Full Version: w32.myzor.fk@yf
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Ad-Aware SE Resolved/Inactive Issues
I have encountered the w32.myzor.fk@yf infection on my laptop and have performed some of the steps discussed in the forum between pahurley and Calamity Jane. I still keep getting warning messages from my virus protection that there is an infection. I would like to complete the process of removal. Can you help me?
Sure! We'll be glad to help.
Can you please find the details on what your Antivirus is finding. Name of file, location (full path please) and what it is calling the infection. That would help pinpoint it for us.
Then, Adaware has been updated for that variant I believe.
Could you first please follow these directions and post your Adaware log for review? Be sure to update it first because new updates were for the Smitfraud infection you had that I see in your HijackThis log - most of the active infection cleaned up. The Adaware logs can be very long so put the log into a zip file and attach it (as an attachment) to your next reply rather than trying to copy and paste it all in.
Please can you make sure that you are using
Ad-aware SE Build 106r1
Note: If your version is 6.0 and not the SE, you need to uninstall and get the latest version from the above link.
[if not Uninstall your old Ad-aware first then install SE]
Then use the WebUpDate
to get the latest Definition file
SE1R112 15.06.2006
To do this Open Ad-aware
Click the WebUpDate
button at the top right hand side of the Ad-aware screen (The world globe).
Click "Connect"
Ad-aware will then download the latest Definition file for you.
To make sure it is updated , look at the main
Ad-aware screen, and look under "Initialization Status"
It should say the Latest Definition file.
then scan doing a "Full Scan"
and then post your logfile here by using the Add-Reply Feature .
As Logs are stored in :
C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.
An easy way to get there is to
click Start,
click Run
And type in and press ENTER: %appdata%
then click Lavasoft
then Ad-Aware
and then Logs.
scroll down to find the latest one that you have
(by date & time)
and open it right Click select all
copy and then paste the contents of it here.
(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)
I recommend that you use the WebUpDate just before you scan that way you will always be up to date.
(note The Application Data is a hidden folder, so you will need to show hidden files and folders)
................................
And then if still no joy please post a HijackThis log in this section:
http://www.lavasoftsupport.com/index.php?showforum=36
Instructions on creating a HijackThis Log
http://www.lavasoftsupport.com/index.php?showtopic=216
Can you please find the details on what your Antivirus is finding. Name of file, location (full path please) and what it is calling the infection. That would help pinpoint it for us.
Then, Adaware has been updated for that variant I believe.
Could you first please follow these directions and post your Adaware log for review? Be sure to update it first because new updates were for the Smitfraud infection you had that I see in your HijackThis log - most of the active infection cleaned up. The Adaware logs can be very long so put the log into a zip file and attach it (as an attachment) to your next reply rather than trying to copy and paste it all in.
Please can you make sure that you are using
Ad-aware SE Build 106r1
Note: If your version is 6.0 and not the SE, you need to uninstall and get the latest version from the above link.
[if not Uninstall your old Ad-aware first then install SE]
Then use the WebUpDate
to get the latest Definition file
SE1R112 15.06.2006
To do this Open Ad-aware
Click the WebUpDate
button at the top right hand side of the Ad-aware screen (The world globe).
Click "Connect"
Ad-aware will then download the latest Definition file for you.
To make sure it is updated , look at the main
Ad-aware screen, and look under "Initialization Status"
It should say the Latest Definition file.
then scan doing a "Full Scan"
and then post your logfile here by using the Add-Reply Feature .
As Logs are stored in :
C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.
An easy way to get there is to
click Start,
click Run
And type in and press ENTER: %appdata%
then click Lavasoft
then Ad-Aware
and then Logs.
scroll down to find the latest one that you have
(by date & time)
and open it right Click select all
copy and then paste the contents of it here.
(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)
I recommend that you use the WebUpDate just before you scan that way you will always be up to date.
(note The Application Data is a hidden folder, so you will need to show hidden files and folders)
................................
And then if still no joy please post a HijackThis log in this section:
http://www.lavasoftsupport.com/index.php?showforum=36
Instructions on creating a HijackThis Log
http://www.lavasoftsupport.com/index.php?showtopic=216
As soon as I startsed the AdAware SE scan a box popped up saying "McAfee ActiveShield has found a suspect file on your computer. McAfee strongly recommends you scan your computer now". This box had a big red X next to the message. This is the message I keep getting...and then I scan with McAfee. It finds nothing. I did notice a program listed in my control panel that I think I remember you referring to in a previous post. It is Media-codec 4.0. Well let me know what you think. Here is my AdAware scan log (Iwill need to make this 2 replys since the log is so long and I can't figure out how to attach a zip file):
Ad-Aware SE Build 1.06r1
Logfile Created on:Sunday, June 18, 2006 1:09:06 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R112 15.06.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):23 total references
Tracking Cookie(TAC index:3):37 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
6-18-2006 1:09:06 PM - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Bob Rhone\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Documents and Settings\Bob Rhone\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : S-1-5-21-2162449792-3306123956-1055466904-1006\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-21-2162449792-3306123956-1055466904-1006\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-2162449792-3306123956-1055466904-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-2162449792-3306123956-1055466904-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-2162449792-3306123956-1055466904-1006\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-2162449792-3306123956-1055466904-1006\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-2162449792-3306123956-1055466904-1006\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-2162449792-3306123956-1055466904-1006\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-2162449792-3306123956-1055466904-1006\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-2162449792-3306123956-1055466904-1006\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-2162449792-3306123956-1055466904-1006\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word
MRU List Object Recognized!
Location: : S-1-5-21-2162449792-3306123956-1055466904-1006\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-2162449792-3306123956-1055466904-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-2162449792-3306123956-1055466904-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-2162449792-3306123956-1055466904-1006\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : software\musicmatch\musicmatch jukebox\4.0\mmradio
Description : information on the last station listened to using musicmatch radio
MRU List Object Recognized!
Location: : S-1-5-21-2162449792-3306123956-1055466904-1006\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives
MRU List Object Recognized!
Location: : S-1-5-21-2162449792-3306123956-1055466904-1006\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 564
ThreadCreationTime : 6-18-2006 12:59:35 PM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1000
ThreadCreationTime : 6-18-2006 12:59:39 PM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1024
ThreadCreationTime : 6-18-2006 12:59:40 PM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1068
ThreadCreationTime : 6-18-2006 12:59:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1080
ThreadCreationTime : 6-18-2006 12:59:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1248
ThreadCreationTime : 6-18-2006 12:59:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1328
ThreadCreationTime : 6-18-2006 12:59:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1400
ThreadCreationTime : 6-18-2006 12:59:50 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [evteng.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1464
ThreadCreationTime : 6-18-2006 12:59:50 PM
BasePriority : Normal
FileVersion : 9, 0, 1, 12
ProductVersion : 9, 0, 0, 0
ProductName : EvtEng Module
CompanyName : Intel Corporation
FileDescription : EvtEng Module
InternalName : EvtEng
LegalCopyright : Copyright © Intel Corporation 1999-2004
OriginalFilename : EvtEng.EXE
#:10 [s24evmon.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1500
ThreadCreationTime : 6-18-2006 12:59:52 PM
BasePriority : Normal
FileVersion : 9, 0, 1, 41
ProductVersion : 9, 0, 0, 0
ProductName : Mobile Unit Support Service
CompanyName : Intel Corporation
FileDescription : Event Monitor - Supports driver extensions to NIC Driver for wireless adapters.
