Help - Search - Members - Calendar
Full Version: www.safetyhomepage.com/ hijack case
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
arkaingelx
Aug 10 2006, 06:58 AM
I was advised to paste this log file from hijack this onto the forum. Can anyone help?

Logfile of HijackThis v1.99.1
Scan saved at 10:30:44 PM, on 8/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\IntCodec\isamonitor.exe
C:\Program Files\IntCodec\isamini.exe
C:\Program Files\IntCodec\pmsngr.exe
C:\Program Files\IntCodec\pmmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Pluck Corporation\Pluck\PluckSvr.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\arkaingelx\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://v4.windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pluck Helper - {09AF76DD-6988-4664-97D0-362F1011E311} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - C:\Program Files\IntCodec\isaddon.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Protection Bar - {a2595f37-48d0-46a1-9b51-478591a97764} - C:\Program Files\IntCodec\iesplugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Neverwinter Nights Registration.lnk = C:\NeverwinterNights\NWN\ereg\ATR1.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Pluck - {053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O9 - Extra 'Tools' menuitem: Pluck - {053017A8-53F7-4EA3-AA38-A4CCAAF1F9E7} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1142370705109
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: pluck - {A5DD5FEC-8239-4A12-B791-4B6067F85CCC} - C:\Program Files\Pluck Corporation\Pluck\PluckExplorerBar.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
arkaingelx
Aug 10 2006, 07:01 AM
The AAW log is as follows. Can anyone help?

Ad-Aware SE Build 1.06r1
Logfile Created on:Wednesday, August 09, 2006 10:19:27 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R118 07.08.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):10 total references
Tracking Cookie(TAC index:3):12 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


8-9-2006 10:19:27 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\arkaingelx\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-2408011420-1242600452-2953974735-1006\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-2408011420-1242600452-2953974735-1006\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-2408011420-1242600452-2953974735-1006\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-2408011420-1242600452-2953974735-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-2408011420-1242600452-2953974735-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-2408011420-1242600452-2953974735-1006\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 464
ThreadCreationTime : 8-10-2006 5:16:53 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 524
ThreadCreationTime : 8-10-2006 5:16:54 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 548
ThreadCreationTime : 8-10-2006 5:16:55 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 888
ThreadCreationTime : 8-10-2006 5:16:55 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 900
ThreadCreationTime : 8-10-2006 5:16:55 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1072
ThreadCreationTime : 8-10-2006 5:16:56 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1120
ThreadCreationTime : 8-10-2006 5:16:56 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1160
ThreadCreationTime : 8-10-2006 5:16:56 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1284
ThreadCreationTime : 8-10-2006 5:16:56 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1308
ThreadCreationTime : 8-10-2006 5:16:56 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [wltrysvc.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1460
ThreadCreationTime : 8-10-2006 5:16:57 AM
BasePriority : Normal


#:12 [bcmwltry.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1480
ThreadCreationTime : 8-10-2006 5:16:57 AM
BasePriority : Normal
FileVersion : 4.10.47.3
ProductVersion : 4.10.47.3
ProductName : Dell Wireless WLAN Card Wireless Network Controller
CompanyName : Dell Inc.
FileDescription : Dell Wireless WLAN Card Wireless Network Controller
InternalName : bcmwltry.exe
LegalCopyright : 1998-2005, Dell Inc. All Rights Reserved.
OriginalFilename : bcmwltry.exe

#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1576
ThreadCreationTime : 8-10-2006 5:16:57 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:14 [aolacsd.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\ACS\
ProcessID : 1712
ThreadCreationTime : 8-10-2006 5:16:57 AM
BasePriority : Normal


#:15 [mcdetect.exe]
FilePath : c:\program files\mcafee.com\agent\
ProcessID : 1768
ThreadCreationTime : 8-10-2006 5:16:57 AM
BasePriority : Normal
FileVersion : 6, 0, 0, 19
ProductVersion : 6, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee WSC Integration Service
InternalName : McDetect
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : McDetect.exe
Comments : McAfee WSC Integration Service

#:16 [mcshield.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 1828
ThreadCreationTime : 8-10-2006 5:16:57 AM
BasePriority : High


#:17 [mctskshd.exe]
FilePath : c:\PROGRA~1\mcafee.com\agent\
ProcessID : 1848
ThreadCreationTime : 8-10-2006 5:16:57 AM
BasePriority : Normal
FileVersion : 6, 0, 0, 13
ProductVersion : 6, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee Task Scheduler
InternalName : McTskshd
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : McTskshd.exe

