• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
J_D

I always have critical objects found by Adaware, so if I scan and restart, they are back again..

8 posts in this topic

I have freshly restarted my PC, then run a full system scan on Ad-aware and Spybot, following that I have produced this Hi-Jack this Logfile:

 

Logfile of HijackThis v1.99.1

Scan saved at 11:47:44, on 05/06/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\runservice.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Prevx Home\PXAgent.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ezSP_Px.exe

C:\Program Files\Prevx Home\SAGUI.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\Grisoft\AVG7\avgw.exe

C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Documents and Settings\James\Desktop\hijackthis\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [Open Site] C:\Program Files\Open Site\opnste.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe

O4 - HKLM\..\Run: [PrevxHome] C:\Program Files\Prevx Home\SAGUI.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QveCtl2Tray] C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE C:\Program Files\Philips\PSA2\skin

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {1230CB21-C88D-11CF-0000-000000000000} - http://www.browserupdate.co.uk/cabs/ukiq0001/ukiq0001.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.5.107.cab

O16 - DPF: {5938FEB1-3609-11D4-85CD-00902707DAE7} (MapCtl Class) - https://www.promapserver.co.uk/controls/latest/webmap.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137778607360

O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Prevx Agent (PrevxAgent) - Unknown owner - C:\Program Files\Prevx Home\PXAgent.exe" -f (file missing)

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: spupdsvc - Sony Corporation - (no file)

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi,

 

I have freshly restarted my PC, then run a full system scan on Ad-aware and Spybot
What do you mean with "Freshly restarted" ?

 

Anyway, do next..

 

I see you have PartyPoker installed.

If you didn't install it with intension to play with, I suggest you uninstall it, because in most cases, these programs are supported by malware, getting installed without asking for it and also lead you to sites where malware is lurking.

If you do play it, then leave it alone.

 

 

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [Open Site] C:\Program Files\Open Site\opnste.exe

O16 - DPF: {1230CB21-C88D-11CF-0000-000000000000} - http://www.browserupdate.co.uk/cabs/ukiq0001/ukiq0001.cab

 

* Click on Fix Checked when finished and exit HijackThis.

Make sure your Internet Explorer is closed when you click Fix Checked!

 

Navigate to and delete next folder if still present:

 

C:\Program Files\Open Site

 

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Updating Java:

  • Download the latest version of Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u1".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6

    [*]Click the Remove or Change/Remove button.

    [*]Repeat as many times as necessary to remove each Java versions.

    [*]Reboot your computer once all Java components are removed.

    [*]Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.

let me know what file your scanner is flagging all the time which it cannot delete (name of file and in what folder it is present...)

 

Also post a new HijackThislog in your next reply...

Share this post


Link to post
Share on other sites

Hi,

 

I have freshly restarted my PC, then run a full system scan on Ad-aware and Spybot
What do you mean with "Freshly restarted" ?

 

 

 

Ok by that I meant I have restarted my PC and run a scan as the first thing I did.

 

I have removed the entries using HiJackThis, the folder 'open site' did not exist. But I think I remember removing it previously as it aroused suspicion. Also have updated Java RE as suggested. What follows is my new HiJackThis log file, and also my Ad-aware log file showing the critical objects which are never removed.

 

 

Logfile of HijackThis v1.99.1

Scan saved at 11:10:53, on 15/06/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\runservice.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Prevx Home\PXAgent.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ezSP_Px.exe

C:\Program Files\Prevx Home\SAGUI.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\James\Desktop\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe

O4 - HKLM\..\Run: [PrevxHome] C:\Program Files\Prevx Home\SAGUI.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QveCtl2Tray] C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE C:\Program Files\Philips\PSA2\skin

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.5.107.cab

O16 - DPF: {5938FEB1-3609-11D4-85CD-00902707DAE7} (MapCtl Class) - https://www.promapserver.co.uk/controls/latest/webmap.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137778607360

O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Prevx Agent (PrevxAgent) - Unknown owner - C:\Program Files\Prevx Home\PXAgent.exe" -f (file missing)

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: spupdsvc - Sony Corporation - (no file)

 

 

 

 

Ad-Aware SE Build 1.06r1

Logfile Created on:15 June 2007 10:45:12

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R175 11.06.2007

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MRU List(TAC index:0):20 total references

Tracking Cookie(TAC index:3):22 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

 

 

15-06-2007 10:45:12 - Scan started. (Full System Scan)

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\James\Application Data\microsoft\office\recent

Description : list of recently opened documents using microsoft office

 