InternalName : S24EvMon
LegalCopyright : Copyright © Intel Corporation 1999-2004
OriginalFilename : S24EvMon.exe
#:11 [wlkeeper.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1544
ThreadCreationTime : 6-18-2006 12:59:53 PM
BasePriority : Normal
FileVersion : 9, 0, 1, 14
ProductVersion : 1, 0, 0, 1
ProductName : SSOFSet Service
CompanyName : Intel® Corporation
FileDescription : WLKEEPER
InternalName : WLKEEPER
LegalCopyright : Copyright © 2004
OriginalFilename : WLKEEPER.exe
#:12 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1588
ThreadCreationTime : 6-18-2006 12:59:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:13 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1692
ThreadCreationTime : 6-18-2006 12:59:55 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 352
ThreadCreationTime : 6-18-2006 12:59:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:15 [zcfgsvc.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 396
ThreadCreationTime : 6-18-2006 1:00:00 PM
BasePriority : Normal
FileVersion : 9, 0, 1, 45
ProductVersion : 1, 0, 0, 2
ProductName : ZeroCfgSvc Application
CompanyName : Intel Corporation
FileDescription : ZeroCfgSvc MFC Application
InternalName : ZeroCfgSvc
LegalCopyright : Copyright © Intel Corporation 1999-2004
OriginalFilename : ZeroCfgSvc.EXE
#:16 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1740
ThreadCreationTime : 6-18-2006 1:00:05 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:17 [1xconfig.exe]
FilePath : C:\PROGRA~1\Intel\Wireless\Bin\
ProcessID : 1844
ThreadCreationTime : 6-18-2006 1:00:06 PM
BasePriority : Normal
FileVersion : 9, 0, 1, 33
ProductVersion : 9, 0, 0, 0
ProductName : 8021XConfig Module
CompanyName : Intel
FileDescription : 8021XConfig Module
InternalName : 8021XConfig
LegalCopyright : Copyright © Intel Corporation 1999-2004
OriginalFilename : 1XConfig.EXE
Comments : Wrapper for MH. (Service COM)
#:18 [apoint.exe]
FilePath : C:\Program Files\Apoint\
ProcessID : 628
ThreadCreationTime : 6-18-2006 1:00:11 PM
BasePriority : Normal
FileVersion : 5.5.101.141
ProductVersion : 5.5.101.141
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2004 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe
#:19 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 648
ThreadCreationTime : 6-18-2006 1:00:12 PM
BasePriority : Normal
#:20 [ifrmewrk.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 688
ThreadCreationTime : 6-18-2006 1:00:12 PM
BasePriority : Normal
FileVersion : 9, 0, 1, 19
ProductVersion : 9, 0, 0, 0
ProductName : Intel PROSet/Wireless
CompanyName : Intel Corporation
FileDescription : Intel Framework MFC Application
InternalName : Framework
LegalCopyright : Copyright © Intel Corporation 1999-2004
OriginalFilename : iFramewrk.exe
#:21 [dvdlauncher.exe]
FilePath : C:\Program Files\CyberLink\PowerDVD\
ProcessID : 700
ThreadCreationTime : 6-18-2006 1:00:12 PM
BasePriority : Normal
FileVersion : 3.00.0000
ProductVersion : 3.00.0000
ProductName : Cyberlink PowerCinema 3.0
CompanyName : CyberLink Corp.
FileDescription : CyberLink PowerCinema Resident Program
InternalName : CyberLink PowerCinema Resident Program
LegalCopyright : Copyright © 2003 CyberLink Corp.
OriginalFilename : DVDLauncher.EXE
#:22 [tfswctrl.exe]
FilePath : C:\WINDOWS\system32\dla\
ProcessID : 596
ThreadCreationTime : 6-18-2006 1:00:13 PM
BasePriority : Normal
FileVersion : 1.04.08a
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2004 Sonic Solutions
#:23 [mcvsshld.exe]
FilePath : C:\Program Files\McAfee.com\VSO\
ProcessID : 764
ThreadCreationTime : 6-18-2006 1:00:14 PM
BasePriority : Normal
FileVersion : 10, 0, 0, 22
ProductVersion : 10, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : McVsShld
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : McVsShld.exe
Comments : McAfee VirusScan ActiveShield Resource
#:24 [mcagent.exe]
FilePath : C:\PROGRA~1\mcafee.com\agent\
ProcessID : 784
ThreadCreationTime : 6-18-2006 1:00:15 PM
BasePriority : Normal
FileVersion : 6, 0, 0, 16
ProductVersion : 6, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : mcagent.exe
#:25 [apntex.exe]
FilePath : C:\Program Files\Apoint\
ProcessID : 800
ThreadCreationTime : 6-18-2006 1:00:15 PM
BasePriority : Normal
FileVersion : 5.5.1.19
ProductVersion : 5.5.1.19
ProductName : Alps Pointing-device Driver for Windows NT/2000/XP
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP
InternalName : Alps Pointing-device Driver for Windows NT/2000/XP
LegalCopyright : Copyright © 1998-2004 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe
#:26 [mcvsescn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ProcessID : 844
ThreadCreationTime : 6-18-2006 1:00:16 PM
BasePriority : Normal
FileVersion : 10, 0, 0, 20
ProductVersion : 10, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module
#:27 [oasclnt.exe]
FilePath : C:\Program Files\McAfee.com\VSO\
ProcessID : 848
ThreadCreationTime : 6-18-2006 1:00:17 PM
BasePriority : Normal
FileVersion : 10, 0, 0, 24
ProductVersion : 10, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan OAS Client
InternalName : OasClnt
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : OasClnt.exe
Comments : McAfee VirusScan OAS Client
#:28 [mpftray.exe]
FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
ProcessID : 580
ThreadCreationTime : 6-18-2006 1:00:19 PM
BasePriority : Normal
FileVersion : 7.1.0.113
ProductVersion : 7.1.0.113
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Tray Monitor
InternalName : MpfTray
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MPFTRAY.EXE
Comments : Tray Icon for McAfee Personal Firewall
#:29 [mscifapp.exe]
FilePath : C:\PROGRA~1\mcafee.com\mps\
ProcessID : 924
ThreadCreationTime : 6-18-2006 1:00:19 PM
BasePriority : Normal
FileVersion : 8.1.0.136
ProductVersion : 8.1.0.136
ProductName : McAfee Privacy Service
CompanyName : McAfee, Inc.
FileDescription : McAfee Privacy Service
InternalName : mscifapp
LegalCopyright : Copyright © 2005 McAfee, Inc.
All rights reserved
OriginalFilename : mscifapp.exe
#:30 [mskagent.exe]
FilePath : C:\PROGRA~1\McAfee\SPAMKI~1\
ProcessID : 1452
ThreadCreationTime : 6-18-2006 1:00:20 PM
BasePriority : Normal
FileVersion : 7.0.2.0
ProductVersion : 7.0
ProductName : McAfee SpamKiller
CompanyName : McAfee Inc.
FileDescription : McAfee SpamKiller Agent Interface module
InternalName : MskAgent
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : MskAgent.exe
#:31 [aoltsmon.exe]
FilePath : C:\Program Files\Common Files\AOL\TopSpeed\2.0\
ProcessID : 1968
ThreadCreationTime : 6-18-2006 1:00:20 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed™ Monitor
CompanyName : America Online, Inc
FileDescription : AOL TopSpeed™ Monitor
InternalName : AOL TopSpeed™ Monitor
LegalCopyright : Copyright © 2004 America Online, Inc.
