Sign in to follow this  
wayne 1973

What Is Regfile\shell\open\command Notepad.exe %1

Recommended Posts

hi

iv just ran a scan with ad aware pro and it's saying it found 2 critical objects, can anyone tell me what they are and how to fix them if poss? log pasted below . thanx in advance :rolleyes:

 

 

 

 

Ad-Aware SE Build 1.06r1

Logfile Created on:24 April 2007 17:39:00

Using definitions file:SE1R167 23.04.2007

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MRU List(TAC index:0):1 total references

Windows(TAC index:3):2 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Search for low-risk threats

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan within archives

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Ignore spanned files when scanning cab archives

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Block pop-ups aggressively

Set : Automatically select problematic objects in results lists

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Show splash screen

Set : Backup current definitions file before updating

Set : Play sound at scan completion if scan locates critical objects

 

 

24-04-2007 17:39:00 - Scan started. (Full System Scan)

 

MRU List Object Recognized!

Location: : C:\Documents and Settings\wayne\recent

Description : list of recently opened documents

 

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 660

ThreadCreationTime : 24-04-2007 15:05:34

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 716

ThreadCreationTime : 24-04-2007 15:05:37

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 744

ThreadCreationTime : 24-04-2007 15:05:40

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 788

ThreadCreationTime : 24-04-2007 15:05:42

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 800

ThreadCreationTime : 24-04-2007 15:05:42

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [ati2evxx.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 956

ThreadCreationTime : 24-04-2007 15:05:43

BasePriority : Normal

FileVersion : 6.14.10.4124

ProductVersion : 6.14.10.4124.01

ProductName : ATI External Event Utility for WindowsNT and Windows9X

CompanyName : ATI Technologies Inc.

FileDescription : ATI External Event Utility EXE Module

InternalName : ATI2EVXX.EXE

LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.

OriginalFilename : ATI2EVXX.EXE

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 988

ThreadCreationTime : 24-04-2007 15:05:45

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1080

ThreadCreationTime : 24-04-2007 15:05:46

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1172

ThreadCreationTime : 24-04-2007 15:05:46

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1248

ThreadCreationTime : 24-04-2007 15:05:47

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:11 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1380

ThreadCreationTime : 24-04-2007 15:05:47

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:12 [vsmon.exe]

FilePath : C:\WINDOWS\system32\ZoneLabs\

ProcessID : 1392

ThreadCreationTime : 24-04-2007 15:05:47

BasePriority : Normal

FileVersion : 7.0.337.000

ProductVersion : 7.0.337.000

ProductName : TrueVector Service

CompanyName : Zone Labs, LLC

FileDescription : TrueVector Service

InternalName : vsmon

LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC

OriginalFilename : vsmon.exe

 

#:13 [ati2evxx.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1508

ThreadCreationTime : 24-04-2007 15:05:49

BasePriority : Normal

FileVersion : 6.14.10.4124

ProductVersion : 6.14.10.4124.01

ProductName : ATI External Event Utility for WindowsNT and Windows9X

CompanyName : ATI Technologies Inc.

FileDescription : ATI External Event Utility EXE Module

InternalName : ATI2EVXX.EXE

LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.

OriginalFilename : ATI2EVXX.EXE

 

#:14 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 1592

ThreadCreationTime : 24-04-2007 15:05:50

BasePriority : Normal

FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 6.00.2900.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

#:15 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1952

ThreadCreationTime : 24-04-2007 15:06:02

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:16 [avgamsvr.exe]

FilePath : d:\PROGRA~1\Grisoft\AVG7\

ProcessID : 1244

ThreadCreationTime : 24-04-2007 15:06:22

BasePriority : Normal

FileVersion : 7.5.0.453

ProductVersion : 7.5.0.453

ProductName : AVG Anti-Virus system

CompanyName : GRISOFT, s.r.o.

FileDescription : AVG Alert Manager

InternalName : avgamsvr

LegalCopyright : Copyright © 2007 GRISOFT, s.r.o.