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\James\recent

Description : list of recently opened documents

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1085031214-1500820517-682003330-1003\software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1085031214-1500820517-682003330-1003\software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1085031214-1500820517-682003330-1003\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1085031214-1500820517-682003330-1003\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1085031214-1500820517-682003330-1003\software\microsoft\internet explorer

Description : last download directory used in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1085031214-1500820517-682003330-1003\software\microsoft\internet explorer\typedurls

Description : list of recently entered addresses in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1085031214-1500820517-682003330-1003\software\microsoft\mediaplayer\player\recentfilelist

Description : list of recently used files in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1085031214-1500820517-682003330-1003\software\microsoft\mediaplayer\preferences

Description : last playlist index loaded in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1085031214-1500820517-682003330-1003\software\microsoft\mediaplayer\preferences

Description : last playlist loaded in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1085031214-1500820517-682003330-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1085031214-1500820517-682003330-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1085031214-1500820517-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1085031214-1500820517-682003330-1003\software\nvidia corporation\global\nview\windowmanagement

Description : nvidia nview cached application window positions

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1085031214-1500820517-682003330-1003\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

MRU List Object Recognized!

Location: : S-1-5-21-1085031214-1500820517-682003330-1003\software\winrar\dialogedithistory\extrpath

Description : winrar "extract-to" history

 

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 788

ThreadCreationTime : 15-06-2007 09:39:50

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 860

ThreadCreationTime : 15-06-2007 09:39:57

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 904

ThreadCreationTime : 15-06-2007 09:40:14

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 948

ThreadCreationTime : 15-06-2007 09:40:14

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

 

#:5 [savedump.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 960

ThreadCreationTime : 15-06-2007 09:40:14

BasePriority : Idle

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows NT Save Dump Utility

InternalName : savedump

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : savedump.exe

 

#:6 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 968

ThreadCreationTime : 15-06-2007 09:40:14

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1120

ThreadCreationTime : 15-06-2007 09:40:14

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1200

ThreadCreationTime : 15-06-2007 09:40:15

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1300

ThreadCreationTime : 15-06-2007 09:40:15

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1348

ThreadCreationTime : 15-06-2007 09:40:15

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:11 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1412

ThreadCreationTime : 15-06-2007 09:40:15

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:12 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1656

ThreadCreationTime : 15-06-2007 09:40:16

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:13 [avgamsvr.exe]

FilePath : C:\PROGRA~1\Grisoft\AVG7\

ProcessID : 1752

ThreadCreationTime : 15-06-2007 09:40:16

BasePriority : Normal

FileVersion : 7.5.0.453

ProductVersion : 7.5.0.453

ProductName : AVG Anti-Virus system

CompanyName : GRISOFT, s.r.o.

FileDescription : AVG Alert Manager

InternalName : avgamsvr

LegalCopyright : Copyright © 2007 GRISOFT, s.r.o.

OriginalFilename : avgamsvr.EXE

 

#:14 [avgupsvc.exe]

FilePath : C:\PROGRA~1\Grisoft\AVG7\

ProcessID : 1768

ThreadCreationTime : 15-06-2007 09:40:16

BasePriority : Normal

FileVersion : 7.5.0.420

ProductVersion : 7.5.0.420

ProductName : AVG 7.5 Anti-Virus System

CompanyName : GRISOFT, s.r.o.

FileDescription : AVG Update Service

InternalName : avgupsvc

LegalCopyright : Copyright © 2006 GRISOFT, s.r.o.

OriginalFilename : avgupdsvc.EXE

 

#:15 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1780

ThreadCreationTime : 15-06-2007 09:40:16

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:16 [runservice.exe]

FilePath : C:\WINDOWS\

ProcessID : 1868

ThreadCreationTime : 15-06-2007 09:40:16

BasePriority : Normal

 

 

#:17 [nvsvc32.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1912

ThreadCreationTime : 15-06-2007 09:40:16

BasePriority : Normal

FileVersion : 6.14.10.9147

ProductVersion : 6.14.10.9147

ProductName : NVIDIA Driver Helper Service, Version 91.47

CompanyName : NVIDIA Corporation

FileDescription : NVIDIA Driver Helper Service, Version 91.47

InternalName : NVSVC

LegalCopyright : © NVIDIA Corporation. All rights reserved.