#:18 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 2016
ThreadCreationTime : 8-10-2006 5:16:57 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:19 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 492
ThreadCreationTime : 8-10-2006 5:17:02 AM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:20 [mpfservice.exe]
FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
ProcessID : 624
ThreadCreationTime : 8-10-2006 5:17:04 AM
BasePriority : Normal
FileVersion : 7.1.0.113
ProductVersion : 7.1.0.113
ProductName : McAfee Personal Firewall
CompanyName : McAfee Corporation
FileDescription : McAfee Personal Firewall Service
InternalName : MPFService
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MpfService.exe
Comments : McAfee Personal Firewall Service

#:21 [isamonitor.exe]
FilePath : C:\Program Files\IntCodec\
ProcessID : 748
ThreadCreationTime : 8-10-2006 5:17:08 AM
BasePriority : Normal


#:22 [isamini.exe]
FilePath : C:\Program Files\IntCodec\
ProcessID : 824
ThreadCreationTime : 8-10-2006 5:17:10 AM
BasePriority : Normal


#:23 [pmsngr.exe]
FilePath : C:\Program Files\IntCodec\
ProcessID : 828
ThreadCreationTime : 8-10-2006 5:17:11 AM
BasePriority : Normal


#:24 [pmmon.exe]
FilePath : C:\Program Files\IntCodec\
ProcessID : 1028
ThreadCreationTime : 8-10-2006 5:17:12 AM
BasePriority : Normal


#:25 [hkcmd.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1104
ThreadCreationTime : 8-10-2006 5:17:13 AM
BasePriority : Normal
FileVersion : 3.0.0.4446
ProductVersion : 7.0.0.4446
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : HKCMD.EXE

#:26 [nicconfigsvc.exe]
FilePath : C:\Program Files\Dell\NICCONFIGSVC\
ProcessID : 1264
ThreadCreationTime : 8-10-2006 5:17:13 AM
BasePriority : Normal
FileVersion : 7, 0, 9, 0
ProductVersion : 7, 0, 9, 0
ProductName : NicConfigSvc
CompanyName : Dell Inc.
FileDescription : Internal Network Card Power Management Service
InternalName : NicConfigSvc
LegalCopyright : Copyright © 2005 Dell Inc.
OriginalFilename : NicConfigSvc.exe

#:27 [igfxpers.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1192
ThreadCreationTime : 8-10-2006 5:17:13 AM
BasePriority : Normal
FileVersion : 3.0.0.4446
ProductVersion : 7.0.0.4446
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : persistence Module
InternalName : PERSISTENCE
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : IGFXPERS.EXE

#:28 [igfxsrvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1340
ThreadCreationTime : 8-10-2006 5:17:14 AM
BasePriority : Normal
FileVersion : 3.0.0.4446
ProductVersion : 7.0.0.4446
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : igfxsrvc Module
InternalName : IGFXSRVC
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : IGFXSRVC.EXE

#:29 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_06\bin\
ProcessID : 1368
ThreadCreationTime : 8-10-2006 5:17:14 AM
BasePriority : Normal


#:30 [wltray.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1392
ThreadCreationTime : 8-10-2006 5:17:14 AM
BasePriority : Normal
FileVersion : 4.10.47.3
ProductVersion : 4.10.47.3
ProductName : Dell Wireless WLAN Card Wireless Network Tray Applet
CompanyName : Dell Inc.
FileDescription : Dell Wireless WLAN Card Wireless Network Tray Applet
InternalName : wltray.exe
LegalCopyright : 1998-2005, Dell Inc. All Rights Reserved.
OriginalFilename : wltray.exe

#:31 [stsystra.exe]
FilePath : C:\WINDOWS\
ProcessID : 1448
ThreadCreationTime : 8-10-2006 5:17:15 AM
BasePriority : Normal
FileVersion : 1.0.4823.0 nd322 cp1
ProductVersion : 1.0.4823.3 nd322 cp1
ProductName : C-Major Audio
CompanyName : SigmaTel, Inc.
FileDescription : Sigmatel Audio system tray application
InternalName : stsystray.exe
LegalCopyright : Copyright © 2004-2005, SigmaTel, Inc.
OriginalFilename : stsystray.exe

