Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
This topic is locked
I wondered if you could take some time to help me out please?
I've looked for more info on this but could only find more recent entries - there is hardly any history in there, but what there is is suspicious - they all say action taken - permit, although I haven't permitted anything at hese times.
And then AVG detected a threat in a Java update:
"Object name";"C:\Users\Andy Hoyle\AppData\LocalLow\Sun\Java\Deployment\cache\javapi\v1.0\file\animan.class-28571f85-5fb58079.class"
"Detection name";"Trojan horse Generic_c.IKY"
I was going to dismiss as a false positive until I opened it in hex editor to examine (i know some java) and saw the text "omfg.class"
I know that may be some programmer having a laugh but I don't think so in this instance.
See below for Windows Defender entries:
============================
Description:
This program has potentially unwanted behavior.
Advice:
Permit this detected item only if you trust the program or the software publisher.
Resources:
iesearch:
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant
Category:
Not Yet Classified
============================
Description:
This program has potentially unwanted behavior.
Advice:
Permit this detected item only if you trust the program or the software publisher.
Resources:
service:
PSEXESVC
file:
C:\Windows\PSEXESVC.EXE
Category:
Not Yet Classified
============================
Description:
This program has potentially unwanted behavior.
Advice:
Permit this detected item only if you trust the program or the software publisher.
Resources:
iemain:
HKCU@S-1-5-21-1722533155-2977672944-1826471275-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page
Category:
Not Yet Classified
============================
Description:
This program has potentially unwanted behavior.
Advice:
Permit this detected item only if you trust the program or the software publisher.
Resources:
safeboot:
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PSEXESVC
Category:
Not Yet Classified
============================
Description:
This program has potentially unwanted behavior.
Advice:
Permit this detected item only if you trust the program or the software publisher.
Resources:
safeboot:
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC
Category:
Not Yet Classified
============================
Description:
This program has potentially unwanted behavior.
Advice:
Permit this detected item only if you trust the program or the software publisher.
Resources:
safeboot:
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys
Category:
Not Yet Classified
============================
Description:
This program has potentially unwanted behavior.
Advice:
Permit this detected item only if you trust the program or the software publisher.
Resources:
clsid:
HKLM\SOFTWARE\CLASSES\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}
regkey:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}
regkey:
HKLM\SOFTWARE\CLASSES\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}
bho:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}
file:
C:\Program Files\Java\jre6\bin\jp2ssv.dll
Category:
Not Yet Classified
============================
Description:
This program has potentially unwanted behavior.
Advice:
Permit this detected item only if you trust the program or the software publisher.
Resources:
clsid:
HKLM\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
clsid:
HKCU@S-1-5-21-1722533155-2977672944-1826471275-1000\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
regkey:
HKLM\Software\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
regkey:
HKLM\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
regkey:
HKCU@S-1-5-21-1722533155-2977672944-1826471275-1000\SOFTWARE\CLASSES\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
activex:
HKLM\Software\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
file:
C:\Program Files\Java\jre6\bin\jp2iexp.dll
Category:
Not Yet Classified
============================
============================
Here is Hijack This Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:42:47, on 16/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\rdpclip.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Back2zip\Back2zip.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\JGsoft\EditPadPro6\EditPadPro.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Back2zip.lnk = C:\Program Files\Back2zip\Back2zip.exe
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O13 - Gopher Prefix:
O16 - DPF: {1B735B98-8010-11D5-AD0B-00500463D885} (SearchCD Control) - http://www.partsaren...IMIESRCHie7.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} - http://louk.solidwor...elsStandard.cab
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} (LogMeIn Rescue Technician Console) - https://secure.logme...scueControl.cab
O16 - DPF: {36C17E9B-3354-11D1-95CF-0000B4530F04} (GrafixViewControl) - http://www.partsaren...ins/GFXVIEW.cab
O16 - DPF: {84A31672-371A-4CBF-8785-DCE55CDC7370} (DownLoad Control) - http://217.41.8.210/...le/DownLoad.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://livewebcoach...ex/ieatgpc1.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{8814512F-08E2-441F-9148-0847F419EF25}: NameServer = 192.168.0.101
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
--
End of file - 8788 bytes