OriginalFilename : aoltsmon.exe
#:32 [apdproxy.exe]
FilePath : C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\
ProcessID : 1992
ThreadCreationTime : 6-18-2006 1:00:21 PM
BasePriority : Normal
#:33 [aolsoftware.exe]
FilePath : C:\Program Files\Common Files\AOL\1141129446\ee\
ProcessID : 1644
ThreadCreationTime : 6-18-2006 1:00:21 PM
BasePriority : Normal
FileVersion : 1.4.12.1
ProductVersion : 1.4.12.1
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLSoftware
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLSoftware.exe
#:34 [aoldial.exe]
FilePath : C:\Program Files\Common Files\AOL\ACS\
ProcessID : 2020
ThreadCreationTime : 6-18-2006 1:00:22 PM
BasePriority : Normal
FileVersion : 3.0.0.1
ProductVersion : 3.0.0.1
ProductName : AOL Connectivity Service
CompanyName : America Online
FileDescription : AOL Connectivity Service Dialer
InternalName : AOLdial
LegalCopyright : Copyright © 2004 America Online
OriginalFilename : AOLdial.exe
#:35 [cdac11ba.exe]
FilePath : C:\WINDOWS\system32\drivers\
ProcessID : 2036
ThreadCreationTime : 6-18-2006 1:00:22 PM
BasePriority : Normal
FileVersion : 4.20.0
ProductVersion : 4.20.0 Windows NT 2002/07/15
ProductName : SafeCast Windows NT
CompanyName : Macrovision
FileDescription : Macrovision RTS Service
InternalName : CDANTSRV
LegalCopyright : Copyright © 1998-2002 Macrovision Corp.
OriginalFilename : CDANTSRV.EXE
Comments : StringFileInfo: U.S. English
#:36 [hpwuschd2.exe]
FilePath : C:\Program Files\HP\HP Software Update\
ProcessID : 112
ThreadCreationTime : 6-18-2006 1:00:22 PM
BasePriority : Normal
FileVersion : 53.0.13.000
ProductVersion : 053.000.013.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : Hewlett-Packard Product Assistant
InternalName : hpwuSchd2
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : hpwuSchd2.exe
Comments : Hewlett-Packard Product Assistant
#:37 [mm_tray.exe]
FilePath : C:\Program Files\Musicmatch\Musicmatch Jukebox\
ProcessID : 200
ThreadCreationTime : 6-18-2006 1:00:23 PM
BasePriority : Normal
FileVersion : 10.00.3058
ProductVersion : 10.00.3058
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mm_tray
InternalName : mm_tray
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mm_tray.exe
#:38 [ewidoctrl.exe]
FilePath : C:\Program Files\ewido anti-malware\
ProcessID : 160
ThreadCreationTime : 6-18-2006 1:00:23 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe
#:39 [aoltpspd.exe]
FilePath : C:\Program Files\Common Files\AOL\TopSpeed\2.0\
ProcessID : 216
ThreadCreationTime : 6-18-2006 1:00:23 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed™
CompanyName : America Online Inc
FileDescription : AOL TopSpeed™
InternalName : AOL TopSpeed™ Loader
LegalCopyright : Copyright © 2003-2004
LegalTrademarks : AOL TopSpeed™
OriginalFilename : aoltpspd.exe
#:40 [quickset.exe]
FilePath : C:\Program Files\Dell\QuickSet\
ProcessID : 412
ThreadCreationTime : 6-18-2006 1:00:23 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : QuickSet Application
FileDescription : QuickSet MFC Application
InternalName : direct
LegalCopyright : Copyright © 2001
OriginalFilename : direct.EXE
#:41 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1808
ThreadCreationTime : 6-18-2006 1:00:24 PM
BasePriority : Normal
FileVersion : 7.1
ProductVersion : QuickTime 7.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
OriginalFilename : QTTask.exe
#:42 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 268
ThreadCreationTime : 6-18-2006 1:00:24 PM
BasePriority : Normal
FileVersion : 6.0.4.2
ProductVersion : 6.0.4.2
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe
#:43 [ewidoguard.exe]
FilePath : C:\Program Files\ewido anti-malware\
ProcessID : 508
ThreadCreationTime : 6-18-2006 1:00:24 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : guard
CompanyName : ewido networks
FileDescription : guard
InternalName : guard
LegalCopyright : Copyright © 2004
OriginalFilename : guard.exe
#:44 [hkcmd.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 728
ThreadCreationTime : 6-18-2006 1:00:25 PM
BasePriority : Normal
FileVersion : 3.0.0.4410
ProductVersion : 7.0.0.4410
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : HKCMD.EXE
#:45 [igfxpers.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 940
ThreadCreationTime : 6-18-2006 1:00:26 PM
BasePriority : Normal
FileVersion : 3.0.0.4410
ProductVersion : 7.0.0.4410
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : persistence Module
InternalName : PERSISTENCE
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : IGFXPERS.EXE
#:46 [igfxsrvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 968
ThreadCreationTime : 6-18-2006 1:00:26 PM
BasePriority : Normal
FileVersion : 3.0.0.4410
ProductVersion : 7.0.0.4410
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : igfxsrvc Module
InternalName : IGFXSRVC
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : IGFXSRVC.EXE
#:47 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 500
ThreadCreationTime : 6-18-2006 1:00:26 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:48 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 2116
ThreadCreationTime : 6-18-2006 1:00:27 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:49 [hpqtra08.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 2536
ThreadCreationTime : 6-18-2006 1:00:33 PM
BasePriority : Normal
FileVersion : 53.0.13.000
ProductVersion : 053.000.013.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor
InternalName : HPQTRA00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor
#:50 [mcdetect.exe]
FilePath : c:\program files\mcafee.com\agent\
ProcessID : 2712
ThreadCreationTime : 6-18-2006 1:00:35 PM
BasePriority : Normal
FileVersion : 6, 0, 0, 19
ProductVersion : 6, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee WSC Integration Service
InternalName : McDetect
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : McDetect.exe
Comments : McAfee WSC Integration Service
#:51 [mcshield.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 3064
ThreadCreationTime : 6-18-2006 1:00:36 PM
BasePriority : High
#:52 [mctskshd.exe]
FilePath : c:\PROGRA~1\mcafee.com\agent\
ProcessID : 3656
ThreadCreationTime : 6-18-2006 1:00:44 PM
BasePriority : Normal
FileVersion : 6, 0, 0, 13
ProductVersion : 6, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee Task Scheduler
InternalName : McTskshd
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : McTskshd.exe
#:53 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 3736
ThreadCreationTime : 6-18-2006 1:00:45 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
#:54 [mpfservice.exe]
FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
ProcessID : 3828
ThreadCreationTime : 6-18-2006 1:00:48 PM
BasePriority : Normal
FileVersion : 7.1.0.113
ProductVersion : 7.1.0.113
ProductName : McAfee Personal Firewall
CompanyName : McAfee Corporation
FileDescription : McAfee Personal Firewall Service
InternalName : MPFService
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MpfService.exe
Comments : McAfee Personal Firewall Service
#:55 [mcvsftsn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ProcessID : 3896
ThreadCreationTime : 6-18-2006 1:00:48 PM
BasePriority : Normal
FileVersion : 10, 0, 0, 19
ProductVersion : 10, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan Instant Messenger Scan Module
InternalName : mcvsftsn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsftsn.EXE
Comments : McAfee VirusScan Instant Messenger Scan Module
#:56 [hpqste08.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 2436
ThreadCreationTime : 6-18-2006 1:00:57 PM
BasePriority : Normal
FileVersion : 53.0.13.000
ProductVersion : 053.000.013.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP CUE Status
InternalName : HPQSTS00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : HPQSTS00.EXE
Comments : HP CUE Status
#:57 [nicconfigsvc.exe]
FilePath : C:\Program Files\Dell\NICCONFIGSVC\
ProcessID : 1004
ThreadCreationTime : 6-18-2006 1:01:20 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : NicConfigSvc
CompanyName : Dell Inc.