#:32 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1492
ThreadCreationTime : 8-10-2006 5:17:16 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:33 [quickset.exe]
FilePath : C:\Program Files\Dell\QuickSet\
ProcessID : 1732
ThreadCreationTime : 8-10-2006 5:17:17 AM
BasePriority : Normal
FileVersion : 7, 0, 9, 0
ProductVersion : 7, 0, 9, 0
ProductName : QuickSet
CompanyName : Dell Inc
FileDescription : QuickSet
InternalName : QuickSet
LegalCopyright : Copyright Dell Inc © 2005
OriginalFilename : Quickset.exe

#:34 [syntpenh.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 1916
ThreadCreationTime : 8-10-2006 5:17:18 AM
BasePriority : Normal
FileVersion : 8.2.4.3 29Nov05
ProductVersion : 8.2.4.3 29Nov05
ProductName : Synaptics Pointing Device Driver
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Synaptics Enhancements Application
LegalCopyright : Copyright © Synaptics, Inc. 1996-2005
OriginalFilename : SynTPEnh.exe

#:35 [pcmservice.exe]
FilePath : C:\Program Files\Dell\Media Experience\
ProcessID : 1992
ThreadCreationTime : 8-10-2006 5:17:19 AM
BasePriority : Normal
FileVersion : 1.0.1611
ProductVersion : 1.0.1611
ProductName : PCM2Launcher Application
CompanyName : CyberLink Corp.
FileDescription : PowerCinema Resident Program for Dell
InternalName : PowerCinema Resident Program for Dell
LegalCopyright : Copyright c 2003 CyberLink Corp.
OriginalFilename : PCM2Launcher.EXE

#:36 [dvdlauncher.exe]
FilePath : C:\Program Files\CyberLink\PowerDVD\
ProcessID : 232
ThreadCreationTime : 8-10-2006 5:17:20 AM
BasePriority : Normal
FileVersion : 3.00.0000
ProductVersion : 3.00.0000
ProductName : Cyberlink PowerCinema 3.0
CompanyName : CyberLink Corp.
FileDescription : CyberLink PowerCinema Resident Program
InternalName : CyberLink PowerCinema Resident Program
LegalCopyright : Copyright © 2003 CyberLink Corp.
OriginalFilename : DVDLauncher.EXE

#:37 [realplay.exe]
FilePath : C:\Program Files\Real\RealPlayer\
ProcessID : 380
ThreadCreationTime : 8-10-2006 5:17:22 AM
BasePriority : Normal
FileVersion : 6.0.9.584
ProductVersion : 6.0.9.584
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2000
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : REALPLAY.EXE

#:38 [tfswctrl.exe]
FilePath : C:\WINDOWS\system32\dla\
ProcessID : 1528
ThreadCreationTime : 8-10-2006 5:17:25 AM
BasePriority : Normal
FileVersion : 1.04.08a
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2004 Sonic Solutions

#:39 [issch.exe]
FilePath : C:\Program Files\Common Files\InstallShield\UpdateService\
ProcessID : 476
ThreadCreationTime : 8-10-2006 5:17:29 AM
BasePriority : Normal
FileVersion : 4, 50, 100, 33433
ProductVersion : 4, 50
ProductName : InstallShield Update Service
CompanyName : InstallShield Software Corporation
FileDescription : InstallShield Update Service Scheduler
InternalName : Scheduler
LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation
OriginalFilename : issch.exe

#:40 [oasclnt.exe]
FilePath : C:\Program Files\McAfee.com\VSO\
ProcessID : 664
ThreadCreationTime : 8-10-2006 5:17:32 AM
BasePriority : Normal
FileVersion : 10, 0, 0, 24
ProductVersion : 10, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan OAS Client
InternalName : OasClnt
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : OasClnt.exe
Comments : McAfee VirusScan OAS Client

#:41 [mcagent.exe]
FilePath : C:\PROGRA~1\mcafee.com\agent\
ProcessID : 1236
ThreadCreationTime : 8-10-2006 5:17:32 AM
BasePriority : Normal
FileVersion : 6, 0, 0, 16
ProductVersion : 6, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : mcagent.exe

#:42 [googledesktop.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 2116
ThreadCreationTime : 8-10-2006 5:17:35 AM
BasePriority : Normal


#:43 [mcvsshld.exe]
FilePath : c:\program files\mcafee.com\vso\
ProcessID : 2128
ThreadCreationTime : 8-10-2006 5:17:35 AM
BasePriority : Normal
FileVersion : 10, 0, 0, 22
ProductVersion : 10, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : McVsShld
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : McVsShld.exe
Comments : McAfee VirusScan ActiveShield Resource

