I hope someone can help. My System Mechanic and AdAware suddenly gave me indications that I have security vulnerabilities but they are not removed by either program. System Mechanic keeps ignoring one file, but it doesn't matter, because they keep coming back anyway. Here's my HiT log. I hope it helps one of you help me. Logfile of HijackThis v1.99.1 Scan saved at 5:24:05 AM, on 11/20/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsrw.exe C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe C:\windows\system\hpsysdrv.exe C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\hphmon06.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCMTR.EXE C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe C:\Program Files\iTunes\iTunesHelper.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\CHARTE~1\ANTI-S~1\fsaw.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\HP_Owner\My Documents\My Downloads\HijackThis_v1.99.1.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [HPHUPD06] "c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [News Service] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe" O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Charter High-Speed Security Suite.lnk = C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: &Block this popup - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/games/web_games/playfirst/trijinx/TriJinx.1.0.0.55.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155054091156 O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://72.32.179.44/filter/cameraviewer/isetup.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://aolsvc.aol.com/onlinegames/tryaces/zylomgamesplayer.cab O16 - DPF: {DBA8E419-0D5F-439B-A3CC-D01C768D9B51} (DVCDownloaderControl Object) - http://aolsvc.aol.com/onlinegames/sonydavincicode/DVCDownloaderControl.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Charter High-Speed Security Suite (BackWeb Plug-in - 3528733) - BackWeb Technologies Inc. - C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Maybe this information can help you figure out what's wrong. This is what came up on the AdAware scan. I did a Trend Micro scan and everything was ok. Ad-Aware SE Build 1.06r1 Logfile Created on:Monday, November 20, 2006 11:43:30 AM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R133 16.11.2006 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):34 total references Windows(TAC index:3):2 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 11-20-2006 11:43:30 AM - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Documents and Settings\HP_Owner\Application Data\microsoft\office\recent Description : list of recently opened documents using microsoft office MRU List Object Recognized! Location: : C:\Documents and Settings\HP_Owner\recent Description : list of recently opened documents MRU List Object Recognized! Location: : S-1-5-21-3896006393-1383216006-3230072211-1009\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : S-1-5-21-3896006393-1383216006-3230072211-1009\software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-3896006393-1383216006-3230072211-1009\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-3896006393-1383216006-3230072211-1009\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-3896006393-1383216006-3230072211-1009\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-3896006393-1383216006-3230072211-1009\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-3896006393-1383216006-3230072211-1009\software\microsoft\mediaplayer\medialibraryui Description : last selected node in the microsoft windows media player media library MRU List Object Recognized! Location: : S-1-5-21-3896006393-1383216006-3230072211-1009\software\microsoft\mediaplayer\player\recentfilelist Description : list of recently used files in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-3896006393-1383216006-3230072211-1009\software\microsoft\mediaplayer\preferences Description : last cd record path used in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-3896006393-1383216006-3230072211-1009\software\microsoft\mediaplayer\preferences Description : last playlist index loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-3896006393-1383216006-3230072211-1009\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-3896006393-1383216006-3230072211-1009\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-3896006393-1383216006-3230072211-1009\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-3896006393-1383216006-3230072211-1009\software\microsoft\windows\currentversion\applets\paint\recent file list Description : list of files recently opened using microsoft paint MRU List Object Recognized! Location: : S-1-5-21-3896006393-1383216006-3230072211-1009\software\microsoft\windows\currentversion\applets\wordpad\recent file list Description : list of recent files opened using wordpad MRU List Object Recognized! Location: : S-1-5-21-3896006393-1383216006-3230072211-1009\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-3896006393-1383216006-3230072211-1009\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-3896006393-1383216006-3230072211-1009\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-3896006393-1383216006-3230072211-1009\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run MRU List Object Recognized! Location: : S-1-5-21-3896006393-1383216006-3230072211-1009\software\realnetworks\realplayer\6.0\preferences Description : list of recent skins in realplayer MRU List Object Recognized! Location: : S-1-5-21-3896006393-1383216006-3230072211-1009\software\realnetworks\realplayer\6.0\preferences Description : list of recent clips in realplayer MRU List Object Recognized! Location: : S-1-5-21-3896006393-1383216006-3230072211-1009\software\realnetworks\realplayer\6.0\preferences Description : last login time in realplayer MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-3896006393-1383216006-3230072211-1009\software\microsoft\windows media\wmsdk\general Description : windows media sdk Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 480 ThreadCreationTime : 11-20-2006 5:27:11 PM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 556 ThreadCreationTime : 11-20-2006 5:27:13 PM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 580 ThreadCreationTime : 11-20-2006 5:27:14 PM BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 624 ThreadCreationTime : 11-20-2006 5:27:14 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 636 ThreadCreationTime : 11-20-2006 5:27:14 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 796 ThreadCreationTime : 11-20-2006 5:27:15 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 852 ThreadCreationTime : 11-20-2006 5:27:15 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 928 ThreadCreationTime : 11-20-2006 5:27:15 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1000 ThreadCreationTime : 11-20-2006 5:27:15 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1076 ThreadCreationTime : 11-20-2006 5:27:15 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1236 ThreadCreationTime : 11-20-2006 5:27:16 PM BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:12 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1532 ThreadCreationTime : 11-20-2006 5:27:23 PM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:13 [servic~1.exe] FilePath : C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\ ProcessID : 1636 ThreadCreationTime : 11-20-2006 5:27:24 PM BasePriority : Normal #:14 [fsgk32st.exe] FilePath : C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\ ProcessID : 1664 ThreadCreationTime : 11-20-2006 5:27:24 PM BasePriority : Normal FileVersion : 1.00.11280 ProductVersion : 1, 0, 11280, 0 ProductName : F-Secure Corp. Startup service CompanyName : F-Secure Corporation FileDescription : fsgk32st InternalName : fsgk32 LegalCopyright : Copyright © 2004 OriginalFilename : fsgk32st.exe Comments : Startup service for Gatekeeper Handler #:15 [fsgk32.exe] FilePath : C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\ ProcessID : 1684 ThreadCreationTime : 11-20-2006 5:27:24 PM BasePriority : Normal FileVersion : 6.10.12200 ProductVersion : 6.10.12200 ProductName : F-Secure Corp. fsgk32 CompanyName : F-Secure Corp. FileDescription : Gatekeeper Handler II InternalName : fsgk32 LegalCopyright : Copyright © 2004-2006 OriginalFilename : fsgk32.exe Comments : release #:16 [fsbwsys.exe] FilePath : C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\ ProcessID : 1692 ThreadCreationTime : 11-20-2006 5:27:24 PM BasePriority : Normal FileVersion : 6.90.881 ProductVersion : 6.90 ProductName : F-Secure BackWeb CompanyName : F-Secure Corp. FileDescription : fsbwsys InternalName : fsbwsys LegalCopyright : Copyright © 2005 F-Secure Corporation OriginalFilename : fsbwsys.exe #:17 [fssm32.exe] FilePath : C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\ ProcessID : 1732 ThreadCreationTime : 11-20-2006 5:27:24 PM BasePriority : Normal FileVersion : 6.10.12200 ProductVersion : 6.10.12200 ProductName : F-Secure Corp. fssm32 CompanyName : F-Secure Corp. FileDescription : fssm32 InternalName : fssm32 LegalCopyright : Copyright © 2004-2005 OriginalFilename : fssm32.exe Comments : release #:18 [fsma32.exe] FilePath : C:\Program Files\Charter High-Speed Security Suite\Common\ ProcessID : 1760 ThreadCreationTime : 11-20-2006 5:27:24 PM BasePriority : Normal FileVersion : 6.05.8452 ProductVersion : 6.05 Build 8452 ProductName : F-Secure Management Agent CompanyName : F-Secure Corporation FileDescription : F-Secure Management Agent InternalName : VCH LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved. LegalTrademarks : Windows (TM) is a trademark of Microsoft Corporation OriginalFilename : FSMA32.EXE #:19 [fsmb32.exe] FilePath : C:\Program Files\Charter High-Speed Security Suite\Common\ ProcessID : 1928 ThreadCreationTime : 11-20-2006 5:27:24 PM BasePriority : Normal FileVersion : 6.05.8452 ProductVersion : 6.05 Build 8452 ProductName : F-Secure Management Agent CompanyName : F-Secure Corporation FileDescription : F-Secure Message Broker InternalName : FSMB LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved. LegalTrademarks : Windows (TM) is a trademark of Microsoft Corporation OriginalFilename : FSMB32.EXE #:20 [mdm.exe] FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\ ProcessID : 1936 ThreadCreationTime : 11-20-2006 5:27:24 PM BasePriority : Normal FileVersion : 7.00.9466 ProductVersion : 7.00.9466 ProductName : Microsoft® Visual Studio .NET CompanyName : Microsoft Corporation FileDescription : Machine Debug Manager InternalName : mdm.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : mdm.exe #:21 [hpzipm12.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1984 ThreadCreationTime : 11-20-2006 5:27:24 PM BasePriority : Normal FileVersion : 9, 0, 0, 0 ProductVersion : 9, 0, 0, 0 ProductName : HP PML CompanyName : HP FileDescription : PML Driver InternalName : PmlDrv LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company OriginalFilename : PmlDrv.exe #:22 [fspex.exe] FilePath : C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\ ProcessID : 2032 ThreadCreationTime : 11-20-2006 5:27:24 PM BasePriority : Normal #:23 [hpsysdrv.exe] FilePath : C:\windows\system\ ProcessID : 224 ThreadCreationTime : 11-20-2006 5:27:26 PM BasePriority : Normal FileVersion : 1, 7, 0, 0 ProductVersion : 1, 7, 0, 0 ProductName : hpsysdrv CompanyName : Hewlett-Packard Company FileDescription : hpsysdrv InternalName : hpsysdrv LegalCopyright : Copyright © 1998 OriginalFilename : hpsysdrv.exe #:24 [agrsmmsg.exe] FilePath : C:\WINDOWS\ ProcessID : 340 ThreadCreationTime : 11-20-2006 5:27:26 PM BasePriority : Normal FileVersion : 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 ProductVersion : 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 ProductName : Agere SoftModem Messaging Applet CompanyName : Agere Systems FileDescription : SoftModem Messaging Applet InternalName : smdmstat.exe LegalCopyright : Copyright © Agere Systems 1998-2000 OriginalFilename : smdmstat.exe #:25 [hphmon06.