FileDescription : Internal Network Card Power Management Service
InternalName : TestMFCAppWiz
LegalCopyright : Copyright © 2004 Dell Inc.
OriginalFilename : NicConfigSvc.EXE
#:58 [regsrvc.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 3764
ThreadCreationTime : 6-18-2006 1:01:23 PM
BasePriority : Normal
FileVersion : 9, 0, 1, 10
ProductVersion : 9, 0, 0, 0
ProductName : RegSrvc Module
CompanyName : Intel Corporation
FileDescription : RegSrvc Module
InternalName : RegSrvc
LegalCopyright : Copyright © Intel Corporation 1999-2004
OriginalFilename : RegSrvc.EXE
Comments : Registry Interface for Intel Wireless Products
#:59 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2096
ThreadCreationTime : 6-18-2006 1:01:24 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:60 [dllhost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3200
ThreadCreationTime : 6-18-2006 1:01:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : COM Surrogate
InternalName : dllhost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : dllhost.exe
#:61 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 2796
ThreadCreationTime : 6-18-2006 1:01:47 PM
BasePriority : Normal
FileVersion : 6.0.4.2
ProductVersion : 6.0.4.2
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe
#:62 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2668
ThreadCreationTime : 6-18-2006 1:01:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:63 [mpfagent.exe]
FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
ProcessID : 1072
ThreadCreationTime : 6-18-2006 1:01:54 PM
BasePriority : Normal
FileVersion : 7.1.0.113
ProductVersion : 7.1.0.113
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Agent Interface
InternalName : MpfAgent
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MPFAGENT.EXE
Comments : McAfee Personal Firewall Security Center Module
#:64 [wmiprvse.exe]
FilePath : C:\WINDOWS\system32\wbem\
ProcessID : 3144
ThreadCreationTime : 6-18-2006 1:01:55 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe
#:65 [msksrvr.exe]
FilePath : C:\PROGRA~1\McAfee\SPAMKI~1\
ProcessID : 3084
ThreadCreationTime : 6-18-2006 1:02:22 PM
BasePriority : Normal
FileVersion : 7.0.1.3
ProductVersion : 7.0
ProductName : McAfee SpamKiller
CompanyName : McAfee Inc.
FileDescription : McAfee SpamKiller Server
InternalName : MSKSRVR
LegalCopyright : Copyright © 2005, McAfee Inc.
OriginalFilename : MSKSRVR.EXE
#:66 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 5608
ThreadCreationTime : 6-18-2006 5:00:51 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:67 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 5632
ThreadCreationTime : 6-18-2006 5:04:42 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Ad-Aware SE Build 1.06r1
Logfile Created on:Sunday, June 18, 2006 1:09:06 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R112 15.06.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):23 total references
Tracking Cookie(TAC index:3):37 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
6-18-2006 1:09:06 PM - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Bob Rhone\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Documents and Settings\Bob Rhone\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : S-1-5-21-2162449792-3306123956-1055466904-1006\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-21-2162449792-3306123956-1055466904-1006\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-2162449792-3306123956-1055466904-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-2162449792-3306123956-1055466904-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-2162449792-3306123956-1055466904-1006\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-2162449792-3306123956-1055466904-1006\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-2162449792-3306123956-1055466904-1006\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-2162449792-3306123956-1055466904-1006\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-2162449792-3306123956-1055466904-1006\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-2162449792-3306123956-1055466904-1006\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-2162449792-3306123956-1055466904-1006\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word
MRU List Object Recognized!
Location: : S-1-5-21-2162449792-3306123956-1055466904-1006\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-2162449792-3306123956-1055466904-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-2162449792-3306123956-1055466904-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-2162449792-3306123956-1055466904-1006\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : software\musicmatch\musicmatch jukebox\4.0\mmradio
Description : information on the last station listened to using musicmatch radio
MRU List Object Recognized!
Location: : S-1-5-21-2162449792-3306123956-1055466904-1006\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives
MRU List Object Recognized!
Location: : S-1-5-21-2162449792-3306123956-1055466904-1006\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 564
ThreadCreationTime : 6-18-2006 12:59:35 PM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1000
ThreadCreationTime : 6-18-2006 12:59:39 PM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1024
ThreadCreationTime : 6-18-2006 12:59:40 PM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1068
ThreadCreationTime : 6-18-2006 12:59:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1080
ThreadCreationTime : 6-18-2006 12:59:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1248
ThreadCreationTime : 6-18-2006 12:59:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1328
ThreadCreationTime : 6-18-2006 12:59:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1400
ThreadCreationTime : 6-18-2006 12:59:50 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [evteng.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1464
ThreadCreationTime : 6-18-2006 12:59:50 PM
BasePriority : Normal
FileVersion : 9, 0, 1, 12
ProductVersion : 9, 0, 0, 0
ProductName : EvtEng Module
CompanyName : Intel Corporation
FileDescription : EvtEng Module
InternalName : EvtEng
LegalCopyright : Copyright © Intel Corporation 1999-2004
OriginalFilename : EvtEng.EXE
#:10 [s24evmon.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1500
ThreadCreationTime : 6-18-2006 12:59:52 PM
BasePriority : Normal
FileVersion : 9, 0, 1, 41
ProductVersion : 9, 0, 0, 0
ProductName : Mobile Unit Support Service
CompanyName : Intel Corporation
FileDescription : Event Monitor - Supports driver extensions to NIC Driver for wireless adapters.
InternalName : S24EvMon
LegalCopyright : Copyright © Intel Corporation 1999-2004
OriginalFilename : S24EvMon.exe
#:11 [wlkeeper.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 1544
ThreadCreationTime : 6-18-2006 12:59:53 PM
BasePriority : Normal
FileVersion : 9, 0, 1, 14
ProductVersion : 1, 0, 0, 1
ProductName : SSOFSet Service
CompanyName : Intel® Corporation
FileDescription : WLKEEPER
InternalName : WLKEEPER
LegalCopyright : Copyright © 2004
OriginalFilename : WLKEEPER.exe
#:12 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1588
ThreadCreationTime : 6-18-2006 12:59:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:13 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1692
ThreadCreationTime : 6-18-2006 12:59:55 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 352
ThreadCreationTime : 6-18-2006 12:59:59 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:15 [zcfgsvc.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 396
ThreadCreationTime : 6-18-2006 1:00:00 PM
BasePriority : Normal
FileVersion : 9, 0, 1, 45
ProductVersion : 1, 0, 0, 2
ProductName : ZeroCfgSvc Application
CompanyName : Intel Corporation
FileDescription : ZeroCfgSvc MFC Application
InternalName : ZeroCfgSvc
LegalCopyright : Copyright © Intel Corporation 1999-2004
OriginalFilename : ZeroCfgSvc.EXE
#:16 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1740
ThreadCreationTime : 6-18-2006 1:00:05 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:17 [1xconfig.exe]
FilePath : C:\PROGRA~1\Intel\Wireless\Bin\
ProcessID : 1844
ThreadCreationTime : 6-18-2006 1:00:06 PM
BasePriority : Normal
FileVersion : 9, 0, 1, 33
ProductVersion : 9, 0, 0, 0
ProductName : 8021XConfig Module
CompanyName : Intel
FileDescription : 8021XConfig Module
InternalName : 8021XConfig
LegalCopyright : Copyright © Intel Corporation 1999-2004
OriginalFilename : 1XConfig.EXE
Comments : Wrapper for MH. (Service COM)
#:18 [apoint.exe]
FilePath : C:\Program Files\Apoint\
ProcessID : 628
ThreadCreationTime : 6-18-2006 1:00:11 PM
BasePriority : Normal
FileVersion : 5.5.101.141
ProductVersion : 5.5.101.141
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2004 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe
#:19 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 648
ThreadCreationTime : 6-18-2006 1:00:12 PM
BasePriority : Normal
#:20 [ifrmewrk.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 688
ThreadCreationTime : 6-18-2006 1:00:12 PM
BasePriority : Normal
FileVersion : 9, 0, 1, 19
ProductVersion : 9, 0, 0, 0
ProductName : Intel PROSet/Wireless
CompanyName : Intel Corporation
FileDescription : Intel Framework MFC Application
InternalName : Framework
LegalCopyright : Copyright © Intel Corporation 1999-2004
OriginalFilename : iFramewrk.exe
#:21 [dvdlauncher.exe]
FilePath : C:\Program Files\CyberLink\PowerDVD\
ProcessID : 700
ThreadCreationTime : 6-18-2006 1:00:12 PM
BasePriority : Normal
FileVersion : 3.00.0000
ProductVersion : 3.00.0000
ProductName : Cyberlink PowerCinema 3.0
CompanyName : CyberLink Corp.