OriginalFilename : nvsvc32.exe

 

#:18 [pxagent.exe]

FilePath : C:\Program Files\Prevx Home\

ProcessID : 1932

ThreadCreationTime : 15-06-2007 09:40:16

BasePriority : Normal

 

 

#:19 [alg.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1472

ThreadCreationTime : 15-06-2007 09:40:29

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ALG.exe

 

#:20 [wgatray.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 684

ThreadCreationTime : 15-06-2007 09:40:49

BasePriority : Normal

FileVersion : 1.5.0540.0

ProductVersion : 1.5.0540.0

ProductName : Windows Genuine Advantage

CompanyName : Microsoft Corporation

FileDescription : Windows Genuine Advantage Notification

InternalName : WgaNotify

LegalCopyright : © 1995-2006 Microsoft Corporation

OriginalFilename : WgaTray.exe

 

#:21 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 724

ThreadCreationTime : 15-06-2007 09:40:50

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

#:22 [ezsp_px.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1404

ThreadCreationTime : 15-06-2007 09:40:59

BasePriority : Normal

 

 

#:23 [sagui.exe]

FilePath : C:\Program Files\Prevx Home\

ProcessID : 1420

ThreadCreationTime : 15-06-2007 09:40:59

BasePriority : Normal

 

 

#:24 [rundll32.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1508

ThreadCreationTime : 15-06-2007 09:41:03

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Run a DLL as an App

InternalName : rundll

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : RUNDLL.EXE

 

#:25 [realsched.exe]

FilePath : C:\Program Files\Common Files\Real\Update_OB\

ProcessID : 280

ThreadCreationTime : 15-06-2007 09:41:03

BasePriority : Normal

FileVersion : 0.1.0.3492

ProductVersion : 0.1.0.3492

ProductName : RealPlayer (32-bit)

CompanyName : RealNetworks, Inc.

FileDescription : RealNetworks Scheduler

InternalName : schedapp

LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004

LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.

OriginalFilename : realsched.exe

 

#:26 [soundman.exe]

FilePath : C:\WINDOWS\

ProcessID : 1484

ThreadCreationTime : 15-06-2007 09:41:04

BasePriority : Normal

FileVersion : 5.1.0.40

ProductVersion : 5.1.0.40

ProductName : Realtek Sound Manager

CompanyName : Realtek Semiconductor Corp.

FileDescription : Realtek Sound Manager

InternalName : ALSMTray

LegalCopyright : Copyright © 2001-2004 Realtek Semiconductor Corp.

OriginalFilename : ALSMTray.exe

Comments : Realtek AC97 Audio Sound Manager

 

#:27 [qvecplsk.exe]

FilePath : C:\Program Files\Philips\PSA2\skin\

ProcessID : 1704

ThreadCreationTime : 15-06-2007 09:41:04

BasePriority : Normal

FileVersion : 2, 0, 6, 53

ProductVersion : 2, 0, 6, 53

ProductName : PSA2

CompanyName : QSound Labs, Inc.

FileDescription : Philips Sound Agent 2

InternalName : QveCplSk

LegalCopyright : Copyright © 2002 QSound Labs, Inc.

OriginalFilename : QveCplSk.exe

 

#:28 [wuauclt.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1844

ThreadCreationTime : 15-06-2007 09:41:06

BasePriority : Normal

FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)

ProductVersion : 5.8.0.2469

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Automatic Updates

InternalName : wuauclt.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : wuauclt.exe

 

#:29 [avgcc.exe]

FilePath : C:\PROGRA~1\Grisoft\AVG7\

ProcessID : 1980

ThreadCreationTime : 15-06-2007 09:41:09

BasePriority : Normal

FileVersion : 7.5.0.460

ProductVersion : 7.5.0.460

ProductName : AVG Anti-Virus system

CompanyName : GRISOFT, s.r.o.

FileDescription : AVG Control Center

InternalName : AvgCC

LegalCopyright : Copyright © 2007 GRISOFT, s.r.o.

OriginalFilename : AvgCC.EXE

 

#:30 [qttask.exe]

FilePath : C:\Program Files\QuickTime\

ProcessID : 2008

ThreadCreationTime : 15-06-2007 09:41:09

BasePriority : Normal

FileVersion : 7.1.5

ProductVersion : QuickTime 7.1.5

ProductName : QuickTime

CompanyName : Apple Computer, Inc.

FileDescription : QuickTime Task

InternalName : QuickTime Task

LegalCopyright : Copyright Apple Computer, Inc. 1989-2007

OriginalFilename : QTTask.exe

 

#:31 [ituneshelper.exe]

FilePath : C:\Program Files\iTunes\

ProcessID : 2056

ThreadCreationTime : 15-06-2007 09:41:10

BasePriority : Normal

FileVersion : 7.1.1.5

ProductVersion : 7.1.1.5

ProductName : iTunes

CompanyName : Apple Inc.