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 356 ThreadCreationTime : 11-20-2006 5:27:26 PM BasePriority : Normal FileVersion : 6,0,72 ProductVersion : 6,0,72 ProductName : HP Photosmart CompanyName : Hewlett-Packard FileDescription : HPHmon06 InternalName : HPHmon06 LegalCopyright : Copyright (C) 2004 OriginalFilename : HPHmon06.exe #:26 [soundman.exe] FilePath : C:\WINDOWS\ ProcessID : 372 ThreadCreationTime : 11-20-2006 5:27:26 PM BasePriority : Normal FileVersion : 1, 0, 0, 14 ProductVersion : 1, 0, 0, 14 ProductName : Realtek HD Sound Manager CompanyName : Realtek Semiconductor Corp. FileDescription : Realtek Sound Manager InternalName : ALSMTray LegalCopyright : Copyright (c) 2004 Realtek Semiconductor Corp. OriginalFilename : ALSMTray.exe Comments : Realtek HD Audio Sound Manager #:27 [alcmtr.exe] FilePath : C:\WINDOWS\ ProcessID : 388 ThreadCreationTime : 11-20-2006 5:27:27 PM BasePriority : Normal FileVersion : 1.5 ProductVersion : 1.5 ProductName : Realtek AC97 Audio - Event Monitor CompanyName : Realtek Semiconductor Corp. FileDescription : Realtek Azalia Audio - Event Monitor InternalName : Alcxmntr LegalCopyright : Copyright (c) 2004 Realtek Semiconductor Corp. OriginalFilename : Alcxmntr.exe #:28 [fch32.exe] FilePath : C:\Program Files\Charter High-Speed Security Suite\Common\ ProcessID : 384 ThreadCreationTime : 11-20-2006 5:27:27 PM BasePriority : Normal FileVersion : 6.05.8452 ProductVersion : 6.05 Build 8452 ProductName : F-Secure Management Agent CompanyName : F-Secure Corporation FileDescription : F-Secure Configuration Handler InternalName : FCH LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved. LegalTrademarks : Windows (TM) is a trademark of Microsoft Corporation OriginalFilename : FCH32.EXE #:29 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 776 ThreadCreationTime : 11-20-2006 5:27:29 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:30 [fsqh.exe] FilePath : C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\ ProcessID : 1180 ThreadCreationTime : 11-20-2006 5:27:29 PM BasePriority : Normal FileVersion : 6.00.11240 ProductVersion : 6.00 Build 11240 ProductName : F-Secure Anti-Virus CompanyName : F-Secure Corporation FileDescription : F-Secure Quarantine Handler InternalName : FSQH LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved. LegalTrademarks : F-Secure ® is a registered trademark of F-Secure Corporation. OriginalFilename : FSQH.EXE #:31 [wdfmgr.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1204 ThreadCreationTime : 11-20-2006 5:27:29 PM BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:32 [fameh32.exe] FilePath : C:\Program Files\Charter High-Speed Security Suite\Common\ ProcessID : 1232 ThreadCreationTime : 11-20-2006 5:27:29 PM BasePriority : Normal FileVersion : 6.05.8452 ProductVersion : 6.05 Build 8452 ProductName : F-Secure Management Agent CompanyName : F-Secure Corporation FileDescription : F-Secure Alert and Management Extension Handler InternalName : FAMEH LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved. LegalTrademarks : Windows (TM) is a trademark of Microsoft Corporation OriginalFilename : FAMEH32.EXE #:33 [fsrw.exe] FilePath : C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\ ProcessID : 1336 ThreadCreationTime : 11-20-2006 5:27:29 PM BasePriority : Normal FileVersion : 1.1.222 ProductName : F-Secure Anti-Virus CompanyName : F-Secure Corporation FileDescription : F-Secure System Control InternalName : FSRW LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved. LegalTrademarks : F-Secure ® is a registered trademark of F-Secure Corporation. OriginalFilename : FSRW.EXE #:34 [fspc.exe] FilePath : C:\Program Files\Charter High-Speed Security Suite\FSPC\ ProcessID : 1340 ThreadCreationTime : 11-20-2006 5:27:29 PM BasePriority : Normal FileVersion : 5.00.160 ProductVersion : 5.00 Build 160 ProductName : F-Secure Parental Control CompanyName : F-Secure Corporation FileDescription : F-Secure Parental Control InternalName : FSPC LegalCopyright : Copyright © 1998-2004 F-Secure Corporation. All rights reserved. LegalTrademarks : Windows (TM) is a trademark of Microsoft Corporation OriginalFilename : FSPC.EXE #:35 [fsm32.exe] FilePath : C:\Program Files\Charter High-Speed Security Suite\Common\ ProcessID : 1512 ThreadCreationTime : 11-20-2006 5:27:30 PM BasePriority : Normal FileVersion : 6.05.8452 ProductVersion : 6.05 Build 8452 ProductName : F-Secure Management Agent CompanyName : F-Secure Corporation FileDescription : F-Secure Settings and Statistics InternalName : FSM LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved. LegalTrademarks : Windows (TM) is a trademark of Microsoft Corporation OriginalFilename : FSM32.EXE #:36 [ispnews.exe] FilePath : C:\Program Files\Charter High-Speed Security Suite\FSGUI\ ProcessID : 2276 ThreadCreationTime : 11-20-2006 5:27:31 PM BasePriority : Normal FileVersion : 1, 0, 0, 14 ProductVersion : 1, 0, 0, 14 ProductName : News Service Application CompanyName : F-Secure Corporation FileDescription : News Service InternalName : ISP News LegalCopyright : Copyright (C) 2003,2004 F-Secure Corporation OriginalFilename : ispnews.exe #:37 [ituneshelper.exe] FilePath : C:\Program Files\iTunes\ ProcessID : 2288 ThreadCreationTime : 11-20-2006 5:27:31 PM BasePriority : Normal FileVersion : 4.7.0.42 ProductVersion : 4.7.0.42 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iTunesHelper Module InternalName : iTunesHelper LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iTunesHelper.exe #:38 [kbd.exe] FilePath : C:\HP\KBD\ ProcessID : 2400 ThreadCreationTime : 11-20-2006 5:27:32 PM BasePriority : High #:39 [fsav32.exe] FilePath : C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\ ProcessID : 2460 ThreadCreationTime : 11-20-2006 5:27:33 PM BasePriority : Normal FileVersion : 6.10.11370 ProductVersion : 6.10.11370 ProductName : F-Secure Anti-Virus CompanyName : F-Secure Corporation FileDescription : FSAV Handler InternalName : FSAV32 LegalCopyright : Copyright © 1998-2005, F-Secure Corporation OriginalFilename : FSAV32.exe #:40 [realsched.exe] FilePath : C:\Program Files\Common Files\Real\Update_OB\ ProcessID : 2484 ThreadCreationTime : 11-20-2006 5:27:33 PM BasePriority : Normal FileVersion : 0.1.0.3034 ProductVersion : 0.1.0.3034 ProductName : RealPlayer (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004 LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc. OriginalFilename : realsched.exe #:41 [ctfmon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2592 ThreadCreationTime : 11-20-2006 5:27:34 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:42 [smsystemanalyzer.exe] FilePath : C:\Program Files\iolo\System Mechanic 6\ ProcessID : 2612 ThreadCreationTime : 11-20-2006 5:27:35 PM BasePriority : Normal #:43 [mssysmgr.exe] FilePath : C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\ ProcessID : 2644 ThreadCreationTime : 11-20-2006 5:27:35 PM BasePriority : Normal FileVersion : 4.5.0.0 ProductVersion : 4.5.0.0 ProductName : Nero PhotoShow Media Manager CompanyName : Nero AG / Nero Inc. FileDescription : Nero PhotoShow Media Manager LegalCopyright : © 1999-2005 Nero AG / Nero Inc. All rights reserved. OriginalFilename : mssysmgr.exe #:44 [fshttps.exe] FilePath : C:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\ ProcessID : 2812 ThreadCreationTime : 11-20-2006 5:27:42 PM BasePriority : Normal FileVersion : 5.00.160 ProductVersion : 5.00 Build 160 ProductName : F-Secure Parental Control CompanyName : F-Secure Corporation FileDescription : F-Secure Http Server InternalName : FSHTTPS LegalCopyright : Copyright © 1998-2004 F-Secure Corporation. All rights reserved. LegalTrademarks : Windows (TM) is a trademark of Microsoft Corporation OriginalFilename : FSHTTPS.EXE #:45 [fsdfwd.exe] FilePath : C:\Program Files\Charter High-Speed Security Suite\FWES\Program\ ProcessID : 3004 ThreadCreationTime : 11-20-2006 5:27:44 PM BasePriority : Normal FileVersion : 5.91.210 ProductVersion : 5.91 Build 210 ProductName : F-Secure Anti-Virus Internet Shield CompanyName : F-Secure Corporation FileDescription : F-Secure Anti-Virus Internet Shield daemon InternalName : fsdfwd LegalCopyright : Copyright (c) F-Secure Corporation 1997-2005 OriginalFilename : fsdfwd.exe #:46 [hpqtra08.exe] FilePath : C:\Program Files\HP\Digital Imaging\bin\ ProcessID : 3024 ThreadCreationTime : 11-20-2006 5:27:44 PM BasePriority : Normal FileVersion : 53.0.13.000 ProductVersion : 053.000.013.000 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : HP Digital Imaging Monitor InternalName : HPQTRA00 LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2004 OriginalFilename : HPQTRA00.EXE Comments : HP Digital Imaging Monitor #:47 [ipodservice.exe] FilePath : C:\Program Files\iPod\bin\ ProcessID : 3064 ThreadCreationTime : 