FileDescription : CyberLink PowerCinema Resident Program
InternalName : CyberLink PowerCinema Resident Program
LegalCopyright : Copyright © 2003 CyberLink Corp.
OriginalFilename : DVDLauncher.EXE
#:22 [tfswctrl.exe]
FilePath : C:\WINDOWS\system32\dla\
ProcessID : 596
ThreadCreationTime : 6-18-2006 1:00:13 PM
BasePriority : Normal
FileVersion : 1.04.08a
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2004 Sonic Solutions
#:23 [mcvsshld.exe]
FilePath : C:\Program Files\McAfee.com\VSO\
ProcessID : 764
ThreadCreationTime : 6-18-2006 1:00:14 PM
BasePriority : Normal
FileVersion : 10, 0, 0, 22
ProductVersion : 10, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : McVsShld
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : McVsShld.exe
Comments : McAfee VirusScan ActiveShield Resource
#:24 [mcagent.exe]
FilePath : C:\PROGRA~1\mcafee.com\agent\
ProcessID : 784
ThreadCreationTime : 6-18-2006 1:00:15 PM
BasePriority : Normal
FileVersion : 6, 0, 0, 16
ProductVersion : 6, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : mcagent.exe
#:25 [apntex.exe]
FilePath : C:\Program Files\Apoint\
ProcessID : 800
ThreadCreationTime : 6-18-2006 1:00:15 PM
BasePriority : Normal
FileVersion : 5.5.1.19
ProductVersion : 5.5.1.19
ProductName : Alps Pointing-device Driver for Windows NT/2000/XP
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP
InternalName : Alps Pointing-device Driver for Windows NT/2000/XP
LegalCopyright : Copyright © 1998-2004 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe
#:26 [mcvsescn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ProcessID : 844
ThreadCreationTime : 6-18-2006 1:00:16 PM
BasePriority : Normal
FileVersion : 10, 0, 0, 20
ProductVersion : 10, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module
#:27 [oasclnt.exe]
FilePath : C:\Program Files\McAfee.com\VSO\
ProcessID : 848
ThreadCreationTime : 6-18-2006 1:00:17 PM
BasePriority : Normal
FileVersion : 10, 0, 0, 24
ProductVersion : 10, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan OAS Client
InternalName : OasClnt
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : OasClnt.exe
Comments : McAfee VirusScan OAS Client
#:28 [mpftray.exe]
FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
ProcessID : 580
ThreadCreationTime : 6-18-2006 1:00:19 PM
BasePriority : Normal
FileVersion : 7.1.0.113
ProductVersion : 7.1.0.113
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Tray Monitor
InternalName : MpfTray
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MPFTRAY.EXE
Comments : Tray Icon for McAfee Personal Firewall
#:29 [mscifapp.exe]
FilePath : C:\PROGRA~1\mcafee.com\mps\
ProcessID : 924
ThreadCreationTime : 6-18-2006 1:00:19 PM
BasePriority : Normal
FileVersion : 8.1.0.136
ProductVersion : 8.1.0.136
ProductName : McAfee Privacy Service
CompanyName : McAfee, Inc.
FileDescription : McAfee Privacy Service
InternalName : mscifapp
LegalCopyright : Copyright © 2005 McAfee, Inc.
All rights reserved
OriginalFilename : mscifapp.exe
#:30 [mskagent.exe]
FilePath : C:\PROGRA~1\McAfee\SPAMKI~1\
ProcessID : 1452
ThreadCreationTime : 6-18-2006 1:00:20 PM
BasePriority : Normal
FileVersion : 7.0.2.0
ProductVersion : 7.0
ProductName : McAfee SpamKiller
CompanyName : McAfee Inc.
FileDescription : McAfee SpamKiller Agent Interface module
InternalName : MskAgent
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : MskAgent.exe
#:31 [aoltsmon.exe]
FilePath : C:\Program Files\Common Files\AOL\TopSpeed\2.0\
ProcessID : 1968
ThreadCreationTime : 6-18-2006 1:00:20 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed™ Monitor
CompanyName : America Online, Inc
FileDescription : AOL TopSpeed™ Monitor
InternalName : AOL TopSpeed™ Monitor
LegalCopyright : Copyright © 2004 America Online, Inc.
OriginalFilename : aoltsmon.exe
#:32 [apdproxy.exe]
FilePath : C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\
ProcessID : 1992
ThreadCreationTime : 6-18-2006 1:00:21 PM
BasePriority : Normal
#:33 [aolsoftware.exe]
FilePath : C:\Program Files\Common Files\AOL\1141129446\ee\
ProcessID : 1644
ThreadCreationTime : 6-18-2006 1:00:21 PM
BasePriority : Normal
FileVersion : 1.4.12.1
ProductVersion : 1.4.12.1
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLSoftware
LegalCopyright : © 2005 America Online, Inc.
OriginalFilename : AOLSoftware.exe
#:34 [aoldial.exe]
FilePath : C:\Program Files\Common Files\AOL\ACS\
ProcessID : 2020
ThreadCreationTime : 6-18-2006 1:00:22 PM
BasePriority : Normal
FileVersion : 3.0.0.1
ProductVersion : 3.0.0.1
ProductName : AOL Connectivity Service
CompanyName : America Online
FileDescription : AOL Connectivity Service Dialer
InternalName : AOLdial
LegalCopyright : Copyright © 2004 America Online
OriginalFilename : AOLdial.exe
#:35 [cdac11ba.exe]
FilePath : C:\WINDOWS\system32\drivers\
ProcessID : 2036
ThreadCreationTime : 6-18-2006 1:00:22 PM
BasePriority : Normal
FileVersion : 4.20.0
ProductVersion : 4.20.0 Windows NT 2002/07/15
ProductName : SafeCast Windows NT
CompanyName : Macrovision
FileDescription : Macrovision RTS Service
InternalName : CDANTSRV
LegalCopyright : Copyright © 1998-2002 Macrovision Corp.
