM
BasePriority : Normal
FileVersion : 5.00.2195.7035
ProductVersion : 5.00.2195.7035
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINNT\system32\
ProcessID : 252
ThreadCreationTime : 3-14-2007 7:09:17 PM
BasePriority : Normal
FileVersion : 5.00.2195.7011
ProductVersion : 5.00.2195.7011
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 428
ThreadCreationTime : 3-14-2007 7:09:24 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:7 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 472
ThreadCreationTime : 3-14-2007 7:09:25 PM
BasePriority : Normal
FileVersion : 5.00.2195.7059
ProductVersion : 5.00.2195.7059
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:8 [servic~1.exe]
FilePath : C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\
ProcessID : 500
ThreadCreationTime : 3-14-2007 7:09:25 PM
BasePriority : Normal


#:9 [syncservice.exe]
FilePath : c:\program files\ge security supra\
ProcessID : 512
ThreadCreationTime : 3-14-2007 7:09:26 PM
BasePriority : Normal


#:10 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 616
ThreadCreationTime : 3-14-2007 7:09:40 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:11 [fsgk32st.exe]
FilePath : C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\
ProcessID : 640
ThreadCreationTime : 3-14-2007 7:09:41 PM
BasePriority : Normal
FileVersion : 1.00.11280
ProductVersion : 1, 0, 11280, 0
ProductName : F-Secure Corp. Startup service
CompanyName : F-Secure Corporation
FileDescription : fsgk32st
InternalName : fsgk32
LegalCopyright : Copyright © 2004
OriginalFilename : fsgk32st.exe
Comments : Startup service for Gatekeeper Handler

#:12 [fsgk32.exe]
FilePath : C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\
ProcessID : 656
ThreadCreationTime : 3-14-2007 7:09:41 PM
BasePriority : Normal
FileVersion : 6.10.12200
ProductVersion : 6.10.12200
ProductName : F-Secure Corp. fsgk32
CompanyName : F-Secure Corp.
FileDescription : Gatekeeper Handler II
InternalName : fsgk32
LegalCopyright : Copyright © 2004-2006
OriginalFilename : fsgk32.exe
Comments : release

#:13 [fsbwsys.exe]
FilePath : C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\
ProcessID : 676
ThreadCreationTime : 3-14-2007 7:09:43 PM
BasePriority : Normal
FileVersion : 6.90.881
ProductVersion : 6.90
ProductName : F-Secure BackWeb
CompanyName : F-Secure Corp.
FileDescription : fsbwsys
InternalName : fsbwsys
LegalCopyright : Copyright © 2005 F-Secure Corporation
OriginalFilename : fsbwsys.exe

#:14 [proxydaemon.exe]
FilePath : C:\Program Files\GE Security Supra\
ProcessID : 688
ThreadCreationTime : 3-14-2007 7:09:44 PM
BasePriority : Normal


#:15 [fsma32.exe]
FilePath : C:\Program Files\Charter High-Speed Security Suite\Common\
ProcessID : 728
ThreadCreationTime : 3-14-2007 7:09:45 PM
BasePriority : Normal
FileVersion : 6.05.8452
ProductVersion : 6.05 Build 8452
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Management Agent
InternalName : VCH
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FSMA32.EXE

#:16 [stunnel-4.10.exe]
FilePath : C:\SSL\
ProcessID : 736
ThreadCreationTime : 3-14-2007 7:09:46 PM
BasePriority : Normal


#:17 [gearsec.exe]
FilePath : C:\WINNT\system32\
ProcessID : 768
ThreadCreationTime : 3-14-2007 7:09:48 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
ProductName : gearsec
CompanyName : GEAR Software
FileDescription : gearsec
InternalName : gearsec
LegalCopyright : Copyright © 2001 GEAR Software
OriginalFilename : gearsec.exe