11-20-2006 5:27:44 PM BasePriority : Normal FileVersion : 4.7.0.42 ProductVersion : 4.7.0.42 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iPodService Module InternalName : iPodService LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iPodService.exe #:48 [nkbmonitor.exe] FilePath : C:\Program Files\Nikon\PictureProject\ ProcessID : 3268 ThreadCreationTime : 11-20-2006 5:27:45 PM BasePriority : Normal FileVersion : 1, 0, 0, 3007 ProductVersion : 1, 0, 0 ProductName : PictureProject Monitor CompanyName : Nikon Corporation FileDescription : PictureProject Monitor InternalName : NkbMonitor LegalCopyright : Copyright (C) Nikon Corporation. 1998 - 2004 OriginalFilename : NKBMONITOR.EXE Comments : PictureProject Monitor #:49 [fsaw.exe] FilePath : C:\PROGRA~1\CHARTE~1\ANTI-S~1\ ProcessID : 3688 ThreadCreationTime : 11-20-2006 5:27:49 PM BasePriority : Normal FileVersion : 1.1.197 ProductName : F-Secure Anti-Spyware CompanyName : F-Secure Corporation FileDescription : F-Secure Browser Control InternalName : FSAW LegalCopyright : Copyright © 1998-2005 F-Secure Corporation. All rights reserved. LegalTrademarks : F-Secure ® is a registered trademark of F-Secure Corporation. OriginalFilename : FSAW.EXE #:50 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 3680 ThreadCreationTime : 11-20-2006 5:27:49 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:51 [fsguidll.exe] FilePath : C:\Program Files\Charter High-Speed Security Suite\FSGUI\ ProcessID : 4016 ThreadCreationTime : 11-20-2006 5:27:51 PM BasePriority : Normal FileVersion : 6, 20, 350, 0 ProductVersion : 6, 12, 10, 0 ProductName : F-Secure Internet Security 2006 version 6.12 CompanyName : F-Secure Corporation FileDescription : F-Secure GUI component InternalName : fsguiexe LegalCopyright : Copyright (C) 2003-2006 F-Secure Corporation OriginalFilename : fsguiexe.exe #:52 [hpqste08.exe] FilePath : C:\Program Files\HP\Digital Imaging\bin\ ProcessID : 2296 ThreadCreationTime : 11-20-2006 5:27:58 PM BasePriority : Normal FileVersion : 53.0.13.000 ProductVersion : 053.000.013.000 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : HP CUE Status InternalName : HPQSTS00 LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2004 OriginalFilename : HPQSTS00.EXE Comments : HP CUE Status #:53 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 236 ThreadCreationTime : 11-20-2006 5:28:00 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:54 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 3564 ThreadCreationTime : 11-20-2006 5:43:15 PM BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 34 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Windows Object Recognized! Type : RegData Data : notepad.exe %1 TAC Rating : 3 Category : Vulnerability Comment : Rootkey : HKEY_CLASSES_ROOT Object : regfile\shell\open\command Value : Data : notepad.exe %1 Windows Object Recognized! Type : RegData Data : notepad.exe %1 TAC Rating : 3 Category : Vulnerability Comment : Rootkey : HKEY_CLASSES_ROOT Object : scrfile\shell\open\command Value : Data : notepad.exe %1 Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 2 Objects found so far: 36 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 36 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 36 Deep scanning and examining files (C »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 36 Deep scanning and examining files (D »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for D:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 36 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 36 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 36 11:55:11 AM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:11:40.406 Objects scanned:212990 Objects identified:2 Objects ignored:0 New critical objects:2
Here's the log from Smitfraudfix SmitFraudFix v2.123 Scan done at 12:52:45.98, Mon 11/20/2006 Run from C:\Documents and Settings\HP_Owner\Local Settings\Temp\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Owner »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Owner\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_Owner\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End