#:44 [mskagent.exe]
FilePath : C:\PROGRA~1\McAfee\SPAMKI~1\
ProcessID : 2196
ThreadCreationTime : 8-10-2006 5:17:35 AM
BasePriority : Normal
FileVersion : 7.0.2.0
ProductVersion : 7.0
ProductName : McAfee SpamKiller
CompanyName : McAfee Inc.
FileDescription : McAfee SpamKiller Agent Interface module
InternalName : MskAgent
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : MskAgent.exe

#:45 [mediadetect.exe]
FilePath : C:\Program Files\Corel\Corel Photo Album 6\
ProcessID : 2224
ThreadCreationTime : 8-10-2006 5:17:36 AM
BasePriority : Normal
FileVersion : 6.0.0 (20050831.10)
ProductVersion : 6.0.0 (20050831.10)
ProductName : Corel Photo Album 6
CompanyName : Corel, Inc.
FileDescription : Corel Photo Album 6 Application
InternalName : Corel Photo Album 6
LegalCopyright : Copyright © 1995-2005
OriginalFilename : MediaDetect.exe

#:46 [mcvsescn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ProcessID : 2256
ThreadCreationTime : 8-10-2006 5:17:36 AM
BasePriority : Normal
FileVersion : 10, 0, 0, 20
ProductVersion : 10, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module

#:47 [mpftray.exe]
FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
ProcessID : 2284
ThreadCreationTime : 8-10-2006 5:17:38 AM
BasePriority : Normal
FileVersion : 7.1.0.113
ProductVersion : 7.1.0.113
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Tray Monitor
InternalName : MpfTray
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MPFTRAY.EXE
Comments : Tray Icon for McAfee Personal Firewall

#:48 [winampa.exe]
FilePath : C:\Program Files\Winamp\
ProcessID : 2292
ThreadCreationTime : 8-10-2006 5:17:38 AM
BasePriority : Normal


#:49 [netwaiting.exe]
FilePath : C:\Program Files\NetWaiting\
ProcessID : 2304
ThreadCreationTime : 8-10-2006 5:17:38 AM
BasePriority : Normal


#:50 [googledesktopindex.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 2328
ThreadCreationTime : 8-10-2006 5:17:41 AM
BasePriority : Normal


#:51 [dsagnt.exe]
FilePath : C:\Program Files\Dell Support\
ProcessID : 2336
ThreadCreationTime : 8-10-2006 5:17:41 AM
BasePriority : Below Normal
FileVersion : 1, 1, 1, 121
ProductVersion : 1, 1, 1, 121
ProductName : Dell Support
CompanyName : Gteko Ltd.
FileDescription : Dell Support
InternalName : AUAgent
LegalCopyright : Copyright © 2000 - 2005 Gteko Ltd.
OriginalFilename : AUAgent.exe

#:52 [aim.exe]
FilePath : C:\Program Files\AIM\
ProcessID : 2356
ThreadCreationTime : 8-10-2006 5:17:42 AM
BasePriority : Normal
FileVersion : 5.9.3861
ProductVersion : 5.9.3861
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2005 America Online, Inc.
OriginalFilename : AIM.EXE

#:53 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 2416
ThreadCreationTime : 8-10-2006 5:17:46 AM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:54 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2432
ThreadCreationTime : 8-10-2006 5:17:47 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:55 [aoltray.exe]
FilePath : C:\Program Files\America Online 9.0\
ProcessID : 2560
ThreadCreationTime : 8-10-2006 5:17:55 AM
BasePriority : Normal
FileVersion : 9.00.001
ProductVersion : 9.00.001
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : AOL Tray Icon
InternalName : AolTray
LegalCopyright : Copyright © America Online, Inc. 1999 - 2004

#:56 [googledesktopdisplay.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 2572
ThreadCreationTime : 8-10-2006 5:17:56 AM
BasePriority : Normal


#:57 [dlg.exe]
FilePath : C:\Program Files\Digital Line Detect\
ProcessID : 2596
ThreadCreationTime : 8-10-2006 5:17:58 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BVRP Software TestLine
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
LegalCopyright : Copyright © 2003
OriginalFilename : TestLine.exe

#:58 [mcvsftsn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ProcessID : 2792
ThreadCreationTime : 8-10-2006 5:18:09 AM
BasePriority : Normal
FileVersion : 10, 0, 0, 19
ProductVersion : 10, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan Instant Messenger Scan Module
InternalName : mcvsftsn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsftsn.EXE
Comments : McAfee VirusScan Instant Messenger Scan Module