OriginalFilename : CDANTSRV.EXE
Comments : StringFileInfo: U.S. English
#:36 [hpwuschd2.exe]
FilePath : C:\Program Files\HP\HP Software Update\
ProcessID : 112
ThreadCreationTime : 6-18-2006 1:00:22 PM
BasePriority : Normal
FileVersion : 53.0.13.000
ProductVersion : 053.000.013.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : Hewlett-Packard Product Assistant
InternalName : hpwuSchd2
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : hpwuSchd2.exe
Comments : Hewlett-Packard Product Assistant
#:37 [mm_tray.exe]
FilePath : C:\Program Files\Musicmatch\Musicmatch Jukebox\
ProcessID : 200
ThreadCreationTime : 6-18-2006 1:00:23 PM
BasePriority : Normal
FileVersion : 10.00.3058
ProductVersion : 10.00.3058
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mm_tray
InternalName : mm_tray
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mm_tray.exe
#:38 [ewidoctrl.exe]
FilePath : C:\Program Files\ewido anti-malware\
ProcessID : 160
ThreadCreationTime : 6-18-2006 1:00:23 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe
#:39 [aoltpspd.exe]
FilePath : C:\Program Files\Common Files\AOL\TopSpeed\2.0\
ProcessID : 216
ThreadCreationTime : 6-18-2006 1:00:23 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed™
CompanyName : America Online Inc
FileDescription : AOL TopSpeed™
InternalName : AOL TopSpeed™ Loader
LegalCopyright : Copyright © 2003-2004
LegalTrademarks : AOL TopSpeed™
OriginalFilename : aoltpspd.exe
#:40 [quickset.exe]
FilePath : C:\Program Files\Dell\QuickSet\
ProcessID : 412
ThreadCreationTime : 6-18-2006 1:00:23 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : QuickSet Application
FileDescription : QuickSet MFC Application
InternalName : direct
LegalCopyright : Copyright © 2001
OriginalFilename : direct.EXE
#:41 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1808
ThreadCreationTime : 6-18-2006 1:00:24 PM
BasePriority : Normal
FileVersion : 7.1
ProductVersion : QuickTime 7.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
OriginalFilename : QTTask.exe
#:42 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 268
ThreadCreationTime : 6-18-2006 1:00:24 PM
BasePriority : Normal
FileVersion : 6.0.4.2
ProductVersion : 6.0.4.2
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe
#:43 [ewidoguard.exe]
FilePath : C:\Program Files\ewido anti-malware\
ProcessID : 508
ThreadCreationTime : 6-18-2006 1:00:24 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : guard
CompanyName : ewido networks
FileDescription : guard
InternalName : guard
LegalCopyright : Copyright © 2004
OriginalFilename : guard.exe
#:44 [hkcmd.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 728
ThreadCreationTime : 6-18-2006 1:00:25 PM
BasePriority : Normal
FileVersion : 3.0.0.4410
ProductVersion : 7.0.0.4410
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : HKCMD.EXE
#:45 [igfxpers.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 940
ThreadCreationTime : 6-18-2006 1:00:26 PM
BasePriority : Normal
FileVersion : 3.0.0.4410
ProductVersion : 7.0.0.4410
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : persistence Module
InternalName : PERSISTENCE
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : IGFXPERS.EXE
#:46 [igfxsrvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 968
ThreadCreationTime : 6-18-2006 1:00:26 PM
BasePriority : Normal
FileVersion : 3.0.0.4410
ProductVersion : 7.0.0.4410
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : igfxsrvc Module
InternalName : IGFXSRVC
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : IGFXSRVC.EXE
#:47 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 500
ThreadCreationTime : 6-18-2006 1:00:26 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:48 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 2116
ThreadCreationTime : 6-18-2006 1:00:27 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:49 [hpqtra08.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 2536
ThreadCreationTime : 6-18-2006 1:00:33 PM
BasePriority : Normal
FileVersion : 53.0.13.000
ProductVersion : 053.000.013.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor
InternalName : HPQTRA00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor
#:50 [mcdetect.exe]
FilePath : c:\program files\mcafee.com\agent\
ProcessID : 2712
ThreadCreationTime : 6-18-2006 1:00:35 PM
BasePriority : Normal
FileVersion : 6, 0, 0, 19
ProductVersion : 6, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee WSC Integration Service
InternalName : McDetect
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : McDetect.exe
Comments : McAfee WSC Integration Service
#:51 [mcshield.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 3064
ThreadCreationTime : 6-18-2006 1:00:36 PM
BasePriority : High
#:52 [mctskshd.exe]
FilePath : c:\PROGRA~1\mcafee.com\agent\
ProcessID : 3656
ThreadCreationTime : 6-18-2006 1:00:44 PM
BasePriority : Normal
FileVersion : 6, 0, 0, 13
ProductVersion : 6, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee Task Scheduler
InternalName : McTskshd
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : McTskshd.exe
#:53 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 3736
ThreadCreationTime : 6-18-2006 1:00:45 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
#:54 [mpfservice.exe]
FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
ProcessID : 3828
ThreadCreationTime : 6-18-2006 1:00:48 PM
BasePriority : Normal
FileVersion : 7.1.0.113
ProductVersion : 7.1.0.113
ProductName : McAfee Personal Firewall
CompanyName : McAfee Corporation
FileDescription : McAfee Personal Firewall Service
InternalName : MPFService
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MpfService.exe
Comments : McAfee Personal Firewall Service
#:55 [mcvsftsn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ProcessID : 3896
ThreadCreationTime : 6-18-2006 1:00:48 PM
BasePriority : Normal
FileVersion : 10, 0, 0, 19
ProductVersion : 10, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan Instant Messenger Scan Module
InternalName : mcvsftsn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsftsn.EXE
Comments : McAfee VirusScan Instant Messenger Scan Module
#:56 [hpqste08.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 2436
ThreadCreationTime : 6-18-2006 1:00:57 PM
BasePriority : Normal
FileVersion : 53.0.13.000
ProductVersion : 053.000.013.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP CUE Status
InternalName : HPQSTS00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : HPQSTS00.EXE
Comments : HP CUE Status
#:57 [nicconfigsvc.exe]
FilePath : C:\Program Files\Dell\NICCONFIGSVC\
ProcessID : 1004
ThreadCreationTime : 6-18-2006 1:01:20 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : NicConfigSvc
CompanyName : Dell Inc.
FileDescription : Internal Network Card Power Management Service
InternalName : TestMFCAppWiz
LegalCopyright : Copyright © 2004 Dell Inc.
OriginalFilename : NicConfigSvc.EXE
#:58 [regsrvc.exe]
FilePath : C:\Program Files\Intel\Wireless\Bin\
ProcessID : 3764
ThreadCreationTime : 6-18-2006 1:01:23 PM
BasePriority : Normal
FileVersion : 9, 0, 1, 10
ProductVersion : 9, 0, 0, 0
ProductName : RegSrvc Module
CompanyName : Intel Corporation
FileDescription : RegSrvc Module
InternalName : RegSrvc
LegalCopyright : Copyright © Intel Corporation 1999-2004
OriginalFilename : RegSrvc.EXE
Comments : Registry Interface for Intel Wireless Products
#:59 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2096
ThreadCreationTime : 6-18-2006 1:01:24 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:60 [dllhost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3200
ThreadCreationTime : 6-18-2006 1:01:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : COM Surrogate
InternalName : dllhost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : dllhost.exe
#:61 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 2796
ThreadCreationTime : 6-18-2006 1:01:47 PM
BasePriority : Normal
FileVersion : 6.0.4.2
ProductVersion : 6.0.4.2
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe
#:62 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2668
ThreadCreationTime : 6-18-2006 1:01:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:63 [mpfagent.exe]
FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
ProcessID : 1072
ThreadCreationTime : 6-18-2006 1:01:54 PM
BasePriority : Normal
FileVersion : 7.1.0.113
ProductVersion : 7.1.0.113
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Agent Interface
InternalName : MpfAgent
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MPFAGENT.EXE
Comments : McAfee Personal Firewall Security Center Module
#:64 [wmiprvse.exe]
FilePath : C:\WINDOWS\system32\wbem\
ProcessID : 3144
ThreadCreationTime : 6-18-2006 1:01:55 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe
#:65 [msksrvr.exe]
FilePath : C:\PROGRA~1\McAfee\SPAMKI~1\
ProcessID : 3084
ThreadCreationTime : 6-18-2006 1:02:22 PM
BasePriority : Normal
FileVersion : 7.0.1.3
ProductVersion : 7.0
ProductName : McAfee SpamKiller
CompanyName : McAfee Inc.