#:18 [fsmb32.exe]
FilePath : C:\Program Files\Charter High-Speed Security Suite\Common\
ProcessID : 776
ThreadCreationTime : 3-14-2007 7:09:48 PM
BasePriority : Normal
FileVersion : 6.05.8452
ProductVersion : 6.05 Build 8452
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Message Broker
InternalName : FSMB
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FSMB32.EXE

#:19 [regsvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 868
ThreadCreationTime : 3-14-2007 7:09:50 PM
BasePriority : Normal
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:20 [fch32.exe]
FilePath : C:\Program Files\Charter High-Speed Security Suite\Common\
ProcessID : 884
ThreadCreationTime : 3-14-2007 7:09:50 PM
BasePriority : Normal
FileVersion : 6.05.8452
ProductVersion : 6.05 Build 8452
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Configuration Handler
InternalName : FCH
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FCH32.EXE

#:21 [mstask.exe]
FilePath : C:\WINNT\system32\
ProcessID : 932
ThreadCreationTime : 3-14-2007 7:09:52 PM
BasePriority : Normal
FileVersion : 4.71.2195.6972
ProductVersion : 4.71.2195.6972
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:22 [stisvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1024
ThreadCreationTime : 3-14-2007 7:09:55 PM
BasePriority : Normal
FileVersion : 5.00.2195.6656
ProductVersion : 5.00.2195.6656
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1996-1997
OriginalFilename : STIMON.EXE

#:23 [winmgmt.exe]
FilePath : C:\WINNT\System32\WBEM\
ProcessID : 1112
ThreadCreationTime : 3-14-2007 7:09:57 PM
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:24 [mspmspsv.exe]
FilePath : C:\WINNT\System32\
ProcessID : 1124
ThreadCreationTime : 3-14-2007 7:10:00 PM
BasePriority : Normal
FileVersion : 7.10.00.3068
ProductVersion : 7.10.00.3068
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:25 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1136
ThreadCreationTime : 3-14-2007 7:10:00 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:26 [fameh32.exe]
FilePath : C:\Program Files\Charter High-Speed Security Suite\Common\
ProcessID : 1212
ThreadCreationTime : 3-14-2007 7:10:02 PM
BasePriority : Normal
FileVersion : 6.05.8452
ProductVersion : 6.05 Build 8452
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Alert and Management Extension Handler
InternalName : FAMEH
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FAMEH32.EXE

#:27 [fsqh.exe]
FilePath : C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\
ProcessID : 1220
ThreadCreationTime : 3-14-2007 7:10:02 PM
BasePriority : Normal
FileVersion : 6.00.11240
ProductVersion : 6.00 Build 11240
ProductName : F-Secure Anti-Virus
CompanyName : F-Secure Corporation
FileDescription : F-Secure Quarantine Handler
InternalName : FSQH
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : F-Secure ® is a registered trademark of F-Secure Corporation.
OriginalFilename : FSQH.EXE

#:28 [fsrw.exe]
FilePath : C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\
ProcessID : 1252
ThreadCreationTime : 3-14-2007 7:10:03 PM
BasePriority : Normal
FileVersion : 1.1.222
ProductName : F-Secure Anti-Virus
CompanyName : F-Secure Corporation
FileDescription : F-Secure System Control
InternalName : FSRW
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : F-Secure ® is a registered trademark of F-Secure Corporation.
OriginalFilename : FSRW.EXE

#:29 [fspc.exe]
FilePath : C:\Program Files\Charter High-Speed Security Suite\FSPC\
ProcessID : 1256
ThreadCreationTime : 3-14-2007 7:10:03 PM
BasePriority : Normal
FileVersion : 5.00.160
ProductVersion : 5.00 Build 160
ProductName : F-Secure Parental Control
CompanyName : F-Secure Corporation
FileDescription : F-Secure Parental Control
InternalName : FSPC
LegalCopyright : Copyright © 1998-2004 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FSPC.EXE