OriginalFilename : avgamsvr.EXE

 

#:17 [avgupsvc.exe]

FilePath : d:\PROGRA~1\Grisoft\AVG7\

ProcessID : 1520

ThreadCreationTime : 24-04-2007 15:06:23

BasePriority : Normal

FileVersion : 7.5.0.420

ProductVersion : 7.5.0.420

ProductName : AVG 7.5 Anti-Virus System

CompanyName : GRISOFT, s.r.o.

FileDescription : AVG Update Service

InternalName : avgupsvc

LegalCopyright : Copyright © 2006 GRISOFT, s.r.o.

OriginalFilename : avgupdsvc.EXE

 

#:18 [avgemc.exe]

FilePath : d:\PROGRA~1\Grisoft\AVG7\

ProcessID : 1568

ThreadCreationTime : 24-04-2007 15:06:23

BasePriority : Normal

FileVersion : 7.5.0.460

ProductVersion : 7.5.0.460

ProductName : AVG Anti-Virus system

CompanyName : GRISOFT, s.r.o.

FileDescription : AVG E-Mail Scanner

InternalName : avgemc

LegalCopyright : Copyright © 2007 GRISOFT, s.r.o.

OriginalFilename : avgemc.exe

 

#:19 [sdhelp.exe]

FilePath : d:\Program Files\Spyware Doctor\

ProcessID : 1844

ThreadCreationTime : 24-04-2007 15:06:24

BasePriority : Normal

FileVersion : 3.6.0.2026

ProductVersion : 3.6

ProductName : Spyware Doctor

CompanyName : PC Tools Research Pty Ltd

 

#:20 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1328

ThreadCreationTime : 24-04-2007 15:06:26

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:21 [avgcc.exe]

FilePath : D:\PROGRA~1\Grisoft\AVG7\

ProcessID : 2560

ThreadCreationTime : 24-04-2007 15:06:38

BasePriority : Normal

FileVersion : 7.5.0.460

ProductVersion : 7.5.0.460

ProductName : AVG Anti-Virus system

CompanyName : GRISOFT, s.r.o.

FileDescription : AVG Control Center

InternalName : AvgCC

LegalCopyright : Copyright © 2007 GRISOFT, s.r.o.

OriginalFilename : AvgCC.EXE

 

#:22 [zlclient.exe]

FilePath : D:\Program Files\Zone Labs\ZoneAlarm\

ProcessID : 2568

ThreadCreationTime : 24-04-2007 15:06:39

BasePriority : Normal

FileVersion : 7.0.337.000

ProductVersion : 7.0.337.000

ProductName : ZoneAlarm Client

CompanyName : Zone Labs, LLC

FileDescription : ZoneAlarm Client

InternalName : zlclient

LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC

OriginalFilename : zlclient.exe

 

#:23 [ad-watch.exe]

FilePath : D:\Program Files\Lavasoft\Ad-Aware SE Professional\

ProcessID : 2672

ThreadCreationTime : 24-04-2007 15:06:40

BasePriority : Normal

FileVersion : 3.1.2.17

ProductVersion : 3.2

ProductName : Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Watch System Protector

InternalName : Ad-Watch.exe

LegalCopyright : 1999-2004 Team Lavasoft

OriginalFilename : Ad-Watch.exe

 

#:24 [ctfmon.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 3940

ThreadCreationTime : 24-04-2007 15:07:10

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : CTF Loader

InternalName : CTFMON

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : CTFMON.EXE

 

#:25 [avgas.exe]

FilePath : D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\

ProcessID : 3304

ThreadCreationTime : 24-04-2007 16:36:27

BasePriority : Normal

FileVersion : 7, 5, 0, 50

ProductVersion : 7, 5, 0, 50

ProductName : AVG Anti-Spyware

CompanyName : Anti-Malware Development a.s.

FileDescription : AVG Anti-Spyware

InternalName : AVG Anti-Spyware

LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.

OriginalFilename : avgas.exe

 

#:26 [ad-aware.exe]

FilePath : D:\Program Files\Lavasoft\Ad-Aware SE Professional\

ProcessID : 3620

ThreadCreationTime : 24-04-2007 16:38:29

BasePriority : Normal

FileVersion : 6.2.0.238

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Windows Object Recognized!