FileDescription : McAfee SpamKiller Server
InternalName : MSKSRVR
LegalCopyright : Copyright © 2005, McAfee Inc.
OriginalFilename : MSKSRVR.EXE
#:66 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 5608
ThreadCreationTime : 6-18-2006 5:00:51 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:67 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 5632
ThreadCreationTime : 6-18-2006 5:04:42 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Here's the rest:
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@live365[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:bob rhone@live365.com/
Expires : 6-22-2011 12:47:00 PM
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:bob rhone@questionmarket.com/
Expires : 7-30-2006 4:36:22 AM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:bob rhone@atdmt.com/
Expires : 6-16-2011 8:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@advertising[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:37
Value : Cookie:bob rhone@advertising.com/
Expires : 6-17-2011 12:57:42 PM
LastSync : Hits:37
UseCount : 0
Hits : 37
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:bob rhone@doubleclick.net/
Expires : 6-17-2009 12:25:26 PM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:12
Value : Cookie:bob rhone@2o7.net/
Expires : 6-17-2011 12:41:54 PM
LastSync : Hits:12
UseCount : 0
Hits : 12
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@cgi-bin[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:bob rhone@imrworldwide.com/cgi-bin
Expires : 6-15-2016 12:57:42 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@ads.pointroll[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@ads.pointroll[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@advertising[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@atdmt[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@atdmt[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@bs.serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@bs.serving-sys[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@counter2.hitslink[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@counter2.hitslink[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@cs.sexcounter[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@cs.sexcounter[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@data.coremetrics[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@data.coremetrics[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@doubleclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@doubleclick[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@ehg-providianbankcorpservices.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@ehg-providianbankcorpservices.hitbox[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@fastclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@fastclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@hitbox[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@linksynergy[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@linksynergy[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@mediaplex[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@perf.overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@perf.overture[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@questionmarket[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@questionmarket[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@server.iad.liveperson[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@server.iad.liveperson[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@serving-sys[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@statcounter[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@statcounter[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@statse.webtrendslive[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@statse.webtrendslive[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@tribalfusion[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@twci.coremetrics[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@twci.coremetrics[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@xxxcounter[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@xxxcounter[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@zedo[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@zedo[2].txt
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 30
Objects found so far: 53
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Local Settings\Temp\Cookies\bob rhone@2o7[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@advertising[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Local Settings\Temp\Cookies\bob rhone@advertising[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Local Settings\Temp\Cookies\bob rhone@atdmt[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@cgi-bin[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Local Settings\Temp\Cookies\bob rhone@cgi-bin[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Local Settings\Temp\Cookies\bob rhone@doubleclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@live365[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Local Settings\Temp\Cookies\bob rhone@live365[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Local Settings\Temp\Cookies\bob rhone@questionmarket[1].txt
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 60
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 60
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 60
1:28:01 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:18:54.704
Objects scanned:170548
Objects identified:37
Objects ignored:0
New critical objects:37
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@live365[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:bob rhone@live365.com/
Expires : 6-22-2011 12:47:00 PM
LastSync : Hits:7
UseCount : 0
Hits : 7
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:bob rhone@questionmarket.com/
Expires : 7-30-2006 4:36:22 AM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:bob rhone@atdmt.com/
Expires : 6-16-2011 8:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@advertising[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:37
Value : Cookie:bob rhone@advertising.com/
Expires : 6-17-2011 12:57:42 PM
LastSync : Hits:37
UseCount : 0
Hits : 37
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:bob rhone@doubleclick.net/
Expires : 6-17-2009 12:25:26 PM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:12
Value : Cookie:bob rhone@2o7.net/
Expires : 6-17-2011 12:41:54 PM
LastSync : Hits:12
UseCount : 0
Hits : 12
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@cgi-bin[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:bob rhone@imrworldwide.com/cgi-bin
Expires : 6-15-2016 12:57:42 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@ads.pointroll[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@ads.pointroll[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@advertising[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@atdmt[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@atdmt[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@bs.serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@bs.serving-sys[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@counter2.hitslink[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@counter2.hitslink[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@cs.sexcounter[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@cs.sexcounter[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@data.coremetrics[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@data.coremetrics[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@doubleclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@doubleclick[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@ehg-providianbankcorpservices.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@ehg-providianbankcorpservices.hitbox[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@fastclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@fastclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@hitbox[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@linksynergy[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@linksynergy[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@mediaplex[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@perf.overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@perf.overture[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@questionmarket[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@questionmarket[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@server.iad.liveperson[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@server.iad.liveperson[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@serving-sys[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@statcounter[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@statcounter[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@statse.webtrendslive[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@statse.webtrendslive[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@tribalfusion[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@twci.coremetrics[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@twci.coremetrics[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@xxxcounter[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@xxxcounter[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@zedo[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Cookies\bob rhone@zedo[2].txt
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 30
Objects found so far: 53
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Local Settings\Temp\Cookies\bob rhone@2o7[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@advertising[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Local Settings\Temp\Cookies\bob rhone@advertising[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Local Settings\Temp\Cookies\bob rhone@atdmt[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@cgi-bin[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Local Settings\Temp\Cookies\bob rhone@cgi-bin[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Local Settings\Temp\Cookies\bob rhone@doubleclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@live365[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Local Settings\Temp\Cookies\bob rhone@live365[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bob rhone@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Bob Rhone\Local Settings\Temp\Cookies\bob rhone@questionmarket[1].txt
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 60
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 60
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 60
1:28:01 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:18:54.704
Objects scanned:170548
Objects identified:37
Objects ignored:0
New critical objects:37
QUOTE(BobR @ Jun 18 2006, 02:08 PM) 
As soon as I startsed the AdAware SE scan a box popped up saying "McAfee ActiveShield has found a suspect file on your computer. McAfee strongly recommends you scan your computer now". This box had a big red X next to the message. This is the message I keep getting...and then I scan with McAfee. It finds nothing. I did notice a program listed in my control panel that I think I remember you referring to in a previous post. It is Media-codec 4.0. Well let me know what you think.
Here is why McAfee is popping up an alert when scanning with Adaware (from the FAQ pages)
QUOTE
Q My antivirus program finds a virus during a scan with Ad-Aware
ADuring a scan, Ad-Aware will temporarily decompress files to scan their contents. Due to the fact that this antivirus provider also includes some detection of advertising (and/or spyware related) content, its resident scanner will detect the file that Ad-Aware is scanning. This is a normal function of the resident scanner. Thus, let Ad-Aware complete its scan, review the results, and then take what action is appropriate (whether to do nothing, ignore, or remove at your choice). Once this is completed, perform a scan with your antivirus to ensure that your system is free of virus infection.