FileDescription : iTunesHelper Module

InternalName : iTunesHelper

LegalCopyright : © 2003-2007 Apple Inc. All Rights Reserved.

OriginalFilename : iTunesHelper.exe

 

#:32 [rundll32.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2080

ThreadCreationTime : 15-06-2007 09:41:11

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Run a DLL as an App

InternalName : rundll

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : RUNDLL.EXE

 

#:33 [wcescomm.exe]

FilePath : C:\Program Files\Microsoft ActiveSync\

ProcessID : 2164

ThreadCreationTime : 15-06-2007 09:41:16

BasePriority : Normal

FileVersion : 3.7.1.4034

ProductVersion : 3.7.4034

ProductName : Microsoft ActiveSync

CompanyName : Microsoft Corporation

FileDescription : ActiveSync Connection Manager

InternalName : wcescomm

LegalCopyright : Copyright © 1995-2004 Microsoft Corp. All rights reserved.

LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.

OriginalFilename : WCESCOMM.EXE

 

#:34 [nmbgmonitor.exe]

FilePath : C:\Program Files\Common Files\Ahead\lib\

ProcessID : 2172

ThreadCreationTime : 15-06-2007 09:41:17

BasePriority : Normal

 

 

#:35 [ipodservice.exe]

FilePath : C:\Program Files\iPod\bin\

ProcessID : 2188

ThreadCreationTime : 15-06-2007 09:41:17

BasePriority : Normal

FileVersion : 7.1.1.5

ProductVersion : 7.1.1.5

ProductName : iTunes

CompanyName : Apple Inc.

FileDescription : iPodService Module

InternalName : iPodService

LegalCopyright : © 2003-2007 Apple Inc. All Rights Reserved.

OriginalFilename : iPodService.exe

 

#:36 [rundll32.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 2192

ThreadCreationTime : 15-06-2007 09:41:17

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Run a DLL as an App

InternalName : rundll

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : RUNDLL.EXE

 

#:37 [wuauclt.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 3132

ThreadCreationTime : 15-06-2007 09:41:59

BasePriority : Normal

FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)

ProductVersion : 5.8.0.2469

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Automatic Updates

InternalName : wuauclt.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : wuauclt.exe

 

#:38 [jre-6u1-windows-i586-p-s.exe]

FilePath : C:\Documents and Settings\James\Desktop\

ProcessID : 3628

ThreadCreationTime : 15-06-2007 09:42:25

BasePriority : Normal

 

 

#:39 [msiexec.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 3072

ThreadCreationTime : 15-06-2007 09:43:23

BasePriority : Normal

 

 

#:40 [msiexec.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 3096

ThreadCreationTime : 15-06-2007 09:43:26

BasePriority : Normal

 

 

#:41 [msiexec.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 3324

ThreadCreationTime : 15-06-2007 09:43:31

BasePriority : Normal

 

 

#:42 [msiexec.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 3876

ThreadCreationTime : 15-06-2007 09:44:14

BasePriority : Normal

 

 

#:43 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\

ProcessID : 4052

ThreadCreationTime : 15-06-2007 09:44:21

BasePriority : Normal

FileVersion : 6.2.0.236

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

#:44 [msiexec.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 236

ThreadCreationTime : 15-06-2007 09:44:26

BasePriority : Normal

 

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 20

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 20

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 20

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : james@adinterax[2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:10

Value : Cookie:james@adinterax.com/

Expires : 02-06-2037 21:00:00

LastSync : Hits:10

UseCount : 0

Hits : 10

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : james@adserving.cpxinteractive[2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:2

Value : Cookie:james@adserving.cpxinteractive.com/

Expires : 27-06-2007 23:07:38

LastSync : Hits:2

UseCount : 0

Hits : 2

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : james@bs.serving-sys[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:5

Value : Cookie:james@bs.serving-sys.com/

Expires : 31-12-2037 23:00:00

LastSync : Hits:5

UseCount : 0

Hits : 5

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : james@questionmarket[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:22

Value : Cookie:james@questionmarket.com/

Expires : 04-08-2008 12:24:12

LastSync : Hits:22

UseCount : 0

Hits : 22

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : james@2o7[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:7

Value : Cookie:james@2o7.net/

Expires : 13-06-2012 10:33:40

LastSync : Hits:7

UseCount : 0

Hits : 7

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : james@fastclick[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:203

Value : Cookie:james@fastclick.net/

Expires : 13-06-2009 21:25:36

LastSync : Hits:203

UseCount : 0

Hits : 203

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : james@adrevolver[2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:19