#:59 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3008
ThreadCreationTime : 8-10-2006 5:18:12 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:60 [wmiprvse.exe]
FilePath : C:\WINDOWS\system32\wbem\
ProcessID : 3216
ThreadCreationTime : 8-10-2006 5:18:19 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:61 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3436
ThreadCreationTime : 8-10-2006 5:18:23 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:62 [mpfagent.exe]
FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
ProcessID : 3444
ThreadCreationTime : 8-10-2006 5:18:24 AM
BasePriority : Normal
FileVersion : 7.1.0.113
ProductVersion : 7.1.0.113
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Agent Interface
InternalName : MpfAgent
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : MPFAGENT.EXE
Comments : McAfee Personal Firewall Security Center Module

#:63 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3736
ThreadCreationTime : 8-10-2006 5:18:34 AM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:64 [wmiprvse.exe]
FilePath : C:\WINDOWS\system32\wbem\
ProcessID : 3808
ThreadCreationTime : 8-10-2006 5:18:37 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:65 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3864
ThreadCreationTime : 8-10-2006 5:18:51 AM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:66 [plucksvr.exe]
FilePath : C:\Program Files\Pluck Corporation\Pluck\
ProcessID : 3624
ThreadCreationTime : 8-10-2006 5:19:02 AM
BasePriority : Normal
FileVersion : 2, 0, 0, 7751
ProductVersion : 2, 0, 0, 7751
ProductName : Pluck
CompanyName : Pluck Corporation
FileDescription : Pluck Service
InternalName : PluckSvr.exe
LegalCopyright : © Pluck Corporation All rights reserved.
OriginalFilename : PluckSvr.exe

#:67 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3992
ThreadCreationTime : 8-10-2006 5:19:16 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : arkaingelx@counter8.sextracker[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:arkaingelx@counter8.sextracker.com/
Expires : 8-9-2006 6:14:28 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : arkaingelx@hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:16
Value : Cookie:arkaingelx@hitbox.com/
Expires : 8-9-2007 2:24:56 AM
LastSync : Hits:16
UseCount : 0
Hits : 16

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : arkaingelx@counter5.sextracker[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:arkaingelx@counter5.sextracker.com/
Expires : 8-9-2006 6:30:44 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : arkaingelx@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:arkaingelx@doubleclick.net/
Expires : 8-8-2009 1:03:00 AM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : arkaingelx@ehg-darksideprod.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:24
Value : Cookie:arkaingelx@ehg-darksideprod.hitbox.com/
Expires : 8-9-2007 2:24:56 AM
LastSync : Hits:24
UseCount : 0
Hits : 24

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : arkaingelx@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:arkaingelx@atdmt.com/
Expires : 8-7-2011 5:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : arkaingelx@cs.sexcounter[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:arkaingelx@cs.sexcounter.com/
Expires : 5-12-2024 11:07:28 AM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : arkaingelx@counter12.sextracker[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:arkaingelx@counter12.sextracker.com/
Expires : 8-9-2006 6:07:20 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : arkaingelx@sextracker[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:arkaingelx@sextracker.com/
Expires : 8-10-2006 1:30:44 AM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : arkaingelx@sexlist[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:arkaingelx@sexlist.com/
Expires : 8-9-2007 7:18:02 AM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : arkaingelx@paycounter[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:arkaingelx@paycounter.com/
Expires : 9-8-2006 1:12:48 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : arkaingelx@counter1.sextracker[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:arkaingelx@counter1.sextracker.com/
Expires : 8-9-2006 6:25:34 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 12
Objects found so far: 22



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 22


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 22




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 22

10:33:41 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:14:14.265
Objects scanned:177476
Objects identified:12
Objects ignored:0
New critical objects:12
LS CalamityJane
Aug 12 2006, 10:50 PM
Adaware does not detect that variant yet. It is a hijacker of the "Smitfraud" family that displays a fake notice that you are infected to fool you into buying some fraudlent antispyware program. Here is a free tool that should remove it for you

1. Download SmitfraudFix (by S!Ri) to your Desktop (Win2k/WinXP only!).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

How to extract (decompress) zipped or compressed files
http://www.lvsonline.com/compresstut/index.shtml

Note : process.exe is part of the SmitFraudFix tool and is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky, Panda) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.


2. Reboot into Safe Mode
You can usually do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

How to start the computer in Safe mode
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

3. Once in Safe mode, open the SmitfraudFix folder and double-click smitfraudfix.cmd

Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.

4. Once back into normal mode, please scan with HijackThis to produce a log. Post that log into your topic along with the other requested logs named below.

Logs needed in your next post are:

rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed

Fresh HijackThis log
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.