#:30 [fshttps.exe]
FilePath : C:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\
ProcessID : 1468
ThreadCreationTime : 3-14-2007 7:10:21 PM
BasePriority : Normal
FileVersion : 5.00.160
ProductVersion : 5.00 Build 160
ProductName : F-Secure Parental Control
CompanyName : F-Secure Corporation
FileDescription : F-Secure Http Server
InternalName : FSHTTPS
LegalCopyright : Copyright © 1998-2004 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FSHTTPS.EXE

#:31 [fsdfwd.exe]
FilePath : C:\Program Files\Charter High-Speed Security Suite\FWES\Program\
ProcessID : 1480
ThreadCreationTime : 3-14-2007 7:10:22 PM
BasePriority : Normal
FileVersion : 5.91.210
ProductVersion : 5.91 Build 210
ProductName : F-Secure Anti-Virus Internet Shield
CompanyName : F-Secure Corporation
FileDescription : F-Secure Anti-Virus Internet Shield daemon
InternalName : fsdfwd
LegalCopyright : Copyright © F-Secure Corporation 1997-2005
OriginalFilename : fsdfwd.exe

#:32 [fssm32.exe]
FilePath : C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\
ProcessID : 1700
ThreadCreationTime : 3-14-2007 7:10:38 PM
BasePriority : Normal
FileVersion : 6.10.12200
ProductVersion : 6.10.12200
ProductName : F-Secure Corp. fssm32
CompanyName : F-Secure Corp.
FileDescription : fssm32
InternalName : fssm32
LegalCopyright : Copyright © 2004-2005
OriginalFilename : fssm32.exe
Comments : release

#:33 [fsav32.exe]
FilePath : C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\
ProcessID : 2012
ThreadCreationTime : 3-14-2007 7:11:55 PM
BasePriority : Normal
FileVersion : 6.10.11370
ProductVersion : 6.10.11370
ProductName : F-Secure Anti-Virus
CompanyName : F-Secure Corporation
FileDescription : FSAV Handler
InternalName : FSAV32
LegalCopyright : Copyright © 1998-2005, F-Secure Corporation
OriginalFilename : FSAV32.exe

#:34 [explorer.exe]
FilePath : C:\WINNT\
ProcessID : 1992
ThreadCreationTime : 3-14-2007 7:11:59 PM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:35 [fsm32.exe]
FilePath : C:\Program Files\Charter High-Speed Security Suite\Common\
ProcessID : 2072
ThreadCreationTime : 3-14-2007 7:12:43 PM
BasePriority : Normal
FileVersion : 6.05.8452
ProductVersion : 6.05 Build 8452
ProductName : F-Secure Management Agent
CompanyName : F-Secure Corporation
FileDescription : F-Secure Settings and Statistics
InternalName : FSM
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : Windows ™ is a trademark of Microsoft Corporation
OriginalFilename : FSM32.EXE

#:36 [iobit smartdefrag.exe]
FilePath : D:\Program Files\IObit SmartDefrag\
ProcessID : 2184
ThreadCreationTime : 3-14-2007 7:12:57 PM
BasePriority : Normal


#:37 [fsaw.exe]
FilePath : C:\PROGRA~1\CHARTE~1\ANTI-S~1\
ProcessID : 2192
ThreadCreationTime : 3-14-2007 7:13:00 PM
BasePriority : Normal
FileVersion : 1.1.197
ProductName : F-Secure Anti-Spyware
CompanyName : F-Secure Corporation
FileDescription : F-Secure Browser Control
InternalName : FSAW
LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved.
LegalTrademarks : F-Secure ® is a registered trademark of F-Secure Corporation.
OriginalFilename : FSAW.EXE

#:38 [freeram xp pro.exe]
FilePath : D:\Program Files\YourWare Solutions\FreeRAM XP Pro\
ProcessID : 2216
ThreadCreationTime : 3-14-2007 7:13:02 PM
BasePriority : Normal
FileVersion : 1.5.1.0
ProductVersion : 1.0.0.0
ProductName : FRXPRO
CompanyName : YourWare Solutions ™
FileDescription : FreeRAM XP Pro (YourWare Solutions)
InternalName : FRXPRO
LegalCopyright : Copyright YourWare Solutions ™, 2001-2005
LegalTrademarks : YourWare Solutions, FreeRAM XP, FreeRAM XP Lite, FreeRAM XP Professional
OriginalFilename : FRXPRO
Comments : Freeware application that frees and defragments your computer's memory to increse performance. Enjoy! Visit website for periodic updates.