Type : RegData

Data : notepad.exe %1

TAC Rating : 3

Category : Vulnerability

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : regfile\shell\open\command

Value :

Data : notepad.exe %1

 

Windows Object Recognized!

Type : RegData

Data : notepad.exe %1

TAC Rating : 3

Category : Vulnerability

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : scrfile\shell\open\command

Value :

Data : notepad.exe %1

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 2

Objects found so far: 3

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 3

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 3

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 3

 

 

Deep scanning and examining files (D:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for D:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 3

 

 

Deep scanning and examining files (E:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for E:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 3

 

 

Deep scanning and examining files (F:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for F:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 3

 

 

Deep scanning and examining files (G:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for G:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 3

 

 

Deep scanning and examining files (H:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for H:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 3

 

 

Deep scanning and examining files (I:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for I:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 3

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 3

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 3

 

17:47:27 Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:08:27.593

Objects scanned:135764

Objects identified:2

Objects ignored:0

New critical objects:2

Share this post


Link to post
Share on other sites

That is Ad-Aware alerting you to the fact that your settings for opening reg and scr files is not the usual windows default settings. Yours is set to open with notepad instead (probably something either you or one of your security programs has done). It looks like a safety measure you have implemented? That key is sometimes changed by malware but in your case it looks more like it was done by you on purpose.

 

The Swen worm was one example of malware changing the default values for those keys for example:

http://www.upenn.edu/computing/virus/03/[email protected]

 

The is just one of the areas that Ad-Aware monitors for changes so if you were changing it on purpose you would need to *allow* the change. In this case it doesn't specify good from bad and only alerts you to the fact that it is different. That is why it just says: Windows Object Recognized! (doesn't say Critical object). Category is: Vulnerability

 

You'll find the same behavior in other security programs too. I use MS MBSA tool and it always tells me my IE is configured in an unsafe manner (but that is because I have it set custom which is even higher than the "High" setting in IE).

Share this post


Link to post
Share on other sites
That is Ad-Aware alerting you to the fact that your settings for opening reg and scr files is not the usual windows default settings. Yours is set to open with notepad instead (probably something either you or one of your security programs has done). It looks like a safety measure you have implemented? That key is sometimes changed by malware but in your case it looks more like it was done by you on purpose.

 

The Swen worm was one example of malware changing the default values for those keys for example:

http://www.upenn.edu/computing/virus/03/[email protected]

 

The is just one of the areas that Ad-Aware monitors for changes so if you were changing it on purpose you would need to *allow* the change. In this case it doesn't specify good from bad and only alerts you to the fact that it is different. That is why it just says: Windows Object Recognized! (doesn't say Critical object). Category is: Vulnerability

You'll find the same behavior in other security programs too. I use MS MBSA tool and it always tells me my IE is configured in an unsafe manner (but that is because I have it set custom which is even higher than the "High" setting in IE).

 

 

 

 

hi

thank for the reply, i take it there is nothing to worry about? i was concerned that it was something nasty as ad aware kept finding these items.. iv posted a hjt log (below)could you check it for me please. thanks again ;)

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 20:59:20, on 02/05/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

d:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

d:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

d:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\System32\svchost.exe

D:\PROGRA~1\Grisoft\AVG7\avgcc.exe

D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

D:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

F:\highjack this\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [ZoneAlarm Client] "d:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [PPShield] "D:\Program Files\Perfect Process\PPShield.exe"

O4 - HKCU\..\Run: [AWMON] "D:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - blank (file missing)

O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascinstie.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169055826921

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174572731406

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - d:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - d:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - d:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe (file missing)

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - d:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Unknown owner - C:\WINDOWS\system32\sfrem01.exe (file missing)

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Share this post


Link to post
Share on other sites

With those values, no, it's not a nasty and your HijackThis log is fine ;)

 

If you are trying to have Ad-Aware restore those values to the default and it isn't, it could be because you have Ad-Watch blocking any changes. You need to turn off *automatic* if it is on and turn off *active* - or accept the prompts if it alerts you when try to "fix" them.

Share this post


Link to post
Share on other sites
Sign in to follow this