Value : Cookie:james@adrevolver.com/

Expires : 13-06-2008 05:12:22

LastSync : Hits:19

UseCount : 0

Hits : 19

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : james@tradedoubler[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:27

Value : Cookie:james@tradedoubler.com/

Expires : 13-07-2007 11:47:20

LastSync : Hits:27

UseCount : 0

Hits : 27

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : james@ad.adserverplus[2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:2

Value : Cookie:james@ad.adserverplus.com/

Expires : 28-06-2007 12:18:28

LastSync : Hits:2

UseCount : 0

Hits : 2

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : james@cgm.adbureau[2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:7

Value : Cookie:james@cgm.adbureau.net/

Expires : 01-03-2012 01:00:00

LastSync : Hits:7

UseCount : 0

Hits : 7

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : james@adbrite[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:19

Value : Cookie:james@adbrite.com/

Expires : 09-06-2008 00:16:32

LastSync : Hits:19

UseCount : 0

Hits : 19

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : james@ad.yieldmanager[2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:580

Value : Cookie:james@ad.yieldmanager.com/

Expires : 14-06-2009 10:20:00

LastSync : Hits:580

UseCount : 0

Hits : 580

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : james@adrevolver[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:13

Value : Cookie:james@media.adrevolver.com/adrevolver/

Expires : 09-03-2010 02:12:08

LastSync : Hits:13

UseCount : 0

Hits : 13

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : james@adopt.euroclick[2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:53

Value : Cookie:james@adopt.euroclick.com/

Expires : 07-06-2017 00:23:00

LastSync : Hits:53

UseCount : 0

Hits : 53

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : james@adserver.easyad[2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:2

Value : Cookie:james@adserver.easyad.info/

Expires : 07-06-2017 00:15:50

LastSync : Hits:2

UseCount : 0

Hits : 2

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : james@divx.adbureau[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:8

Value : Cookie:james@divx.adbureau.net/

Expires : 28-02-2008 01:00:00

LastSync : Hits:8

UseCount : 0

Hits : 8

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : james@adtech[2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:5

Value : Cookie:james@adtech.de/

Expires : 08-06-2017 20:13:40

LastSync : Hits:5

UseCount : 0

Hits : 5

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : james@tribalfusion[2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:7

Value : Cookie:james@tribalfusion.com/

Expires : 08-06-2008 17:27:40

LastSync : Hits:7

UseCount : 0

Hits : 7

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : james@serving-sys[2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:40

Value : Cookie:james@serving-sys.com/

Expires : 31-12-2037 23:00:00

LastSync : Hits:40

UseCount : 0

Hits : 40

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : james@www.smartadserver[2].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:18

Value : Cookie:james@www.smartadserver.com/

Expires : 06-06-2027 12:05:30

LastSync : Hits:18

UseCount : 0

Hits : 18

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : james@4.adbrite[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:james@4.adbrite.com/

Expires : 11-06-2007 00:16:12

LastSync : Hits:1

UseCount : 0

Hits : 1

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : james@metacafe.122.2o7[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:james@metacafe.122.2o7.net/

Expires : 08-06-2012 00:23:38

LastSync : Hits:1

UseCount : 0

Hits : 1

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 22

Objects found so far: 42

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 42

 

 

Deep scanning and examining files (D:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for D:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 42

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 42

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 42

 

11:05:27 Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:20:15.17

Objects scanned:178206

Objects identified:22

Objects ignored:0

New critical objects:22

Share this post


Link to post
Share on other sites

Hi,

 

There's really nothing to worry here. The "MRU List Object Recognized!" is no threat. This is just an enumeration of programs being loaded/opened. - The "MRU" is the most-recently used file list that appears at the bottom of the File menu.

 

The rest that the scan found are only tracking cookies. This is no issue either and nothing to worry about. You'll always get them and they will always return. This just depends what sites you visit.

Everyone has them. They are even present on the MSN startpage, Yahoo startpage...

You may also want to read next:

http://www.spywareinfo.com/articles/cookies/

http://www.mvps.org/winhelp2002/cookies.htm

 

If you want to manage your cookies you can use next programs:

 

For Internet explorer: CookieWall

 

For Firefox: CookieSafe

 

Keep in mind that you're not supposed to block every cookie, because some cookies are required.

Most people don't use an additional cookie manager, because it may be annoying in some cases to manually filter all cookies in the beginning, so they clean their cookies once in a while via the "clean cookies" option in their browser settings.

 

Your HijackThislog looks OK again.

Share this post


Link to post
Share on other sites

Since this issue appears resolved ... this Topic is closed.

 

If you need this topic reopened for continuations of existing problems, please tell the moderating team by replying here

This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0