#:39 [googletoolbarnotifier.exe]
FilePath : C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\
ProcessID : 2240
ThreadCreationTime : 3-14-2007 7:13:09 PM
BasePriority : Normal
FileVersion : 1, 2, 1128, 5462
ProductVersion : 1, 2, 1128, 5462
ProductName : GoogleToolbarNotifier
CompanyName : Google Inc.
FileDescription : GoogleToolbarNotifier
LegalCopyright : Copyright © 2005-2006
OriginalFilename : GoogleToolbarNotifier.exe

#:40 [fspex.exe]
FilePath : C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\
ProcessID : 2320
ThreadCreationTime : 3-14-2007 7:13:22 PM
BasePriority : Normal


#:41 [logitechdesktopmessenger.exe]
FilePath : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\
ProcessID : 2160
ThreadCreationTime : 3-14-2007 7:13:27 PM
BasePriority : Normal
FileVersion : 2.52.21.16
ProductVersion : 2.52.21.16
ProductName : Logitech Desktop Messenger
CompanyName : Logitech Inc.
FileDescription : Logitech Desktop Messenger
InternalName : Logitech BackWeb Runner
LegalCopyright : Copyright © Logitech 2000-2007. All rights reserved
OriginalFilename : runner.exe
Comments : About:
www.logitech.com/ldm

Privacy Policy:
www.logitech.com/privacy

#:42 [sd monitor.exe]
FilePath : C:\Program Files\SanDisk\SanDisk TransferMate\
ProcessID : 2336
ThreadCreationTime : 3-14-2007 7:13:55 PM
BasePriority : Normal
FileVersion : 1.0.1.51
ProductVersion : 1.0.1.51
ProductName : SD Monitor
CompanyName : SanDisk
FileDescription : SD Monitor
InternalName : SD Monitor
LegalCopyright : Copyright ArcSoft 2005
OriginalFilename : SD Monitor.exe

#:43 [googlewebaccwarden.exe]
FilePath : C:\Program Files\Google\Web Accelerator\
ProcessID : 2356
ThreadCreationTime : 3-14-2007 7:14:11 PM
BasePriority : Normal


#:44 [fsguidll.exe]
FilePath : C:\Program Files\Charter High-Speed Security Suite\FSGUI\
ProcessID : 2404
ThreadCreationTime : 3-14-2007 7:14:38 PM
BasePriority : Normal
FileVersion : 6, 20, 350, 0
ProductVersion : 6, 12, 10, 0
ProductName : F-Secure Internet Security 2006 version 6.12
CompanyName : F-Secure Corporation
FileDescription : F-Secure GUI component
InternalName : fsguiexe
LegalCopyright : Copyright © 2003-2006 F-Secure Corporation
OriginalFilename : fsguiexe.exe

#:45 [googlewebaccclient.exe]
FilePath : C:\Program Files\Google\Web Accelerator\
ProcessID : 2588
ThreadCreationTime : 3-14-2007 7:15:46 PM
BasePriority : Normal


#:46 [fsav.exe]
FilePath : C:\PROGRA~1\CHARTE~1\ANTI-V~1\
ProcessID : 299496
ThreadCreationTime : 3-16-2007 9:11:37 AM
BasePriority : Normal
FileVersion : 1.08.5240
ProductVersion : 1.08.5240
ProductName : F-Secure Anti-Virus
CompanyName : F-Secure Corporation
FileDescription : FSAV Command-Line Scanner
InternalName : FSAV
LegalCopyright : Copyright © 1998-2004, F-Secure Corporation
OriginalFilename : fsav.exe

