Help - Search - Members - Calendar
Full Version: objects don't go away
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive General Support Issues
LIS42
Oct 19 2006, 03:46 PM
I keep having critical objects return, without the internet being accessed. Ad Aware, finds them, deletes them, then later they come back.

Logfile of HijackThis v1.99.1
Scan saved at 7:41:41 AM, on 10/19/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\Brmfrmps.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\htpatch.exe
C:\WINNT\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINNT\system32\UMonit2k.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\CheckIt\86\CheckIt86.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4EE7FBB8-018E-0CD1-1D55-04927819A592} - C:\WINNT\system32\wlfmhr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: CheckIt 86 - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINNT\system32\yhciiqyk.dll (file missing)
O2 - BHO: (no name) - {A6C06A7C-0C81-48A0-9F58-9228029641C9} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HTpatch] C:\WINNT\htpatch.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINNT\system32\UMonit2k.exe
O4 - HKLM\..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe -w
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [shhaacc.dll] C:\WINNT\system32\rundll32.exe C:\WINNT\system32\shhaacc.dll,vrlcmob
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.cox.net/rsuite/sdccommon.../cx_tgctlcm.jsp
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127393712043
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://209.190.31.34/display/PopupSh.ocx
O20 - Winlogon Notify: awvvu - C:\WINNT\
O20 - Winlogon Notify: winouz32 - winouz32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINNT\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe


Ad-Aware SE Build 1.06r1
Logfile Created on:Thursday, October 19, 2006 7:22:22 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R128 18.10.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):4 total references
Tracking Cookie(TAC index:3):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


10-19-2006 7:22:22 AM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 224
ThreadCreationTime : 10-11-2006 3:03:28 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 248
ThreadCreationTime : 10-11-2006 3:03:32 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 268
ThreadCreationTime : 10-11-2006 3:03:35 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINNT\system32\
ProcessID : 296
ThreadCreationTime : 10-11-2006 3:03:36 PM
BasePriority : Normal
FileVersion : 5.00.2195.7035
ProductVersion : 5.00.2195.7035
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINNT\system32\
ProcessID : 308
ThreadCreationTime : 10-11-2006 3:03:36 PM
BasePriority : Normal
FileVersion : 5.00.2195.7011
ProductVersion : 5.00.2195.7011
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:6 [ati2evxx.exe]
FilePath : C:\WINNT\system32\
ProcessID : 420
ThreadCreationTime : 10-11-2006 3:03:39 PM
BasePriority : Normal
FileVersion : 6.14.10.4113
ProductVersion : 6.14.10.4113
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:7 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 496
ThreadCreationTime : 10-11-2006 3:03:40 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:8 [lexbces.exe]
FilePath : C:\WINNT\system32\
ProcessID : 532
ThreadCreationTime : 10-11-2006 3:03:42 PM
BasePriority : Normal
FileVersion : 7.4
ProductVersion : 7.4
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2002 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:9 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 560
ThreadCreationTime : 10-11-2006 3:03:42 PM
BasePriority : Normal
FileVersion : 5.00.2195.7059
ProductVersion : 5.00.2195.7059
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:10 [lexpps.exe]
FilePath : C:\WINNT\system32\
ProcessID : 588
ThreadCreationTime : 10-11-2006 3:03:42 PM
BasePriority : Normal
FileVersion : 7.4
ProductVersion : 7.4
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2002 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:11 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 668
ThreadCreationTime : 10-11-2006 3:03:45 PM
BasePriority : Normal
FileVersion : 7,1,0,365
ProductVersion : 7.1.0.365
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:12 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 688
ThreadCreationTime : 10-11-2006 3:03:46 PM
BasePriority : Normal
FileVersion : 7,1,0,349
ProductVersion : 7.1.0.349
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:13 [brmfrmps.exe]
FilePath : C:\WINNT\system32\
ProcessID : 716
ThreadCreationTime : 10-11-2006 3:03:46 PM
BasePriority : Normal
FileVersion : 1.10.10.144
ProductVersion : 1.45.11.403
ProductName : Brother MFL Pro
CompanyName : Brother Industries, Ltd.
FileDescription : Brother Popup Suspend service ( for R/M )
InternalName : Brother Popup Suspend service for Brother MFL-PRO Resource Manager
LegalCopyright : Copyright © 2002 brother
OriginalFilename : BrmfRmps.exe