ADuring a scan, Ad-Aware will temporarily decompress files to scan their contents. Due to the fact that this antivirus provider also includes some detection of advertising (and/or spyware related) content, its resident scanner will detect the file that Ad-Aware is scanning. This is a normal function of the resident scanner. Thus, let Ad-Aware complete its scan, review the results, and then take what action is appropriate (whether to do nothing, ignore, or remove at your choice). Once this is completed, perform a scan with your antivirus to ensure that your system is free of virus infection.
The Media-Codec 4.0 is a harmless file but is the fake codec downloaded with this infection (to supposedly view a video, but you get the trojan instead)
Go to your Control Panel and look in Add remove programs and if Media-Codec 4.0 is listed, click on it to highlight it and press *remove* Subsequently you can delete the Media-Codec folder which is in the Program Files directory, if it remains: C:\Program Files\Media-Codec
No signs of infection in either the Adaware scan log. Did you run the SmitfraudFix tool? If not, do that now:
1. Download SmitfraudFix (by S!Ri) to your Desktop (Win2k/WinXP only!).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
How to extract (decompress) zipped or compressed files
http://www.lvsonline.com/compresstut/index.shtml
Note : process.exe is part of the SmitFraudFix tool and is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky, Panda) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
2. Reboot into Safe Mode
You can usually do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.
How to start the computer in Safe mode
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
3. Once in Safe mode, open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.
4. Once back into normal mode, please scan with HijackThis to produce a log. Post that log into your topic along with the other requested logs named below.
Logs needed in your next post are:
rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed
Fresh HijackThis log
Here you go...
SmitFraudFix v2.57
Scan done at 15:27:16.68, Sun 06/18/2006
Run from C:\Documents and Settings\Bob Rhone\My Documents\Unzipped\SmitfraudFix2\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Now the Hijackthis log...
Logfile of HijackThis v1.99.1
Scan saved at 3:39:54 PM, on 6/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\AOL\1141129446\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bob Rhone\My Documents\Unzipped\hijackthis[1]\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141129446\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - https://cluster.jdpa.com/download/CfxIEAx.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://amiuptodate.mcafee.com/vsc/bin/1,0,...pdatePortal.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://mvt.mcafee.com/mvt/bin/3,0,0,0/mvt.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...779/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Thanks for all your help!!
SmitFraudFix v2.57
Scan done at 15:27:16.68, Sun 06/18/2006
Run from C:\Documents and Settings\Bob Rhone\My Documents\Unzipped\SmitfraudFix2\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Now the Hijackthis log...
Logfile of HijackThis v1.99.1
Scan saved at 3:39:54 PM, on 6/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\AOL\1141129446\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bob Rhone\My Documents\Unzipped\hijackthis[1]\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141129446\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - https://cluster.jdpa.com/download/CfxIEAx.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://amiuptodate.mcafee.com/vsc/bin/1,0,...pdatePortal.cab
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://mvt.mcafee.com/mvt/bin/3,0,0,0/mvt.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...779/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Thanks for all your help!!
You have an old version of SmitfraudFix. We're on v. 2.62 now.
Could you please delete that one and the files and folders came with it. And go up to my prior instruction and download the new version and run it again with v. 2.62.
Could you please delete that one and the files and folders came with it. And go up to my prior instruction and download the new version and run it again with v. 2.62.
Newest version...here you go
SmitFraudFix v2.62
Scan done at 19:30:16.20, Mon 06/19/2006
Run from C:\Documents and Settings\Bob Rhone\My Documents\Unzipped\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
SmitFraudFix v2.62
Scan done at 19:30:16.20, Mon 06/19/2006
Run from C:\Documents and Settings\Bob Rhone\My Documents\Unzipped\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Some final cleanup and prevention recomendations follow.
Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.
Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.
Clean out your Temporary Internet files.
Now that your PC is clean, make sure all programs are running properly and then you'll need to reset your restore point in Windows XP.......why?
One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
(winXP)
1. Turn off System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Put a Checkmark in the box next to "Turn off System Restore".
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Remove the checkmark next to "Turn off System Restore".
Click Apply, and then click OK.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?...kb;en-us;310405
Next, I highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help
.
How do I prevent Browser Hijacks and Spyware?
http://www.dslreports.com/faq/13620
I'm happy to see you have SP2 installed. That will address numerous security issues in your Operating System and IE
Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month. This is the first step in malware prevention, as many nasties now take advantage of new exploits and if not patched, you are vulnerable!
Windows Update
http://update.microsoft.com/microsoftupdate/
And see this link for instructions on how to configure the enhanced security features in SP2:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx
I also highly recommend to get the free tool, Microsoft Baseline Security Analyzer (MBSA) from Microsoft to analyze your PC security for prevention purposes.
MBSA Version 2.0 will scan for common system misconfigurations on Windows 2000, Windows XP, and Windows Server 2003 systems. This program will identify the system security weaknesses in your browser and operating system and provides easy instructions to correct them. This includes any missing critical Windows security updates, system vulnerabilities and your IE Browser security settings. Get the download here:
Microsoft Baseline Security Analyzer
http://www.microsoft.com/technet/security/...s/mbsahome.mspx
Choose MBSAsetup-EN.msi = (English Version) or the language appropriate for you.
Also visit this Free Online Scanner for PC Health and Safety
http://safety.live.com/site/en-US/default.htm
and Microsoft Security At Home
http://www.microsoft.com/athome/security/default.mspx
for tips to Protect your Pc, Protect yourself and Protect your Family.
Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.
Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.
Clean out your Temporary Internet files.
- Quit Internet Explorer and quit any instances of Windows Explorer.
- Click Start, click Control Panel, and then double-click Internet Options.
- On the General tab, click Delete Files under Temporary Internet Files.
- In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
- Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
- Click OK.
Now that your PC is clean, make sure all programs are running properly and then you'll need to reset your restore point in Windows XP.......why?
One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
(winXP)
1. Turn off System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Put a Checkmark in the box next to "Turn off System Restore".
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Remove the checkmark next to "Turn off System Restore".
Click Apply, and then click OK.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?...kb;en-us;310405
Next, I highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help
.How do I prevent Browser Hijacks and Spyware?
http://www.dslreports.com/faq/13620
I'm happy to see you have SP2 installed. That will address numerous security issues in your Operating System and IE
Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month. This is the first step in malware prevention, as many nasties now take advantage of new exploits and if not patched, you are vulnerable!
Windows Update
http://update.microsoft.com/microsoftupdate/
And see this link for instructions on how to configure the enhanced security features in SP2:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx
I also highly recommend to get the free tool, Microsoft Baseline Security Analyzer (MBSA) from Microsoft to analyze your PC security for prevention purposes.
MBSA Version 2.0 will scan for common system misconfigurations on Windows 2000, Windows XP, and Windows Server 2003 systems. This program will identify the system security weaknesses in your browser and operating system and provides easy instructions to correct them. This includes any missing critical Windows security updates, system vulnerabilities and your IE Browser security settings. Get the download here:
Microsoft Baseline Security Analyzer
http://www.microsoft.com/technet/security/...s/mbsahome.mspx
Choose MBSAsetup-EN.msi = (English Version) or the language appropriate for you.
Also visit this Free Online Scanner for PC Health and Safety
http://safety.live.com/site/en-US/default.htm
and Microsoft Security At Home
http://www.microsoft.com/athome/security/default.mspx
for tips to Protect your Pc, Protect yourself and Protect your Family.
All i can say is thank you...you are great!!
You're quite welcome! Glad we could help 
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.