#:47 [ad-aware.exe]
FilePath : D:\Program Files\Ad-Aware SE Personal\
ProcessID : 297228
ThreadCreationTime : 3-16-2007 10:00:24 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 39


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.DropSpam Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{de6317f7-6ef0-45c2-88d1-8e09415817f1}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 40


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40


Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 40




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 40

2:50:24 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:47:55.555
Objects scanned:138651
Objects identified:1
Objects ignored:0
New critical objects:1


---------------------------------------------------------------


Logfile of HijackThis v1.99.1
Scan saved at 10:59:00 AM, on 3/16/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
c:\program files\ge security supra\syncservice.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
C:\Program Files\GE Security Supra\ProxyDaemon.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\SSL\stunnel-4.10.exe
C:\WINNT\system32\gearsec.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\WINNT\system32\regsvc.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsrw.exe
C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
C:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
D:\Program Files\IObit SmartDefrag\IObit SmartDefrag.exe
C:\PROGRA~1\CHARTE~1\ANTI-S~1\fsaw.exe
D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
D:\Program Files\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [SmartDefrag] "D:\Program Files\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [FreeRAM XP] "D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Charter High-Speed Security Suite.lnk = C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Block this popup - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...ee/cm/ICSCM.cab
O16 - DPF: {4169B5A0-9048-11D6-BDFF-00C0F024AF20} (ActiveXTester.TesterControl) - http://www.jasons-to...tiveXTester.ocx
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1131764818812
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...es/abasetup.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?316
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Charter High-Speed Security Suite (BackWeb Client - 3528733) - BackWeb Technologies Inc. - C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
O23 - Service: DkeySync - GE Security Supra - c:\program files\ge security supra\syncservice.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    Advertisements

Register to Remove

#2 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 03 April 2007 - 05:32 AM

Close all Browser and Program Windows and have HijackThis fix the following.
Do this by checking the box beside each and then clicking on Fix checked.

O4 - Startup: PowerReg Scheduler V3.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

Download and run - ATF Cleaner instructions here.

Download and install AVG Anti-Spyware (ewido). Then scan and post the report here.
Instructions and download link can be found here.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#3 bogey418

bogey418

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 10 April 2007 - 11:38 AM

First of all, thanks for your help. I had HJT fix the items you wanted me to. I downloaded and scanned ATF and AVG. Here is the AVG log. I also included a new HJT log because it has been a long time since I originally posted. Please let me know if i need to do anything else. Thanks again.



---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:29:06 PM 4/9/2007

+ Scan result:



Nothing found.


::Report end





Logfile of HijackThis v1.99.1
Scan saved at 10:25:45 AM, on 4/10/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\program files\ge security supra\syncservice.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
C:\Program Files\GE Security Supra\ProxyDaemon.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\SSL\stunnel-4.10.exe
C:\WINNT\system32\gearsec.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\WINNT\system32\regsvc.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsrw.exe
C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
C:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
D:\Program Files\IObit SmartDefrag\IObit SmartDefrag.exe
D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\PROGRA~1\CHARTE~1\ANTI-S~1\fsaw.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe
D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijack This\HJT Scanner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [SmartDefrag] "D:\Program Files\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [FreeRAM XP] "D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Charter High-Speed Security Suite.lnk = C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Block this popup - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...ee/cm/ICSCM.cab
O16 - DPF: {4169B5A0-9048-11D6-BDFF-00C0F024AF20} (ActiveXTester.TesterControl) - http://www.jasons-to...tiveXTester.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1131764818812
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...es/abasetup.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?316
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\WEBACC~1\FASTSE~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Charter High-Speed Security Suite (BackWeb Client - 3528733) - BackWeb Technologies Inc. - C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: DkeySync - GE Security Supra - c:\program files\ge security supra\syncservice.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

#4 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 10 April 2007 - 07:55 PM

Log looks fine I see nothing to worry about. :thumbup:
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·