#:14 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 752
ThreadCreationTime : 10-11-2006 3:03:47 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:15 [incdsrv.exe]
FilePath : C:\Program Files\Ahead\InCD\
ProcessID : 768
ThreadCreationTime : 10-11-2006 3:03:47 PM
BasePriority : Normal
FileVersion : 4, 3, 0, 5
ProductVersion : 4, 3, 0, 5
ProductName : Ahead Software AG incdsrv
CompanyName : Ahead Software AG
FileDescription : incdsrv
InternalName : incdsrv
LegalCopyright : Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Ahead Software AG
OriginalFilename : incdsrv.exe

#:16 [lssrvc.exe]
FilePath : C:\Program Files\Common Files\LightScribe\
ProcessID : 804
ThreadCreationTime : 10-11-2006 3:03:49 PM
BasePriority : Normal
FileVersion : 1.4.67.1
ProductName : LightScribe
CompanyName : Hewlett-Packard Company
LegalCopyright : © Copyright 2003-2006 Hewlett-Packard Development Company, LP
OriginalFilename : LSSrvc.exe

#:17 [regsvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 396
ThreadCreationTime : 10-11-2006 3:04:03 PM
BasePriority : Normal
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:18 [mstask.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1008
ThreadCreationTime : 10-11-2006 3:04:03 PM
BasePriority : Normal
FileVersion : 4.71.2195.6972
ProductVersion : 4.71.2195.6972
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:19 [stisvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1052
ThreadCreationTime : 10-11-2006 3:04:03 PM
BasePriority : Normal
FileVersion : 5.00.2195.6656
ProductVersion : 5.00.2195.6656
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1996-1997
OriginalFilename : STIMON.EXE

#:20 [vsmon.exe]
FilePath : C:\WINNT\system32\ZoneLabs\
ProcessID : 1104
ThreadCreationTime : 10-11-2006 3:04:04 PM
BasePriority : Normal
FileVersion : 6.5.737.000
ProductVersion : 6.5.737.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC
OriginalFilename : vsmon.exe

#:21 [ati2evxx.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1168
ThreadCreationTime : 10-11-2006 3:04:07 PM
BasePriority : Normal
FileVersion : 6.14.10.4113
ProductVersion : 6.14.10.4113
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:22 [explorer.exe]
FilePath : C:\WINNT\
ProcessID : 1200
ThreadCreationTime : 10-11-2006 3:04:07 PM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:23 [winmgmt.exe]
FilePath : C:\WINNT\System32\WBEM\
ProcessID : 1260
ThreadCreationTime : 10-11-2006 3:04:17 PM
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:24 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1272
ThreadCreationTime : 10-11-2006 3:04:17 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:25 [htpatch.exe]
FilePath : C:\WINNT\
ProcessID : 1308
ThreadCreationTime : 10-11-2006 3:04:18 PM
BasePriority : Normal


#:26 [rundll32.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1340
ThreadCreationTime : 10-11-2006 3:04:19 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : RUNDLL.EXE

#:27 [atiptaxx.exe]
FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\
ProcessID : 1348
ThreadCreationTime : 10-11-2006 3:04:19 PM
BasePriority : Normal
FileVersion : 6.14.10.5014
ProductVersion : 6.14.10.5014
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2002 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:28 [incd.exe]
FilePath : C:\Program Files\Ahead\InCD\
ProcessID : 1356
ThreadCreationTime : 10-11-2006 3:04:19 PM
BasePriority : Normal
FileVersion : 4, 3, 0, 5
ProductVersion : 4, 3, 0, 5
ProductName : Ahead Software AG InCD
CompanyName : Ahead Software AG
FileDescription : InCD
InternalName : InCD
LegalCopyright : Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Ahead Software AG
OriginalFilename : InCD.exe

#:29 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1392
ThreadCreationTime : 10-11-2006 3:04:20 PM
BasePriority : Normal
FileVersion : 7,1,0,406
ProductVersion : 7.1.0.406
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2006, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:30 [em_exec.exe]
FilePath : C:\Program Files\Logitech\MouseWare\system\
ProcessID : 1428
ThreadCreationTime : 10-11-2006 3:04:21 PM
BasePriority : Normal
FileVersion : 9.79.019
ProductVersion : 9.79.019
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Logitech Events Handler Application
InternalName : Em_Exec
LegalCopyright : © 1987-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : Em_Exec.exe
Comments : Created by the MouseWare team

#:31 [umonit2k.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1412
ThreadCreationTime : 10-11-2006 3:04:22 PM
BasePriority : Normal
FileVersion : 1, 9, 0, 0
ProductVersion : 1, 9, 0, 0
ProductName : Gene USB Monitor
CompanyName : General
FileDescription : Gene USB Monitor
InternalName : USBMonitor
LegalCopyright : Copyright © 2000-2004
OriginalFilename : USBMonit.exe

#:32 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1476
ThreadCreationTime : 10-11-2006 3:04:24 PM
BasePriority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:33 [pdvdserv.exe]
FilePath : C:\Program Files\CyberLink\PowerDVD\
ProcessID : 944
ThreadCreationTime : 10-11-2006 3:04:26 PM
BasePriority : Normal
FileVersion : 6.00.1027
ProductVersion : 6.00.1027
ProductName : PowerDVD
CompanyName : Cyberlink Corp.
FileDescription : PowerDVD RC Service
InternalName : PowerDVD RC Service
LegalCopyright : Copyright © CyberLink Corp. 1997-2004
OriginalFilename : PDVDSERV.EXE

#:34 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 1532
ThreadCreationTime : 10-11-2006 3:04:27 PM
BasePriority : Normal
FileVersion : 6.5.737.000
ProductVersion : 6.5.737.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:35 [rundll32.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1548
ThreadCreationTime : 10-11-2006 3:04:27 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : RUNDLL.EXE

#:36 [checkit86.exe]
FilePath : C:\Program Files\CheckIt\86\
ProcessID : 968
ThreadCreationTime : 10-11-2006 3:04:31 PM
BasePriority : Normal
FileVersion : 1.3
ProductVersion : 1.3
ProductName : CheckIt 86
CompanyName : Smith Micro Software, Inc.
FileDescription : CheckIt 86 Tray
InternalName : CheckIt 86
LegalCopyright : Copyright © 2002-2003
OriginalFilename : CheckIt86.exe
Comments : www.smithmicro.com

#:37 [brmfcwnd.exe]
FilePath : C:\Program Files\Brother\Brmfcmon\
ProcessID : 1604
ThreadCreationTime : 10-11-2006 3:04:32 PM
BasePriority : Normal
FileVersion : 1, 0, 5, 4
ProductVersion : 1, 0, 5, 4
ProductName : Status Monitor
CompanyName : Brother Industries, Ltd.
FileDescription : Status Monitor (Main)
InternalName : Brmfcwnd
LegalCopyright : Copyright © 2004 Brother Industries, Ltd.
OriginalFilename : Brmfcwnd.exe

#:38 [brmfcmon.exe]
FilePath : C:\Program Files\Brother\Brmfcmon\
ProcessID : 1832
ThreadCreationTime : 10-11-2006 3:04:49 PM
BasePriority : Normal
FileVersion : 1, 0, 6, 1
ProductVersion : 1, 0, 6, 1
ProductName : Status Monitor
CompanyName : Brother Industries, Ltd.
FileDescription : Status Monitor (Local)
InternalName : Brmfcmon
LegalCopyright : Copyright © 2004 Brother Industries, Ltd.
OriginalFilename : Brmfcmon.exe

#:39 [pxconsole.exe]
FilePath : C:\Program Files\Prevx1\
ProcessID : 2248
ThreadCreationTime : 10-12-2006 5:06:11 PM
BasePriority : Normal


#:40 [pxagent.exe]
FilePath : C:\Program Files\Prevx1\
ProcessID : 1776
ThreadCreationTime : 10-12-2006 5:06:11 PM
BasePriority : Normal


#:41 [thguard.exe]
FilePath : C:\Program Files\TrojanHunter 4.6\
ProcessID : 1772
ThreadCreationTime : 10-15-2006 2:56:43 PM
BasePriority : Normal
FileVersion : 4.5.0.277
ProductVersion : 1.0.0.0
ProductName : TrojanHunter Guard
CompanyName : Mischel Internet Security
FileDescription : TrojanHunter Guard
LegalCopyright : Mischel Internet Security
LegalTrademarks : TrojanHunter is a trademark of Mischel Internet Security.
OriginalFilename : THGuard.exe

#:42 [msimn.exe]
FilePath : C:\Program Files\Outlook Express\
ProcessID : 2200
ThreadCreationTime : 10-19-2006 4:36:54 AM
BasePriority : Normal
FileVersion : 6.00.2800.1807
ProductVersion : 6.00.2800.1807
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Outlook Express
InternalName : MSIMN
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MSIMN.EXE

#:43 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1640
ThreadCreationTime : 10-19-2006 2:21:43 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1417001333-1957994488-839522115-1007\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer



Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ssssss@bluestreak[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:ssssss@bluestreak.com/
Expires : 10-15-2016 1:03:02 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ssssss@zedo[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:ssssss@zedo.com/
Expires : 10-18-2007 4:51:54 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ssssss@trafficmp[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:ssssss@trafficmp.com/
Expires : 10-18-2007 5:20:08 PM
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ssssss@realmedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:ssssss@realmedia.com/
Expires : 12-31-2020 5:00:00 PM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ssssss@ads.pointroll[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:ssssss@ads.pointroll.com/
Expires : 12-31-2009 5:00:00 PM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 9



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9


Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 9




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9

7:35:23 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:13:00.602
Objects scanned:141695
Objects identified:5
Objects ignored:0
New critical objects:5
spike-nz
Oct 21 2006, 10:11 AM
Hi LIS42,

All that your Ad-Aware scan-log reveals are harmless tracking cookies (small text files) and your MRU (most recently used items) list.

Neither are harmful in the least.

To stop the MRU's from showing, configure your pre-scan screen to look like this:

Click to view attachment

Note the red cross and the green tick (check).

To control the tracking cookies, see my post in this thread (post #8) : tracking cookie wont go away

It includes a link to a small free program called CookieWall, together with screen-shots.

Regards,

Spike
Tristian
Oct 24 2006, 07:49 PM
Hello LIS42, I am now monitoring this topic so I can respond to you a lot quicker.

Please run HijackThis and click 'Do a System Scan Only'. Put a check against the following items:

O2 - BHO: (no name) - {4EE7FBB8-018E-0CD1-1D55-04927819A592} - C:\WINNT\system32\wlfmhr.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINNT\system32\yhciiqyk.dll (file missing)
O2 - BHO: (no name) - {A6C06A7C-0C81-48A0-9F58-9228029641C9} - (no file)

O4 - HKLM\..\Run: [shhaacc.dll] C:\WINNT\system32\rundll32.exe C:\WINNT\system32\shhaacc.dll,vrlcmob

O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://209.190.31.34/display/PopupSh.ocx

O20 - Winlogon Notify: winouz32 - winouz32.dll (file missing)


Please close all other windows other than HijackThis, and click the 'Fix Checked' button. All that remains is to manually delete the following files or folders and REBOOT your computer:

C:\WINNT\system32\wlfmhr.dll
C:\WINNT\system32\shhaacc.dll

Once you have rebooted, please perform another scan using HijackThis and post it as a reply in this topic.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.